chore(release): 0.2.0 [skip ci]

# [0.2.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.1.7...0.2.0) (2026-03-12)

### Features

* add robots ([4ef4353](4ef43534a0))
* switch to bun ([7413830](74138302a4))
* trigger minor version update ([7a9b62d](7a9b62dc04))
* use alpine-dev for bun builder ([4575bfb](4575bfb913))

.gitea/workflows/release-image-gitea.yml

@@ -1,136 +0,0 @@
-name: release-image-gitea
-
-on:
-  push:
-    tags:
-      - 0.*
-
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10.x
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: 24.13.0
-          cache: pnpm
-
-      - name: Install Dependencies
-        run: pnpm install
-
-      # - name: Lint Code
-      #   run: pnpm lint
-
-      - name: Build Project
-        run: pnpm build
-
-  release:
-    runs-on: ubuntu-js
-    needs: build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Login to Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.REPOSITORY_HOST }}
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.REPOSITORY_TOKEN }}
-
-      - name: Create Kubeconfig
-        run: |
-          mkdir $HOME/.kube
-          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: kubernetes
-          driver-opts: |
-            namespace=gitea
-            qemu.install=true
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
-
-      - name: Available Platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
-
-      - name: Extract Metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=sha,format=long
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-          images: |
-            ${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
-
-      - name: Get Version Info
-        id: version
-        run: |
-          echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
-          echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-          if git describe --tags --exact-match HEAD 2>/dev/null; then
-            echo "is_release=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_release=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Build and Push Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            VERSION=${{ steps.version.outputs.version }}
-            COMMIT_SHA=${{ steps.version.outputs.commit }}
-            IS_RELEASE=${{ steps.version.outputs.is_release }}
-          file: ./Dockerfile
-
-      - name: ntfy Success
-        uses: niniyas/ntfy-action@master
-        if: success()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Success - Site Documentation'
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: 'Image for Site Documentation has been released!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Failure - Site Documentation'
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Image for Site Documentation has failed to be released.'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
-          image: true

.gitea/workflows/release-image-harbor.yml

@@ -1,136 +0,0 @@
-name: release-image-harbor
-
-on:
-  push:
-    tags:
-      - 0.*
-
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10.x
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: 24.13.0
-          cache: pnpm
-
-      - name: Install Dependencies
-        run: pnpm install
-
-      # - name: Lint Code
-      #   run: pnpm lint
-
-      - name: Build Project
-        run: pnpm build
-
-  release:
-    runs-on: ubuntu-js
-    needs: build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Login to Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.REGISTRY_HOST }}
-          username: ${{ vars.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_SECRET }}
-
-      - name: Create Kubeconfig
-        run: |
-          mkdir $HOME/.kube
-          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: kubernetes
-          driver-opts: |
-            namespace=gitea
-            qemu.install=true
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
-
-      - name: Available Platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
-
-      - name: Extract Metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=sha,format=long
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-          images: |
-            ${{ vars.REGISTRY_HOST }}/images/site-documentation
-
-      - name: Get Version Info
-        id: version
-        run: |
-          echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
-          echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-          if git describe --tags --exact-match HEAD 2>/dev/null; then
-            echo "is_release=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_release=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Build and Push Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            VERSION=${{ steps.version.outputs.version }}
-            COMMIT_SHA=${{ steps.version.outputs.commit }}
-            IS_RELEASE=${{ steps.version.outputs.is_release }}
-          file: ./Dockerfile
-
-      - name: ntfy Success
-        uses: niniyas/ntfy-action@master
-        if: success()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Success - Site Documentation'
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: 'Image for Site Documentation has been released!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Failure - Site Documentation'
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Image for Site Documentation has failed to be released.'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
-          image: true

.gitea/workflows/release-image.yaml

@@ -0,0 +1,340 @@
+name: release-image
+
+on:
+  push:
+    branches:
+      - release
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.14.0
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.10
+
+      - name: Install Dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Cache Astro Build Cache
+        uses: actions/cache@v5
+        with:
+          path: |
+            .astro
+            node_modules/.vite
+          key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
+          restore-keys: |
+            ${{ runner.os }}-astro-
+
+      # - name: Lint Code
+      #   run: bun run lint
+
+      - name: Build Project
+        run: bun run build
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Test Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'During release tests failed for building Site Documentation'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
+          image: true
+
+  guarddog:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+
+      - name: Install GuardDog
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install guarddog
+
+      - name: Run GuardDog
+        run: |
+          guarddog npm scan ./
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Security Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'During release guarddog scan failed for Site Documentation'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
+          image: true
+
+  semantic-release:
+    needs: [ build, guarddog ]
+    runs-on: ubuntu-js
+    outputs:
+      new-release-published: ${{ steps.semantic.outputs.new-release-published }}
+      new-release-version: ${{ steps.semantic.outputs.new-release-version }}
+      new-release-git-tag: ${{ steps.semantic.outputs.new-release-git-tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BOT_TOKEN }}
+
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.14.0
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.10
+
+      - name: Install Dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run Semantic Release
+        id: semantic
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          NODE_PATH: ${{ github.workspace }}/node_modules
+        run: |
+          bun run semantic-release
+
+  release-harbor:
+    runs-on: ubuntu-js
+    needs: semantic-release
+    if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Login to Harbor Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.REGISTRY_HOST }}
+          username: ${{ vars.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_SECRET }}
+
+      - name: Login to Docker
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.DH_REGISTRY }}
+          username: ${{ secrets.DH_USERNAME }}
+          password: ${{ secrets.DH_TOKEN }}
+
+      - name: Create Kubeconfig
+        run: |
+          mkdir $HOME/.kube
+          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v4
+        with:
+          driver: kubernetes
+          driver-opts: |
+            namespace=gitea
+            qemu.install=true
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
+
+      - name: Available Platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+
+      - name: Extract Metadata
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: |
+            ${{ vars.REGISTRY_HOST }}/images/site-documentation
+          tags: |
+            type=ref,event=branch
+            type=sha,format=long
+            type=raw,value=latest,enable=${{ needs.semantic-release.outputs.new-release-published == 'true' }}
+            type=semver,pattern={{version}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
+
+      - name: Build and Push Image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            APP_VERSION=${{ needs.semantic-release.outputs.new-release-version }}
+            COMMIT_SHA=${{ github.sha }}
+            IS_RELEASE=true
+          file: ./Dockerfile
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Success - Site Documentation'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Harbor Image for Site Documentation has been released!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Harbor Image for Site Documentation has failed to be released.'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
+          image: true
+
+  release-gitea:
+    runs-on: ubuntu-js
+    needs: [ semantic-release, release-harbor ]
+    if: |
+      always() && 
+      needs.semantic-release.outputs.new-release-published == 'true'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Login to Gitea Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.REPOSITORY_HOST }}
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.REPOSITORY_TOKEN }}
+
+      - name: Login to Docker
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.DH_REGISTRY }}
+          username: ${{ secrets.DH_USERNAME }}
+          password: ${{ secrets.DH_TOKEN }}
+
+      - name: Create Kubeconfig
+        run: |
+          mkdir $HOME/.kube
+          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v4
+        with:
+          driver: kubernetes
+          driver-opts: |
+            namespace=gitea
+            qemu.install=true
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
+
+      - name: Available Platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+
+      - name: Extract Metadata
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: |
+            ${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
+          tags: |
+            type=ref,event=branch
+            type=sha,format=long
+            type=raw,value=latest,enable=${{ needs.semantic-release.outputs.new-release-published == 'true' }}
+            type=semver,pattern={{version}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
+
+      - name: Build and Push Image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            APP_VERSION=${{ needs.semantic-release.outputs.new-release-version }}
+            COMMIT_SHA=${{ github.sha }}
+            IS_RELEASE=true
+          file: ./Dockerfile
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Success - Site Documentation'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Gitea Image for Site Documentation has been released!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Gitea Image for Site Documentation has failed to be released.'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
+          image: true

.gitea/workflows/renovate.yaml

@@ -25,8 +25,10 @@ jobs:
           RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
           RENOVATE_REPOSITORIES: alexlebens/site-documentation
           RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
+          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
           LOG_LEVEL: info
           RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
           RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
           RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
-          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
+          RENOVATE_REGISTRY_ALIASES: '{"dhi.io": "dhi.io"}'
+          RENOVATE_HOST_RULES: '[{"matchHost":"dhi.io","hostType":"docker","username":"${{ secrets.RENOVATE_DHI_USER }}","password":"${{ secrets.RENOVATE_DHI_TOKEN }}"}]'

.gitea/workflows/test-build.yaml

@@ -4,6 +4,9 @@ on:
   push:
     branches:
       - main
+    paths-ignore:
+      - '.gitea/workflows/**'
+      - '**.md'
 
   pull_request:
     branches:
@@ -16,25 +19,34 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
 
-      - name: Set up pnpm
+      - name: Set up Node
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10.x
-
-      - name: Set up Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: 24.13.0
+          node-version: 24.14.0
-          cache: pnpm
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.10
 
       - name: Install Dependencies
-        run: pnpm install
+        run: bun install --frozen-lockfile
+
+      - name: Cache Astro Build Cache
+        uses: actions/cache@v5
+        with:
+          path: |
+            .astro
+            node_modules/.vite
+          key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
+          restore-keys: |
+            ${{ runner.os }}-astro-
 
       # - name: Lint Code
-      #   run: pnpm lint
+      #   run: bun run lint
 
       - name: Build Project
-        run: pnpm build
+        run: bun run build
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master
@@ -50,3 +62,38 @@ jobs:
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
           actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=test-build.yaml", "clear": true}]'
           image: true
+
+  guarddog:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+
+      - name: Install GuardDog
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install guarddog
+
+      - name: Run GuardDog
+        run: |
+          guarddog npm scan ./
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Security Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Guarddog scan failed for Site Documentation'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=test-build.yaml", "clear": true}]'
+          image: true

.npmrc

@@ -1,2 +0,0 @@
-engine-strict=true
-save-exact=true

.releaserc.json

@@ -0,0 +1,18 @@
+{
+  "branches": ["release"],
+  "tagFormat": "${version}",
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/changelog",
+    "semantic-release-export-data",
+    ["@semantic-release/npm", { "npmPublish": false }],
+    ["@semantic-release/git", {
+      "assets": ["package.json", "CHANGELOG.md"],
+      "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+    }],
+    ["@saithodev/semantic-release-gitea", {
+      "giteaUrl": "https://gitea.alexlebens.dev"
+    }]
+  ]
+}

CHANGELOG.md

@@ -0,0 +1,9 @@
+# [0.2.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.1.7...0.2.0) (2026-03-12)
+
+
+### Features
+
+* add robots ([4ef4353](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4ef43534a0f26bc5593258c9cd6a31d62283929d))
+* switch to bun ([7413830](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/74138302a4c2ad45a850459c47a17dd09014f3ad))
+* trigger minor version update ([7a9b62d](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/7a9b62dc048ffd947bb6dd41523091bbc9346e84))
+* use alpine-dev for bun builder ([4575bfb](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4575bfb9138bc9ca5f9d93e845155fc56d3a8491))

Dockerfile

@@ -1,35 +1,35 @@
-ARG REGISTRY=docker.io
+ARG REGISTRY=dhi.io
-FROM ${REGISTRY}/node:24.13.0-alpine AS base
+FROM ${REGISTRY}/bun:1.3.10-alpine3.22-dev AS builder
-
-ENV PNPM_HOME="/pnpm"
-ENV PATH="$PNPM_HOME:$PATH"
-RUN corepack enable
 
 WORKDIR /app
 
-COPY package.json pnpm-lock.yaml ./
+COPY package.json bun.lock ./
 
-FROM base AS prod-deps
+FROM builder AS prod-deps
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
+RUN --mount=type=cache,id=bun,target=/root/.bun/install/cache \
+    bun install --production --frozen-lockfile
 
-FROM prod-deps AS build-deps
+FROM builder AS build-deps
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+RUN --mount=type=cache,id=bun,target=/root/.bun/install/cache \
+    bun install --frozen-lockfile
 
 FROM build-deps AS build
 COPY . .
-RUN pnpm run build
+RUN bun run build
-RUN pnpm prune --prod
 
-FROM base AS runtime
+FROM ${REGISTRY}/bun:1.3.10-alpine3.22 AS runtime
+WORKDIR /app
 COPY --from=prod-deps /app/node_modules /app/node_modules
 COPY --from=build /app/dist /app/dist
 
+ARG APP_VERSION=latest
+ARG APP_VERSION
+
 ENV HOST=0.0.0.0
-ENV SITE_URL=https://docs.alexlebens.dev
 ENV PORT=4321
 
-LABEL version="0.1.0"
+LABEL version=$APP_VERSION
 LABEL description="Astro based documentation website"
 
 EXPOSE $PORT
-CMD ["node", "./dist/server/entry.mjs"]
+CMD ["bun", "run", "./dist/server/entry.mjs"]

README.md

@@ -6,7 +6,7 @@
 pnpm create astro@latest -- --template starlight
 ```
 
-## 🚀 Project Structure
+## Project Structure
 
 Inside of your Astro + Starlight project, you'll see the following folders and files:
 
@@ -29,15 +29,12 @@ Images can be added to `src/assets/` and embedded in Markdown with a relative li
 
 Static assets, like favicons, can be placed in the `public/` directory.
 
-## 🧞 Commands
+## Commands
 
 All commands are run from the root of the project, from a terminal:
 
 | Command                | Action                                           |
 | :--------------------- | :----------------------------------------------- |
-| `pnpm install`         | Installs dependencies                            |
+| `bun install`         | Installs dependencies                            |
-| `pnpm dev`             | Starts local dev server at `localhost:4321`      |
+| `bun run dev`             | Starts local dev server at `localhost:4321`      |
-| `pnpm build`           | Build your production site to `./dist/`          |
+| `bun run build`           | Build your production site to `./dist/`          |
-| `pnpm preview`         | Preview your build locally, before deploying     |
-| `pnpm astro ...`       | Run CLI commands like `astro add`, `astro check` |
-| `pnpm astro -- --help` | Get help using the Astro CLI                     |

astro.config.mjs

@@ -2,10 +2,12 @@
 import { defineConfig } from "astro/config";
 
 import node from "@astrojs/node";
-import tailwindcss from "@tailwindcss/vite";
+import sitemap from '@astrojs/sitemap';
 import starlight from "@astrojs/starlight";
 import starlightThemeRapide from 'starlight-theme-rapide'
 
+import tailwindcss from '@tailwindcss/vite';
+
 const getSiteURL = () => {
   if (process.env.SITE_URL) {
     return `https://${process.env.SITE_URL}`;
@@ -13,12 +15,15 @@ const getSiteURL = () => {
   return "http://localhost:4321";
 };
 
-// https://astro.build/config
 export default defineConfig({
   site: getSiteURL(),
 
+  security: { csp: true },
+
+  prefetch: true,
+
   integrations: [
-    tailwindcss(),
+    sitemap(),
     starlight({
       title: "Alex Lebens Docs",
       customCss: [
@@ -51,15 +56,21 @@ export default defineConfig({
     }),
   ],
 
+  markdown: {
+    syntaxHighlight: false,
+  },
+
   plugins: {
-    "@tailwindcss/postcss": {},
+    '@tailwindcss/postcss': {},
   },
 
   vite: {
     plugins: [tailwindcss()],
   },
 
+  output: 'static',
+
   adapter: node({
-    mode: "standalone",
+    mode: 'standalone',
   }),
 });

package.json

@@ -1,7 +1,7 @@
 {
   "name": "site-documentation",
   "type": "module",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "scripts": {
     "dev": "astro dev",
     "build": "astro build",
@@ -12,27 +12,37 @@
     "astro": "astro"
   },
   "dependencies": {
-    "@astrojs/mdx": "^4.3.13",
+    "@astrojs/mdx": "^5.0.0",
-    "@astrojs/node": "^9.5.2",
+    "@astrojs/node": "^10.0.1",
-    "@astrojs/starlight": "^0.37.6",
+    "@astrojs/sitemap": "^3.7.1",
-    "@tailwindcss/postcss": "^4.1.18",
+    "@astrojs/starlight": "^0.38.1",
-    "@tailwindcss/vite": "^4.1.18",
+    "@tailwindcss/postcss": "^4.2.1",
-    "astro": "^5.17.1",
+    "@tailwindcss/vite": "^4.2.1",
-    "motion": "^12.33.0",
+    "astro": "^6.0.4",
-    "sanitize-html": "^2.17.0",
+    "sanitize-html": "^2.17.1",
     "sharp": "^0.34.5",
     "starlight-theme-rapide": "^0.5.2",
-    "tailwindcss": "^4.1.18"
+    "tailwindcss": "^4.2.1"
   },
   "devDependencies": {
+    "@eslint-react/eslint-plugin": "^2.13.0",
+    "@saithodev/semantic-release-gitea": "^2.1.0",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/commit-analyzer": "^13.0.1",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/release-notes-generator": "^14.1.0",
+    "@tailwindcss/forms": "^0.5.11",
     "@tailwindcss/typography": "^0.5.19",
-    "@typescript-eslint/parser": "^8.54.0",
+    "@typescript-eslint/parser": "^8.57.0",
-    "eslint": "^10.0.0",
+    "eslint": "^10.0.3",
     "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-astro": "^1.5.0",
+    "eslint-plugin-astro": "^1.6.0",
     "prettier": "^3.8.1",
     "prettier-plugin-astro": "^0.14.1",
     "prettier-plugin-tailwindcss": "^0.7.2",
-    "typescript-eslint": "^8.54.0"
+    "semantic-release": "^25.0.3",
+    "semantic-release-export-data": "^1.2.0",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.57.0"
   }
-}
+}

src/content/docs/guides/talos-upgrade-1-12-0.md

@@ -1,5 +1,5 @@
 ---
-title: Talos Upgrade
+title: Talos Upgrade 1.12.0
 description: Steps followed for the v1.12.0 upgrade process
 ---
 

src/content/docs/guides/talos-upgrade-generic.md

@@ -0,0 +1,68 @@
+---
+title: Talos Upgrade Generic
+description: Steps followed for the standard upgrade process
+---
+
+This is the standard upgrade process for Talos. Relatively simple, just verify, run commands, and verify.
+
+## Health Check
+
+### Etcd
+
+Check status of etcd, ensure there is a leader and there are no errors.
+
+```bash
+talosctl -n 10.232.1.11,10.232.1.12,10.232.1.13 etcd status
+```
+
+### Ceph
+
+Check if ceph is healthy:
+
+Either browse to the [webpage](https://ceph.alexlebens.net/#/dashboard), or run the following commands on the tools container
+
+```bash
+kubectl -n rook-ceph exec -it $(kubectl -n rook-ceph get pod -l "app=rook-ceph-tools" -o jsonpath='{.items\[\*].metadata.name}') -- bash
+```
+
+Inside the rook-ceph-tools container check the status:
+```bash
+ceph status
+```
+
+### Cloudnative-PG
+
+Check the status of the Cloudnative-PG clusters to ensure they are all healthy. There is potential data loss if a worker node has a failure or the local volume isn't reattached.
+
+[Dashboard](https://grafana.alexlebens.net/d/cloudnative-pg/cloudnativepg)
+
+### Garage
+
+Check the status of the Garage cluster to ensure there is no data loss of the local S3 store. This will result in data loss of short term WALs if this cluster fails
+
+[Dashboard](https://garage-webui.alexlebens.net/)
+
+## Upgrade
+
+Reference the [config repo](https://gitea.alexlebens.dev/alexlebens/talos-config/src/branch/main) for the exact commands, links to the factory page, and update the image versions. Each type has its own image string.
+
+As an example to upgrade a NUC node:
+```bash
+talosctl upgrade --nodes 10.232.1.23 --image factory.talos.dev/metal-installer/495176274ce8f9e87ed052dbc285c67b2a0ed7c5a6212f5c4d086e1a9a1cf614:v1.12.0
+```
+
+# Apply new configuration
+
+Use the generate command in the README of the talos-config repo to make the configuration to be supplied.
+
+As an example to apply that generated config to a NUC node:
+```bash
+talosctl apply-config -f generated/worker-nuc.yaml -n 10.232.1.23
+```
+
+## Verification
+
+Verify all is health on the dashboard:
+```bash
+talosctl -n 10.232.1.23 dashboard
+```

src/pages/robots.txt.ts

@@ -0,0 +1,14 @@
+// https://docs.astro.build/en/guides/integrations-guide/sitemap/#usage
+import type { APIRoute } from 'astro';
+
+const getRobotsTxt = (sitemapURL: URL) => `\
+User-agent: *
+Allow: /
+
+Sitemap: ${sitemapURL.href}
+`;
+
+export const GET: APIRoute = ({ site }) => {
+  const sitemapURL = new URL('sitemap-index.xml', site);
+  return new Response(getRobotsTxt(sitemapURL));
+};