v2.11.2: Storage Backend Fix + Docker Build Concurrency Fix
🔧 Bug Fixes
Storage Backend Sync (#278)
- Fixed race condition where renewed certificates were not immediately pushed to the configured external storage backend (Vault, AWS Secrets Manager, Azure Key Vault, Infisical)
- Renewed certificates are now guaranteed to sync to storage immediately after successful renewal, preventing storage backends from holding stale pre-renewal certificates
- Added regression test:
test_renew_pushes_renewed_cert_to_storage_backendvalidates correct cert bytes are pushed - Tested with OpenBao (Vault-compatible) backend
Docker Build Concurrency (#26)
- Fixed buildx plugin race condition on self-hosted runners when multiple tags are pushed in quick succession
- Error "docker: unknown command: docker buildx" now prevented by serializing tag builds
- Added concurrency group to
docker-multiplatform.ymlto ensure only one build per ref (branch/tag) runs simultaneously
🏗️ Infrastructure
- Hardened CI/CD gate for concurrent release builds
- Improved reliability of multi-platform Docker image builds
Contributors
- @fabriziosalmi (fix coordination, testing, CI gate)
- @luksiol (storage-after-renewal fix #278)
Thank you to all contributors!