chore(deps): update docker/setup-qemu-action action to v3.7.0

.gitea/workflows/auto-release.yaml

@@ -0,0 +1,71 @@
+name: Auto release
+
+on:
+  push:
+    branches: [ "master" ]
+    paths:
+    - Makefile
+
+env:
+  GIT_EMAIL: noreply@cryptic.systems
+  GIT_USER: CSRBot
+
+jobs:
+  tag_on_change:
+    permissions:
+      contents: write
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Check if HELM_VERSION line changed
+        id: check_change
+        run: |
+          echo "changed=false" >> $GITHUB_OUTPUT
+
+          for file in Makefile; do
+            if git diff HEAD~1 HEAD -- "${file}" | grep --quiet '^[+-]HELM_VERSION'; then
+              echo "HELM_VERSION line changed."
+              echo "changed=true" >> $GITHUB_OUTPUT
+              break
+            fi
+          done
+
+      - name: Stop if no change detected
+        if: steps.check_change.outputs.changed == 'false'
+        run: echo "No HELM_VERSION change. Exiting..."
+
+      - name: Create and push new tag
+        id: create_tag
+        if: steps.check_change.outputs.changed == 'true'
+        run: |
+          defined_tag="$(grep --only-matching --perl-regexp 'HELM_VERSION\?=v?[\d]*(\.[\d]*){0,2}' Makefile | cut --delimiter='=' --fields=2)"
+
+          echo "defined_tag=${defined_tag}" >> $GITHUB_OUTPUT
+          echo "New tag: ${defined_tag}"
+
+          git config --local user.name "${GIT_USER}"
+          git config --local user.email "${GIT_EMAIL}"
+          git tag -a "${defined_tag}" -m "${defined_tag}"
+          git push origin "${defined_tag}"
+
+      - name: Trigger "Push tagged images" workflow
+        uses: actions/github-script@v8.0.0
+        with:
+          script: |
+            const workflowFileName = 'release.yaml';
+            const defaultBranch = context.payload.repository.default_branch;
+            const definedTag = '${{ steps.create_tag.outputs.defined_tag }}';
+
+            await github.rest.actions.createWorkflowDispatch({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                workflow_id: workflowFileName,
+                ref: defaultBranch,
+                inputs: {
+                  tag: definedTag
+                }
+            });

.gitea/workflows/build.yaml

@@ -15,8 +15,8 @@ jobs:
   build-arm64:
     runs-on: ubuntu-latest-arm64
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v5.0.0
-      - uses: docker/setup-qemu-action@v3.6.0
+      - uses: docker/setup-qemu-action@v3.7.0
       - uses: docker/setup-buildx-action@v3.11.1
 
       - name: Build image
@@ -33,8 +33,8 @@ jobs:
   build-amd64:
     runs-on: ubuntu-latest-amd64
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v5.0.0
-      - uses: docker/setup-qemu-action@v3.6.0
+      - uses: docker/setup-qemu-action@v3.7.0
       - uses: docker/setup-buildx-action@v3.11.1
 
       - name: Build image

.gitea/workflows/markdown-linters.yaml

@@ -13,10 +13,9 @@ on:
 
 jobs:
   markdown-lint:
-    runs-on:
+    runs-on: ubuntu-latest
-    - ubuntu-latest
     steps:
-    - uses: actions/checkout@v4.2.2
+    - uses: actions/checkout@v5.0.0
     - uses: DavidAnson/markdownlint-cli2-action@v20.0.0
       with:
         globs: '**/*.md'

.gitea/workflows/release.yaml

@@ -4,16 +4,38 @@ on:
   push:
     tags:
     - "**"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag which should be released"
+        type: string
+        required: true
 
 jobs:
   push-arm64:
     runs-on: ubuntu-latest-arm64
     steps:
-      - uses: actions/checkout@v4.2.2
+      - id: version_extraction
-      - uses: docker/setup-qemu-action@v3.6.0
+        name: Extract git tag
+        run: |
+          VERSION="${{ inputs.tag || github.ref_name }}"
+          VERSION="${VERSION#refs/*/}"
+
+          echo "Version (raw):      ${VERSION}"
+          echo "Version (cleaned):  ${VERSION/v/}"
+
+          echo "version_raw=${VERSION}" >> $GITHUB_OUTPUT
+          echo "version_cleaned=${VERSION/v/}" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v5.0.0
+        with:
+          fetch-tags: true
+          ref: "${{ steps.version_extraction.outputs.version_raw }}"
+
+      - uses: docker/setup-qemu-action@v3.7.0
       - uses: docker/setup-buildx-action@v3.11.1
 
-      - uses: docker/login-action@v3.4.0
+      - uses: docker/login-action@v3.6.0
         with:
           registry: git.cryptic.systems
           username: ${{ github.repository_owner }}
@@ -21,25 +43,39 @@ jobs:
 
       - name: Build and push image
         run: |
-          TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
-
           docker buildx build \
             --build-arg HELM_VERSION=${{ github.ref_name }} \
             --file Dockerfile \
             --platform linux/arm64 \
             --provenance false \
             --push \
-            --tag git.cryptic.systems/volker.raschek/helm:${TAG}-arm64 \
+            --tag git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }}-arm64 \
             .
 
   push-amd64:
     runs-on: ubuntu-latest-amd64
     steps:
-      - uses: actions/checkout@v4.2.2
+      - id: version_extraction
-      - uses: docker/setup-qemu-action@v3.6.0
+        name: Extract git tag
+        run: |
+          VERSION="${{ inputs.tag || github.ref_name }}"
+          VERSION="${VERSION#refs/*/}"
+
+          echo "Version (raw):      ${VERSION}"
+          echo "Version (cleaned):  ${VERSION/v/}"
+
+          echo "version_raw=${VERSION}" >> $GITHUB_OUTPUT
+          echo "version_cleaned=${VERSION/v/}" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v5.0.0
+        with:
+          fetch-tags: true
+          ref: "${{ steps.version_extraction.outputs.version_raw }}"
+
+      - uses: docker/setup-qemu-action@v3.7.0
       - uses: docker/setup-buildx-action@v3.11.1
 
-      - uses: docker/login-action@v3.4.0
+      - uses: docker/login-action@v3.6.0
         with:
           registry: git.cryptic.systems
           username: ${{ github.repository_owner }}
@@ -47,15 +83,13 @@ jobs:
 
       - name: Build and push image
         run: |
-          TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
-
           docker buildx build \
             --build-arg HELM_VERSION=${{ github.ref_name }} \
             --file Dockerfile \
             --platform linux/amd64 \
             --provenance false \
             --push \
-            --tag git.cryptic.systems/volker.raschek/helm:${TAG}-amd64 \
+            --tag git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }}-amd64 \
             .
 
   push-manifest:
@@ -64,7 +98,19 @@ jobs:
     - push-arm64
     - push-amd64
     steps:
-      - uses: docker/login-action@v3.4.0
+      - id: version_extraction
+        name: Extract git tag
+        run: |
+          VERSION="${{ inputs.tag || github.ref_name }}"
+          VERSION="${VERSION#refs/*/}"
+
+          echo "Version (raw):      ${VERSION}"
+          echo "Version (cleaned):  ${VERSION/v/}"
+
+          echo "version_raw=${VERSION}" >> $GITHUB_OUTPUT
+          echo "version_cleaned=${VERSION/v/}" >> $GITHUB_OUTPUT
+
+      - uses: docker/login-action@v3.6.0
         with:
           registry: git.cryptic.systems
           username: ${{ github.repository_owner }}
@@ -72,30 +118,38 @@ jobs:
 
       - name: Create and push manifest
         run: |
-          TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
+          docker manifest create git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }} \
+            --amend git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }}-amd64 \
+            --amend git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }}-arm64
 
-          docker manifest create git.cryptic.systems/volker.raschek/helm:${TAG} \
+          docker manifest push git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }}
-            --amend git.cryptic.systems/volker.raschek/helm:${TAG}-amd64 \
-            --amend git.cryptic.systems/volker.raschek/helm:${TAG}-arm64
-
-          docker manifest push git.cryptic.systems/volker.raschek/helm:${TAG}
 
   sync-to-hub-docker-io:
     needs:
     - push-manifest
     runs-on: ubuntu-latest
     steps:
-    - name: Copy images to docker.io
+      - id: version_extraction
-      run: |
+        name: Extract git tag
-        TAG=$(echo ${{ github.ref_name }} | sed 's/v//gm')
+        run: |
+          VERSION="${{ inputs.tag || github.ref_name }}"
+          VERSION="${VERSION#refs/*/}"
 
-        apt-get update --yes
+          echo "Version (raw):      ${VERSION}"
-        apt-get install --yes skopeo
+          echo "Version (cleaned):  ${VERSION/v/}"
-        skopeo copy \
+
-          --all \
+          echo "version_raw=${VERSION}" >> $GITHUB_OUTPUT
-          --dest-password ${{ secrets.DOCKER_IO_PASSWORD }} \
+          echo "version_cleaned=${VERSION/v/}" >> $GITHUB_OUTPUT
-          --dest-username ${{ secrets.DOCKER_IO_USERNAME }} \
+
-          --src-password ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} \
+      - name: Copy images to docker.io
-          --src-username volker.raschek \
+        run: |
-            docker://git.cryptic.systems/volker.raschek/helm:${TAG} \
+          apt-get update --yes
-            docker://docker.io/volkerraschek/helm:${TAG}
+          apt-get install --yes skopeo
+          skopeo copy \
+            --all \
+            --dest-password ${{ secrets.DOCKER_IO_PASSWORD }} \
+            --dest-username ${{ secrets.DOCKER_IO_USERNAME }} \
+            --src-password ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }} \
+            --src-username volker.raschek \
+              docker://git.cryptic.systems/volker.raschek/helm:${{ steps.version_extraction.outputs.version_cleaned }} \
+              docker://docker.io/volkerraschek/helm:${{ steps.version_extraction.outputs.version_cleaned }}

.gitea/workflows/update-docker-hub-description.yaml

@@ -13,8 +13,8 @@ jobs:
     runs-on:
     - ubuntu-latest
     steps:
-    - uses: actions/checkout@v4.2.2
+    - uses: actions/checkout@v5.0.0
-    - uses: peter-evans/dockerhub-description@v4.0.2
+    - uses: peter-evans/dockerhub-description@v5.0.0
       with:
         username: ${{ secrets.DOCKER_IO_USERNAME }}
         password: ${{ secrets.DOCKER_IO_PASSWORD }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/alpine:3.22.1
+FROM docker.io/library/alpine:3.22.2
 
 ARG HELM_VERSION
 

Makefile

@@ -1,6 +1,6 @@
 # HELM_VERSION
 # Only required to install a specify version
-HELM_VERSION?=v3.18.4 # renovate: datasource=github-releases depName=helm/helm
+HELM_VERSION?=v3.19.0 # renovate: datasource=github-releases depName=helm/helm
 
 # CONTAINER_RUNTIME
 # The CONTAINER_RUNTIME variable will be used to specified the path to a

README.md

@@ -3,59 +3,15 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/volkerraschek/helm)](https://hub.docker.com/r/volkerraschek/helm)
 
 This project contains all sources to build the container image `git.cryptic.systems/volker.raschek/helm`. The primary
-goal of this project is to package the binary `helm` as container image to provide the functionally for CI/CD workflows.
+goal of this project is to package the binary `helm` as container image and provide the functionally for CI/CD workflows.
 The source code of the binary can be found in the upstream project of [helm](github.com/helm/helm).
 
-## drone
+```bash
-
+IMAGE_VERSION=3.19.0
-Here is an example to lint, package and deploy a chart to chartmuseum via
+docker run \
-`git.cryptic.systems/volker.raschek/helm`.
+  --rm \
-
+  --volume "$(pwd):$(pwd)" \
-```yaml
+  --workdir "$(pwd)" \
-kind: pipeline
+    "git.cryptic.systems/volker.raschek/helm:${IMAGE_VERSION}" \
-type: kubernetes
+      version
-name: linter
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: helm lint
-  commands:
-  - helm lint
-  image: git.cryptic.systems/volker.raschek/helm:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 50M
-
----
-kind: pipeline
-type: kubernetes
-name: release
-
-platform:
-  os: linux
-
-steps:
-- name: release-helm-chart
-  commands:
-  - helm plugin install https://github.com/chartmuseum/helm-push.git
-  - helm repo add myrepo https://charts.example.com/myrepo
-  - helm package --version ${DRONE_TAG} .
-  - helm cm-push ${DRONE_REPO_NAME}-${DRONE_TAG}.tgz myrepo
-  environment:
-    HELM_REPO_PASSWORD:
-      from_secret: helm_repo_password
-    HELM_REPO_USERNAME:
-      from_secret: helm_repo_username
-  image: git.cryptic.systems/volker.raschek/helm:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 50M
-trigger:
-  event:
-  - tag
 ```

renovate.json

@@ -1,5 +1,19 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "^README\\.md$"
+      ],
+      "matchStrings": [
+        "IMAGE_VERSION=(?<currentValue>.*)"
+      ],
+      "datasourceTemplate": "github-releases",
+      "depNameTemplate": "helm/helm",
+      "versioningTemplate": "semver"
+    }
+  ],
   "extends": [
     "local>volker.raschek/renovate-config:default#master",
     "local>volker.raschek/renovate-config:container#master",
@@ -8,9 +22,16 @@
   ],
   "packageRules": [
     {
-      "automerge": false,
+      "addLabels": [
-      "matchPackageNames": [ "helm" ],
+        "renovate/automerge"
-      "matchManagers": [ "regex" ]
+      ],
+      "automerge": true,
+      "matchPackageNames": [
+        "helm/helm"
+      ],
+      "matchManagers": [
+        "regex"
+      ]
     }
   ]
 }