ci: add weekly Node.js version drift check workflow

Scans all install scripts using setup_nodejs and compares our
NODE_VERSION with upstream Dockerfile and package.json values.

Features:
- Detects FROM node:XX, nodesource/setup_XX, FROM alpine:X.Y
- Resolves Alpine package registry for nodejs version when
  upstream uses alpine base images
- Caches Alpine version lookups to minimize requests
- Creates individual GitHub issues per script with investigation
  checklist when drift is detected
- Rate-limited to avoid GitHub API throttling
- Runs weekly on Monday at 06:00 UTC + manual dispatch

.github/workflows/check-node-versions.yml

@@ -0,0 +1,341 @@
+name: Check Node.js Version Drift
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Runs weekly on Monday at 06:00 UTC
+    - cron: "0 6 * * 1"
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  check-node-versions:
+    if: github.repository == 'community-scripts/ProxmoxVE'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y -qq jq curl > /dev/null 2>&1
+
+      - name: Check upstream Node.js versions
+        id: check
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+
+          echo "================================================"
+          echo "  Checking Node.js version drift in install scripts"
+          echo "================================================"
+
+          # Alpine version -> Node major cache (populated on demand)
+          declare -A ALPINE_NODE_CACHE
+
+          # Resolve Node.js major version from Alpine package registry
+          # Usage: resolve_alpine_node "3.21" => sets REPLY to major version (e.g. "22")
+          resolve_alpine_node() {
+            local alpine_ver="$1"
+            if [[ -n "${ALPINE_NODE_CACHE[$alpine_ver]+x}" ]]; then
+              REPLY="${ALPINE_NODE_CACHE[$alpine_ver]}"
+              return
+            fi
+
+            local url="https://pkgs.alpinelinux.org/package/v${alpine_ver}/main/x86_64/nodejs"
+            local page
+            page=$(curl -sf "$url" 2>/dev/null || echo "")
+            local full_ver=""
+            if [[ -n "$page" ]]; then
+              # Parse: "Version | 24.13.0-r1" or similar table row
+              full_ver=$(echo "$page" | grep -oP 'Version\s*\|\s*\K[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "")
+              if [[ -z "$full_ver" ]]; then
+                # Fallback: look for version pattern after "Version"
+                full_ver=$(echo "$page" | grep -oP '(?<=Version</td><td>)[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "")
+              fi
+            fi
+
+            local major=""
+            if [[ -n "$full_ver" ]]; then
+              major="${full_ver%%.*}"
+            fi
+
+            ALPINE_NODE_CACHE[$alpine_ver]="$major"
+            REPLY="$major"
+          }
+
+          # Extract Node major from a Dockerfile content
+          # Sets: DF_NODE_MAJOR, DF_SOURCE (description of where we found it)
+          extract_dockerfile_node() {
+            local content="$1"
+            DF_NODE_MAJOR=""
+            DF_SOURCE=""
+
+            # 1) FROM node:XX (e.g. node:24-alpine, node:22.9.0-bookworm-slim, node:20)
+            local node_from
+            node_from=$(echo "$content" | grep -oP '(?i)FROM\s+(--platform=[^\s]+\s+)?node:\K[0-9]+' | head -1 || echo "")
+            if [[ -n "$node_from" ]]; then
+              DF_NODE_MAJOR="$node_from"
+              DF_SOURCE="FROM node:${node_from}"
+              return
+            fi
+
+            # 2) nodesource/setup_XX.x
+            local nodesource
+            nodesource=$(echo "$content" | grep -oP 'nodesource/setup_\K[0-9]+' | head -1 || echo "")
+            if [[ -n "$nodesource" ]]; then
+              DF_NODE_MAJOR="$nodesource"
+              DF_SOURCE="nodesource/setup_${nodesource}.x"
+              return
+            fi
+
+            # 3) FROM alpine:X.Y — resolve via Alpine packages
+            local alpine_ver
+            alpine_ver=$(echo "$content" | grep -oP '(?i)FROM\s+(--platform=[^\s]+\s+)?alpine:\K[0-9]+\.[0-9]+' | head -1 || echo "")
+            if [[ -n "$alpine_ver" ]]; then
+              resolve_alpine_node "$alpine_ver"
+              if [[ -n "$REPLY" ]]; then
+                DF_NODE_MAJOR="$REPLY"
+                DF_SOURCE="alpine:${alpine_ver} (pkg: nodejs ${DF_NODE_MAJOR})"
+                return
+              fi
+            fi
+          }
+
+          # Extract Node major from engines.node in package.json
+          # Sets: ENGINES_NODE_RAW (raw string), ENGINES_MIN_MAJOR
+          extract_engines_node() {
+            local content="$1"
+            ENGINES_NODE_RAW=""
+            ENGINES_MIN_MAJOR=""
+
+            ENGINES_NODE_RAW=$(echo "$content" | jq -r '.engines.node // empty' 2>/dev/null || echo "")
+            if [[ -z "$ENGINES_NODE_RAW" ]]; then
+              return
+            fi
+
+            # Extract the first number (major) from the constraint
+            # Handles: ">=24.13.1", "^22", ">=18.0.0", ">=18.15.0 <19 || ^20", etc.
+            ENGINES_MIN_MAJOR=$(echo "$ENGINES_NODE_RAW" | grep -oP '\d+' | head -1 || echo "")
+          }
+
+          # Collect results
+          declare -a issue_scripts=()
+          declare -a report_lines=()
+          total=0
+          checked=0
+          drift_count=0
+
+          for script in install/*-install.sh; do
+            [[ ! -f "$script" ]] && continue
+            if ! grep -q 'setup_nodejs' "$script"; then
+              continue
+            fi
+
+            total=$((total + 1))
+            slug=$(basename "$script" | sed 's/-install\.sh$//')
+
+            # Extract Source URL (GitHub only)
+            source_url=$(head -20 "$script" | grep -oP '(?<=# Source: )https://github\.com/[^\s]+' | head -1 || echo "")
+            if [[ -z "$source_url" ]]; then
+              report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ No GitHub source |")
+              continue
+            fi
+
+            repo=$(echo "$source_url" | sed -E 's|https://github\.com/||; s|/$||; s|\.git$||')
+            if [[ -z "$repo" || "$repo" != */* ]]; then
+              report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ Invalid repo |")
+              continue
+            fi
+
+            checked=$((checked + 1))
+
+            # Extract our NODE_VERSION
+            our_version=$(grep -oP 'NODE_VERSION="(\d+)"' "$script" | head -1 | grep -oP '\d+' || echo "")
+            if [[ -z "$our_version" ]]; then
+              if grep -q 'NODE_VERSION=\$(' "$script"; then
+                our_version="dynamic"
+              else
+                our_version="unset"
+              fi
+            fi
+
+            # Fetch upstream Dockerfile
+            df_content=""
+            for branch in main master dev; do
+              df_content=$(curl -sf "https://raw.githubusercontent.com/${repo}/${branch}/Dockerfile" 2>/dev/null || echo "")
+              [[ -n "$df_content" ]] && break
+            done
+
+            DF_NODE_MAJOR=""
+            DF_SOURCE=""
+            if [[ -n "$df_content" ]]; then
+              extract_dockerfile_node "$df_content"
+            fi
+
+            # Fetch upstream package.json
+            pkg_content=""
+            for branch in main master dev; do
+              pkg_content=$(curl -sf "https://raw.githubusercontent.com/${repo}/${branch}/package.json" 2>/dev/null || echo "")
+              [[ -n "$pkg_content" ]] && break
+            done
+
+            ENGINES_NODE_RAW=""
+            ENGINES_MIN_MAJOR=""
+            if [[ -n "$pkg_content" ]]; then
+              extract_engines_node "$pkg_content"
+            fi
+
+            # Determine upstream recommended major version
+            upstream_major=""
+            upstream_hint=""
+
+            if [[ -n "$DF_NODE_MAJOR" ]]; then
+              upstream_major="$DF_NODE_MAJOR"
+              upstream_hint="$DF_SOURCE"
+            elif [[ -n "$ENGINES_MIN_MAJOR" ]]; then
+              upstream_major="$ENGINES_MIN_MAJOR"
+              upstream_hint="engines: $ENGINES_NODE_RAW"
+            fi
+
+            # Build display values
+            engines_display="${ENGINES_NODE_RAW:-—}"
+            dockerfile_display="${DF_SOURCE:-—}"
+
+            # Compare
+            status="✅"
+            if [[ "$our_version" == "dynamic" ]]; then
+              status="🔄 Dynamic"
+            elif [[ "$our_version" == "unset" ]]; then
+              status="⚠️ NODE_VERSION not set"
+              issue_scripts+=("$slug|$our_version|$upstream_major|$upstream_hint|$repo")
+              drift_count=$((drift_count + 1))
+            elif [[ -n "$upstream_major" && "$our_version" != "$upstream_major" ]]; then
+              status="🔸 Drift → upstream=$upstream_major ($upstream_hint)"
+              issue_scripts+=("$slug|$our_version|$upstream_major|$upstream_hint|$repo")
+              drift_count=$((drift_count + 1))
+            fi
+
+            report_lines+=("| \`$slug\` | $our_version | $engines_display | $dockerfile_display | [$repo](https://github.com/$repo) | $status |")
+
+            # Rate-limit to avoid GitHub secondary rate limits
+            sleep 0.3
+
+          done
+
+          # Print summary
+          echo ""
+          echo "========================================="
+          echo "  Total scripts with setup_nodejs: $total"
+          echo "  Checked (with GitHub source):    $checked"
+          echo "  Version drift detected:          $drift_count"
+          echo "========================================="
+
+          # Export
+          {
+            echo "drift_count=$drift_count"
+            echo "total=$total"
+            echo "checked=$checked"
+          } >> "$GITHUB_OUTPUT"
+
+          # Save issue details for next step
+          printf '%s\n' "${issue_scripts[@]}" > /tmp/drift_scripts.txt 2>/dev/null || touch /tmp/drift_scripts.txt
+
+          # Save full report
+          {
+            echo "## Node.js Version Drift Report"
+            echo ""
+            echo "**Generated:** $(date -u +%Y-%m-%dT%H:%M:%SZ)"
+            echo "**Scripts checked:** $total | **With GitHub source:** $checked | **Drift detected:** $drift_count"
+            echo ""
+            echo "| Script | Our Version | engines.node | Dockerfile | Upstream Repo | Status |"
+            echo "|--------|-------------|-------------|------------|---------------|--------|"
+            printf '%s\n' "${report_lines[@]}" | sort
+          } > /tmp/drift_report.md
+
+          cat /tmp/drift_report.md
+
+      - name: Create or update summary issue
+        if: steps.check.outputs.drift_count != '0'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+
+          TITLE="[Automated] Node.js Version Drift Report"
+          DATE=$(date -u +%Y-%m-%d)
+          DRIFT_COUNT="${{ steps.check.outputs.drift_count }}"
+          TOTAL="${{ steps.check.outputs.total }}"
+          CHECKED="${{ steps.check.outputs.checked }}"
+
+          # Build checklist from drift data
+          CHECKLIST=""
+          while IFS='|' read -r slug our_version upstream_major upstream_hint repo; do
+            [[ -z "$slug" ]] && continue
+            CHECKLIST+="- [ ] **\`${slug}\`** — ours: \`${our_version}\` → upstream: \`${upstream_major}\` (${upstream_hint}) — [repo](https://github.com/${repo})"$'\n'
+          done < /tmp/drift_scripts.txt
+
+          # Build full report table
+          REPORT=$(cat /tmp/drift_report.md)
+
+          BODY=$(cat <<ISSUE_EOF
+          ## Node.js Version Drift Report — ${DATE}
+
+          **${DRIFT_COUNT}** script(s) with version drift detected (out of ${CHECKED} checked / ${TOTAL} total).
+
+          ### Scripts requiring investigation
+
+          ${CHECKLIST}
+
+          ### How to resolve
+
+          1. Check upstream Dockerfile / package.json to confirm the required Node.js version
+          2. Test the script with the new Node version
+          3. Update \`NODE_VERSION\` in \`install/<slug>-install.sh\`
+          4. Update \`NODE_VERSION\` in \`ct/<slug>.sh\` (update section) if applicable
+          5. Check off the item above once done
+
+          <details>
+          <summary>Full report</summary>
+
+          ${REPORT}
+
+          </details>
+
+          ---
+          *This issue is automatically created/updated weekly by the Node.js version drift check workflow.*
+          *Last updated: ${DATE}*
+          ISSUE_EOF
+          )
+
+          # Check if a matching open issue already exists
+          EXISTING=$(gh issue list --state open --label "automated,dependencies" --search "\"[Automated] Node.js Version Drift Report\"" --json number --jq '.[0].number // empty' 2>/dev/null || echo "")
+
+          if [[ -n "$EXISTING" ]]; then
+            gh issue edit "$EXISTING" --body "$BODY"
+            echo "Updated existing issue #$EXISTING"
+          else
+            gh issue create \
+              --title "$TITLE" \
+              --body "$BODY" \
+              --label "automated,dependencies"
+            echo "Created new summary issue"
+          fi
+
+      - name: Close issue if no drift
+        if: steps.check.outputs.drift_count == '0'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          EXISTING=$(gh issue list --state open --label "automated,dependencies" --search "\"[Automated] Node.js Version Drift Report\"" --json number --jq '.[0].number // empty' 2>/dev/null || echo "")
+          if [[ -n "$EXISTING" ]]; then
+            gh issue close "$EXISTING" --comment "All Node.js versions are in sync with upstream. Closing automatically."
+            echo "Closed issue #$EXISTING"
+          fi

.github/workflows/stale_pr_close.yml

@@ -0,0 +1,111 @@
+name: Stale PR Management
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+  pull_request_target:
+    types:
+      - labeled
+
+jobs:
+  stale-prs:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
+      contents: read
+    steps:
+      - name: Handle stale PRs
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const now = new Date();
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+            
+            // --- When stale label is added, comment immediately ---
+            if (context.eventName === "pull_request_target" && context.payload.action === "labeled") {
+              const label = context.payload.label?.name;
+              if (label === "stale") {
+                const author = context.payload.pull_request.user.login;
+                await github.rest.issues.createComment({
+                  owner,
+                  repo,
+                  issue_number: context.payload.pull_request.number,
+                  body: `@${author} This PR has been marked as stale. It will be closed if no new commits are added in 7 days.`
+                });
+              }
+              return;
+            }
+            
+            // --- Scheduled run: check all stale PRs ---
+            const { data: prs } = await github.rest.pulls.list({
+              owner,
+              repo,
+              state: "open",
+              per_page: 100
+            });
+            
+            for (const pr of prs) {
+              const hasStale = pr.labels.some(l => l.name === "stale");
+              if (!hasStale) continue;
+              
+              // Get timeline events to find when stale label was added
+              const { data: events } = await github.rest.issues.listEvents({
+                owner,
+                repo,
+                issue_number: pr.number,
+                per_page: 100
+              });
+              
+              // Find the most recent time the stale label was added
+              const staleLabelEvents = events
+                .filter(e => e.event === "labeled" && e.label?.name === "stale")
+                .sort((a, b) => new Date(b.created_at) - new Date(a.created_at));
+              
+              if (staleLabelEvents.length === 0) continue;
+              
+              const staleLabelDate = new Date(staleLabelEvents[0].created_at);
+              const daysSinceStale = (now - staleLabelDate) / (1000 * 60 * 60 * 24);
+              
+              // Check for new commits since stale label was added
+              const { data: commits } = await github.rest.pulls.listCommits({
+                owner,
+                repo,
+                pull_number: pr.number
+              });
+              
+              const lastCommitDate = new Date(commits[commits.length - 1].commit.author.date);
+              const author = pr.user.login;
+              
+              // If there are new commits after the stale label, remove it
+              if (lastCommitDate > staleLabelDate) {
+                await github.rest.issues.removeLabel({
+                  owner,
+                  repo,
+                  issue_number: pr.number,
+                  name: "stale"
+                });
+                await github.rest.issues.createComment({
+                  owner,
+                  repo,
+                  issue_number: pr.number,
+                  body: `@${author} Recent activity detected. Removing stale label.`
+                });
+              }
+              // If 7 days have passed since stale label, close the PR
+              else if (daysSinceStale > 7) {
+                await github.rest.pulls.update({
+                  owner,
+                  repo,
+                  pull_number: pr.number,
+                  state: "closed"
+                });
+                await github.rest.issues.createComment({
+                  owner,
+                  repo,
+                  issue_number: pr.number,
+                  body: `@${author} Closing stale PR due to inactivity (no commits for 7 days after stale label).`
+                });
+              }
+            }

CHANGELOG.md

@@ -409,6 +409,22 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ## 2026-02-24
 
+### 🚀 Updated Scripts
+
+  - adds further documentation during the installation script. [@d12rio](https://github.com/d12rio) ([#12248](https://github.com/community-scripts/ProxmoxVE/pull/12248))
+
+  - #### 🐞 Bug Fixes
+
+    - Firefly: PHP bump [@tremor021](https://github.com/tremor021) ([#12247](https://github.com/community-scripts/ProxmoxVE/pull/12247))
+
+  - #### ✨ New Features
+
+    - make searxng updateable [@shtefko](https://github.com/shtefko) ([#12207](https://github.com/community-scripts/ProxmoxVE/pull/12207))
+
+### 📂 Github
+
+  - add: workflow to close stale PRs [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12243](https://github.com/community-scripts/ProxmoxVE/pull/12243))
+
 ## 2026-02-23
 
 ### 🆕 New Scripts

ct/firefly.sh

@@ -28,7 +28,10 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
+
   setup_mariadb
+  PHP_VERSION="8.5" PHP_APACHE="YES" setup_php
+
   if check_for_gh_release "firefly" "firefly-iii/firefly-iii"; then
     systemctl stop apache2
     cp /opt/firefly/.env /opt/.env

ct/searxng.sh

@@ -27,12 +27,33 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  msg_ok "There is currently no update available."
-  # sed -i 's/^\([[:space:]]*limiter:\)[[:space:]]*true/\1 false/' /etc/searxng/settings.yml
-  # if cd /usr/local/searxng/searxng-src && git pull | grep -q 'Already up to date'; then
-  #   msg_ok "There is currently no update available."
-  # fi
-  exit
+
+  chown -R searxng:searxng /usr/local/searxng/searxng-src
+  if su -s /bin/bash -c "git -C /usr/local/searxng/searxng-src pull" searxng | grep -q 'Already up to date'; then
+     msg_ok "There is currently no update available."
+     exit
+  fi
+
+  msg_info "Updating SearXNG installation"
+  msg_info "Stopping Service"
+  systemctl stop searxng
+  msg_ok "Stopped Service"
+
+  msg_info "Updating SearXNG"
+  $STD su -s /bin/bash searxng -c '
+    python3 -m venv /usr/local/searxng/searx-pyenv &&
+    . /usr/local/searxng/searx-pyenv/bin/activate &&
+    pip install -U pip setuptools wheel pyyaml lxml msgspec typing_extensions &&
+    pip install --use-pep517 --no-build-isolation -e /usr/local/searxng/searxng-src
+    '
+  msg_ok "Updated SearXNG"
+  
+  msg_info "Starting Services"
+  systemctl start searxng
+  msg_ok "Started Services"
+  msg_ok "Updated successfully!"
+ fi
+ exit
 }
 start
 build_container

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-24T00:22:35Z",
+  "generated": "2026-02-24T06:23:39Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -151,9 +151,9 @@
     {
       "slug": "booklore",
       "repo": "booklore-app/BookLore",
-      "version": "v2.0.0",
+      "version": "v2.0.1",
       "pinned": false,
-      "date": "2026-02-23T17:00:00Z"
+      "date": "2026-02-24T04:15:33Z"
     },
     {
       "slug": "bookstack",
@@ -452,9 +452,9 @@
     {
       "slug": "gitea-mirror",
       "repo": "RayLabsHQ/gitea-mirror",
-      "version": "v3.9.2",
+      "version": "v3.9.4",
       "pinned": false,
-      "date": "2025-11-08T05:36:48Z"
+      "date": "2026-02-24T06:17:56Z"
     },
     {
       "slug": "glance",
@@ -613,9 +613,9 @@
     {
       "slug": "jackett",
       "repo": "Jackett/Jackett",
-      "version": "v0.24.1184",
+      "version": "v0.24.1193",
       "pinned": false,
-      "date": "2026-02-23T05:55:36Z"
+      "date": "2026-02-24T05:58:04Z"
     },
     {
       "slug": "jellystat",
@@ -1271,9 +1271,9 @@
     {
       "slug": "rdtclient",
       "repo": "rogerfar/rdt-client",
-      "version": "v2.0.123",
+      "version": "v2.0.124",
       "pinned": false,
-      "date": "2026-02-21T23:08:13Z"
+      "date": "2026-02-24T03:18:03Z"
     },
     {
       "slug": "reactive-resume",
@@ -1453,9 +1453,9 @@
     {
       "slug": "stirling-pdf",
       "repo": "Stirling-Tools/Stirling-PDF",
-      "version": "v2.5.2",
+      "version": "v2.5.3",
       "pinned": false,
-      "date": "2026-02-20T23:20:20Z"
+      "date": "2026-02-23T23:23:39Z"
     },
     {
       "slug": "streamlink-webui",
@@ -1740,9 +1740,9 @@
     {
       "slug": "wishlist",
       "repo": "cmintey/wishlist",
-      "version": "v0.60.0",
+      "version": "v0.60.1",
       "pinned": false,
-      "date": "2026-02-10T04:05:26Z"
+      "date": "2026-02-24T04:01:37Z"
     },
     {
       "slug": "wizarr",

frontend/public/json/searxng.json

@@ -6,7 +6,7 @@
   ],
   "date_created": "2025-08-26",
   "type": "ct",
-  "updateable": false,
+  "updateable": true,
   "privileged": false,
   "interface_port": 8888,
   "documentation": "https://docs.searxng.org/",

install/elementsynapse-install.sh

@@ -21,6 +21,8 @@ msg_ok "Installed Dependencies"
 
 NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 
+echo "${TAB3}It is important to choose the name for your server before you install Synapse, because it cannot be changed later."
+echo "${TAB3}The server name determines the “domain” part of user-ids for users on your server: these will all be of the format @user:my.domain.name. It also determines how other matrix servers will reach yours for federation."
 read -p "${TAB3}Please enter the name for your server: " servername
 
 msg_info "Installing Element Synapse"

install/firefly-install.sh

@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os
 
-PHP_VERSION="8.4" PHP_APACHE="YES" setup_php
+PHP_VERSION="8.5" PHP_APACHE="YES" setup_php
 setup_composer
 setup_mariadb
 MARIADB_DB_NAME="firefly" MARIADB_DB_USER="firefly" setup_mariadb_db