chore(deps): update docker.io/volkerraschek/helm docker tag to v4

.gitea/scripts/add-annotations.sh

@@ -1,65 +1,61 @@
 #!/bin/bash
 
-set -e -o pipefail
+set -e
 
-chart_file="Chart.yaml"
-if [ ! -f "${chart_file}" ]; then
-  echo "ERROR: ${chart_file} not found!" 1>&2
+CHART_FILE="Chart.yaml"
+if [ ! -f "${CHART_FILE}" ]; then
+  echo "ERROR: ${CHART_FILE} not found!" 1>&2
   exit 1
 fi
 
-default_new_tag="$(git tag --sort=-version:refname | head -n 1)"
-default_old_tag="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
+DEFAULT_NEW_TAG="$(git tag --sort=-version:refname | head -n 1)"
+DEFAULT_OLD_TAG="$(git tag --sort=-version:refname | head -n 2 | tail -n 1)"
 
 if [ -z "${1}" ]; then
-  echo "Enter start tag [${default_old_tag}]:"
-  read -r old_tag
-  if [ -z "${old_tag}" ]; then
-    old_tag="${default_old_tag}"
+  read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+  if [ -z "${OLD_TAG}" ]; then
+    OLD_TAG="${DEFAULT_OLD_TAG}"
   fi
 
-  while [ -z "$(git tag --list "${old_tag}")" ]; do
-    echo "ERROR: Tag '${old_tag}' not found!" 1>&2
-    echo "Enter start tag [${default_old_tag}]:"
-    read -r old_tag
-    if [ -z "${old_tag}" ]; then
-      old_tag="${default_old_tag}"
+  while [ -z "$(git tag --list "${OLD_TAG}")" ]; do
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
+    read -p "Enter start tag [${DEFAULT_OLD_TAG}]: " OLD_TAG
+    if [ -z "${OLD_TAG}" ]; then
+      OLD_TAG="${DEFAULT_OLD_TAG}"
     fi
   done
 else
-  old_tag=${1}
-  if [ -z "$(git tag --list "${old_tag}")" ]; then
-    echo "ERROR: Tag '${old_tag}' not found!" 1>&2
+  OLD_TAG=${1}
+  if [ -z "$(git tag --list "${OLD_TAG}")" ]; then
+    echo "ERROR: Tag '${OLD_TAG}' not found!" 1>&2
     exit 1
   fi
 fi
 
 if [ -z "${2}" ]; then
-  echo "Enter end tag [${default_new_tag}]:"
-  read -r new_tag
-  if [ -z "${new_tag}" ]; then
-    new_tag="${default_new_tag}"
+  read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+  if [ -z "${NEW_TAG}" ]; then
+    NEW_TAG="${DEFAULT_NEW_TAG}"
   fi
 
-  while [ -z "$(git tag --list "${new_tag}")" ]; do
-    echo "ERROR: Tag '${new_tag}' not found!" 1>&2
-    echo "Enter end tag [${default_new_tag}]:"
-    read -r new_tag
-    if [ -z "${new_tag}" ]; then
-      new_tag="${default_new_tag}"
+  while [ -z "$(git tag --list "${NEW_TAG}")" ]; do
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
+    read -p "Enter end tag [${DEFAULT_NEW_TAG}]: " NEW_TAG
+    if [ -z "${NEW_TAG}" ]; then
+      NEW_TAG="${DEFAULT_NEW_TAG}"
     fi
   done
 else
-  new_tag=${2}
+  NEW_TAG=${2}
 
-  if [ -z "$(git tag --list "${new_tag}")" ]; then
-    echo "ERROR: Tag '${new_tag}' not found!" 1>&2
+  if [ -z "$(git tag --list "${NEW_TAG}")" ]; then
+    echo "ERROR: Tag '${NEW_TAG}' not found!" 1>&2
     exit 1
   fi
 fi
 
-change_log_yaml=$(mktemp)
-echo "[]" > "${change_log_yaml}"
+CHANGE_LOG_YAML=$(mktemp)
+echo "[]" > "${CHANGE_LOG_YAML}"
 
 function map_type_to_kind() {
   case "${1}" in
@@ -84,42 +80,35 @@ function map_type_to_kind() {
   esac
 }
 
-commit_titles="$(git log --pretty=format:"%s" "${old_tag}..${new_tag}")"
+COMMIT_TITLES="$(git log --pretty=format:"%s" "${OLD_TAG}..${NEW_TAG}")"
 
-echo "INFO: Generate change log entries from ${old_tag} until ${new_tag}"
+echo "INFO: Generate change log entries from ${OLD_TAG} until ${NEW_TAG}"
 
 while IFS= read -r line; do
   if [[ "${line}" =~ ^([a-zA-Z]+)(\([^\)]+\))?\:\ (.+)$ ]]; then
-    type="${BASH_REMATCH[1]}"
-    kind=$(map_type_to_kind "${type}")
+    TYPE="${BASH_REMATCH[1]}"
+    KIND=$(map_type_to_kind "${TYPE}")
 
-    if [ "${kind}" == "skip" ]; then
+    if [ "${KIND}" == "skip" ]; then
       continue
     fi
 
-    desc="${BASH_REMATCH[3]}"
+    DESC="${BASH_REMATCH[3]}"
 
-    echo "- ${kind}: ${desc}"
+    echo "- ${KIND}: ${DESC}"
 
-    jq --arg kind "${kind}" --arg description "${desc}" '. += [ $ARGS.named ]' < "${change_log_yaml}" > "${change_log_yaml}.new"
-    mv "${change_log_yaml}.new" "${change_log_yaml}"
+    jq --arg kind "${KIND}" --arg description "${DESC}" '. += [ $ARGS.named ]' < "${CHANGE_LOG_YAML}" > "${CHANGE_LOG_YAML}.new"
+    mv "${CHANGE_LOG_YAML}.new" "${CHANGE_LOG_YAML}"
 
   fi
-done <<< "${commit_titles}"
+done <<< "${COMMIT_TITLES}"
 
-if [ -s "${change_log_yaml}" ]; then
-  yq --inplace --input-format json --output-format yml "${change_log_yaml}"
-  yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${change_log_yaml}\") | sort_keys(.)" "${chart_file}"
+if [ -s "${CHANGE_LOG_YAML}" ]; then
+  yq --inplace --input-format json --output-format yml "${CHANGE_LOG_YAML}"
+  yq --no-colors --inplace ".annotations.\"artifacthub.io/changes\" |= loadstr(\"${CHANGE_LOG_YAML}\") | sort_keys(.)" "${CHART_FILE}"
 else
-  echo "ERROR: Changelog file is empty: ${change_log_yaml}" 1>&2
+  echo "ERROR: Changelog file is empty: ${CHANGE_LOG_YAML}" 1>&2
   exit 1
 fi
 
-rm "${change_log_yaml}"
-
-regexp=".*-alpha-[0-9]+(\.[0-9]+){,2}$"
-if [[ "${new_tag}" =~ $regexp ]]; then
-  yq --inplace '.annotations."artifacthub.io/prerelease" = "true"' "${chart_file}"
-else
-  yq --inplace '.annotations."artifacthub.io/prerelease" = "false"' "${chart_file}"
-fi
+rm "${CHANGE_LOG_YAML}"

.gitea/workflows/artifacthub-metadata.yaml

@@ -1,41 +0,0 @@
-name: Upload ArtifactHub Metadata
-
-on:
-  schedule:
-    - cron: '0 3 1 * *'
-  workflow_dispatch:
-
-jobs:
-  upload-metadata:
-    name: "Upload artifacthub-repo.yml to OCI registry"
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v6.0.3
-    - uses: docker/login-action@v4.2.0
-      with:
-        registry: ${{ github.server_url }}
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
-    - uses: oras-project/setup-oras@v2.0.0
-      with:
-        version: 1.3.2 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
-    - name: Extract meta information
-      run: |
-        echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV
-        echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-        echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
-        echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
-    - name: Push artifacthub-repo.yml
-      run: |
-        oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:artifacthub.io \
-          --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
-          artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
-    - name: Push public cosign key
-      env:
-        COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
-      run: |
-        echo "${COSIGN_PUBLIC_KEY}" > cosign.pub
-        oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:cosign.pub \
-          --artifact-type application/vnd.dev.cosign.public-key.v1 \
-          --annotation org.opencontainers.image.title=cosign.pub \
-          cosign.pub:application/vnd.dev.cosign.public-key.v1

.gitea/workflows/generate-readme.yaml

@@ -15,14 +15,14 @@ on:
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:26.3.0-alpine
+      image: docker.io/library/node:25.9.0-alpine
     runs-on: ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
     - name: Generate parameter section in README
       run: |
         npm install

.gitea/workflows/helm.yaml

@@ -14,10 +14,10 @@ jobs:
   helm-lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
     - uses: azure/setup-helm@v5.0.0
       with:
-        version: "v4.2.2" # renovate: datasource=github-tags depName=helm/helm
+        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
     - name: Lint helm files
       run: |
         helm lint --values values.yaml .
@@ -25,10 +25,10 @@ jobs:
   helm-unittest:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
     - uses: azure/setup-helm@v5.0.0
       with:
-        version: "v4.2.2" # renovate: datasource=github-tags depName=helm/helm
+        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
     - env:
         HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
       name: Install helm-unittest

.gitea/workflows/markdown-linters.yaml

@@ -15,14 +15,14 @@ on:
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:26.3.0-alpine
+      image: docker.io/library/node:25.9.0-alpine
     runs-on: ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
     - name: Verify links in markdown files
       run: |
         npm install
@@ -30,14 +30,14 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:26.3.0-alpine
+      image: docker.io/library/node:25.9.0-alpine
     runs-on: ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git
-    - uses: actions/checkout@v6.0.3
+    - uses: actions/checkout@v6.0.2
     - name: Lint markdown files
       run: |
         npm install

.gitea/workflows/release.yaml

@@ -1,10 +1,5 @@
 name: Release
 
-env:
-  GPG_PRIVATE_KEY_FILE: ${{ runner.temp }}/private.key
-  GPG_PRIVATE_KEY_FINGERPRINT: ${{ vars.GPG_PRIVATE_KEY_FINGERPRINT }}
-  GPG_PRIVATE_KEY_PASSPHRASE_FILE: ${{ runner.temp }}/passphrase.txt
-
 on:
   push:
     tags:
@@ -12,60 +7,16 @@ on:
 
 jobs:
   publish-chart:
+    container:
+      image: docker.io/volkerraschek/helm:4.1.3
     runs-on: ubuntu-latest
     steps:
-      - uses: volker-raschek/cosign-installer@v4.1.2-rc4
-        with:
-          cosign-release: "v3.1.1" # renovate: datasource=github-tags depName=sigstore/cosign
-
-      - uses: azure/setup-helm@v5.0.0
-        with:
-          version: "v4.2.2" # renovate: datasource=github-tags depName=helm/helm
-
-      - name: Install helm plugins
-        env:
-          HELM_SIGSTORE_VERSION: "0.3.0" # renovate: datasource=github-tags depName=sigstore/helm-sigstore extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
-          HELM_SCHEMA_VALUES_VERSION: "2.5.0" # renovate: datasource=github-tags depName=losisin/helm-values-schema-json extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
-          HELM_UNITTEST_VERSION: "1.1.1" # renovate: datasource=github-tags depName=helm-unittest/helm-unittest extractVersion='^v(?<version>\d+\.\d+\.\d+)$'
+      - name: Install packages via apk
         run: |
-          helm plugin install --verify=false https://github.com/sigstore/helm-sigstore.git --version "${HELM_SIGSTORE_VERSION}" 1> /dev/null
-          helm plugin install --verify=false https://github.com/losisin/helm-values-schema-json.git --version "${HELM_SCHEMA_VALUES_VERSION}" 1> /dev/null
-          helm plugin install --verify=false https://github.com/helm-unittest/helm-unittest.git --version "${HELM_UNITTEST_VERSION}" 1> /dev/null
-          helm plugin list
+          apk update
+          apk add git npm jq yq
 
-      - name: GPG configuration
-        env:
-          GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-        run: |
-          # Configure GPG and GPG Agent
-          mkdir --parents "${HOME}/.gnupg"
-          chmod 0700 "${HOME}/.gnupg"
-
-          cat > "${HOME}/.gnupg/gpg.conf" <<EOF
-          use-agent
-          pinentry-mode loopback
-          EOF
-
-          cat > "${HOME}/.gnupg/gpg-agent.conf" <<EOF
-          allow-loopback-pinentry
-          max-cache-ttl 86400
-          default-cache-ttl 86400
-          EOF
-
-          gpgconf --kill gpg-agent
-          gpgconf --launch gpg-agent
-
-          # Import GPG private key
-          cat 1> "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
-          cat 1> "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY}"
-          gpg --batch --yes --passphrase-fd 0 --import "${GPG_PRIVATE_KEY_FILE}" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
-
-          # Export GPG keyring
-          gpg --batch --yes --export "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/pubring.gpg"
-          gpg --batch --yes --passphrase-fd 0 --export-secret-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" 1> "${HOME}/.gnupg/secring.gpg" <<< "${GPG_PRIVATE_KEY_PASSPHRASE}"
-
-      - uses: actions/checkout@v6.0.3
+      - uses: actions/checkout@v6.0.2
         with:
           fetch-depth: 0
 
@@ -77,10 +28,9 @@ jobs:
 
       - name: Extract meta information
         run: |
-          echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut --delimiter '/' --fields 3)" >> $GITHUB_ENV
           echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-          echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
-          echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut --delimiter '/' --fields 1)" >> $GITHUB_ENV
+          echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
+          echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
 
       - name: Update Helm Chart version in README.md
         run: sed -i -E "s/^CHART_VERSION=.*/CHART_VERSION=${PACKAGE_VERSION}/g" README.md
@@ -88,76 +38,24 @@ jobs:
       - name: Package chart
         run: |
           helm dependency build
-          helm package \
-            --sign \
-            --key "$(gpg --with-colons --list-keys "${GPG_PRIVATE_KEY_FINGERPRINT}" | grep uid | cut --delimiter ':' --fields 10)" \
-            --keyring "${HOME}/.gnupg/secring.gpg" \
-            --passphrase-file "${GPG_PRIVATE_KEY_PASSPHRASE_FILE}" \
-            --version "${PACKAGE_VERSION}" ./
+          helm package --version "${PACKAGE_VERSION}" ./
 
-      - uses: docker/login-action@v4.2.0
-        with:
-          registry: ${{ github.server_url }}
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
-
-      - name: Upload Chart to Gitea (OCI)
+      - name: Upload Chart to ChartMuseum
         env:
-          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-        run: |
-          helm push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz oci://${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}
-          cosign sign --yes --upload=true --key=env://COSIGN_PRIVATE_KEY ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:${PACKAGE_VERSION}
-
-      - name: Upload Chart to Gitea (Helm)
-        env:
-          GITEA_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
-        run: |
-          curl \
-            --fail \
-            --show-error \
-            --request POST \
-            --user "${REPOSITORY_OWNER}:${GITEA_REGISTRY_TOKEN}" \
-            --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
-              https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/charts
-
-          # NOTE:
-          # Gitea does currently not support uploading Helm chart provenance files, so we skip this step for now. Once
-          # Gitea supports this, we can simply uncomment the following lines to upload the provenance file as well.
-          #
-          #   https://github.com/helm/helm/issues/31866
-          #
-          # if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then
-          #   curl \
-          #     --fail \
-          #     --show-error \
-          #     --request POST \
-          #     --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
-          #     --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" \
-          #       https://${GITEA_SERVER_HOSTNAME}/api/packages/${REPOSITORY_OWNER}/helm/api/prov
-          # fi
-
-      - name: Upload Chart to Chartmuseum (Helm)
-        env:
-          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
-          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
           CHARTMUSEUM_PASSWORD: ${{ secrets.CHARTMUSEUM_PASSWORD }}
           CHARTMUSEUM_REPOSITORY: ${{ vars.CHARTMUSEUM_REPOSITORY }}
+          CHARTMUSEUM_USERNAME: ${{ secrets.CHARTMUSEUM_USERNAME }}
+          CHARTMUSEUM_HOSTNAME: ${{ vars.CHARTMUSEUM_HOSTNAME }}
         run: |
-          curl \
-            --fail \
-            --show-error \
-            --request POST \
-            --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
-            --upload-file "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz" \
-              https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/charts
+          helm repo add --username ${CHARTMUSEUM_USERNAME} --password ${CHARTMUSEUM_PASSWORD} chartmuseum https://${CHARTMUSEUM_HOSTNAME}/${CHARTMUSEUM_REPOSITORY}
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz chartmuseum
+          helm repo remove chartmuseum
 
-          if [ -f "${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov" ]; then
-            curl \
-              --fail \
-              --show-error \
-              --request POST \
-              --user "${CHARTMUSEUM_USERNAME}:${CHARTMUSEUM_PASSWORD}" \
-              --upload-file ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz.prov \
-                https://${CHARTMUSEUM_HOSTNAME}/api/${CHARTMUSEUM_REPOSITORY}/prov
-          fi
+      - name: Upload Chart to Gitea
+        env:
+          GITEA_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
+          GITEA_SERVER_URL: ${{ github.server_url }}
+        run: |
+          helm repo add --username ${REPOSITORY_OWNER} --password ${GITEA_PACKAGE_REGISTRY_TOKEN} gitea ${GITEA_SERVER_URL}/api/packages/${REPOSITORY_OWNER}/helm
+          helm cm-push ${REPOSITORY_NAME}-${PACKAGE_VERSION}.tgz gitea
+          helm repo remove gitea

.gitignore

@@ -1,5 +1,4 @@
 charts
-cosign*
 node_modules
 target
 values2.yml

.markdownlint.yaml

@@ -136,6 +136,7 @@ MD044:
     - kube-prometheus-stack
     - Memcached
     - Oracle
+    - ORBIS U
     - PostgreSQL
     - Prometheus
     - prometheus-exporter

.vscode/settings.json

@@ -1,11 +1,8 @@
 {
-  "files.associations": {
-    ".gitea/workflows/*.yaml": "github-actions-workflow"
-  },
   "yaml.schemas": {
-    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.1/schema/helm-testsuite.json": [
+    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
       "/unittests/**/*.yaml"
     ]
   },
   "yaml.schemaStore.enable": true
-}
+}

Chart.yaml

@@ -1,19 +1,12 @@
 annotations:
-  artifacthub.io/license: MIT
   artifacthub.io/links: |
     - name: Prometheus Fail2Ban exporter (binary)
       url: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
     - name: support
       url: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts/issues
-  artifacthub.io/operator: "false"
-  artifacthub.io/prerelease: "false"
-  artifacthub.io/signKey: |
-    fingerprint: 3B0CE9853CAD76076260025383D342258456906E
-    url: https://keys.openpgp.org/vks/v1/by-fingerprint/3B0CE9853CAD76076260025383D342258456906E
 apiVersion: v2
-appVersion: "0.4.25"
+appVersion: "0.1.1"
 description: Prometheus metric exporter for Fail2Ban
-home: https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts
 # icon: https://annotations.example.com/icon.png
 keywords:
   - prometheus

Makefile

@@ -4,7 +4,7 @@ CONTAINER_RUNTIME?=$(shell which podman)
 # HELM_IMAGE
 HELM_IMAGE_REGISTRY_HOST?=docker.io
 HELM_IMAGE_REPOSITORY?=volkerraschek/helm
-HELM_IMAGE_VERSION?=3.19.2 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
+HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
 HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
 
 # NODE_IMAGE

README.md

@@ -21,8 +21,7 @@ separate [chapter](#argocd).
 
 ## Helm: configuration and installation
 
-1. A helm chart repository must be configured, to pull the helm charts from. The helm charts can either be pulled from
-   the classic helm chart repository or OCI registry.
+1. A helm chart repository must be configured, to pull the helm charts from.
 2. All available [parameters](#parameters) are documented in detail below. The parameters can be defined via the helm
    `--set` flag or directly as part of a `values.yaml` file. The following example defines the `prometheus-exporter`
    repository and use the `--set` flag for a basic deployment.
@@ -35,31 +34,19 @@ separate [chapter](#argocd).
 ```bash
 helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
 helm repo update
-CHART_VERSION=0.4.25
+CHART_VERSION=0.4.21
 helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
   --set 'prometheus.metrics.enabled=true' \
   --set 'prometheus.metrics.serviceMonitor.enabled=true'
 ```
 
-Alternatively, the deployment of the helm charts can also be done via an OCI registry:
-
-```bash
-CHART_VERSION=0.5.9
-helm install "oci://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter:${CHART_VERSION}" \
-  --set 'config.database.secret.databaseUsername=postgres' \
-  --set 'config.database.secret.databasePassword=postgres' \
-  --set 'config.database.secret.databaseConnectionUrl="postgres.example.local:5432/postgres?ssl=disable"' \
-  --set 'prometheus.metrics.enabled=true' \
-  --set 'prometheus.metrics.serviceMonitor.enabled=true'
-```
-
 Instead of passing all parameters via the *set* flag, it is also possible to define them as part of the `values.yaml`.
 The following command downloads the `values.yaml` for a specific version of this chart. Please keep in mind, that the
 version of the chart must be in sync with the `values.yaml`. Newer *minor* versions can have new features. New *major*
 versions can break something!
 
 ```bash
-CHART_VERSION=0.4.25
+CHART_VERSION=0.4.21
 helm show values --version "${CHART_VERSION}" prometheus-exporters/prometheus-fail2ban-exporter > values.yaml
 ```
 
@@ -97,7 +84,7 @@ Further information about this topic can be found in one of Kanishk's blog
 > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
 
 ```bash
-CHART_VERSION=0.4.25
+CHART_VERSION=0.4.21
 helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
   --set 'prometheus.metrics.enabled=true' \
   --set 'prometheus.metrics.serviceMonitor.enabled=true' \
@@ -106,6 +93,53 @@ helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheu
   --set 'daemonSet.fail2banExporter.resources.limits.cpu=1000m'
 ```
 
+<!--
+#### TLS authentication and encryption
+
+The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
+certification will be skipped by Prometheus.
+
+> [!WARNING]
+> The secret `Prometheus-fail2banql-exporter-http` containing the TLS certificate is already present. The keys `ca.crt`,
+> `TLS.key` and `TLS.crt` of the secret can be mounted into the container filesystem for TLS authentication / encryption.
+
+```bash
+helm install Prometheus-fail2ban-exporter Prometheus-exporters/Prometheus-fail2ban-exporter \
+  --set 'daemonSet.volumes[0].name=TLS' \
+  --set 'daemonSet.volumes[0].secret.secretName=Prometheus-fail2banql-exporter-http' \
+  --set 'daemonSet.fail2banExporter.volumeMounts[0].name=TLS' \
+  --set 'daemonSet.fail2banExporter.volumeMounts[0].mountPath=/etc/Prometheus-fail2ban-exporter/TLS' \
+  --set 'daemonSet.fail2banExporter.volumeMounts[0].readOnly=true' \
+  --set 'Prometheus.metrics.enabled=true' \
+  --set 'Prometheus.metrics.serviceMonitor.enabled=true' \
+  --set 'Prometheus.metrics.serviceMonitor.scheme=https' \
+  --set 'Prometheus.metrics.serviceMonitor.tlsConfig.insecureSkipVerify=true'
+```
+
+If the Prometheus pod has a TLS certificate mounted and is also signed by the private key of the CA which issued the TLS
+certificate for the metrics exporter - TLS certificate verification can be enabled. The following flags must be
+replaced:
+
+```diff
+  helm install Prometheus-fail2ban-exporter Prometheus-exporters/Prometheus-fail2ban-exporter \
+    --set 'config.webConfig.secret.webConfig.cert_file=/etc/Prometheus-fail2ban-exporter/TLS/TLS.crt' \
+    --set 'config.webConfig.secret.webConfig.client_ca_file=/etc/Prometheus-fail2ban-exporter/TLS/ca.crt' \
+    --set 'config.webConfig.secret.webConfig.key_file=/etc/Prometheus-fail2ban-exporter/TLS/TLS.key'
+    --set 'daemonSet.volumes[0].name=TLS' \
+    --set 'daemonSet.volumes[0].secret.secretName=Prometheus-fail2banql-exporter-http' \
+    --set 'daemonSet.fail2banExporter.volumeMounts[0].name=TLS' \
+    --set 'daemonSet.fail2banExporter.volumeMounts[0].mountPath=/etc/Prometheus-fail2ban-exporter/TLS' \
+    --set 'daemonSet.fail2banExporter.volumeMounts[0].readOnly=true' \
+    --set 'Prometheus.metrics.enabled=true' \
+    --set 'Prometheus.metrics.serviceMonitor.enabled=true' \
+    --set 'Prometheus.metrics.serviceMonitor.scheme=https' \
+-   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.insecureSkipVerify=true' \
++   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.caFile=/etc/Prometheus/TLS/ca.crt' \
++   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.certFile=/etc/Prometheus/TLS/TLS.crt' \
++   --set 'Prometheus.metrics.serviceMonitor.tlsConfig.keyFile=/etc/Prometheus/TLS/TLS.key'
+```
+-->
+
 #### Grafana dashboard
 
 The helm chart includes Grafana dashboards. These can be deployed as a configMap by activating Grafana integration. It
@@ -115,7 +149,7 @@ the Grafana container file system so that it is subsequently available to the us
 makes this possible.
 
 ```bash
-CHART_VERSION=0.4.25
+CHART_VERSION=0.4.21
 helm install --version "${CHART_VERSION}" prometheus-fail2ban-exporter prometheus-exporters/prometheus-fail2ban-exporter \
   --set 'grafana.enabled=true'
 ```

package-lock.json

@@ -9,7 +9,7 @@
       "devDependencies": {
         "@bitnami/readme-generator-for-helm": "^2.5.0",
         "markdown-link-check": "^3.13.6",
-        "markdownlint-cli": "^0.49.0"
+        "markdownlint-cli": "^0.48.0"
       },
       "engines": {
         "node": ">=16.0.0",
@@ -628,9 +628,9 @@
       "license": "ISC"
     },
     "node_modules/get-east-asian-width": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.6.0.tgz",
-      "integrity": "sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.4.0.tgz",
+      "integrity": "sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -879,20 +879,10 @@
       }
     },
     "node_modules/js-yaml": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
-      "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
       "dev": true,
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/puzrin"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/nodeca"
-        }
-      ],
       "license": "MIT",
       "dependencies": {
         "argparse": "^2.0.1"
@@ -967,20 +957,10 @@
       }
     },
     "node_modules/linkify-it": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
-      "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
+      "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
       "dev": true,
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/puzrin"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/markdown-it"
-        }
-      ],
       "license": "MIT",
       "dependencies": {
         "uc.micro": "^2.0.0"
@@ -1004,25 +984,15 @@
       }
     },
     "node_modules/markdown-it": {
-      "version": "14.2.0",
-      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
-      "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
+      "version": "14.1.1",
+      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
+      "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
       "dev": true,
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/puzrin"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/markdown-it"
-        }
-      ],
       "license": "MIT",
       "dependencies": {
         "argparse": "^2.0.1",
         "entities": "^4.4.0",
-        "linkify-it": "^5.0.1",
+        "linkify-it": "^5.0.0",
         "mdurl": "^2.0.0",
         "punycode.js": "^2.3.1",
         "uc.micro": "^2.1.0"
@@ -1088,9 +1058,9 @@
       }
     },
     "node_modules/markdownlint": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.41.0.tgz",
-      "integrity": "sha512-xMUI3ChBuRuxuLF4ENvCZyS8z/+Jly1coUcZwErKLIB3sDj7ojpaTBa1e9YVPhSN4jGEIjYGQCldbTJS/hqS+A==",
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.40.0.tgz",
+      "integrity": "sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1102,40 +1072,40 @@
         "micromark-extension-gfm-table": "2.1.1",
         "micromark-extension-math": "3.1.0",
         "micromark-util-types": "2.0.2",
-        "string-width": "8.2.1"
+        "string-width": "8.1.0"
       },
       "engines": {
-        "node": ">=22"
+        "node": ">=20"
       },
       "funding": {
         "url": "https://github.com/sponsors/DavidAnson"
       }
     },
     "node_modules/markdownlint-cli": {
-      "version": "0.49.0",
-      "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.49.0.tgz",
-      "integrity": "sha512-vS5tWq5W91Gg33LD4pyAaXPclnz/sRvo6/RGOyDQjQ3eds2DkK6H4szUuE0M9TiRB/u/VBx1gtd9Ktrtx5WlSA==",
+      "version": "0.48.0",
+      "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.48.0.tgz",
+      "integrity": "sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "commander": "~15.0.0",
+        "commander": "~14.0.3",
         "deep-extend": "~0.6.0",
         "ignore": "~7.0.5",
-        "js-yaml": "~4.2.0",
+        "js-yaml": "~4.1.1",
         "jsonc-parser": "~3.3.1",
         "jsonpointer": "~5.0.1",
-        "markdown-it": "~14.2.0",
-        "markdownlint": "~0.41.0",
-        "minimatch": "~10.2.5",
+        "markdown-it": "~14.1.1",
+        "markdownlint": "~0.40.0",
+        "minimatch": "~10.2.4",
         "run-con": "~1.3.2",
-        "smol-toml": "~1.6.1",
-        "tinyglobby": "~0.2.17"
+        "smol-toml": "~1.6.0",
+        "tinyglobby": "~0.2.15"
       },
       "bin": {
         "markdownlint": "markdownlint.js"
       },
       "engines": {
-        "node": ">=22"
+        "node": ">=20"
       }
     },
     "node_modules/markdownlint-cli/node_modules/balanced-match": {
@@ -1149,9 +1119,9 @@
       }
     },
     "node_modules/markdownlint-cli/node_modules/brace-expansion": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
+      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1162,23 +1132,23 @@
       }
     },
     "node_modules/markdownlint-cli/node_modules/commander": {
-      "version": "15.0.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-15.0.0.tgz",
-      "integrity": "sha512-z67u4ZhzCL/Tydu1lJARtEZYWbWaN7oYLHbsuzocr6y4N6WZAagG3RQ4FW61V1/0+jImpj293XfrcYnd1qxtPg==",
+      "version": "14.0.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz",
+      "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=22.12.0"
+        "node": ">=20"
       }
     },
     "node_modules/markdownlint-cli/node_modules/minimatch": {
-      "version": "10.2.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "version": "10.2.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
-        "brace-expansion": "^5.0.5"
+        "brace-expansion": "^5.0.2"
       },
       "engines": {
         "node": "18 || 20 || >=22"
@@ -1942,9 +1912,9 @@
       }
     },
     "node_modules/picomatch": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
-      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
+      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2053,9 +2023,9 @@
       }
     },
     "node_modules/smol-toml": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.1.tgz",
-      "integrity": "sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.0.tgz",
+      "integrity": "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
@@ -2114,14 +2084,14 @@
       "license": "BSD-3-Clause"
     },
     "node_modules/string-width": {
-      "version": "8.2.1",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.1.tgz",
-      "integrity": "sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA==",
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.1.0.tgz",
+      "integrity": "sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "get-east-asian-width": "^1.5.0",
-        "strip-ansi": "^7.1.2"
+        "get-east-asian-width": "^1.3.0",
+        "strip-ansi": "^7.1.0"
       },
       "engines": {
         "node": ">=20"
@@ -2131,13 +2101,13 @@
       }
     },
     "node_modules/strip-ansi": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
-      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
+      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ansi-regex": "^6.2.2"
+        "ansi-regex": "^6.0.1"
       },
       "engines": {
         "node": ">=12"
@@ -2160,14 +2130,14 @@
       }
     },
     "node_modules/tinyglobby": {
-      "version": "0.2.17",
-      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.17.tgz",
-      "integrity": "sha512-wXR/dYpcqKmfWpEdZjiKJOwCNFndD0DMnrW/cYjVGttEkBfVgcLFHoNrlj47mjOVic9yyNu65alsgF4NQyTa2g==",
+      "version": "0.2.15",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
+      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "fdir": "^6.5.0",
-        "picomatch": "^4.0.4"
+        "picomatch": "^4.0.3"
       },
       "engines": {
         "node": ">=12.0.0"

package.json

@@ -16,6 +16,6 @@
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
     "markdown-link-check": "^3.13.6",
-    "markdownlint-cli": "^0.49.0"
+    "markdownlint-cli": "^0.48.0"
   }
 }

renovate.json

@@ -4,7 +4,6 @@
     "local>volker.raschek/renovate-config:default#master",
     "local>volker.raschek/renovate-config:container#master",
     "local>volker.raschek/renovate-config:actions#master",
-    "local>volker.raschek/renovate-config:helm#master",
     "local>volker.raschek/renovate-config:npm#master",
     "local>volker.raschek/renovate-config:regexp#master"
   ],
@@ -32,9 +31,40 @@
       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts",
       "datasourceTemplate": "git-tags",
       "versioningTemplate": "semver"
+    },
+    {
+      "customType": "regex",
+      "datasourceTemplate": "github-releases",
+      "fileMatch": [
+        ".vscode/settings\\.json$"
+      ],
+      "matchStrings": [
+        "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
+      ]
     }
   ],
   "packageRules": [
+    {
+      "groupName": "Update docker.io/volkerraschek/helm",
+      "matchDepNames": [
+        "docker.io/volkerraschek/helm",
+        "volkerraschek/helm"
+      ]
+    },
+    {
+      "automerge": true,
+      "groupName": "Update helm plugin 'unittest'",
+      "matchDepNames": [
+        "helm-unittest/helm-unittest"
+      ],
+      "matchDatasources": [
+        "github-releases"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
+    },
     {
       "groupName": "Update docker.io/library/node",
       "matchDepNames": [