chore(deps): update dependency helm/helm to v4.2.0

2026-05-31 19:21:56 +00:00
14 changed files with 81 additions and 70 deletions
@@ -1,6 +1,6 @@
 #!/bin/bash

-set -eo pipefail
+set -e

 CHART_FILE="Chart.yaml"
 if [ ! -f "${CHART_FILE}" ]; then
@@ -8,11 +8,9 @@ if [ ! -f "${CHART_FILE}" ]; then
  exit 1
 fi

-rc_pattern="\-rc([-\.][0-9]+)?$"
-
-# Exclude prerelease tags (matching -rc or -rc.<digits>) from default tag selection
-DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
-DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
+# Exclude prerelease tags (matching -rc or -rc-<digits>) from default tag selection
+DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp '\-rc(-[0-9]+)?$' | head --lines 1)"
+DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp '\-rc(-[0-9]+)?$' | head --lines 2 | tail --lines 1)"

 if [ -z "${1}" ]; then
  read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
@@ -58,7 +56,7 @@ else
 fi

 # Check if NEW_TAG is a prerelease (matches -rc or -rc-<digits> suffix)
-if [[ "${NEW_TAG}" =~ ${rc_pattern} ]]; then
+if [[ "${NEW_TAG}" =~ -rc(-[0-9]+)?$ ]]; then
  echo "INFO: Tag '${NEW_TAG}' is a prerelease, setting prerelease annotation and skipping changelog."
  yq --no-colors --inplace ".annotations.\"artifacthub.io/prerelease\" = \"true\" | sort_keys(.)" "${CHART_FILE}"
  exit 0
@@ -10,8 +10,8 @@ jobs:
    name: "Upload artifacthub-repo.yml to OCI registry"
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v6.0.3
-    - uses: docker/login-action@v4.2.0
+    - uses: actions/checkout@v6.0.2
+    - uses: docker/login-action@v4.1.0
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.repository_owner }}
@@ -15,14 +15,14 @@ on:
 jobs:
  generate-parameters:
    container:
-      image: docker.io/library/node:26.3.0-alpine
+      image: docker.io/library/node:25.9.0-alpine
    runs-on: ubuntu-latest
    steps:
    - name: Install tooling
      run: |
        apk update
        apk add git npm
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
    - name: Generate parameter section in README
      run: |
        npm install
@@ -14,7 +14,7 @@ jobs:
  helm-lint:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
    - uses: azure/setup-helm@v5.0.0
      with:
        version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
@@ -25,7 +25,7 @@ jobs:
  helm-unittest:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
    - uses: azure/setup-helm@v5.0.0
      with:
        version: v4.2.0 # renovate: datasource=github-releases depName=helm/helm
@@ -15,14 +15,14 @@ on:
 jobs:
  markdown-link-checker:
    container:
-      image: docker.io/library/node:26.3.0-alpine
+      image: docker.io/library/node:25.9.0-alpine
    runs-on: ubuntu-latest
    steps:
    - name: Install tooling
      run: |
        apk update
        apk add git npm
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
    - name: Verify links in markdown files
      run: |
        npm install
@@ -30,14 +30,14 @@ jobs:

  markdown-lint:
    container:
-      image: docker.io/library/node:26.3.0-alpine
+      image: docker.io/library/node:25.9.0-alpine
    runs-on: ubuntu-latest
    steps:
    - name: Install tooling
      run: |
        apk update
        apk add git
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
    - name: Lint markdown files
      run: |
        npm install
@@ -16,7 +16,7 @@ jobs:
    steps:
      - uses: volker-raschek/cosign-installer@v4.1.2-rc4
        with:
-          cosign-release: "v3.1.1" # renovate: datasource=github-tags depName=sigstore/cosign
+          cosign-release: "v3.0.6" # renovate: datasource=github-tags depName=sigstore/cosign

      - uses: azure/setup-helm@v5.0.0
        with:
@@ -26,7 +26,7 @@ jobs:
        env:
          HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
          HELM_SCHEMA_VALUES_VERSION: "2.4.0" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
-          HELM_UNITTEST_VERSION: "1.1.1" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
+          HELM_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
        run: |
          helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
          helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
@@ -65,15 +65,14 @@ jobs:
          gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
          gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"

-      - uses: actions/checkout@v6.0.3
+      - uses: actions/checkout@v6.0.2
        with:
          fetch-depth: 0

      - name: Add Artifacthub.io annotations
        run: |
-          rc_pattern="\-rc([-\.][0-9]+)?$"
-          NEW_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 1)"
-          OLD_TAG="$(git tag --sort=-version:refname | grep --invert-match --perl-regexp "${rc_pattern}" | head --lines 2 | tail --lines 1)"
+          NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+          OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"

      - name: Extract meta information
@@ -1,6 +1,6 @@
 {
  "yaml.schemas": {
-    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.1/schema/helm-testsuite.json": [
+    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.0/schema/helm-testsuite.json": [
      "/unittests/**/*.yaml"
    ]
  },
@@ -1,6 +1,12 @@
 # CONTAINER_RUNTIME
 CONTAINER_RUNTIME?=$(shell which podman)

+# HELM_IMAGE
+HELM_IMAGE_REGISTRY_HOST?=docker.io
+HELM_IMAGE_REPOSITORY?=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
+HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
+
 # NODE_IMAGE
 NODE_IMAGE_REGISTRY_HOST?=docker.io
 NODE_IMAGE_REPOSITORY?=library/node
@@ -60,6 +66,32 @@ container-run/readme/parameters:
 			${NODE_IMAGE_FULLY_QUALIFIED} \
 				npm install && npm run readme:parameters

+# CONTAINER RUN - HELM UNITTESTS
+# ==============================================================================
+PHONY+=container-run/helm-unittests
+container-run/helm-unittests:
+	${CONTAINER_RUNTIME} run \
+		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
+		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${HELM_IMAGE_FULLY_QUALIFIED} \
+				unittest --strict --file 'unittests/**/*.yaml' ./
+
+# CONTAINER RUN - HELM UPDATE DEPENDENCIES
+# ==============================================================================
+PHONY+=container-run/helm-update-dependencies
+container-run/helm-update-dependencies:
+	${CONTAINER_RUNTIME} run \
+		--env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \
+		--env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \
+		--rm \
+		--volume $(shell pwd):$(shell pwd) \
+		--workdir $(shell pwd) \
+			${HELM_IMAGE_FULLY_QUALIFIED} \
+				dependency update
+
 # CONTAINER RUN - MARKDOWN-LINT
 # ==============================================================================
 PHONY+=container-run/helm-lint
@@ -37,7 +37,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!

 ```bash
-CHART_VERSION=2.0.1
+CHART_VERSION=1.4.1
 helm show values volker.raschek/athens-proxy --version "${CHART_VERSION}" > values.yaml
 ```

@@ -51,7 +51,7 @@ The helm chart also contains a persistent volume claim definition. It persistent
 Use the `--set` argument to persist your data.

 ```bash
-CHART_VERSION=2.0.1
+CHART_VERSION=1.4.1
 helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
  persistence.enabled=true
 ```
@@ -81,7 +81,7 @@ Further information about this topic can be found in one of Kanishk's blog
 > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.

 ```bash
-CHART_VERSION=2.0.1
+CHART_VERSION=1.4.1
 helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
  --set 'deployment.athensProxy.env.name=GOMAXPROCS' \
  --set 'deployment.athensProxy.env.valueFrom.resourceFieldRef.resource=limits.cpu' \
@@ -105,7 +105,7 @@ describes configuring [Ingress NGINX](#ingress-nginx) as well as [NGINX Gateway
 > `athens-proxy-ca` is present in the same namespace of the helm deployment.

 ```bash
-CHART_VERSION=2.0.1
+CHART_VERSION=1.4.1
 helm install --version "${CHART_VERSION}" athens-proxy volker.raschek/athens-proxy \
  --set 'config.certificate.enabled=true' \
  --set 'config.certificate.new.issuerRef.kind=Issuer' \
@@ -1917,7 +1917,6 @@
      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
      "dev": true,
      "license": "MIT",
-      "peer": true,
      "engines": {
        "node": ">=12"
      },
@@ -4,7 +4,6 @@
    "local>volker.raschek/renovate-config:default#master",
    "local>volker.raschek/renovate-config:container#master",
    "local>volker.raschek/renovate-config:actions#master",
-    "local>volker.raschek/renovate-config:helm#master",
    "local>volker.raschek/renovate-config:npm#master",
    "local>volker.raschek/renovate-config:regexp#master"
  ],
@@ -15,7 +14,7 @@
        "^Chart\\.yaml$"
      ],
      "matchStrings": [
-        "^appVersion: \"?(?<currentValue>.*)\"?"
+        "appVersion: \"(?<currentValue>.*?)\"\\s+"
      ],
      "datasourceTemplate": "docker",
      "depNameTemplate": "gomods/athens",
@@ -24,19 +23,34 @@
    },
    {
      "customType": "regex",
-      "fileMatch": [
-        "^README\\.md$"
-      ],
+      "fileMatch": ["^README\\.md$"],
      "matchStrings": [
-        "CHART_VERSION=(?<currentValue>.*)"
+        "VERSION=(?<currentValue>.*)"
      ],
      "depNameTemplate": "volker.raschek/athens-proxy-charts",
      "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/athens-proxy-charts",
      "datasourceTemplate": "git-tags",
      "versioningTemplate": "semver"
+    },
+    {
+      "customType": "regex",
+      "datasourceTemplate": "github-releases",
+      "fileMatch": [
+        ".vscode/settings\\.json$"
+      ],
+      "matchStrings": [
+        "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
+      ]
    }
  ],
  "packageRules": [
+    {
+      "groupName": "Update docker.io/volkerraschek/helm",
+      "matchDepNames": [
+        "docker.io/volkerraschek/helm",
+        "volkerraschek/helm"
+      ]
+    },
    {
      "groupName": "Update docker.io/library/node",
      "matchDepNames": [
@@ -76,16 +90,5 @@
        "patch"
      ]
    }
-  ],
-  "postUpgradeTasks": {
-    "commands": [
-      "install-tool node",
-      "make readme"
-    ],
-    "fileFilters": [
-      "README.md",
-      "values.yaml"
-    ],
-    "executionMode": "update"
-  }
+  ]
 }
@@ -24,8 +24,7 @@ spec:
  {{- end }}
  rules:
    - backendRefs:
-        - group: ''
-          kind: Service
+        - kind: Service
          name: {{ include "athens-proxy.service.name" . }}
          namespace: {{ .Release.Namespace }}
          port: {{ .Values.service.port }}
@@ -92,7 +92,6 @@ tests:
  - contains:
      path: spec.rules[0].backendRefs
      content:
-        group: ''
        kind: Service
        name: athens-proxy-unittest
        namespace: testing
@@ -615,7 +615,6 @@ hpa:
  #     target:
  #       averageUtilization: 65
  #       type: Utilization
-  #   type: Resource
  minReplicas: 1
  maxReplicas: 10

@@ -701,13 +700,7 @@ networkPolicy:
  #   - port: 22
  #     protocol: TCP

-  # Allow outgoing traffic to HTTP severs
-  #
-  # - ports:
-  #   - port: 80
-  #     protocol: TCP
-
-  # Allow outgoing traffic to HTTPS severs
+  # Allow outgoing HTTPS traffic to external go module servers
  #
  # - ports:
  #   - port: 443
@@ -742,7 +735,7 @@ networkPolicy:
  #   - port: http
  #     protocol: TCP

-  # Allow incoming HTTP traffic from ingress-nginx or gateway-api.
+  # Allow incoming HTTP traffic from ingress-nginx.
  #
  # - from:
  #   - namespaceSelector:
@@ -755,17 +748,6 @@ networkPolicy:
  #   - port: http
  #     protocol: TCP

-  # - from:
-  #  - namespaceSelector:
-  #      matchLabels:
-  #        kubernetes.io/metadata.name: gateway-api
-  #    podSelector:
-  #      matchLabels:
-  #        gateway.networking.k8s.io/gateway-name: nginx
-  #  ports:
-  #  - port: http
-  #    protocol: TCP
-
 ## @section Service
 ## @param service.enabled Enable the service.
 ## @param service.annotations Additional service annotations.