chore(deps): rollback docker docker.io/volkerraschek/helm to 3.19.2

feat(pod): roll deployment for TLS certificates
The patch add the annotation `checksum/secret-<name of the TLS secret>` with the sha512 value of the secret. This ensures a rolling update if the TLS secrets has been updated. Such an update can be triggered by the cert-manager.
2025-11-30 13:35:56 +01:00 · 2025-11-30 13:33:50 +01:00 · 2025-11-30 11:26:09 +00:00 · 2025-11-30 11:25:42 +00:00 · 2025-11-30 11:25:34 +00:00 · 2025-11-30 11:01:34 +00:00
4 changed files with 12 additions and 7 deletions
--- a/.gitea/workflows/helm.yaml
+++ b/.gitea/workflows/helm.yaml
@@ -15,9 +15,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v5.0.1
-    - uses: azure/setup-helm@v4.3.0
+    - uses: azure/setup-helm@v4.3.1
      with:
-        version: v4.0.0 # renovate: datasource=github-releases depName=helm/helm
+        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
    - name: Lint helm files
      run: |
        helm lint --values values.yaml .
@@ -26,9 +26,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v5.0.1
-    - uses: azure/setup-helm@v4.3.0
+    - uses: azure/setup-helm@v4.3.1
      with:
-        version: v4.0.0 # renovate: datasource=github-releases depName=helm/helm
+        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
    - env:
        HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
      name: Install helm-unittest
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -8,7 +8,7 @@ on:
 jobs:
  publish-chart:
    container:
-      image: docker.io/volkerraschek/helm:4.0.1
+      image: docker.io/volkerraschek/helm:3.19.2
    runs-on: ubuntu-latest
    steps:
      - name: Install packages via apk
--- a/templates/_pod.tpl
+++ b/templates/_pod.tpl
@@ -4,6 +4,10 @@
 {{- define "athens-proxy.pod.annotations" }}
 {{- include "athens-proxy.annotations" . }}
 {{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) }}
 {{- $secretName := include "athens-proxy.certificates.server.name" $ }}
 {{ printf "checksum/secret-%s: %s" $secretName (print (lookup "v1" "Secret" .Release.Namespace $secretName) | sha256sum) }}
 {{- end }}
 {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
 {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
 {{- end }}
@@ -21,8 +25,6 @@
 {{- end }}
 {{- end }}
 {{/* labels */}}
 {{- define "athens-proxy.pod.labels" -}}
--- a/unittests/deployment/certificate.yaml
+++ b/unittests/deployment/certificate.yaml
@@ -46,6 +46,9 @@ tests:
    certificate.new.issuerRef.kind: ClusterIssuer
    certificate.new.issuerRef.name: MyIssuer
  asserts:
    - exists:
        path: spec.template.metadata.annotations["checksum/secret-athens-proxy-unittest-tls"]
      template: templates/deployment.yaml
    - contains:
        path: spec.template.spec.containers[0].env
        content:
Author	SHA1	Message	Date
Markus Pesch	28c1e37e13	chore(deps): rollback docker docker.io/volkerraschek/helm to 3.19.2 All checks were successful Helm / helm-unittest (push) Successful in 9s Details Helm / helm-lint (push) Successful in 10s Details Release / publish-chart (push) Successful in 8s Details	2025-11-30 13:35:56 +01:00
Markus Pesch	757469762b	feat(pod): roll deployment for TLS certificates Some checks failed Helm / helm-lint (push) Successful in 5s Details Helm / helm-unittest (push) Successful in 9s Details Release / publish-chart (push) Failing after 6s Details The patch add the annotation `checksum/secret-<name of the TLS secret>` with the sha512 value of the secret. This ensures a rolling update if the TLS secrets has been updated. Such an update can be triggered by the cert-manager.	2025-11-30 13:33:50 +01:00
Markus Pesch	f1a47dc0a5	Merge pull request 'chore(deps): update docker.io/volkerraschek/helm docker tag to v4' (#108 ) from renovate/major-update-docker.iovolkerraschekhelm into master All checks were successful Helm / helm-unittest (push) Successful in 7s Details Helm / helm-lint (push) Successful in 9s Details Reviewed-on: #108	2025-11-30 11:26:09 +00:00
Markus Pesch	d86bf91491	Merge branch 'master' into renovate/major-update-docker.iovolkerraschekhelm All checks were successful Helm / helm-lint (push) Successful in 4s Details Helm / helm-unittest (push) Successful in 7s Details Helm / helm-lint (pull_request) Successful in 10s Details Helm / helm-unittest (pull_request) Successful in 6s Details	2025-11-30 11:25:42 +00:00
Markus Pesch	de615c2ff5	Merge pull request 'chore(deps): update dependency helm/helm to v4.0.1' (#114 ) from renovate/helm-helm-4.x into master All checks were successful Helm / helm-lint (push) Successful in 4s Details Helm / helm-unittest (push) Successful in 18s Details Reviewed-on: #114	2025-11-30 11:25:34 +00:00
CSRBot	34839d0e4d	Merge pull request 'chore(deps): update azure/setup-helm action to v4.3.1' (#113 ) from renovate/actions into master All checks were successful Helm / helm-lint (push) Successful in 5s Details Helm / helm-unittest (push) Successful in 8s Details	2025-11-30 11:01:34 +00:00
CSRBot	080965d513	chore(deps): update dependency helm/helm to v4.0.1 All checks were successful Helm / helm-unittest (push) Successful in 8s Details Helm / helm-lint (pull_request) Successful in 4s Details Helm / helm-lint (push) Successful in 14s Details Helm / helm-unittest (pull_request) Successful in 8s Details	2025-11-30 11:01:07 +00:00
CSRBot	07700a2952	chore(deps): update azure/setup-helm action to v4.3.1 All checks were successful Helm / helm-unittest (push) Successful in 12s Details Helm / helm-lint (pull_request) Successful in 5s Details Helm / helm-lint (push) Successful in 26s Details Helm / helm-unittest (pull_request) Successful in 7s Details	2025-11-30 11:00:59 +00:00