chore(deps): update dependency helm-unittest/helm-unittest to v1.1.1

The following patch avoids a drift in Argo CD. Argo CD detects the missing
`group` of the backendRef.

.gitea/scripts/add-annotations.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -e
+set -eo pipefail
 
 CHART_FILE="Chart.yaml"
 if [ ! -f "${CHART_FILE}" ]; then
@@ -8,9 +8,11 @@ if [ ! -f "${CHART_FILE}" ]; then
   exit 1
 fi
 
-# Exclude prerelease tags (matching -rc or -rc-<digits>) from default tag selection
+rc_pattern="\-rc([-\.][0-9]+)?$"
-DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp '\-rc(-[0-9]+)?$' | head --lines 1)"
+
-DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp '\-rc(-[0-9]+)?$' | head --lines 2 | tail --lines 1)"
+# Exclude prerelease tags (matching -rc or -rc.<digits>) from default tag selection
+DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
+DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
 
 if [ -z "${1}" ]; then
   read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
@@ -56,7 +58,7 @@ else
 fi
 
 # Check if NEW_TAG is a prerelease (matches -rc or -rc-<digits> suffix)
-if [[ "${NEW_TAG}" =~ -rc(-[0-9]+)?$ ]]; then
+if [[ "${NEW_TAG}" =~ ${rc_pattern} ]]; then
   echo "INFO: Tag '${NEW_TAG}' is a prerelease, setting prerelease annotation and skipping changelog."
   yq --no-colors --inplace ".annotations.\"artifacthub.io/prerelease\" = \"true\" | sort_keys(.)" "${CHART_FILE}"
   exit 0

.gitea/workflows/artifacthub-metadata.yaml

@@ -0,0 +1,41 @@
+name: Upload ArtifactHub Metadata
+
+on:
+  schedule:
+    - cron: '0 3 1 * *'
+  workflow_dispatch:
+
+jobs:
+  upload-metadata:
+    name: "Upload artifacthub-repo.yml to OCI registry"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6.0.3
+    - uses: docker/login-action@v4.2.0
+      with:
+        registry: ${{ github.server_url }}
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+    - uses: oras-project/setup-oras@v2.0.0
+      with:
+        version: 1.3.2 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
+    - name: Extract meta information
+      run: |
+        echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV
+        echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+        echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
+        echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
+    - name: Push artifacthub-repo.yml
+      run: |
+        oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:artifacthub.io \
+          --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
+          artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
+    - name: Push public cosign key
+      env:
+        COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
+      run: |
+        echo "${COSIGN_PUBLIC_KEY}" > cosign.pub
+        oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:cosign.pub \
+          --artifact-type application/vnd.dev.cosign.public-key.v1 \
+          --annotation org.opencontainers.image.title=cosign.pub \
+          cosign.pub:application/vnd.dev.cosign.public-key.v1

.gitea/workflows/generate-readme.yaml

@@ -15,14 +15,14 @@ on:
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:25.9.0-alpine
+      image: docker.io/library/node:26.3.0-alpine
     runs-on: ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@v6.0.3
     - name: Generate parameter section in README
       run: |
         npm install

.gitea/workflows/helm.yaml

@@ -14,10 +14,10 @@ jobs:
   helm-lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@v6.0.3
     - uses: azure/setup-helm@v5.0.0
       with:
-        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
+        version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
     - name: Lint helm files
       run: |
         helm lint --values values.yaml .
@@ -25,10 +25,10 @@ jobs:
   helm-unittest:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@v6.0.3
     - uses: azure/setup-helm@v5.0.0
       with:
-        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
+        version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
     - env:
         HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
       name: Install helm-unittest

.gitea/workflows/markdown-linters.yaml

@@ -15,14 +15,14 @@ on:
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:25.9.0-alpine
+      image: docker.io/library/node:26.3.0-alpine
     runs-on: ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@v6.0.3
     - name: Verify links in markdown files
       run: |
         npm install
@@ -30,14 +30,14 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:25.9.0-alpine
+      image: docker.io/library/node:26.3.0-alpine
     runs-on: ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git
-    - uses: actions/checkout@v6.0.2
+    - uses: actions/checkout@v6.0.3
     - name: Lint markdown files
       run: |
         npm install

.gitea/workflows/release.yaml

@@ -20,13 +20,13 @@ jobs:
 
       - uses: azure/setup-helm@v5.0.0
         with:
-          version: "v4.1.4" # renovate: datasource=github-tags depName=helm/helm
+          version: "v4.2.0" # renovate: datasource=github-tags depName=helm/helm
 
       - name: Install helm plugins
         env:
           HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
           HELM_SCHEMA_VALUES_VERSION: "2.4.0" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
-          HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
+          HELM_UNITTEST_VERSION: "1.1.1" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
         run: |
           helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
           helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
@@ -65,14 +65,15 @@ jobs:
           gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
           gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
 
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
         with:
           fetch-depth: 0
 
       - name: Add Artifacthub.io annotations
         run: |
-          NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+          rc_pattern="\-rc([-\.][0-9]+)?$"
-          OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+          NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
+          OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
           .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"
 
       - name: Extract meta information
@@ -95,7 +96,7 @@ jobs:
             --passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
             --version "${PACKAGE_VERSION}" ./
 
-      - uses: docker/login-action@v4.1.0
+      - uses: docker/login-action@v4.2.0
         with:
           registry: ${{ github.server_url }}
           username: ${{ github.repository_owner }}

.vscode/settings.json

@@ -1,6 +1,6 @@
 {
   "yaml.schemas": {
-    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.0/schema/helm-testsuite.json": [
+    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.1/schema/helm-testsuite.json": [
       "/unittests/**/*.yaml"
     ]
   },

README.md

@@ -37,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!
 
 ```bash
-CHART_VERSION=1.4.1
+CHART_VERSION=2.0.1
 helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
 ```
 
@@ -51,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
 Use the `--set` argument to persist your data.
 
 ```bash
-CHART_VERSION=1.4.1
+CHART_VERSION=2.0.1
 helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
   persistence.enabled=true
 ```
@@ -81,7 +81,7 @@ Further information about this topic can be found in one of Kanishk's blog
 > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
 
 ```bash
-CHART_VERSION=1.4.1
+CHART_VERSION=2.0.1
 helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
   --set 'deployment.athensProxy.env.name=GOMAXPROCS' \
   --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
@@ -105,7 +105,7 @@ describes configuring [Ingress NGINX](#ingress-nginx) as well as [NGINX Gateway
 > `athens-proxy-ca` is present in the same namespace of the helm deployment.
 
 ```bash
-CHART_VERSION=1.4.1
+CHART_VERSION=2.0.1
 helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
   --set 'config.certificate.enabled=true' \
   --set 'config.certificate.new.issuerRef.kind=Issuer' \

artifacthub-repo.yml

@@ -0,0 +1 @@
+repositoryID: 4c206fe5-b83a-457a-bcad-7dd664f8b70c

renovate.json

@@ -51,20 +51,6 @@
         "volkerraschek/helm"
       ]
     },
-    {
-      "automerge": true,
-      "groupName": "Update helm plugin 'unittest'",
-      "matchDepNames": [
-        "helm-unittest/helm-unittest"
-      ],
-      "matchDatasources": [
-        "github-releases"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ]
-    },
     {
       "groupName": "Update docker.io/library/node",
       "matchDepNames": [

templates/httpRoute.yaml

@@ -24,7 +24,8 @@ spec:
   {{- end }}
   rules:
     - backendRefs:
-        - kind: Service
+        - group: ''
+          kind: Service
           name: {{ include "athens-proxy.service.name" . }}
           namespace: {{ .Release.Namespace }}
           port: {{ .Values.service.port }}

unittests/httpRoutes/httpRoute.yaml

@@ -92,6 +92,7 @@ tests:
   - contains:
       path: spec.rules[0].backendRefs
       content:
+        group: ''
         kind: Service
         name: athens-proxy-unittest
         namespace: testing