fix(ci): define runs-on as string

.gitea/workflows/generate-readme.yaml

@@ -16,8 +16,7 @@ jobs:
   generate-parameters:
     container:
       image: docker.io/library/node:24.11.1-alpine
-    runs-on:
+    runs-on: ubuntu-latest
-    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |

.gitea/workflows/helm.yaml

@@ -14,8 +14,7 @@ jobs:
   helm-lint:
     container:
       image: docker.io/volkerraschek/helm:3.19.2
-    runs-on:
+    runs-on: ubuntu-latest
-    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
@@ -29,8 +28,7 @@ jobs:
   helm-unittest:
     container:
       image: docker.io/volkerraschek/helm:3.19.2
-    runs-on:
+    runs-on: ubuntu-latest
-    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |

.gitea/workflows/markdown-linters.yaml

@@ -16,8 +16,7 @@ jobs:
   markdown-link-checker:
     container:
       image: docker.io/library/node:24.11.1-alpine
-    runs-on:
+    runs-on: ubuntu-latest
-    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |
@@ -32,8 +31,7 @@ jobs:
   markdown-lint:
     container:
       image: docker.io/library/node:24.11.1-alpine
-    runs-on:
+    runs-on: ubuntu-latest
-    - ubuntu-latest
     steps:
     - name: Install tooling
       run: |

README.md

@@ -97,24 +97,19 @@ helm install --version "${CHART_VERSION}" reposilite volker.raschek/reposilite \
 #### TLS certificate rotation
 
 If Reposilite uses TLS certificates that are mounted as a secret in the container file system like the example
-[above](#tls-encryption), Reposlite will not automatically apply them when the TLS certificates are rotated. Such a
+[above](#tls-encryption), Reposilite will not automatically apply them when the TLS certificates are rotated. Such a
 rotation can be for example triggered, when the [cert-manager](https://cert-manager.io/) issues new TLS certificates
 before expiring.
 
 Until Reposilite does not support rotating TLS certificate a workaround can be applied. For example stakater's
 [reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
-annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
+annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted secret has
-and secrets have been changed.
+been changed.
 
-```yaml
+> [!IMPORTANT]
-deployment:
+> The Helm chart already adds annotations to trigger a rolling release. Helm describes this approach under
-  annotations:
+> [Automatically Roll Deployments](https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).
-    reloader.stakater.com/auto: "true"
+> For this reason, **only external** configMaps or secrets need to be monitored by reloader.
-```
-
-Instead of triggering a rolling update for configMap and secret resources, this action can also be defined for
-individual items. For example, when the secret named `reposilite-tls` is mounted and the reloader controller should only
-listen for changes of this secret:
 
 ```yaml
 deployment:
@@ -132,8 +127,8 @@ stakater's reloader.
 ```diff
   deployment:
     annotations:
-      reloader.stakater.com/auto: "true"
 +     reloader.stakater.com/rollout-strategy: "restart"
+      secret.reloader.stakater.com/reload: "reposilite-tls"
 ```
 
 #### Network policies