From 36bd1ad8ac9e50becc012ec39bb3a4cdc9b0baa9 Mon Sep 17 00:00:00 2001
From: Alexander Stumpf <github@TheStumpfs.de>
Date: Fri, 20 Mar 2026 22:36:23 +0100
Subject: [PATCH 1/4] pin versions in dockerfile

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7dafc33..e7d8137 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-FROM nginx:alpine
-RUN apk update && apk add --no-cache arp-scan
+FROM nginx:1.29.6-alpine
+RUN apk update && apk add --no-cache arp-scan=1.10.0-r2
 COPY scan.sh entry.sh /
 RUN chmod +x /*.sh
 COPY nginx.conf /etc/nginx/nginx.conf

From 466b53344cd29d305027b261a9519916a6723cb0 Mon Sep 17 00:00:00 2001
From: Alexander Stumpf <github@TheStumpfs.de>
Date: Fri, 20 Mar 2026 22:37:22 +0100
Subject: [PATCH 2/4] add renovate action to check for dependency updates,
 create commits, and automerge on non-major updates

---
 .github/workflows/renovate.yml | 30 +++++++++++++++++++++++
 renovate.json                  | 44 ++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 .github/workflows/renovate.yml
 create mode 100644 renovate.json

diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
new file mode 100644
index 0000000..6789bcb
--- /dev/null
+++ b/.github/workflows/renovate.yml
@@ -0,0 +1,30 @@
+name: Renovate Dependency Updates
+
+on:
+  schedule:
+    # Run daily at 2 AM UTC
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run Renovate
+        uses: renovatebot/github-action@v46.1.5
+        with:
+          configurationFile: renovate.json
+        env:
+          RENOVATE_PLATFORM: github
+          RENOVATE_PLATFORM_COMMIT: true
+          RENOVATE_GIT_AUTHOR: 'renovate[bot] <renovate[bot]@users.noreply.github.com>'
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..e81d53c
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,44 @@
+{
+  "extends": ["config:base"],
+  "enabledManagers": ["dockerfile"],
+  "docker": {
+    "fileMatch": ["^Dockerfile$"],
+    "pinDigests": true,
+    "enabled": true
+  },
+  "regexManagers": [
+    {
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": [
+        "apk add --no-cache (?<depName>arp-scan)(?:=(?<currentValue>[^\\s]+))?"
+      ],
+      "depNameTemplate": "$depName",
+      "datasourceTemplate": "apk",
+      "versioningTemplate": "semver"
+    }
+  ],
+  "packageRules": [
+    {
+      "managers": ["dockerfile"],
+      "matchPackageNames": ["nginx"],
+      "groupName": "docker base image updates",
+      "enabled": true,
+      "schedule": ["at any time"],
+      "matchUpdateTypes": ["digest", "patch", "minor"],
+      "automerge": true
+    },
+    {
+      "managers": ["regex"],
+      "matchPackageNames": ["arp-scan"],
+      "groupName": "apk package updates",
+      "enabled": true,
+      "schedule": ["at any time"],
+      "matchUpdateTypes": ["digest", "patch", "minor"],
+      "automerge": true
+    }
+  ],
+  "rangeStrategy": "pin",
+  "semanticCommits": "enabled",
+  "semanticCommitType": "chore",
+  "semanticCommitScope": "deps"
+}

From 6f2367f5d8b4e40fd2e3ac63aefff463797b492b Mon Sep 17 00:00:00 2001
From: Alexander Stumpf <github@TheStumpfs.de>
Date: Fri, 20 Mar 2026 23:25:00 +0100
Subject: [PATCH 3/4] add semantic release action

---
 .github/workflows/semantic-release.yml | 20 +++++++++++
 .releaserc.json                        | 46 ++++++++++++++++++++++++++
 VERSION                                |  1 +
 plugins.json                           |  9 +++++
 4 files changed, 76 insertions(+)
 create mode 100644 .github/workflows/semantic-release.yml
 create mode 100644 .releaserc.json
 create mode 100644 VERSION
 create mode 100644 plugins.json

diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
new file mode 100644
index 0000000..4c558ca
--- /dev/null
+++ b/.github/workflows/semantic-release.yml
@@ -0,0 +1,20 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - run: npm ci
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          semantic_version: latest
diff --git a/.releaserc.json b/.releaserc.json
new file mode 100644
index 0000000..35106ce
--- /dev/null
+++ b/.releaserc.json
@@ -0,0 +1,46 @@
+{
+  "branches": ["main"],
+  "tagFormat": "v${version}",
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/changelog",
+    [
+        "@semantic-release/file",
+        {
+            "files": ["VERSION"],
+            "replace": "${nextRelease.version}"
+        }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": ["VERSION", "CHANGELOG.md"],
+        "message": "chore(release): ${nextRelease.version} [skip ci]"
+      }
+    ],
+    "@semantic-release/github"
+  ],
+  "preset": "angular",
+  "presetConfig": {
+    "types": [
+      {"type": "feat", "section": "Features"},
+      {"type": "fix", "section": "Bug Fixes"},
+      {"type": "chore", "section": "Chores"},
+      {"type": "docs", "section": "Documentation"},
+      {"type": "style", "hidden": true},
+      {"type": "refactor", "hidden": true},
+      {"type": "perf", "hidden": true},
+      {"type": "test", "hidden": true}
+    ]
+  },
+  "releaseRules": [
+    { "type": "fix", "release": "patch" },
+    { "type": "chore", "release": "patch" },
+    { "type": "docs", "release": "patch" },
+    { "type": "refactor", "release": "patch"},
+    { "type": "feat", "release": "minor" },
+    { "type": "break", "release": "major" },
+    { "scope": "deps", "release": "patch" }
+  ]
+}
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..6c6aa7c
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+0.1.0
\ No newline at end of file
diff --git a/plugins.json b/plugins.json
new file mode 100644
index 0000000..13a6594
--- /dev/null
+++ b/plugins.json
@@ -0,0 +1,9 @@
+{
+  "devDependencies": {
+    "semantic-release": "^24.2.3",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/file": "^5.0.0",
+    "@semantic-release/git": "^10.0.0",
+    "@semantic-release/github": "^8.0.0"
+  }
+}
\ No newline at end of file

From 3fabc7cbc30cac4d5064469872ef00b11abc68c7 Mon Sep 17 00:00:00 2001
From: Alexander Stumpf <github@TheStumpfs.de>
Date: Fri, 20 Mar 2026 23:26:17 +0100
Subject: [PATCH 4/4] add a changelog

---
 changelog.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 changelog.md

diff --git a/changelog.md b/changelog.md
new file mode 100644
index 0000000..f665bd6
--- /dev/null
+++ b/changelog.md
@@ -0,0 +1,7 @@
+# Changelog
+
+## [v0.1.0] (2026-03-20)
+
+### Features
+- Initial version with a changelog
+- (try to) auto-update using renovate and create a new tag using semantic-release