- Add ignore-unfixed: true to Trivy workflow to focus on actionable vulnerabilities
- Expand .trivyignore from 1 to 10 CVEs with detailed categorization
- Document why each CVE is ignored (system libraries, unused features)
- Ignore glibc/libtasn1 system library CVEs pending upstream fixes
- Ignore curl CVEs for SSH/OAuth2/LDAP features not used by application
- Ignore OpenLDAP CVE as library is not used by amcrest2mqtt
This aligns with govee2mqtt security configuration and reduces noise
from unfixable or non-applicable security alerts while maintaining
focus on CRITICAL and HIGH severity issues that can be addressed.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Dependabot PRs were incorrectly triggering the docker build job.
Now release and docker jobs only run on pushes to main, scheduled
runs, and manual triggers.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Addresses deprecation warning for v3.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrote MQTT handling with reconnect, structured logging, and Home Assistant re-discovery triggers
- Introduced modular mixins (`helpers`, `mqtt`, `amcrest_api`) for cleaner architecture
- Replaced `util.py` with internal mixin helpers and `to_gb()` conversions
- Added new `event_text` and `event_time` sensors (with `device_class: timestamp`)
- Added support for doorbell and human-detection binary sensors
- Improved reconnect logic, last-will handling, and clean shutdown on signals
- Overhauled device discovery and state publishing to use unified upsert logic
- Simplified event handling and privacy mode inference from motion/human/doorbell events
- Introduced `tools/clear_mqtt.sh` for quick topic cleanup
- Added full pyproject.toml with lint/test/dev config (Black, Ruff, Pytest)
- Embedded full metadata and image labels in Docker build
BREAKING CHANGE:
Project layout moved to `src/amcrest2mqtt/`, internal class and import paths changed.
Users must update configs and volumes to the new structure before deploying.
Jeff Culverhouse