chore(deps): update volkerraschek/helm docker tag to v3.18.3

Reviewed-on: #32

.drone.yml

@@ -1,94 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: linter
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: helm lint
-  commands:
-  - helm lint
-  image: docker.io/volkerraschek/helm:3.11.3
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: markdown lint
-  commands:
-  - markdownlint *.md
-  image: docker.io/volkerraschek/markdownlint:0.33.0
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: helm template
-  commands:
-  - helm template .
-  image: docker.io/volkerraschek/helm:3.11.3
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-- name: email-notification
-  environment:
-    SMTP_FROM_ADDRESS:
-      from_secret: smtp_from_address
-    SMTP_FROM_NAME:
-      from_secret: smtp_from_name
-    SMTP_HOST:
-      from_secret: smtp_host
-    SMTP_USERNAME:
-      from_secret: smtp_username
-    SMTP_PASSWORD:
-      from_secret: smtp_password
-  image: docker.io/volkerraschek/drone-email:0.1.1
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag
-
----
-kind: pipeline
-type: kubernetes
-name: release
-
-platform:
-  os: linux
-
-steps:
-- name: release-helm-chart
-  commands:
-  - helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
-  - helm package --version ${DRONE_TAG} .
-  - helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz volker.raschek
-  environment:
-    HELM_REPO_PASSWORD:
-      from_secret: helm_repo_password
-    HELM_REPO_USERNAME:
-      from_secret: helm_repo_username
-  image: docker.io/volkerraschek/helm:3.11.3
-  resources:
-    limits:
-      cpu: 150
-      memory: 150M
-
-trigger:
-  event:
-  - tag
-  repo:
-  - volker.raschek/athens-proxy-charts

.editorconfig

@@ -1,6 +1,3 @@
-# EditorConfig is awesome: https://EditorConfig.org
-
-# top-most EditorConfig file
 root = true
 
 [*]
@@ -9,4 +6,7 @@ indent_size = 2
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
-insert_final_newline = false
+insert_final_newline = false
+
+[Makefile]
+indent_style = tab

.gitea/workflows/generate-readme.yaml

@@ -0,0 +1,32 @@
+name: Generate README
+
+on:
+  pull_request:
+    paths: [ "README.md", "values.yaml" ]
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    paths: [ "README.md", "values.yaml" ]
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  generate-parameters:
+    container:
+      image: docker.io/library/node:24.2.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Generate parameter section in README
+      run: |
+        npm install
+        npm run readme:parameters
+    - name: Compare diff
+      run: git diff --exit-code --name-only README.md

.gitea/workflows/helm.yaml

@@ -0,0 +1,42 @@
+name: Helm
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  helm-lint:
+    container:
+      image: docker.io/volkerraschek/helm:3.18.3
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Lint helm files
+      run: |
+        helm lint --values values.yaml .
+
+  helm-unittest:
+    container:
+      image: docker.io/volkerraschek/helm:3.18.3
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Unittest
+      run: |
+        helm unittest --strict --file 'unittests/**/*.yaml' ./

.gitea/workflows/markdown-linters.yaml

@@ -0,0 +1,46 @@
+name: Markdown linter
+
+on:
+  pull_request:
+    paths: [ "**/*.md" ]
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches:
+    - '**'
+    paths: [ "**/*.md" ]
+    tags-ignore:
+    - '**'
+  workflow_dispatch: {}
+
+jobs:
+  markdown-link-checker:
+    container:
+      image: docker.io/library/node:24.2.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v4.2.2
+    - name: Verify links in markdown files
+      run: |
+        npm install
+        npm run readme:link
+
+  markdown-lint:
+    container:
+      image: docker.io/library/node:24.2.0-alpine
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git
+    - uses: actions/checkout@v4.2.2
+    - name: Lint markdown files
+      run: |
+        npm install
+        npm run readme:lint

.gitea/workflows/release.yaml

@@ -0,0 +1,54 @@
+name: Release
+
+on:
+  push:
+    tags:
+    - "**"
+
+jobs:
+  publish-chart:
+    container:
+      image: docker.io/volkerraschek/helm:3.18.3
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install tooling
+        run: |
+          apk update
+          apk add git npm yq
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Add Artifacthub.io annotations
+        run: |
+          NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+          OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
+
+      - name: Package chart
+        env:
+          CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
+          CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
+          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
+          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
+
+          GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+          GITEA_SERVER_URL: ${{ github.server_url }}
+        run: |
+          PACKAGE_VERSION=${GITHUB_REF#refs/tags/}
+          REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)
+          REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)
+
+          helm dependency build
+          helm package --version "${PACKAGE_VERSION}" ./
+
+          # chart-museum
+          helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
+          helm repo remove chartmuseum
+
+          # gitea
+          helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
+          helm repo remove gitea

.gitignore

@@ -1,3 +1,6 @@
-*.tgz
+charts
+node_modules
+target
 values2.yml
-values2.yaml
+values2.yaml
+*.tgz

.helmignore

@@ -2,6 +2,7 @@
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
+
 # Common VCS dirs
 .git/
 .gitignore
@@ -10,23 +11,50 @@
 .hg/
 .hgignore
 .svn/
+
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
+
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
+
 # drone
 .drone.yml
-# markdownlint
-.markdownlint.yaml
+
+# editorconfig
+.editorconfig
+
 # customized values
 values2.yml
 values2.yaml
+
 # helm packages
-*.tgz
+*.tgz
+.helmignore
+unittests
+
+# markdownlint
+.markdownlint.yml
+.markdownlint.yaml
+.markdownlintignore
+
+# npm
+.prettierignore
+.npmrc
+package*
+
+# yamllint
+.yamllint.yaml
+
+# Others
+CONTRIBUTING.md
+CODEOWNERS
+Makefile
+renovate.json

.markdownlint.yaml

@@ -45,9 +45,9 @@ MD012:
 # MD013/line-length - Line length
 MD013:
   # Number of characters
-  line_length: 80
+  line_length: 120
   # Number of characters for headings
-  heading_line_length: 80
+  heading_line_length: 120
   # Number of characters for code blocks
   code_block_line_length: 80
   # Include code blocks
@@ -56,8 +56,6 @@ MD013:
   tables: false
   # Include headings
   headings: true
-  # Include headings
-  headers: true
   # Strict length checking
   strict: false
   # Stern length checking
@@ -73,7 +71,7 @@ MD022:
 # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
 MD024:
   # Only check sibling headings
-  allow_different_nesting: true
+  siblings_only: true
 
 # MD025/single-title/single-h1 - Multiple top-level headings in the same document
 MD025:
@@ -129,7 +127,20 @@ MD041:
 MD044:
   # List of proper names
   names:
-  - gitea
+    - Git
+    - GitDevOps
+    - Gitea
+    - GitHub
+    - GitLab
+    - GitOps
+    - kube-prometheus-stack
+    - Memcached
+    - Oracle
+    - PostgreSQL
+    - Prometheus
+    - prometheus-exporter
+    - SSL
+    - TLS
   # Include code blocks
   code_blocks: false
 
@@ -141,4 +152,4 @@ MD046:
 # MD048/code-fence-style - Code fence style
 MD048:
   # Code fence syle
-  style: "backtick"
+  style: "backtick"

.markdownlintignore

@@ -0,0 +1,4 @@
+.github/
+Chart.lock
+charts/
+node_modules/

.npmrc

@@ -0,0 +1 @@
+engine-strict=true

.prettierignore

@@ -0,0 +1 @@
+Chart.lock

CODEOWNERS

@@ -0,0 +1 @@
+* @volker.raschek

CONTRIBUTING.md

@@ -0,0 +1,82 @@
+# Contributing
+
+I am very happy if you would like to provide a pull request 👍
+
+The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR).
+
+1. [Valid Git commits](#valid-git-commits)
+
+## Valid Git commits
+
+### Commit message
+
+The repository is subject to a strict commit message template. This states that there are several types of commits. For
+example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below.
+
+| type                | description                                                       |
+| ------------------- | ----------------------------------------------------------------- |
+| `feat`              | New feature.                                                      |
+| `fix`               | Fixes a bug.                                                      |
+| `refac`             | Refactoring production code.                                      |
+| `style`             | Fixes formatting issues. No production code change.               |
+| `docs`              | Adapt documentation. No production code change.                   |
+| `test`              | Adds new or modifies existing tests. No production code change.   |
+| `chore`             | Updating grunt tasks. Is everything which the user does not see.  |
+
+Based on these types, commit messaged can then be created. Here are a few examples:
+
+```text
+style(README): Wrong indentation
+feat(deployment): support restartPolicy
+fix(my-app): Add missing volume
+docs(CONTRIBUTING): Describe how to commit correctly
+```
+
+This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a
+pull request PR to be combined into one commit (squashing).
+
+### Smart commits
+
+Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of
+commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only
+needs to be added to the merge commit.
+
+This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history
+of a merge without having to select individual commits. The following history illustrates the correct use of smart commits.
+
+```text
+* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers
+|\
+| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes
+| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers
+| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers
+|/
+* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers
+```
+
+### Commit signing
+
+Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker
+can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the
+Linux kernel.
+
+```bash
+git config --global user.name 'Linux Torvalds'
+git config --global user.email 'torvalds@linux-foundation.org'
+```
+
+To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct
+delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed
+commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked.
+
+The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail
+address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account.
+Otherwise will be marked the Git commit as *Unverified*.
+
+1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
+
+Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed.
+
+Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For
+example an external USB drive.

Chart.yaml

@@ -3,7 +3,7 @@ name: athens-proxy
 description: Athens proxy server for golang
 type: application
 version: "0.1.0"
-appVersion: "v0.12.1"
+appVersion: "v0.16.0"
 icon: https://github.com/gomods/athens/blob/main/docs/static/banner.png?raw=true
 
 keywords:

LICENSE

@@ -1,13 +1,21 @@
-Copyright 2022 Markus Pesch
+MIT License
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+Copyright (c) 2025 Markus Pesch
 
-    http://www.apache.org/licenses/LICENSE-2.0
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,91 @@
+# CONTAINER_RUNTIME
+CONTAINER_RUNTIME?=$(shell which podman)
+
+# HELM_IMAGE
+HELM_IMAGE_REGISTRY_HOST?=docker.io
+HELM_IMAGE_REPOSITORY?=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.18.3 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
+HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
+
+# NODE_IMAGE
+NODE_IMAGE_REGISTRY_HOST?=docker.io
+NODE_IMAGE_REPOSITORY?=library/node
+NODE_IMAGE_VERSION?=24.2.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
+NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
+
+# MISSING DOT
+# ==============================================================================
+missing-dot:
+	grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml
+
+# CONTAINER RUN - README
+# ==============================================================================
+PHONY+=container-run/readme
+container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters
+
+container-run/readme/link:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:link
+
+container-run/readme/lint:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:lint
+
+container-run/readme/parameters:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${NODE_IMAGE_FULLY_QUALIFIED} \
+				npm install && npm run readme:parameters
+
+# CONTAINER RUN - HELM UNITTESTS
+# ==============================================================================
+PHONY+=container-run/helm-unittests
+container-run/helm-unittests:
+	${CONTAINER_RUNTIME} run \
+		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
+		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${HELM_IMAGE_FULLY_QUALIFIED} \
+				unittest --strict --file 'unittests/**/*.yaml' ./
+
+# CONTAINER RUN - HELM UPDATE DEPENDENCIES
+# ==============================================================================
+PHONY+=container-run/helm-update-dependencies
+container-run/helm-update-dependencies:
+	${CONTAINER_RUNTIME} run \
+		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
+		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${HELM_IMAGE_FULLY_QUALIFIED} \
+				dependency update
+
+# CONTAINER RUN - MARKDOWN-LINT
+# ==============================================================================
+PHONY+=container-run/helm-lint
+container-run/helm-lint:
+	${CONTAINER_RUNTIME} run \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+		${HELM_IMAGE_FULLY_QUALIFIED} \
+			lint --values values.yaml .
+
+# PHONY
+# ==============================================================================
+# Declare the contents of the PHONY variable as phony. We keep that information
+# in a variable so we can use it in if_changed.
+.PHONY: ${PHONY}

README.md

@@ -1,6 +1,5 @@
 # athens-proxy-charts
 
-[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/athens-proxy-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/athens-proxy-charts)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
 
 This is an inofficial helm chart of the go-proxy
@@ -26,7 +25,7 @@ below or via mounting the config.toml as additional persistent volume to
 
 Create a `configmap.yaml` with multiple keys. One key describe the content of
 the `.gitconfig` file and another of `config` of the ssh client. All requests
-git clone comands with the prefix `http://github.com/` will be replaced by
+Git clone comands with the prefix `http://github.com/` will be replaced by
 `git@github.com:` to use SSH instead of HTTPS. The SSH keys are stored in a
 separate secret.
 
@@ -104,11 +103,11 @@ extraVolumeMounts:
   mountPath: /root/.config/git
 ```
 
-## Access private github.com repositories via developer token
+## Access private GitHub.com repositories via developer token
 
-Another way to access private github repositories is via a github token, which
+Another way to access private GitHub repositories is via a GitHub token, which
 can be set via the environment variable `GITHUB_TOKEN`. Athens automatically
-creates a `.netrc` file to access private github repositories.
+creates a `.netrc` file to access private GitHub repositories.
 
 ## Access private repositories via .netrc configuration
 
@@ -117,7 +116,7 @@ HTTP. The file can also be defined via a custom secret and mounted into the home
 directory of `root` for general authentication purpose.
 
 The example below describe the definition and mounting of a custom `.netrc` file
-to access private repositories hosted on github and gitlab.
+to access private repositories hosted on GitHub and GitLab.
 
 ```yaml
 apiVersion: v1
@@ -165,3 +164,5 @@ extraVolumeMounts:
 - name: gomodules
   mountPath: /var/lib/athens
 ```
+
+## Parameters

package.json

@@ -0,0 +1,21 @@
+{
+  "name": "athens-proxy-chart",
+  "homepage": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart.git",
+  "license": "MIT",
+  "private": true,
+  "engineStrict": true,
+  "engines": {
+    "node": ">=16.0.0",
+    "npm": ">=8.0.0"
+  },
+  "scripts": {
+    "readme:link": "markdown-link-check *.md",
+    "readme:lint": "markdownlint *.md -f",
+    "readme:parameters": "readme-generator -v values.yaml -r README.md"
+  },
+  "devDependencies": {
+    "@bitnami/readme-generator-for-helm": "^2.5.0",
+    "markdown-link-check": "^3.13.6",
+    "markdownlint-cli": "^0.45.0"
+  }
+}

renovate.json

@@ -1,28 +1,14 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "automergeStrategy": "merge-commit",
-  "automergeType": "pr",
-  "assignees": [ "volker.raschek" ],
-  "labels": [ "renovate" ],
-  "packageRules": [
-    {
-      "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
-    },
-    {
-      "addLabels": [ "renovate/athens-proxy", "renovate/automerge" ],
-      "automerge": false,
-      "matchPackageNames": [ "gomods/athens" ],
-      "matchManagers": [ "regex" ]
-    }
+  "extends": [
+    "local>volker.raschek/renovate-config:default#master",
+    "local>volker.raschek/renovate-config:container#master",
+    "local>volker.raschek/renovate-config:actions#master",
+    "local>volker.raschek/renovate-config:npm#master",
+    "local>volker.raschek/renovate-config:regexp#master"
   ],
-  "rebaseLabel": "renovate/rebase",
-  "rebaseWhen": "behind-base-branch",
-  "regexManagers": [
+  "customManagers": [
     {
-      "description": "Update container image reference",
       "fileMatch": [
         "^Chart\\.yaml$"
       ],
@@ -30,7 +16,53 @@
         "appVersion: \"(?<currentValue>.*?)\"\\s+"
       ],
       "datasourceTemplate": "docker",
-      "depNameTemplate": "gomods/athens"
+      "depNameTemplate": "gomods/athens",
+      "lookupNameTemplate": "docker.io/gomods/athens",
+      "versioningTemplate": "semver"
+    },
+    {
+      "fileMatch": ["^README\\.md$"],
+      "matchStrings": [
+        "VERSION=(?<currentValue>.*)"
+      ],
+      "depNameTemplate": "volker.raschek/athens-proxy-chart",
+      "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-chart",
+      "datasourceTemplate": "git-tags",
+      "versioningTemplate": "semver"
+    }
+  ],
+  "packageRules": [
+    {
+      "addLabels": [
+        "renovate/automerge",
+        "renovate/container"
+      ],
+      "automerge": true,
+      "excludePackagePatterns": [
+        "gomods/athens"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
+    },
+    {
+      "addLabels": [
+        "renovate/automerge",
+        "renovate/documentation"
+      ],
+      "automerge": true,
+      "matchDepNames": [
+        "volker.raschek/athens-proxy-chart"
+      ],
+      "matchUpdateTypes": [
+        "major",
+        "minor",
+        "patch"
+      ]
     }
   ]
 }

templates/deployment.yaml

@@ -26,20 +26,18 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.livenessProbe }}
           livenessProbe:
-            httpGet:
-              scheme: HTTP
-              path: /healthz
-              port: http
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           ports:
           - name: http
             containerPort: {{ .Values.config.ATHENS_PORT | default 3000 }}
             protocol: TCP
+          {{- with .Values.readinessProbe }}
           readinessProbe:
-            httpGet:
-              scheme: HTTP
-              path: /healthz
-              port: http
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           {{- with .Values.extraVolumeMounts }}

values.yaml

@@ -102,6 +102,12 @@ config: {}
   # MY_S3_BUCKET_NAME:
   # PROXY_FORCE_SSL:
 
+livenessProbe:
+  httpGet:
+    scheme: HTTP
+    path: /healthz
+    port: http
+
 replicaCount: 1
 
 serviceAccount:
@@ -137,6 +143,12 @@ ingress:
     hosts:
     - "your-hostname"
 
+readinessProbe:
+  httpGet:
+    scheme: HTTP
+    path: /healthz
+    port: http
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little