From c23f5fd44894d41093f562b1da179052e378a24f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 May 2026 17:49:38 +0000
Subject: [PATCH 1/7] build(deps): bump mitmproxy from 11.0.0 to 12.2.2 in
 /tests

Bumps [mitmproxy](https://github.com/mitmproxy/mitmproxy) from 11.0.0 to 12.2.2.
- [Release notes](https://github.com/mitmproxy/mitmproxy/releases)
- [Changelog](https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mitmproxy/mitmproxy/compare/v11.0.0...v12.2.2)

---
updated-dependencies:
- dependency-name: mitmproxy
  dependency-version: 12.2.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/requirements.txt b/tests/requirements.txt
index 1c4d7d5bd..a75d1d9bc 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -7,7 +7,7 @@ pytest-xdist==3.8.0
 clang-format==20.1.5
 pywin32==308; sys_platform == "win32"
 # mitmproxy requires OpenSSL to build on Windows ARM64, skip it there
-mitmproxy==11.0.0; platform_machine != "ARM64"
+mitmproxy==12.2.2; platform_machine != "ARM64"
 psutil==7.1.1
 # For E2E tests that call Sentry API
 requests==2.33.0

From 01e6ed400997a08a6a0784ad2416cb4b33cf0d8f Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Wed, 13 May 2026 18:37:35 +0200
Subject: [PATCH 2/7] Switch to Alpine Linux 3.23

---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d068c3ebc..261ef08b4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -142,13 +142,13 @@ jobs:
             RUN_ANALYZER: code-checker,valgrind
           - name: Linux (GCC + musl + libunwind)
             os: ubuntu-latest
-            container: ghcr.io/getsentry/sentry-native-alpine:3.21
+            container: ghcr.io/getsentry/sentry-native-alpine:3.23
             CC: gcc
             CXX: g++
             SYSTEM_PYTHON: 1
           - name: Linux (clang + musl + libunwind)
             os: ubuntu-latest
-            container: ghcr.io/getsentry/sentry-native-alpine:3.21
+            container: ghcr.io/getsentry/sentry-native-alpine:3.23
             CC: clang
             CXX: clang++
             SYSTEM_PYTHON: 1

From f11227dcef00ab4a198236b150922b21b817bf2d Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 14 May 2026 09:41:58 +0200
Subject: [PATCH 3/7] Support building mitmproxy on Alpine 3.23

---
 .github/docker/alpine/Dockerfile | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/docker/alpine/Dockerfile b/.github/docker/alpine/Dockerfile
index f3943312b..1f456b99f 100644
--- a/.github/docker/alpine/Dockerfile
+++ b/.github/docker/alpine/Dockerfile
@@ -14,6 +14,7 @@ RUN apk add --no-cache \
     icu \
     linux-headers \
     lsb-release-minimal \
+    llvm \
     mitmproxy \
     moreutils \
     nodejs \
@@ -24,11 +25,20 @@ RUN apk add --no-cache \
     python3 \
     python3-dev \
     py3-pip \
+    rustup \
     sudo \
     tar \
     tree \
     wget
 
+# 3.23+
+RUN cargo install --locked bpf-linker --root /usr/local || true
+RUN RUSTUP_INIT_SKIP_PATH_CHECK=yes rustup-init -y --profile minimal --default-toolchain none \
+    && . /root/.cargo/env \
+    && rustup toolchain install nightly --profile minimal --component rust-src \
+    || true
+ENV PATH="/root/.cargo/bin:$PATH"
+
 RUN curl -sSL --retry 5 https://dot.net/v1/dotnet-install.sh | bash -eo pipefail /dev/stdin --channel 10.0 --install-dir /usr/share/dotnet
 RUN ln -s /usr/share/dotnet/dotnet /usr/local/bin/dotnet
 

From e275caec53c723c38daa52130f879e731ad50d0e Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 14 May 2026 11:38:24 +0200
Subject: [PATCH 4/7] llvm-22, cargo, rustup

---
 .github/docker/alpine/Dockerfile | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/docker/alpine/Dockerfile b/.github/docker/alpine/Dockerfile
index 1f456b99f..a904d685b 100644
--- a/.github/docker/alpine/Dockerfile
+++ b/.github/docker/alpine/Dockerfile
@@ -31,13 +31,16 @@ RUN apk add --no-cache \
     tree \
     wget
 
-# 3.23+
-RUN cargo install --locked bpf-linker --root /usr/local || true
-RUN RUSTUP_INIT_SKIP_PATH_CHECK=yes rustup-init -y --profile minimal --default-toolchain none \
-    && . /root/.cargo/env \
-    && rustup toolchain install nightly --profile minimal --component rust-src \
-    || true
-ENV PATH="/root/.cargo/bin:$PATH"
+# 3.23+ (build mitmproxy)
+RUN if awk -F. '{ exit !($1 > 3 || ($1 == 3 && $2 >= 23)) }' /etc/alpine-release; then \
+    (apk add --no-cache llvm22-libs || \
+    apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main llvm22-libs) && \
+    RUSTUP_INIT_SKIP_PATH_CHECK=yes rustup-init -y --profile minimal --default-toolchain none && \
+    . /root/.cargo/env && \
+    rustup toolchain install nightly --profile minimal --component rust-src && \
+    rustup run nightly cargo install --locked --git https://github.com/aya-rs/bpf-linker --root /usr/local bpf-linker && \
+    ln -s /root/.cargo/bin/rustup /usr/local/bin/rustup; \
+    fi
 
 RUN curl -sSL --retry 5 https://dot.net/v1/dotnet-install.sh | bash -eo pipefail /dev/stdin --channel 10.0 --install-dir /usr/share/dotnet
 RUN ln -s /usr/share/dotnet/dotnet /usr/local/bin/dotnet

From 5334504656caaa6e9c09200ec1e5619dc1f2efe7 Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 14 May 2026 12:11:31 +0200
Subject: [PATCH 5/7] bpf-linker

---
 .github/docker/alpine/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/docker/alpine/Dockerfile b/.github/docker/alpine/Dockerfile
index a904d685b..5e4928a58 100644
--- a/.github/docker/alpine/Dockerfile
+++ b/.github/docker/alpine/Dockerfile
@@ -35,10 +35,10 @@ RUN apk add --no-cache \
 RUN if awk -F. '{ exit !($1 > 3 || ($1 == 3 && $2 >= 23)) }' /etc/alpine-release; then \
     (apk add --no-cache llvm22-libs || \
     apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main llvm22-libs) && \
+    cargo install --locked --git https://github.com/aya-rs/bpf-linker --root /usr/local bpf-linker && \
     RUSTUP_INIT_SKIP_PATH_CHECK=yes rustup-init -y --profile minimal --default-toolchain none && \
     . /root/.cargo/env && \
     rustup toolchain install nightly --profile minimal --component rust-src && \
-    rustup run nightly cargo install --locked --git https://github.com/aya-rs/bpf-linker --root /usr/local bpf-linker && \
     ln -s /root/.cargo/bin/rustup /usr/local/bin/rustup; \
     fi
 

From 40f227625b9662984fc748aabf7194b9ed1e9fce Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 14 May 2026 12:56:21 +0200
Subject: [PATCH 6/7] XXX_HOME

---
 .github/docker/alpine/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/docker/alpine/Dockerfile b/.github/docker/alpine/Dockerfile
index 5e4928a58..e91f06f12 100644
--- a/.github/docker/alpine/Dockerfile
+++ b/.github/docker/alpine/Dockerfile
@@ -41,6 +41,8 @@ RUN if awk -F. '{ exit !($1 > 3 || ($1 == 3 && $2 >= 23)) }' /etc/alpine-release
     rustup toolchain install nightly --profile minimal --component rust-src && \
     ln -s /root/.cargo/bin/rustup /usr/local/bin/rustup; \
     fi
+ENV CARGO_HOME=/root/.cargo
+ENV RUSTUP_HOME=/root/.rustup
 
 RUN curl -sSL --retry 5 https://dot.net/v1/dotnet-install.sh | bash -eo pipefail /dev/stdin --channel 10.0 --install-dir /usr/share/dotnet
 RUN ln -s /usr/share/dotnet/dotnet /usr/local/bin/dotnet

From 965358fca020a34249110185c4cd613058f72910 Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Fri, 15 May 2026 10:34:27 +0200
Subject: [PATCH 7/7] Prebuild pip packages in Alpine Docker images

Copy the test requirements into the Alpine Docker context in CI and
use them as constraints for optional pip installs during image builds.

This lets the Alpine 3.23 image prebuild mitmproxy from the pinned test
requirement while keeping local Docker builds and the Alpine 3.21 system
mitmproxy path intact.
---
 .github/docker/alpine/Dockerfile       | 22 ++++++++++++++--------
 .github/docker/alpine/requirements.txt |  1 +
 .github/workflows/docker.yml           |  7 +++++++
 3 files changed, 22 insertions(+), 8 deletions(-)
 create mode 100644 .github/docker/alpine/requirements.txt

diff --git a/.github/docker/alpine/Dockerfile b/.github/docker/alpine/Dockerfile
index e91f06f12..bc29ae381 100644
--- a/.github/docker/alpine/Dockerfile
+++ b/.github/docker/alpine/Dockerfile
@@ -2,6 +2,9 @@
 ARG BASE=alpine:latest
 FROM ${BASE}
 
+ARG PIP_INSTALL=
+COPY requirements.txt /tmp/requirements.txt
+
 RUN apk add --no-cache \
     bash \
     build-base \
@@ -31,15 +34,18 @@ RUN apk add --no-cache \
     tree \
     wget
 
-# 3.23+ (build mitmproxy)
+# 3.23+
 RUN if awk -F. '{ exit !($1 > 3 || ($1 == 3 && $2 >= 23)) }' /etc/alpine-release; then \
-    (apk add --no-cache llvm22-libs || \
-    apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main llvm22-libs) && \
-    cargo install --locked --git https://github.com/aya-rs/bpf-linker --root /usr/local bpf-linker && \
-    RUSTUP_INIT_SKIP_PATH_CHECK=yes rustup-init -y --profile minimal --default-toolchain none && \
-    . /root/.cargo/env && \
-    rustup toolchain install nightly --profile minimal --component rust-src && \
-    ln -s /root/.cargo/bin/rustup /usr/local/bin/rustup; \
+        (apk add --no-cache llvm22-libs || \
+            apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main llvm22-libs) && \
+        cargo install --locked --git https://github.com/aya-rs/bpf-linker --root /usr/local bpf-linker && \
+        RUSTUP_INIT_SKIP_PATH_CHECK=yes rustup-init -y --profile minimal --default-toolchain none && \
+        . /root/.cargo/env && \
+        rustup toolchain install nightly --profile minimal --component rust-src && \
+        ln -s /root/.cargo/bin/rustup /usr/local/bin/rustup && \
+        if [ -n "${PIP_INSTALL}" ]; then \
+            python3 -m pip install --break-system-packages --upgrade --constraint /tmp/requirements.txt ${PIP_INSTALL}; \
+        fi; \
     fi
 ENV CARGO_HOME=/root/.cargo
 ENV RUSTUP_HOME=/root/.rustup
diff --git a/.github/docker/alpine/requirements.txt b/.github/docker/alpine/requirements.txt
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/.github/docker/alpine/requirements.txt
@@ -0,0 +1 @@
+
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 2a3497603..e3474a8e4 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -6,6 +6,7 @@ on:
       - master
     paths:
       - '.github/docker/**'
+      - 'tests/requirements.txt'
   workflow_dispatch:
 
 jobs:
@@ -29,6 +30,11 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
 
+      - name: Copy test requirements
+        run: |
+          git update-index --assume-unchanged .github/docker/alpine/requirements.txt
+          cp tests/requirements.txt .github/docker/alpine/requirements.txt
+
       - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # pin@v4.1.0
         with:
           registry: ghcr.io
@@ -47,3 +53,4 @@ jobs:
           context: .github/docker/alpine
           build-args: |
             BASE=alpine:${{ matrix.version }}
+            PIP_INSTALL=${{ matrix.version == '3.23' && 'mitmproxy' || '' }}