Merge pull request 'chore(deps): update docker.io/library/node docker tag to v25.1.0' (#80) from renovate/update-docker.iolibrarynode into master

Reviewed-on: #78

.gitea/workflows/generate-readme.yaml

@@ -15,7 +15,7 @@ on:
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:24.8.0-alpine
+      image: docker.io/library/node:25.1.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
@@ -23,7 +23,7 @@ jobs:
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v4.3.0
+    - uses: actions/checkout@v5.0.0
     - name: Generate parameter section in README
       run: |
         npm install

.gitea/workflows/helm.yaml

@@ -13,7 +13,7 @@ on:
 jobs:
   helm-lint:
     container:
-      image: docker.io/volkerraschek/helm:3.18.5
+      image: docker.io/volkerraschek/helm:3.19.0
     runs-on:
     - ubuntu-latest
     steps:
@@ -21,14 +21,14 @@ jobs:
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v4.3.0
+    - uses: actions/checkout@v5.0.0
     - name: Lint helm files
       run: |
         helm lint --values values.yaml .
 
   helm-unittest:
     container:
-      image: docker.io/volkerraschek/helm:3.18.5
+      image: docker.io/volkerraschek/helm:3.19.0
     runs-on:
     - ubuntu-latest
     steps:
@@ -36,7 +36,7 @@ jobs:
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v4.3.0
+    - uses: actions/checkout@v5.0.0
     - name: Unittest
       run: |
         helm unittest --strict --file 'unittests/**/*.yaml' ./

.gitea/workflows/markdown-linters.yaml

@@ -15,7 +15,7 @@ on:
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:24.8.0-alpine
+      image: docker.io/library/node:25.1.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
@@ -23,7 +23,7 @@ jobs:
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v4.3.0
+    - uses: actions/checkout@v5.0.0
     - name: Verify links in markdown files
       run: |
         npm install
@@ -31,7 +31,7 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:24.8.0-alpine
+      image: docker.io/library/node:25.1.0-alpine
     runs-on:
     - ubuntu-latest
     steps:
@@ -39,7 +39,7 @@ jobs:
       run: |
         apk update
         apk add git
-    - uses: actions/checkout@v4.3.0
+    - uses: actions/checkout@v5.0.0
     - name: Lint markdown files
       run: |
         npm install

.gitea/workflows/release.yaml

@@ -8,7 +8,7 @@ on:
 jobs:
   publish-chart:
     container:
-      image: docker.io/volkerraschek/helm:3.18.5
+      image: docker.io/volkerraschek/helm:3.19.0
     runs-on: ubuntu-latest
     steps:
       - name: Install packages via apk
@@ -16,7 +16,7 @@ jobs:
           apk update
           apk add git npm jq yq
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5.0.0
         with:
           fetch-depth: 0
 

.vscode/settings.json

@@ -0,0 +1,8 @@
+{
+  "yaml.schemas": {
+    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
+      "/unittests/**/*.yaml"
+    ]
+  },
+  "yaml.schemaStore.enable": true
+}

Makefile

@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
 # HELM_IMAGE
 HELM_IMAGE_REGISTRY_HOST?=docker.io
 HELM_IMAGE_REPOSITORY?=volkerraschek/helm
-HELM_IMAGE_VERSION?=3.18.5 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
 HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
 
 # NODE_IMAGE
 NODE_IMAGE_REGISTRY_HOST?=docker.io
 NODE_IMAGE_REPOSITORY?=library/node
-NODE_IMAGE_VERSION?=24.7.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
+NODE_IMAGE_VERSION?=25.1.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
 NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
 
 # MISSING DOT

README.md

@@ -14,7 +14,10 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d
 and use it to deploy the exporter. It also contains further configuration examples.
 
 Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
-helm chart is tested for deployment scenarios with **ArgoCD**.
+helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
+*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
+concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
+separate [chapter](#argocd).
 
 ## Helm: configuration and installation
 
@@ -201,6 +204,35 @@ networkPolicies:
         protocol: TCP
 ```
 
+## ArgoCD
+
+### Daily execution of rolling updates
+
+The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
+connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
+Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
+
+The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
+content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
+Helm render order, different timestamps).
+
+This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
+can lead to unnecessary notifications from ArgoCD.
+
+To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
+annotations with the prefix `checksum`.
+
+```diff
+  apiVersion: argoproj.io/v1alpha1
+  kind: Application
+  spec:
++   ignoreDifferences:
++   - group: apps/v1
++     kind: Deployment
++     jqPathExpressions:
++     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
+```
+
 ## Parameters
 
 ### Global

package-lock.json

@@ -1042,9 +1042,9 @@
       }
     },
     "node_modules/link-check": {
-      "version": "5.4.0",
+      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/link-check/-/link-check-5.4.0.tgz",
+      "resolved": "https://registry.npmjs.org/link-check/-/link-check-5.5.0.tgz",
-      "integrity": "sha512-0Pf4xBVUnwJdbDgpBlhHNmWDtbVjHTpIFs+JaBuIsC9PKRxjv4KMGCO2Gc8lkVnqMf9B/yaNY+9zmMlO5MyToQ==",
+      "integrity": "sha512-CpMk2zMfyEMdDvFG92wO5pU/2I/wbw72/9pvUFhU9cDKkwhmVlPuvxQJzd/jXA2iVOgNgPLnS5zyOLW7OzNpdA==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -1101,16 +1101,16 @@
       }
     },
     "node_modules/markdown-link-check": {
-      "version": "3.13.7",
+      "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.13.7.tgz",
+      "resolved": "https://registry.npmjs.org/markdown-link-check/-/markdown-link-check-3.14.1.tgz",
-      "integrity": "sha512-Btn3HU8s2Uyh1ZfzmyZEkp64zp2+RAjwfQt1u4swq2Xa6w37OW0T2inQZrkSNVxDSa2jSN2YYhw/JkAp5jF1PQ==",
+      "integrity": "sha512-h1tihNL3kmOS3N7H4FyF4xKDxiHnNBNSgs/LWlDiRHlC8O0vfRX0LhDDvesRSs4HM7nS0F658glLxonaXBmuWw==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
         "async": "^3.2.6",
         "chalk": "^5.3.0",
-        "commander": "^13.1.0",
+        "commander": "^14.0.0",
-        "link-check": "^5.4.0",
+        "link-check": "^5.5.0",
         "markdown-link-extractor": "^4.0.2",
         "needle": "^3.3.1",
         "progress": "^2.0.3",
@@ -1121,6 +1121,16 @@
         "markdown-link-check": "markdown-link-check"
       }
     },
+    "node_modules/markdown-link-check/node_modules/commander": {
+      "version": "14.0.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.1.tgz",
+      "integrity": "sha512-2JkV3gUZUVrbNA+1sjBOYLsMZ5cEEl8GTFP2a4AVz5hvasAMCQ1D2l2le/cX+pV4N6ZU17zjUahLpIXRrnWL8A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      }
+    },
     "node_modules/markdown-link-extractor": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/markdown-link-extractor/-/markdown-link-extractor-4.0.2.tgz",

renovate.json

@@ -9,6 +9,7 @@
   ],
   "customManagers": [
     {
+      "customType": "regex",
       "fileMatch": [
         "^Chart\\.yaml$"
       ],
@@ -21,6 +22,7 @@
       "versioningTemplate": "semver"
     },
     {
+      "customType": "regex",
       "fileMatch": ["^README\\.md$"],
       "matchStrings": [
         "CHART_VERSION=(?<currentValue>.*)"
@@ -29,9 +31,47 @@
       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts",
       "datasourceTemplate": "git-tags",
       "versioningTemplate": "semver"
+    },
+    {
+      "customType": "regex",
+      "datasourceTemplate": "github-releases",
+      "fileMatch": [
+        ".vscode/settings\\.json$"
+      ],
+      "matchStrings": [
+        "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
+      ]
     }
   ],
   "packageRules": [
+    {
+      "groupName": "Update docker.io/volkerraschek/helm",
+      "matchDepNames": [
+        "docker.io/volkerraschek/helm",
+        "volkerraschek/helm"
+      ]
+    },
+    {
+      "automerge": true,
+      "groupName": "Update helm plugin 'unittest'",
+      "matchDepNames": [
+        "helm-unittest/helm-unittest"
+      ],
+      "matchDatasources": [
+        "github-releases"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
+    },
+    {
+      "groupName": "Update docker.io/library/node",
+      "matchDepNames": [
+        "docker.io/library/node",
+        "library/node"
+      ]
+    },
     {
       "addLabels": [
         "renovate/automerge",