From 4c749dc4941858510339e24cb3ba27eec2696d7e Mon Sep 17 00:00:00 2001
From: Chris Gianelloni <wolf31o2@blinklabs.io>
Date: Sat, 23 Aug 2025 13:02:08 -0400
Subject: [PATCH 1/3] feat: support arm64 natively w/ blinklabs-io images

Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>
---
 .envrc                     | 4 ++--
 compose-partner-chains.yml | 6 +-----
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/.envrc b/.envrc
index c642786..08d4831 100644
--- a/.envrc
+++ b/.envrc
@@ -41,7 +41,7 @@ export APPEND_ARGS="--allow-private-ip --pool-limit 10 --trie-cache-size 0 --pro
 # Validator Values:
 if [ ! -f node.privatekey ]; then
   # generate node key like this:
-  DOCKER_DEFAULT_PLATFORM=linux/amd64 docker run --rm -it docker.io/parity/subkey:latest generate-node-key  | sed -n '2p' > midnight-node.privatekey
+  docker run --rm -it ghcr.io/blinklabs-io/subkey:9.0.0 generate-node-key  | sed -n '2p' > midnight-node.privatekey
   # Use the second line of output for NODE_KEY (that's what sed -n '2p' does)
 fi
 export NODE_KEY="$(cat ./midnight-node.privatekey)"
@@ -50,6 +50,6 @@ export NODE_KEY="$(cat ./midnight-node.privatekey)"
 # Partner chains config:
 #
 export CARDANO_NETWORK=preview
-export CARDANO_IMAGE="ghcr.io/intersectmbo/cardano-node:10.2.1"
+export CARDANO_IMAGE="ghcr.io/blinklabs-io/cardano-node:10.2.1"
 export CARDANO_DATA_DIR=./cardano-data
 export CARDANO_CONFIG_DIR=./cardano-config/${CARDANO_NETWORK}
diff --git a/compose-partner-chains.yml b/compose-partner-chains.yml
index 4b73f4b..d801b24 100644
--- a/compose-partner-chains.yml
+++ b/compose-partner-chains.yml
@@ -22,7 +22,6 @@ volumes:
 services:
   cardano-node:
     image: ${CARDANO_IMAGE}
-    platform: linux/amd64
     restart: unless-stopped
     container_name: cardano-node
     ports:
@@ -36,7 +35,6 @@ services:
 
   postgres:
     image: postgres:15.3
-    platform: linux/amd64
     container_name: db-sync-postgres
     environment:
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
@@ -53,8 +51,7 @@ services:
       retries: 5
 
   cardano-db-sync:
-    image: ghcr.io/intersectmbo/cardano-db-sync:13.6.0.4
-    platform: linux/amd64
+    image: ghcr.io/blinklabs-io/cardano-db-sync:13.6.0.4
     container_name: cardano-db-sync
     restart: unless-stopped
     depends_on:
@@ -73,7 +70,6 @@ services:
 
   cardano-ogmios:
     image: cardanosolutions/ogmios:v6.11.0
-    platform: linux/amd64
     container_name: cardano-ogmios
     restart: unless-stopped
     environment:

From 4b202feddbf101eb4b7ab6fe9b8e992e02f629bb Mon Sep 17 00:00:00 2001
From: Squirrel <gilescope@gmail.com>
Date: Thu, 4 Sep 2025 10:56:40 +0100
Subject: [PATCH 2/3] fix: accept-forks (#49)

* fix: accept-forks

* debug: show generated sarif file
---
 .github/workflows/checkmarx.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/checkmarx.yaml b/.github/workflows/checkmarx.yaml
index ae2283e..1cad80a 100644
--- a/.github/workflows/checkmarx.yaml
+++ b/.github/workflows/checkmarx.yaml
@@ -35,7 +35,7 @@ jobs:
 
     steps:
       - name: Check access
-        if: ${{ github.event.pull_request.author_association != 'COLLABORATOR' && github.event.pull_request.author_association != 'OWNER' }}
+        if: ${{ github.event.pull_request.author_association != 'COLLABORATOR' && github.event.pull_request.author_association != 'OWNER' && github.event.pull_request.author_association != 'MEMBER' }}
         run: |
           echo "This job needs re-running by someone with collaboration permissions."
           exit 1
@@ -109,6 +109,11 @@ jobs:
           mv ./cx_result.sarif ./cx_result.sarif.orig
           jq '.runs |= map(.results |= map(.locations |= map(if .physicalLocation.artifactLocation.uri == "" then .physicalLocation.artifactLocation.uri = "file:/README.md" else . end)))' cx_result.sarif.orig > cx_result.sarif
 
+      - uses: actions/upload-artifact@v4
+        with:
+          name: cx_result-sarif
+          path: cx_result.sarif
+
       # Upload results to github
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@7273f08caa1dcf2c2837f362f1982de0ab4dc344  # v3.29.2

From b53b41156e8a6e62a9173b8d5ef081d36d8c5e9d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 16:56:00 +0100
Subject: [PATCH 3/3] build(deps): bump checkmarx/ast-github-action from 2.3.24
 to 2.3.26 (#48)

Bumps [checkmarx/ast-github-action](https://github.com/checkmarx/ast-github-action) from 2.3.24 to 2.3.26.
- [Release notes](https://github.com/checkmarx/ast-github-action/releases)
- [Commits](https://github.com/checkmarx/ast-github-action/compare/f29b1171205dec7f7a301f53809ad54a0ee65f86...ef313c2c19e03e90ae35e795724fb1d20830dc33)

---
updated-dependencies:
- dependency-name: checkmarx/ast-github-action
  dependency-version: 2.3.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/checkmarx.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/checkmarx.yaml b/.github/workflows/checkmarx.yaml
index 1cad80a..b5c6a5a 100644
--- a/.github/workflows/checkmarx.yaml
+++ b/.github/workflows/checkmarx.yaml
@@ -94,7 +94,7 @@ jobs:
           fi
 
       - name: Checkmarx One CLI Action
-        uses: checkmarx/ast-github-action@f29b1171205dec7f7a301f53809ad54a0ee65f86 #2.3.24
+        uses: checkmarx/ast-github-action@ef313c2c19e03e90ae35e795724fb1d20830dc33 #2.3.26
         with:
           cx_tenant: ${{ secrets.CX_TENANT }}
           base_uri: https://eu-2.ast.checkmarx.net/