From 396140c05a429fa2d65a7474fbbf7bc16c986d30 Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@pepper.id.au>
Date: Thu, 18 Dec 2025 13:53:02 +1100
Subject: [PATCH 1/6] chore: Switch to docker hardened images

---
 docker-bake.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-bake.hcl b/docker-bake.hcl
index 390bbec..103a611 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -45,7 +45,7 @@ target "base" {
   context  = "base"
 
   contexts = {
-    from_image = "docker-image://docker.io/alpine:${ALPINE_VERSION}"
+    from_image = "docker-image://dhi.io/alpine-base:${ALPINE_VERSION}"
   }
 
   args = {

From f7d3b637f51d0070b029a34674bff0f3c2188db5 Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@pepper.id.au>
Date: Thu, 18 Dec 2025 13:57:08 +1100
Subject: [PATCH 2/6] Login to dockerhub

---
 .github/workflows/build-pr.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 0f054d6..778c12b 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -19,6 +19,12 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: 🐋 Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 

From 03342c46fa1efb3c52a6d5eecb7326523cd018b2 Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@pepper.id.au>
Date: Thu, 18 Dec 2025 13:58:04 +1100
Subject: [PATCH 3/6] Use secrets

---
 .github/workflows/build-pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 778c12b..75f1777 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: 🐋 Set up Docker Buildx

From f3a39d50ad938bb73d24b0630f4de9672930a728 Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@pepper.id.au>
Date: Thu, 18 Dec 2025 13:59:58 +1100
Subject: [PATCH 4/6] Use registry

---
 .github/workflows/build-pr.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml
index 75f1777..81a919b 100644
--- a/.github/workflows/build-pr.yml
+++ b/.github/workflows/build-pr.yml
@@ -22,6 +22,7 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
+          registry: dhi.io
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 

From b3490033c3d0b90867cdd574419d91119f389f0b Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@pepper.id.au>
Date: Thu, 18 Dec 2025 14:01:28 +1100
Subject: [PATCH 5/6] Bump alpine version

---
 docker-bake.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-bake.hcl b/docker-bake.hcl
index 103a611..31c7b63 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -3,7 +3,7 @@ variable "PHP_VERSION" {
 }
 
 variable "ALPINE_VERSION" {
-  default = "3.21"
+  default = "3.22"
 }
 
 variable "STREAM" {

From b944f509a18bc8f1dd4a322bce3001025c525203 Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@pepper.id.au>
Date: Thu, 18 Dec 2025 14:08:51 +1100
Subject: [PATCH 6/6] Comment out docconv

---
 base/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base/Dockerfile b/base/Dockerfile
index d69d229..fb69ee2 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -1,7 +1,7 @@
 ARG ALPINE_VERSION=3.21
 ARG PHP_VERSION=8.0
 
-FROM docker.io/skpr/docconv:alpine${ALPINE_VERSION} AS docconv
+#FROM docker.io/skpr/docconv:alpine${ALPINE_VERSION} AS docconv
 FROM ghcr.io/skpr/compass-extension:v1.10.0-php${PHP_VERSION} AS compass
 
 FROM from_image AS base
@@ -85,7 +85,7 @@ COPY --from=compass /etc/php/conf.d/00_compass.ini /etc/php/conf.d/00_compass.in
 COPY --from=compass /usr/lib/php/modules/compass.so /usr/lib/php/modules/compass.so
 
 # Built using an updated build approach in this fork: https://github.com/skpr/docconv
-COPY --from=docconv /usr/local/bin/docconv /usr/local/bin/docconv
+#COPY --from=docconv /usr/local/bin/docconv /usr/local/bin/docconv
 
 ADD conf.d/01_apcu.ini /etc/php/conf.d/01_apcu.ini
 ADD conf.d/50_overrides.ini /etc/php/conf.d/50_overrides.ini