fix: deprecated checkout actions

.devcontainer/stm32/Dockerfile

@@ -36,6 +36,9 @@ RUN apt-get update && apt-get install -y \
     openssh-client \
     && rm -rf /var/lib/apt/lists/*
 
+# Allow root to use west extension commands in this workspace.
+RUN git config --system --add safe.directory '*'
+
 # Create user
 RUN addgroup --gid 1000 docker \
     && adduser --uid 1000 --ingroup docker --home /home/docker --disabled-password --gecos "" docker \
@@ -68,8 +71,14 @@ RUN west init -l app && \
 # Install Python requirements using west (recommended method)
 RUN west packages pip --install
 
-# Install Zephyr SDK using west (only ARM toolchain)
-RUN west sdk install -t arm-zephyr-eabi
+# Install Zephyr SDK toolchain only.
+# Host tools are already provided via apt packages above.
+ENV ZEPHYR_SDK_VERSION=0.17.4
+ENV ZEPHYR_SDK_INSTALL_DIR=/home/docker/zephyr-sdk-${ZEPHYR_SDK_VERSION}
+RUN wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${ZEPHYR_SDK_VERSION}/zephyr-sdk-${ZEPHYR_SDK_VERSION}_linux-x86_64_minimal.tar.xz -O /tmp/zephyr-sdk.tar.xz && \
+    tar -xf /tmp/zephyr-sdk.tar.xz -C /home/docker && \
+    ${ZEPHYR_SDK_INSTALL_DIR}/setup.sh -t arm-zephyr-eabi && \
+    rm -f /tmp/zephyr-sdk.tar.xz
 
 # Switch back to root for fixuid setup
 USER root

.devcontainer/stm32/docker-compose.yml

@@ -1,6 +1,7 @@
 services:
   dev:
     container_name: cybics-stm32
+    platform: linux/amd64
     image: cybics-stm32-dev
     build:
       context: ../..
@@ -12,4 +13,5 @@ services:
       # Mount stm32 source into pre-baked Zephyr workspace
       - $CYBICS_ROOT/software/stm32:/home/docker/zephyrproject/app
       - ~/.ssh:/home/docker/.ssh/
-    user: ${HOST_UID:-1000}:${HOST_UID:-1000}
+    # Run as root to avoid bind-mount write failures on hosts with user namespace remapping.
+    user: root

.devcontainer/virtual/docker-compose.yml

@@ -5,7 +5,7 @@ services:
       context: ../../software/attack-machine
       dockerfile: Dockerfile
     hostname: attack-machine
-    restart: always
+    restart: "no"
     stdin_open: true
     tty: true
     cap_add:
@@ -33,7 +33,7 @@ services:
     build:
       context: ../../software/OpenPLC
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     privileged: true
     ports:
       - 8080:8080
@@ -48,7 +48,7 @@ services:
     build:
       context: ../../software/opcua
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     ports:
       - 4840:4840
     depends_on:
@@ -62,7 +62,7 @@ services:
     build:
       context: ../../software/s7com
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     ports:
       - 1102:1102
     depends_on:
@@ -76,7 +76,7 @@ services:
     build:
       context: ../../software/FUXA
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     ports:
       - 1881:1881
     depends_on:
@@ -90,7 +90,7 @@ services:
     build:
       context: ../../software/hwio-virtual
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     ports:
       - 8090:8090
     depends_on:
@@ -105,12 +105,13 @@ services:
       context: ../..
       dockerfile: software/landing/Dockerfile
     restart: always
-    network_mode: host
+    ports:
+      - 80:80
     cap_add:
       - NET_ADMIN
       - NET_RAW
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - ${XDG_RUNTIME_DIR:-/var/run}/docker.sock:/var/run/docker.sock
     depends_on:
     - openplc
 
@@ -119,7 +120,7 @@ services:
     build:
       context: ../../software
       dockerfile: engineeringWS/Dockerfile
-    restart: always
+    restart: "no"
     ports:
       - 6080:6080
       - 5901:5901
@@ -137,9 +138,9 @@ services:
     build:
       context: ../../software/cybicsagent
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     ports:
-      - 5000:5000
+      - 5001:5000
       - 11434:11434
     environment:
       # Recommended models: tinyllama (fast), phi3:mini (balanced), llama3.2:3b (quality)
@@ -166,13 +167,77 @@ services:
     build:
       context: ../../software/ids
       dockerfile: Dockerfile
-    restart: always
+    restart: "no"
     cap_add:
       - NET_ADMIN
       - NET_RAW
     network_mode: host
     depends_on:
       - openplc
+    profiles:
+      - ids
+      - full
+
+  firmware-updater:
+    image: mniedermaier1337/cybics-firmware-updater:${CYBICS_VERSION:-latest}
+    build:
+      context: ../../software/firmware-updater
+      dockerfile: Dockerfile
+    restart: "no"
+    depends_on:
+      - stm32
+    volumes:
+      - firmware_data:/opt/cybics/firmware
+      - firmware_keys:/opt/cybics/keys
+    environment:
+      - UPDATE_SERVER_URL=${UPDATE_SERVER_URL:-http://update.cybics:8080}
+      - OPENOCD_HOST=stm32
+      - OPENOCD_TELNET_PORT=4444
+    networks:
+      virt-cybics:
+        ipv4_address: 172.18.0.8
+    profiles:
+      - firmware-server
+      - hardware
+
+  update-server:
+    image: mniedermaier1337/cybics-update-server:${CYBICS_VERSION:-latest}
+    build:
+      context: ../../software/update-server
+      dockerfile: Dockerfile
+    restart: always
+    environment:
+      - FIRMWARE_VERSION=${FIRMWARE_VERSION:-1.2.1}
+      - FIRMWARE_MAC=${FIRMWARE_MAC:-extended-mac}
+      - FIRMWARE_PATH=/opt/cybics/update-server/firmware/firmware.bin
+    volumes:
+      - firmware_data:/opt/cybics/update-server/firmware
+    profiles:
+      - firmware-server
+    ports:
+      - 6689:6689
+    networks:
+      virt-cybics:
+        ipv4_address: 172.18.0.9
+
+  stm32:
+    image: mniedermaier1337/cybics-stm32:${CYBICS_VERSION:-latest}
+    build:
+      context: ../../software/stm32
+      dockerfile: Dockerfile
+    restart: "no"
+    ports:
+      - 3333:3333
+      - 4444:4444
+    volumes:
+      - firmware_data:/opt/cybics/firmware
+    environment:
+      - OPENOCD_MODE=${OPENOCD_MODE:-virtual}
+    networks:
+      virt-cybics:
+        ipv4_address: 172.18.0.7
+    profiles:
+      - hardware
 
 networks:
   virt-cybics:
@@ -183,3 +248,6 @@ networks:
         - subnet: 172.18.0.0/24
           gateway: 172.18.0.1
 
+volumes:
+  firmware_data:
+  firmware_keys:

.github/workflows/buildTest.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: Install dependencies
       run: |

.github/workflows/codeql.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
       with:
         submodules: recursive
 

.github/workflows/devContainer.yml

@@ -24,6 +24,7 @@ jobs:
           df -h
 
       - name: Login to Docker Hub
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
         uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -68,6 +69,7 @@ jobs:
           df -h
 
       - name: Login to Docker Hub
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
         uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -115,6 +117,7 @@ jobs:
           df -h
 
       - name: Login to Docker Hub
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
         uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -150,6 +153,7 @@ jobs:
           df -h
 
       - name: Login to Docker Hub
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
         uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}

.github/workflows/kibotVerify.yml

@@ -25,17 +25,17 @@ jobs:
     container:
       image: setsoft/kicad_auto:ki8
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - name: run kibot
         run: | 
           kibot -c ${{env.config}} -e ${{env.schema}} -b ${{env.board}} -d ${{env.dir}} -s run_drc -v -i
-          
+
   DRC:
     runs-on: ubuntu-latest
     container:
       image: setsoft/kicad_auto:ki8
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - name: run kibot
         run: | 
           kibot -c ${{env.config}} -e ${{env.schema}} -b ${{env.board}} -d ${{env.dir}} -s run_erc -v -i
@@ -47,7 +47,7 @@ jobs:
     container:
       image: setsoft/kicad_auto:ki8
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - name: run kibot
         run: | 
           kibot -c ${{env.config}} -e ${{env.schema}} -b ${{env.board}} -d ${{env.dir}} -s run_erc,run_drc -v \
@@ -61,15 +61,15 @@ jobs:
             ${{env.dir}}/docs/**
             !${{env.dir}}/**/*.ogv
             !${{env.dir}}/**/*.log
-                      
+
   # images
   render:
     runs-on: ubuntu-latest
     needs: [DRC]
     container:
       image: setsoft/kicad_auto:ki8
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - name: run kibot
         run: | 
           kibot -c ${{env.config}} -e ${{env.schema}} -b ${{env.board}} -d ${{env.dir}} -s run_erc,run_drc -v \
@@ -83,14 +83,14 @@ jobs:
             ${{env.dir}}/img/**
             !${{env.dir}}/**/*.ogv
             !${{env.dir}}/**/*.log
- 
+
   render3d:
     runs-on: ubuntu-latest
     needs: [DRC]
     container:
       image: setsoft/kicad_auto:ki8
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - name: run kibot
         run: | 
           kibot -c ${{env.config}} -e ${{env.schema}} -b ${{env.board}} -d ${{env.dir}} -s run_erc,run_drc -v \
@@ -115,7 +115,7 @@ jobs:
       contents: write
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ssh-key: ${{secrets.KIBOT}}
       - uses: actions/download-artifact@v4

.github/workflows/pushDockerRepos.yml

@@ -22,6 +22,7 @@ jobs:
   build-amd64:
     name: Build amd64 images
     runs-on: ubuntu-latest
+    if: ${{ github.repository == 'mniedermaier/CybICS' }}
     steps:
       - name: Free up disk space
         run: |
@@ -30,7 +31,7 @@ jobs:
           df -h
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           submodules: recursive
 
@@ -83,6 +84,7 @@ jobs:
   build-arm64:
     name: Build arm64 images
     runs-on: ubuntu-24.04-arm
+    if: ${{ github.repository == 'mniedermaier/CybICS' }}
     steps:
       - name: Free up disk space
         run: |
@@ -91,7 +93,7 @@ jobs:
           df -h
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           submodules: recursive
 
@@ -145,9 +147,10 @@ jobs:
     name: Create multi-arch manifests
     runs-on: ubuntu-latest
     needs: [build-amd64, build-arm64]
+    if: ${{ github.repository == 'mniedermaier/CybICS' }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3