chore(deps): update library/node to 24.7.0-alpine

.gitea/workflows/generate-readme.yaml

@@ -15,14 +15,15 @@ on:
 jobs:
   generate-parameters:
     container:
-      image: docker.io/library/node:25.2.1-alpine
-    runs-on: ubuntu-latest
+      image: docker.io/library/node:24.7.0-alpine
+    runs-on:
+    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v5.0.0
     - name: Generate parameter section in README
       run: |
         npm install

.gitea/workflows/helm.yaml

@@ -12,26 +12,31 @@ on:
 
 jobs:
   helm-lint:
-    runs-on: ubuntu-latest
+    container:
+      image: docker.io/volkerraschek/helm:3.19.0
+    runs-on:
+    - ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
-    - uses: azure/setup-helm@v4.3.1
-      with:
-        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v5.0.0
     - name: Lint helm files
       run: |
         helm lint --values values.yaml .
 
   helm-unittest:
-    runs-on: ubuntu-latest
+    container:
+      image: docker.io/volkerraschek/helm:3.19.0
+    runs-on:
+    - ubuntu-latest
     steps:
-    - uses: actions/checkout@v6.0.1
-    - uses: azure/setup-helm@v4.3.1
-      with:
-        version: v4.0.1 # renovate: datasource=github-releases depName=helm/helm
-    - env:
-        HELM_UNITTEST_VERSION: v1.0.0 #renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-      name: Install helm-unittest
-      run: helm plugin install --verify=false --version "${HELM_UNITTEST_VERSION}" https://github.com/helm-unittest/helm-unittest
-    - name: Execute helm unittests
-      run: helm unittest --strict --file 'unittests/**/*.yaml' .
+    - name: Install tooling
+      run: |
+        apk update
+        apk add git npm
+    - uses: actions/checkout@v5.0.0
+    - name: Unittest
+      run: |
+        helm unittest --strict --file 'unittests/**/*.yaml' ./

.gitea/workflows/markdown-linters.yaml

@@ -15,14 +15,15 @@ on:
 jobs:
   markdown-link-checker:
     container:
-      image: docker.io/library/node:25.2.1-alpine
-    runs-on: ubuntu-latest
+      image: docker.io/library/node:24.7.0-alpine
+    runs-on:
+    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git npm
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v5.0.0
     - name: Verify links in markdown files
       run: |
         npm install
@@ -30,14 +31,15 @@ jobs:
 
   markdown-lint:
     container:
-      image: docker.io/library/node:25.2.1-alpine
-    runs-on: ubuntu-latest
+      image: docker.io/library/node:24.7.0-alpine
+    runs-on:
+    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
         apk update
         apk add git
-    - uses: actions/checkout@v6.0.1
+    - uses: actions/checkout@v5.0.0
     - name: Lint markdown files
       run: |
         npm install

.gitea/workflows/release.yaml

@@ -8,7 +8,7 @@ on:
 jobs:
   publish-chart:
     container:
-      image: docker.io/volkerraschek/helm:3.19.2
+      image: docker.io/volkerraschek/helm:3.19.0
     runs-on: ubuntu-latest
     steps:
       - name: Install packages via apk
@@ -16,7 +16,7 @@ jobs:
           apk update
           apk add git npm jq yq
 
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@v5.0.0
         with:
           fetch-depth: 0
 

.vscode/settings.json

@@ -1,8 +0,0 @@
-{
-  "yaml.schemas": {
-    "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
-      "/unittests/**/*.yaml"
-    ]
-  },
-  "yaml.schemaStore.enable": true
-}

Makefile

@@ -4,13 +4,13 @@ CONTAINER_RUNTIME?=$(shell which podman)
 # HELM_IMAGE
 HELM_IMAGE_REGISTRY_HOST?=docker.io
 HELM_IMAGE_REPOSITORY?=volkerraschek/helm
-HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/volkerraschek/helm
+HELM_IMAGE_VERSION?=3.19.0 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm
 HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION}
 
 # NODE_IMAGE
 NODE_IMAGE_REGISTRY_HOST?=docker.io
 NODE_IMAGE_REPOSITORY?=library/node
-NODE_IMAGE_VERSION?=25.2.1-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
+NODE_IMAGE_VERSION?=24.7.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=docker.io/library/node packageName=library/node
 NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION}
 
 # MISSING DOT

README.md

@@ -16,10 +16,7 @@ Chapter [configuration and installation](#helm-configuration-and-installation) d
 and use it to deploy the exporter. It also contains further configuration examples.
 
 Furthermore, this helm chart contains unit tests to detect regressions and stabilize the deployment. Additionally, this
-helm chart is tested for deployment scenarios with **ArgoCD**, but please keep in mind, that this chart supports the
-*[Automatically Roll Deployment](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments)*
-concept of Helm, which can trigger unexpected rolling releases. Further configuration instructions are described in a
-separate [chapter](#argocd).
+helm chart is tested for deployment scenarios with **ArgoCD**.
 
 ## Helm: configuration and installation
 
@@ -36,7 +33,7 @@ separate [chapter](#argocd).
 ```bash
 helm repo add prometheus-exporters https://charts.cryptic.systems/prometheus-exporters
 helm repo update
-CHART_VERSION=0.5.5
+CHART_VERSION=0.5.4
 helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
   --set 'config.database.secret.databaseUsername=postgres' \
   --set 'config.database.secret.databasePassword=postgres' \
@@ -51,7 +48,7 @@ version of the chart must be in sync with the `values.yaml`. Newer *minor* versi
 versions can break something!
 
 ```bash
-CHART_VERSION=0.5.5
+CHART_VERSION=0.5.4
 helm show values --version "${CHART_VERSION}" prometheus-exporters/prometheus-postgres-exporter > values.yaml
 ```
 
@@ -89,7 +86,7 @@ Further information about this topic can be found in one of Kanishk's blog
 > Please take care the a CPU limit < `1000m` can also lead to CPU throttling. Please read the linked documentation carefully.
 
 ```bash
-CHART_VERSION=0.5.5
+CHART_VERSION=0.5.4
 helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
   --set 'config.database.secret.databaseUsername=postgres' \
   --set 'config.database.secret.databasePassword=postgres' \
@@ -103,7 +100,7 @@ helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheu
 
 #### TLS authentication and encryption
 
-The example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
+The first example shows how to deploy the metric exporter with TLS encryption. The verification of the custom TLS
 certification will be skipped by Prometheus.
 
 > [!WARNING]
@@ -111,7 +108,7 @@ certification will be skipped by Prometheus.
 > `tls.key` and `tls.crt` of the secret can be mounted into the container filesystem for TLS authentication / encryption.
 
 ```bash
-CHART_VERSION=0.5.5
+CHART_VERSION=0.5.4
 helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
   --set 'config.database.secret.databaseUsername=postgres' \
   --set 'config.database.secret.databasePassword=postgres' \
@@ -135,7 +132,7 @@ certificate for the metrics exporter - TLS certificate verification can be enabl
 replaced:
 
 ```diff
-  CHART_VERSION=0.5.5
+  CHART_VERSION=0.5.4
   helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
     --set 'config.database.secret.databaseUsername=postgres' \
     --set 'config.database.secret.databasePassword=postgres' \
@@ -166,13 +163,18 @@ TLS certificates before expiring.
 
 Until the exporter does not support rotating TLS certificate a workaround can be applied. For example stakater's
 [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
-annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted secret has
-been changed.
+annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
+and secrets have been changed.
 
-> [!IMPORTANT]
-> The Helm chart already adds annotations to trigger a rolling release. Helm describes this approach under
-> [Automatically Roll Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
-> For this reason, **only external** configMaps or secrets need to be monitored by reloader.
+```yaml
+deployment:
+  annotations:
+    reloader.stakater.com/auto: "true"
+```
+
+Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
+individual items. For example, when the secret named `prometheus-postgresql-exporter-http` is mounted and the reloader
+controller should only listen for changes of this secret:
 
 ```yaml
 deployment:
@@ -189,7 +191,7 @@ the Grafana container file system so that it is subsequently available to the us
 makes this possible.
 
 ```bash
-CHART_VERSION=0.5.5
+CHART_VERSION=0.5.4
 helm install --version "${CHART_VERSION}" prometheus-postgres-exporter prometheus-exporters/prometheus-postgres-exporter \
   --set 'config.database.secret.databaseUsername=postgres' \
   --set 'config.database.secret.databasePassword=postgres' \
@@ -291,35 +293,6 @@ networkPolicies:
         protocol: TCP
 ```
 
-## ArgoCD
-
-### Daily execution of rolling updates
-
-The behavior whereby ArgoCD triggers a rolling update even though nothing appears to have changed often occurs in
-connection with the helm concept `checksum/secret`, `checksum/configmap` or more generally, [Automatically Roll
-Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
-
-The problem with combining this concept with ArgoCD is that ArgoCD re-renders the Helm chart every time. Even if the
-content of the config map or secret has not changed, there may be minimal differences (e.g., whitespace, chart version,
-Helm render order, different timestamps).
-
-This changes the SHA256 hash, Argo sees a drift and trigger a rolling update of the deployment. Among other things, this
-can lead to unnecessary notifications from ArgoCD.
-
-To avoid this, the annotation with the shasum must be ignored. Below is a diff that adds the `Application` to ignore all
-annotations with the prefix `checksum`.
-
-```diff
-  apiVersion: argoproj.io/v1alpha1
-  kind: Application
-  spec:
-+   ignoreDifferences:
-+   - group: apps/v1
-+     kind: Deployment
-+     jqPathExpressions:
-+     - '.spec.template.metadata.annotations | with_entries(select(.key | startswith("checksum")))'
-```
-
 ## Parameters
 
 ### Global

package.json

@@ -16,6 +16,6 @@
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.5.0",
     "markdown-link-check": "^3.13.6",
-    "markdownlint-cli": "^0.46.0"
+    "markdownlint-cli": "^0.45.0"
   }
 }

renovate.json

@@ -31,42 +31,11 @@
       "packageNameTemplate": "https://git.cryptic.systems/volker.raschek/prometheus-postgres-exporter",
       "datasourceTemplate": "git-tags",
       "versioningTemplate": "semver"
-    },
-    {
-      "customType": "regex",
-      "datasourceTemplate": "github-releases",
-      "fileMatch": [
-        ".vscode/settings\\.json$"
-      ],
-      "matchStrings": [
-        "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json"
-      ]
     }
   ],
   "packageRules": [
     {
-      "groupName": "Update docker.io/volkerraschek/helm",
-      "matchDepNames": [
-        "docker.io/volkerraschek/helm",
-        "volkerraschek/helm"
-      ]
-    },
-    {
-      "automerge": true,
-      "groupName": "Update helm plugin 'unittest'",
-      "matchDepNames": [
-        "helm-unittest/helm-unittest"
-      ],
-      "matchDatasources": [
-        "github-releases"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ]
-    },
-    {
-      "groupName": "Update docker.io/library/node",
+      "groupname": "Update Node.JS",
       "matchDepNames": [
         "docker.io/library/node",
         "library/node"