Cardano Updates

Flake lock file updates:

• Updated input 'flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8?narHash=sha256-Z%2Bs0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh%2BE%3D' (2022-04-19)
  → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0?narHash=sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc%3D' (2022-08-07)
  → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b?narHash=sha256-l0KFg5HjrsfsO/JpG%2Br7fRrqm12kzFHyUHqHCVpMMbI%3D' (2024-11-13)
• Added input 'flake-utils/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09)
• Updated input 'naersk':
    'github:nix-community/naersk/6944160c19cb591eb85bbf9b2f2768a935623ed3?narHash=sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY%3D' (2022-09-03)
  → 'github:nix-community/naersk/3ddafa67a4c7d06483995c85c66a2d285b738833?narHash=sha256-rfZT1gFztHDqA4gcFLO/Qv74bulhW/mXYqIHYTmc1lA%3D' (2026-06-12)
• Added input 'naersk/fenix':
    'github:nix-community/fenix/bf0d6f70f4c9a9cf8845f992105652173f4b617f?narHash=sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU%3D' (2025-07-14)
• Added input 'naersk/fenix/nixpkgs':
    follows 'naersk/nixpkgs'
• Added input 'naersk/fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/591e3b7624be97e4443ea7b5542c191311aa141d?narHash=sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu%2BQEnJn2Sfg%3D' (2025-07-13)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7e52b35fe98481a279d89f9c145f8076d049d2b9?narHash=sha256-haixZ4TJLu1Dciow54wrHrHvlGDVr5sW6MTeAV/ZLuI%3D' (2022-09-27)
  → 'github:NixOS/nixpkgs/9ae611a455b90cf061d8f332b977e387bda8e1ca?narHash=sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4%3D' (2026-06-10)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/60cad1a326df17a8c6cf2bb23436609fdd83024e?narHash=sha256-lmCCIu4dj59qbzkGKHQtolhpIEQMeAd2XUbXVPqgPYo%3D' (2022-09-13)
  → 'github:cachix/pre-commit-hooks.nix/61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a?narHash=sha256-kTwur1wV%2B01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs%3D' (2026-05-11)
• Added input 'pre-commit-hooks/flake-compat':
    'github:NixOS/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29)
• Removed input 'pre-commit-hooks/flake-utils'
• Added input 'pre-commit-hooks/gitignore':
    'github:hercules-ci/gitignore.nix/637db329424fd7e46cf4185293b9cc8c88c95394?narHash=sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs%3D' (2024-02-28)
• Added input 'pre-commit-hooks/gitignore/nixpkgs':
    follows 'pre-commit-hooks/nixpkgs'
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/1601b5a28c50fd9d40bd61b8878f3499e09bce7a?narHash=sha256-hCSvJeoWZZbBTCR/QyazP%2BVzGHpuKfcgaPx2hQ90w7s%3D' (2022-09-29)
  → 'github:oxalica/rust-overlay/5b929d8c854149d926d05ea0cd6469bf4e54db27?narHash=sha256-mjJ/VxJaIkgcUvKANgKOaaN5M1X1X%2B6NjCP0C5hw0WI%3D' (2026-06-13)
• Removed input 'rust-overlay/flake-utils'

Flake lock file updates:

• Updated input 'CHaP':
    'github:intersectmbo/cardano-haskell-packages/60bade9ab7b16121307e12a0fb9aefb2e245faef?narHash=sha256-zKJE6viU6JKUGlesde00In7VrALXv%2BlC6r/1QiQBB4s%3D' (2025-04-29)
  → 'github:intersectmbo/cardano-haskell-packages/0aa7afd943dbcf2dc51fe652c982da281f8cb621?narHash=sha256-lipiKNOJ/NIGO/pcwQT030%2BsSgbTkP3N0w/ck5jBJlw%3D' (2026-06-10)
• Updated input 'hackageNix':
    'github:input-output-hk/hackage.nix/4c98778277c642e326b3cb7c2c9cbb9163b9ffbd?narHash=sha256-dk/70Cmjx8fGSURcAHQnowETeAOElzDxn0wH/P4DUWA%3D' (2025-04-22)
  → 'github:input-output-hk/hackage.nix/2683b4876d10badf119965ccfa19d5df32a7cce3?narHash=sha256-Wpjy5RQg2wm50NcCMmOKlZHG4e1OXupo4BXtA2mLJIg%3D' (2026-06-13)

After publishing, run the image by digest and invoke `oura --version` so a
broken image (e.g. a glibc mismatch against the debian:12-slim base) fails
the workflow instead of shipping silently. Pulling by digest selects the
amd64 variant on the runner.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

The e2e build job ran on ubuntu-latest (24.04, glibc 2.39), so the binary
linked GLIBC_2.39, which the debian:12-slim runtime image (glibc 2.36)
can't satisfy:

  oura: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.39' not found

Pin the build to ubuntu-22.04 (glibc 2.35), matching docker.yml's build
runner, so the binary is compatible with the runtime image.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Flake lock file updates:

• Updated input 'CHaP':
    'github:intersectmbo/cardano-haskell-packages/e8a483522ee73c8c9493ea6055553e5c2532e66b?narHash=sha256-ZzXz2vOhqethlqPgBExPXEnKWvaTbidsIxh5MGv%2BpwE%3D' (2026-05-02)
  → 'github:intersectmbo/cardano-haskell-packages/0aa7afd943dbcf2dc51fe652c982da281f8cb621?narHash=sha256-lipiKNOJ/NIGO/pcwQT030%2BsSgbTkP3N0w/ck5jBJlw%3D' (2026-06-10)
• Updated input 'hackageNix':
    'github:input-output-hk/hackage.nix/ba6ab6f3b781c8f308cba4fa384eafa48033f3cc?narHash=sha256-cPUF8%2Bl1ej7x4UZcuuf6IDsxU1WWmGWC0vFBH%2B6jXZk%3D' (2026-05-06)
  → 'github:input-output-hk/hackage.nix/127f92d4026a032f11f316a5a8f643266825821f?narHash=sha256-bbph19IozPdUAMInJj7rCZZQ20qv5cI7nBzRCmvtryM%3D' (2026-06-13)

The e2e build job compiled oura from source inside Docker using the root
Dockerfile, diverging from the image docker.yml actually publishes. Build
the amd64 binary natively (rustup + setup-protoc + Swatinem cache) and
assemble it with the shared .github/image/Dockerfile, so e2e exercises the
production image. Reusing docker.yml's rust-cache shared-key lets e2e
dispatches restore a warm cache instead of a cold from-source build.

Stays workflow_dispatch-only; the test job is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Compiles native per-arch binaries (x86_64, arm64) and assembles a
multi-arch image pushed to ghcr.io/txpipe/oura, mirroring the approach
used in Dolos. Publishes :latest on main and :stable + semver tags on
v* releases. Uses oura's CI idioms (rustup honoring rust-toolchain.toml,
Swatinem cache, setup-protoc) rather than archived actions-rs actions.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Enable the u5c feature for the cargo-dist release build via
[package.metadata.dist], so the installers/archives include the
utxorpc source. dist switches to precise-builds and compiles with
--features u5c; release.yml is unchanged (features apply at build time).

Cost: ~+2.2 MB stripped over the base binary (~12 MB -> ~14 MB).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>