chore(deps): update lockfiles

<!--
 Before you open the request please review the following guidelines and tips to help it be more easily integrated:

 - Describe the scope of your change - i.e. what the change does.
 - Describe any known limitations with your change.
 - Please run any tests or examples that can exercise your modified code.

 Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
 -->

### Description of the change

<!-- Describe the scope of your change - i.e. what the change does. -->

### Benefits

<!-- What benefits will be realized by the code change? -->

### Possible drawbacks

<!-- Describe any known limitations with your change -->

### Applicable issues

<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes #

### Additional information

<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->

### ⚠ BREAKING

<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->

### Checklist

<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->

- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] Breaking changes are documented in the `README.md`
- [ ] Helm templating unittests are added (required when changing anything in `templates` folder)
- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
- [ ] All added template resources MUST render a namespace in metadata

Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/116
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Daan Selen <dselen@nerthus.nl>
Co-committed-by: Daan Selen <dselen@nerthus.nl>

.gitea/workflows/changelog.yml

@@ -8,12 +8,12 @@ on:
 jobs:
   changelog:
     runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:1.0.12
+    container: docker.io/thegeeklab/git-sv:2.0.9
     steps:
       - name: install tools
         run: |
           apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Generate upcoming changelog

.gitea/workflows/commitlint.yml

@@ -11,9 +11,9 @@ on:
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: commitlint/commitlint:19.7.1
+    container: commitlint/commitlint:20.4.1
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: check PR title
         run: |
           echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json

.gitea/workflows/release-version.yml

@@ -1,68 +1,70 @@
-name: check-secrets
+name: generate-chart
 
 on:
   push:
+    tags:
+      - "*"
+
+env:
+  # renovate: datasource=docker depName=alpine/helm
+  HELM_VERSION: "3.20.0"
 
 jobs:
-  check-secrets:
+  generate-chart-publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
-      
+      - name: install tools
-      - name: Check all required secrets
         run: |
-          echo "=== Checking availability of required secrets ==="
+          apt update -y
+          apt install -y curl ca-certificates curl gnupg
+          # helm
+          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          mv linux-amd64/helm /usr/local/bin/
+          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          helm version
+          # docker
+          install -m 0755 -d /etc/apt/keyrings
+          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+          chmod a+r /etc/apt/keyrings/docker.gpg
+          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+          apt update -y
+          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          pip install awscli --break-system-packages
 
-          # List of all secrets used in the original workflow
+      - name: Import GPG key
-          SECRETS=(
+        id: import_gpg
-            "GPGSIGN_KEY"
+        uses: https://github.com/crazy-max/ghaction-import-gpg@v7
-            "GPGSIGN_PASSPHRASE"
+        with:
-            "DOCKER_CHARTS_PASSWORD"
+          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-            "DOCKER_CHARTS_USERNAME"
+          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-            "AWS_KEY_ID"
+          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
-            "AWS_SECRET_ACCESS_KEY"
-            "AWS_REGION"
-            "AWS_S3_BUCKET"
-          )
 
-          MISSING_SECRETS=()
+      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-          AVAILABLE_SECRETS=()
+      - name: package chart
+        run: |
+          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
+          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
+          helm plugin install https://github.com/pat-s/helm-gpg
+          helm dependency build
+          helm package --version "${GITHUB_REF#refs/tags/v}" ./
+          mkdir actions
+          mv actions*.tgz actions/
+          curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
+          helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
+          # push to dockerhub
+          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
+          helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
+          helm registry logout registry-1.docker.io
 
-          for secret in "${SECRETS[@]}"; do
+      - name: aws credential configure
-            # Check if secret is set (not empty)
+        uses: https://github.com/aws-actions/configure-aws-credentials@v6
-            if [ -z "${!secret:-}" ]; then
+        with:
-              echo "❌ Secret '$secret' is NOT available or empty"
+          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
-              MISSING_SECRETS+=("$secret")
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-            else
+          aws-region: ${{ secrets.AWS_REGION }}
-              echo "✅ Secret '$secret' is available"
-              AVAILABLE_SECRETS+=("$secret")
-            fi
-          done
 
-          echo ""
+      - name: Copy files to S3 and clear cache
-          echo "=== Summary ==="
+        run: |
-          echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
+          aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
-          echo "Missing secrets: ${#MISSING_SECRETS[@]}"
-          
-          if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
-            echo ""
-            echo "Missing secrets:"
-            for secret in "${MISSING_SECRETS[@]}"; do
-              echo "  - $secret"
-            done
-            echo ""
-            echo "❌ Some secrets are missing. Please configure them in repository settings."
-            exit 1
-          else
-            echo ""
-            echo "✅ All required secrets are available!"
-          fi
-        env:
-          GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
-          GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
-          DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
-          DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
-          AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_REGION: ${{ secrets.AWS_REGION }}
-          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}

.gitea/workflows/shellcheck.yml

@@ -9,6 +9,6 @@ jobs:
   shellcheck:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6
       - run: apt update --yes && apt install --yes shellcheck
       - run: find . -type f -name "*.sh" -exec shellcheck -a {} \;

.gitea/workflows/test-pr.yml

@@ -10,22 +10,22 @@ on:
 
 env:
   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v0.7.2"
+  HELM_UNITTEST_VERSION: "v1.0.3"
 
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: alpine/helm:3.17.1
+    container: alpine/helm:3.20.0
     steps:
       - name: install tools
         run: |
           apk update
           apk add --update bash make nodejs npm yamllint ncurses
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v5
         with:
           version: 10
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: install chart dependencies
         run: helm dependency build
       - name: lint

CODEOWNERS

@@ -0,0 +1 @@
+* @DaanSelen @volker.raschek @ChristopherHX

Chart.yaml

@@ -13,7 +13,18 @@ keywords:
 sources:
   - https://gitea.com/gitea/helm-actions
   - https://gitea.com/gitea/act
-# FIXME:
+
-# maintainers:
+maintainers:
+  # https://gitea.com/DaanSelen
+  - name: Daan Selen
+    email: dselen@nerthus.nl
+
+  # https://gitea.com/volker.raschek
+  - name: Markus Pesch
+    email: markus.pesch+apps@cryptic.systems
+
+  # https://gitea.com/ChristopherHX
+  - name: Christopher Homberger
+    email: christopher.homberger@web.de
 
 dependencies: []

README.md

@@ -6,11 +6,50 @@ The parameters which can be used to customize the deployment are described below
 
 If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
 
-## Rootless Defaults
+## Quick-start
 
-If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
+[Documentation](./docs/README.md)
 
-- If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
+To get started, add the Helm repo, assuming you have not already:
+
+```sh
+helm repo add gitea-charts https://dl.gitea.com/charts/
+helm repo update
+```
+
+Then pull the values.yaml file and fill it accordingly.
+
+```sh
+helm show values gitea-charts/actions > values.yaml
+```
+
+Deploy with your values, make sure the path is correct:
+
+```sh
+helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
+```
+
+You should be good to go!
+
+### Runner Token Secret Template
+
+For reference, a template for the secret is given below:  
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: runner-secret
+  namespace: "my-gitea-namespace"
+type: Opaque
+stringData:
+    runner-token: "my-cool-runner-token-given-by-gitea"
+```
+
+### Rootless Options
+
+If `.Values.statefulset.dind.rootless: true` is set, then the following will be required:  
+`.Values.statefulset.dind.tag` must be a rootless image such as: `29.3.1-dind-rootless`
 
 ## Parameters
 
@@ -19,9 +58,8 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
 | Name                                      | Description                                                                                                                                 | Value                          |
 | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `enabled`                                 | Create an act runner StatefulSet.                                                                                                           | `false`                        |
-| `init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      |
-| `init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       |
 | `statefulset.replicas`                    | the amount of (replica) runner pods deployed                                                                                                | `1`                            |
+| `statefulset.timezone`                    | is the timezone that will be set in the act_runner image                                                                                    | `Etc/UTC`                      |
 | `statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           |
 | `statefulset.labels`                      | Act runner labels                                                                                                                           | `{}`                           |
 | `statefulset.resources`                   | Act runner resources                                                                                                                        | `{}`                           |
@@ -29,24 +67,64 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
 | `statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           |
 | `statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           |
 | `statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           |
-| `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `gitea/act_runner`             |
+| `statefulset.actRunner.registry`          | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.gitea.com`             |
-| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.11`                       |
+| `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `act_runner`                   |
+| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.3.0`                        |
+| `statefulset.actRunner.digest`            | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 |
+| `statefulset.actRunner.fullOverride`      | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           |
 | `statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
+| `statefulset.dind.rootless`               | a simple flag to let helm know we are dealing with a rootless dind container                                                                | `false`                        |
+| `statefulset.dind.uid`                    | a field to set the running user id for the rootless dind container, so it knows where to look for the socket                                | `""`                           |
+| `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.io`                    |
+| `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
 | `statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       |
-| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `25.0.2-dind`                  |
+| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `29.3.1-dind`                  |
+| `statefulset.dind.digest`                 | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
+| `statefulset.dind.fullOverride`           | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
 | `statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
 | `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
+| `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
+| `statefulset.serviceAccountName`          | Customize the service account name                                                                                                          | `""`                           |
+
+### Gitea Actions Init
+
+| Name                      | Description                                                                                                | Value          |
+| ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
+| `init.image.registry`     | image registry, e.g. gcr.io,docker.io                                                                      | `""`           |
+| `init.image.repository`   | The init image                                                                                             | `busybox`      |
+| `init.image.tag`          | the init image tag                                                                                         | `1.37.0`       |
+| `init.image.digest`       | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""`           |
+| `init.image.pullPolicy`   | The init image pullPolicy                                                                                  | `IfNotPresent` |
+| `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest.                                       | `""`           |
+
+### Runner Token Secret Configuration
+
+| Name                | Description                    | Value |
+| ------------------- | ------------------------------ | ----- |
 | `existingSecret`    | Secret that contains the token | `""`  |
 | `existingSecretKey` | Secret key                     | `""`  |
+
+### Gitea URL Setting
+
+| Name           | Description                                   | Value |
+| -------------- | --------------------------------------------- | ----- |
 | `giteaRootURL` | URL the act_runner registers and connect with | `""`  |
 
+### Extra Init Containers
+
+| Name                      | Description                                                                                     | Value |
+| ------------------------- | ----------------------------------------------------------------------------------------------- | ----- |
+| `preExtraInitContainers`  | Additional init containers to run in the pod before Gitea-actions runs it owns init containers. | `[]`  |
+| `postExtraInitContainers` | Additional init containers to run in the pod after Gitea-actions runs it owns init containers.  | `[]`  |
+
 ### Global
 
 | Name                      | Description                        | Value |
-| ---------------------- | ------------------------------ | ----- |
+| ------------------------- | ---------------------------------- | ----- |
 | `global.imageRegistry`    | global image registry override     | `""`  |
+| `global.imagePullSecrets` | global image registry pull secrets | `[]`  |
 | `global.storageClass`     | global storage class override      | `""`  |

docs/README.md

@@ -0,0 +1,3 @@
+# Gitea Actions Helm Chart Docs
+
+- [Share dind with job container](share-dind-with-job-container.md)

docs/actions-dev.md

@@ -26,8 +26,6 @@ In this case, you can use either the Web UI to generate the token or run a shell
 the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
 
 ```yaml
-provisioning:
-  enabled: false
 existingSecret: "secret-name"
 existingSecretKey: "secret-key"
 ```

docs/share-dind-with-job-container.md

@@ -0,0 +1,30 @@
+# Share dind with job container
+
+You can weaken isolation and allow jobs to call docker commands.
+
+## Limitations
+
+-
+
+## Example Values
+
+```yaml
+    config: |
+      log:
+        level: debug
+      cache:
+        enabled: false
+      container:
+        require_docker: true
+        docker_timeout: 300s
+
+## Specify an existing token secret
+##
+existingSecret: "runner-token2"
+existingSecretKey: "token"
+
+## Specify the root URL of the Gitea instance
+giteaRootURL: "http://192.168.1.2:3000"
+```
+
+Now you can run docker commands inside your jobs.

package.json

@@ -14,6 +14,6 @@
   },
   "devDependencies": {
     "@bitnami/readme-generator-for-helm": "^2.7.0",
-    "markdownlint-cli": "^0.44.0"
+    "markdownlint-cli": "^0.47.0"
   }
 }

pnpm-lock.yaml

@@ -10,30 +10,22 @@ importers:
     devDependencies:
       '@bitnami/readme-generator-for-helm':
         specifier: ^2.7.0
-        version: 2.7.0
+        version: 2.7.2
       markdownlint-cli:
-        specifier: ^0.44.0
+        specifier: ^0.47.0
-        version: 0.44.0
+        version: 0.47.0
 
 packages:
 
-  '@bitnami/readme-generator-for-helm@2.7.0':
+  '@bitnami/readme-generator-for-helm@2.7.2':
-    resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==}
+    resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
     hasBin: true
 
-  '@isaacs/cliui@8.0.2':
+  '@types/debug@4.1.13':
-    resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
+    resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==}
-    engines: {node: '>=12'}
 
-  '@pkgjs/parseargs@0.11.0':
+  '@types/katex@0.16.8':
-    resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
+    resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
-    engines: {node: '>=14'}
-
-  '@types/debug@4.1.12':
-    resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
-
-  '@types/katex@0.16.7':
-    resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==}
 
   '@types/ms@2.1.0':
     resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
@@ -41,20 +33,8 @@ packages:
   '@types/unist@2.0.11':
     resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==}
 
-  ansi-regex@5.0.1:
+  ansi-regex@6.2.2:
-    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
+    resolution: {integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==}
-    engines: {node: '>=8'}
-
-  ansi-regex@6.1.0:
-    resolution: {integrity: sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==}
-    engines: {node: '>=12'}
-
-  ansi-styles@4.3.0:
-    resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
-    engines: {node: '>=8'}
-
-  ansi-styles@6.2.1:
-    resolution: {integrity: sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==}
     engines: {node: '>=12'}
 
   argparse@2.0.1:
@@ -63,11 +43,16 @@ packages:
   balanced-match@1.0.2:
     resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
 
-  brace-expansion@1.1.11:
+  balanced-match@4.0.4:
-    resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
+    resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
+    engines: {node: 18 || 20 || >=22}
 
-  brace-expansion@2.0.1:
+  brace-expansion@1.1.13:
-    resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==}
+    resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
+
+  brace-expansion@5.0.5:
+    resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
+    engines: {node: 18 || 20 || >=22}
 
   character-entities-legacy@3.0.0:
     resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@@ -78,17 +63,14 @@ packages:
   character-reference-invalid@2.0.1:
     resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==}
 
-  color-convert@2.0.1:
-    resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
-    engines: {node: '>=7.0.0'}
-
-  color-name@1.1.4:
-    resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
-
   commander@13.1.0:
     resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==}
     engines: {node: '>=18'}
 
+  commander@14.0.3:
+    resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==}
+    engines: {node: '>=20'}
+
   commander@6.2.1:
     resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==}
     engines: {node: '>= 6'}
@@ -100,12 +82,8 @@ packages:
   concat-map@0.0.1:
     resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
 
-  cross-spawn@7.0.6:
+  debug@4.4.3:
-    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
+    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
-    engines: {node: '>= 8'}
-
-  debug@4.4.0:
-    resolution: {integrity: sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==}
     engines: {node: '>=6.0'}
     peerDependencies:
       supports-color: '*'
@@ -113,8 +91,8 @@ packages:
       supports-color:
         optional: true
 
-  decode-named-character-reference@1.1.0:
+  decode-named-character-reference@1.3.0:
-    resolution: {integrity: sha512-Wy+JTSbFThEOXQIR2L6mxJvEs+veIzpmqD7ynWxMXGpnk3smkHQOp6forLdHsKpAMW9iJpaBBIxz285t1n1C3w==}
+    resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==}
 
   deep-extend@0.6.0:
     resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==}
@@ -131,36 +109,32 @@ packages:
     resolution: {integrity: sha512-xHF8EP4XH/Ba9fvAF2LDd5O3IITVolerVV6xvkxoM8zlGEiCUrggpAnHyOoKJKCrhvPcGATFAUwIujj7bRG5UA==}
     hasBin: true
 
-  eastasianwidth@0.2.0:
-    resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
-
-  emoji-regex@8.0.0:
-    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
-
-  emoji-regex@9.2.2:
-    resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==}
-
   entities@4.5.0:
     resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
     engines: {node: '>=0.12'}
 
-  foreground-child@3.3.1:
+  fdir@6.5.0:
-    resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==}
+    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
-    engines: {node: '>=14'}
+    engines: {node: '>=12.0.0'}
+    peerDependencies:
+      picomatch: ^3 || ^4
+    peerDependenciesMeta:
+      picomatch:
+        optional: true
 
   fs.realpath@1.0.0:
     resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
 
-  glob@10.4.5:
+  get-east-asian-width@1.5.0:
-    resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==}
+    resolution: {integrity: sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==}
-    hasBin: true
+    engines: {node: '>=18'}
 
   glob@7.2.3:
     resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
-    deprecated: Glob versions prior to v9 are no longer supported
+    deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
 
-  ignore@7.0.3:
+  ignore@7.0.5:
-    resolution: {integrity: sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==}
+    resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==}
     engines: {node: '>= 4'}
 
   inflight@1.0.6:
@@ -183,21 +157,11 @@ packages:
   is-decimal@2.0.1:
     resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==}
 
-  is-fullwidth-code-point@3.0.0:
-    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
-    engines: {node: '>=8'}
-
   is-hexadecimal@2.0.1:
     resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==}
 
-  isexe@2.0.0:
+  js-yaml@4.1.1:
-    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
+    resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
-
-  jackspeak@3.4.3:
-    resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}
-
-  js-yaml@4.1.0:
-    resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
     hasBin: true
 
   jsonc-parser@3.3.1:
@@ -207,43 +171,40 @@ packages:
     resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
     engines: {node: '>=0.10.0'}
 
-  katex@0.16.21:
+  katex@0.16.44:
-    resolution: {integrity: sha512-XvqR7FgOHtWupfMiigNzmh+MgUVmDGU2kXZm899ZkPfcuoPuFxyHmXsgATDpFZDAXCI8tvinaVcDo8PIIJSo4A==}
+    resolution: {integrity: sha512-EkxoDTk8ufHqHlf9QxGwcxeLkWRR3iOuYfRpfORgYfqc8s13bgb+YtRY59NK5ZpRaCwq1kqA6a5lpX8C/eLphQ==}
     hasBin: true
 
   linkify-it@5.0.0:
     resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
 
-  lodash@4.17.21:
+  lodash@4.18.1:
-    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
+    resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
 
-  lru-cache@10.4.3:
+  markdown-it@14.1.1:
-    resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==}
+    resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==}
-
-  markdown-it@14.1.0:
-    resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
     hasBin: true
 
   markdown-table@2.0.0:
     resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
 
-  markdownlint-cli@0.44.0:
+  markdownlint-cli@0.47.0:
-    resolution: {integrity: sha512-ZJTAONlvF9NkrIBltCdW15DxN9UTbPiKMEqAh2EU2gwIFlrCMavyCEPPO121cqfYOrLUJWW8/XKWongstmmTeQ==}
+    resolution: {integrity: sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==}
-    engines: {node: '>=18'}
+    engines: {node: '>=20'}
     hasBin: true
 
-  markdownlint@0.37.4:
+  markdownlint@0.40.0:
-    resolution: {integrity: sha512-u00joA/syf3VhWh6/ybVFkib5Zpj2e5KB/cfCei8fkSRuums6nyisTWGqjTWIOFoFwuXoTBQQiqlB4qFKp8ncQ==}
+    resolution: {integrity: sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==}
-    engines: {node: '>=18'}
+    engines: {node: '>=20'}
 
   mdurl@2.0.0:
     resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==}
 
-  micromark-core-commonmark@2.0.2:
+  micromark-core-commonmark@2.0.3:
-    resolution: {integrity: sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==}
+    resolution: {integrity: sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==}
 
-  micromark-extension-directive@3.0.2:
+  micromark-extension-directive@4.0.0:
-    resolution: {integrity: sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==}
+    resolution: {integrity: sha512-/C2nqVmXXmiseSSuCdItCMho7ybwwop6RrrRPk0KbOHW21JKoCldC+8rFOaundDoRBUWBnJJcxeA/Kvi34WQXg==}
 
   micromark-extension-gfm-autolink-literal@2.1.0:
     resolution: {integrity: sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==}
@@ -251,8 +212,8 @@ packages:
   micromark-extension-gfm-footnote@2.1.0:
     resolution: {integrity: sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==}
 
-  micromark-extension-gfm-table@2.1.0:
+  micromark-extension-gfm-table@2.1.1:
-    resolution: {integrity: sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==}
+    resolution: {integrity: sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==}
 
   micromark-extension-math@3.1.0:
     resolution: {integrity: sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==}
@@ -308,35 +269,28 @@ packages:
   micromark-util-symbol@2.0.1:
     resolution: {integrity: sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==}
 
-  micromark-util-types@2.0.1:
+  micromark-util-types@2.0.2:
-    resolution: {integrity: sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==}
+    resolution: {integrity: sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==}
 
-  micromark@4.0.1:
+  micromark@4.0.2:
-    resolution: {integrity: sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==}
+    resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
 
-  minimatch@3.1.2:
+  minimatch@10.1.3:
-    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
+    resolution: {integrity: sha512-IF6URNyBX7Z6XfvjpaNy5meRxPZiIf2OqtOoSLs+hLJ9pJAScnM1RjrFcbCaD85y42KcI+oZmKjFIJKYDFjQfg==}
+    engines: {node: 20 || >=22}
 
-  minimatch@9.0.5:
+  minimatch@3.1.5:
-    resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==}
+    resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
-    engines: {node: '>=16 || 14 >=14.17'}
 
   minimist@1.2.8:
     resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
 
-  minipass@7.1.2:
-    resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
-    engines: {node: '>=16 || 14 >=14.17'}
-
   ms@2.1.3:
     resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
 
   once@1.4.0:
     resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
 
-  package-json-from-dist@1.0.1:
-    resolution: {integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==}
-
   parse-entities@4.0.2:
     resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==}
 
@@ -344,13 +298,9 @@ packages:
     resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
     engines: {node: '>=0.10.0'}
 
-  path-key@3.1.1:
+  picomatch@4.0.4:
-    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
+    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
-    engines: {node: '>=8'}
+    engines: {node: '>=12'}
-
-  path-scurry@1.11.1:
-    resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
-    engines: {node: '>=16 || 14 >=14.18'}
 
   punycode.js@2.3.1:
     resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==}
@@ -364,120 +314,73 @@ packages:
     resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
     hasBin: true
 
-  shebang-command@2.0.0:
+  smol-toml@1.5.2:
-    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
+    resolution: {integrity: sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==}
-    engines: {node: '>=8'}
-
-  shebang-regex@3.0.0:
-    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
-    engines: {node: '>=8'}
-
-  signal-exit@4.1.0:
-    resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==}
-    engines: {node: '>=14'}
-
-  smol-toml@1.3.1:
-    resolution: {integrity: sha512-tEYNll18pPKHroYSmLLrksq233j021G0giwW7P3D24jC54pQ5W5BXMsQ/Mvw1OJCmEYDgY+lrzT+3nNUtoNfXQ==}
     engines: {node: '>= 18'}
 
-  string-width@4.2.3:
+  string-width@8.1.0:
-    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
+    resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
-    engines: {node: '>=8'}
+    engines: {node: '>=20'}
 
-  string-width@5.1.2:
+  strip-ansi@7.2.0:
-    resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==}
+    resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==}
-    engines: {node: '>=12'}
-
-  strip-ansi@6.0.1:
-    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
-    engines: {node: '>=8'}
-
-  strip-ansi@7.1.0:
-    resolution: {integrity: sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==}
     engines: {node: '>=12'}
 
   strip-json-comments@3.1.1:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
 
+  tinyglobby@0.2.15:
+    resolution: {integrity: sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==}
+    engines: {node: '>=12.0.0'}
+
   uc.micro@2.1.0:
     resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==}
 
-  which@2.0.2:
-    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
-    engines: {node: '>= 8'}
-    hasBin: true
-
-  wrap-ansi@7.0.0:
-    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
-    engines: {node: '>=10'}
-
-  wrap-ansi@8.1.0:
-    resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==}
-    engines: {node: '>=12'}
-
   wrappy@1.0.2:
     resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
 
-  yaml@2.7.0:
+  yaml@2.8.3:
-    resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==}
+    resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==}
-    engines: {node: '>= 14'}
+    engines: {node: '>= 14.6'}
     hasBin: true
 
 snapshots:
 
-  '@bitnami/readme-generator-for-helm@2.7.0':
+  '@bitnami/readme-generator-for-helm@2.7.2':
     dependencies:
       commander: 13.1.0
       dot-object: 2.1.5
-      lodash: 4.17.21
+      lodash: 4.18.1
       markdown-table: 2.0.0
-      yaml: 2.7.0
+      yaml: 2.8.3
 
-  '@isaacs/cliui@8.0.2':
+  '@types/debug@4.1.13':
-    dependencies:
-      string-width: 5.1.2
-      string-width-cjs: string-width@4.2.3
-      strip-ansi: 7.1.0
-      strip-ansi-cjs: strip-ansi@6.0.1
-      wrap-ansi: 8.1.0
-      wrap-ansi-cjs: wrap-ansi@7.0.0
-
-  '@pkgjs/parseargs@0.11.0':
-    optional: true
-
-  '@types/debug@4.1.12':
     dependencies:
       '@types/ms': 2.1.0
 
-  '@types/katex@0.16.7': {}
+  '@types/katex@0.16.8': {}
 
   '@types/ms@2.1.0': {}
 
   '@types/unist@2.0.11': {}
 
-  ansi-regex@5.0.1: {}
+  ansi-regex@6.2.2: {}
-
-  ansi-regex@6.1.0: {}
-
-  ansi-styles@4.3.0:
-    dependencies:
-      color-convert: 2.0.1
-
-  ansi-styles@6.2.1: {}
 
   argparse@2.0.1: {}
 
   balanced-match@1.0.2: {}
 
-  brace-expansion@1.1.11:
+  balanced-match@4.0.4: {}
+
+  brace-expansion@1.1.13:
     dependencies:
       balanced-match: 1.0.2
       concat-map: 0.0.1
 
-  brace-expansion@2.0.1:
+  brace-expansion@5.0.5:
     dependencies:
-      balanced-match: 1.0.2
+      balanced-match: 4.0.4
 
   character-entities-legacy@3.0.0: {}
 
@@ -485,31 +388,21 @@ snapshots:
 
   character-reference-invalid@2.0.1: {}
 
-  color-convert@2.0.1:
-    dependencies:
-      color-name: 1.1.4
-
-  color-name@1.1.4: {}
-
   commander@13.1.0: {}
 
+  commander@14.0.3: {}
+
   commander@6.2.1: {}
 
   commander@8.3.0: {}
 
   concat-map@0.0.1: {}
 
-  cross-spawn@7.0.6:
+  debug@4.4.3:
-    dependencies:
-      path-key: 3.1.1
-      shebang-command: 2.0.0
-      which: 2.0.2
-
-  debug@4.4.0:
     dependencies:
       ms: 2.1.3
 
-  decode-named-character-reference@1.1.0:
+  decode-named-character-reference@1.3.0:
     dependencies:
       character-entities: 2.0.2
 
@@ -526,40 +419,26 @@ snapshots:
       commander: 6.2.1
       glob: 7.2.3
 
-  eastasianwidth@0.2.0: {}
-
-  emoji-regex@8.0.0: {}
-
-  emoji-regex@9.2.2: {}
-
   entities@4.5.0: {}
 
-  foreground-child@3.3.1:
+  fdir@6.5.0(picomatch@4.0.4):
-    dependencies:
+    optionalDependencies:
-      cross-spawn: 7.0.6
+      picomatch: 4.0.4
-      signal-exit: 4.1.0
 
   fs.realpath@1.0.0: {}
 
-  glob@10.4.5:
+  get-east-asian-width@1.5.0: {}
-    dependencies:
-      foreground-child: 3.3.1
-      jackspeak: 3.4.3
-      minimatch: 9.0.5
-      minipass: 7.1.2
-      package-json-from-dist: 1.0.1
-      path-scurry: 1.11.1
 
   glob@7.2.3:
     dependencies:
       fs.realpath: 1.0.0
       inflight: 1.0.6
       inherits: 2.0.4
-      minimatch: 3.1.2
+      minimatch: 3.1.5
       once: 1.4.0
       path-is-absolute: 1.0.1
 
-  ignore@7.0.3: {}
+  ignore@7.0.5: {}
 
   inflight@1.0.6:
     dependencies:
@@ -579,19 +458,9 @@ snapshots:
 
   is-decimal@2.0.1: {}
 
-  is-fullwidth-code-point@3.0.0: {}
-
   is-hexadecimal@2.0.1: {}
 
-  isexe@2.0.0: {}
+  js-yaml@4.1.1:
-
-  jackspeak@3.4.3:
-    dependencies:
-      '@isaacs/cliui': 8.0.2
-    optionalDependencies:
-      '@pkgjs/parseargs': 0.11.0
-
-  js-yaml@4.1.0:
     dependencies:
       argparse: 2.0.1
 
@@ -599,7 +468,7 @@ snapshots:
 
   jsonpointer@5.0.1: {}
 
-  katex@0.16.21:
+  katex@0.16.44:
     dependencies:
       commander: 8.3.0
 
@@ -607,11 +476,9 @@ snapshots:
     dependencies:
       uc.micro: 2.1.0
 
-  lodash@4.17.21: {}
+  lodash@4.18.1: {}
 
-  lru-cache@10.4.3: {}
+  markdown-it@14.1.1:
-
-  markdown-it@14.1.0:
     dependencies:
       argparse: 2.0.1
       entities: 4.5.0
@@ -624,40 +491,42 @@ snapshots:
     dependencies:
       repeat-string: 1.6.1
 
-  markdownlint-cli@0.44.0:
+  markdownlint-cli@0.47.0:
     dependencies:
-      commander: 13.1.0
+      commander: 14.0.3
-      glob: 10.4.5
+      deep-extend: 0.6.0
-      ignore: 7.0.3
+      ignore: 7.0.5
-      js-yaml: 4.1.0
+      js-yaml: 4.1.1
       jsonc-parser: 3.3.1
       jsonpointer: 5.0.1
-      markdownlint: 0.37.4
+      markdown-it: 14.1.1
-      minimatch: 9.0.5
+      markdownlint: 0.40.0
+      minimatch: 10.1.3
       run-con: 1.3.2
-      smol-toml: 1.3.1
+      smol-toml: 1.5.2
+      tinyglobby: 0.2.15
     transitivePeerDependencies:
       - supports-color
 
-  markdownlint@0.37.4:
+  markdownlint@0.40.0:
     dependencies:
-      markdown-it: 14.1.0
+      micromark: 4.0.2
-      micromark: 4.0.1
+      micromark-core-commonmark: 2.0.3
-      micromark-core-commonmark: 2.0.2
+      micromark-extension-directive: 4.0.0
-      micromark-extension-directive: 3.0.2
       micromark-extension-gfm-autolink-literal: 2.1.0
       micromark-extension-gfm-footnote: 2.1.0
-      micromark-extension-gfm-table: 2.1.0
+      micromark-extension-gfm-table: 2.1.1
       micromark-extension-math: 3.1.0
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
+      string-width: 8.1.0
     transitivePeerDependencies:
       - supports-color
 
   mdurl@2.0.0: {}
 
-  micromark-core-commonmark@2.0.2:
+  micromark-core-commonmark@2.0.3:
     dependencies:
-      decode-named-character-reference: 1.1.0
+      decode-named-character-reference: 1.3.0
       devlop: 1.1.0
       micromark-factory-destination: 2.0.1
       micromark-factory-label: 2.0.1
@@ -672,16 +541,16 @@ snapshots:
       micromark-util-resolve-all: 2.0.1
       micromark-util-subtokenize: 2.1.0
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
-  micromark-extension-directive@3.0.2:
+  micromark-extension-directive@4.0.0:
     dependencies:
       devlop: 1.1.0
       micromark-factory-space: 2.0.1
       micromark-factory-whitespace: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
       parse-entities: 4.0.2
 
   micromark-extension-gfm-autolink-literal@2.1.0:
@@ -689,73 +558,73 @@ snapshots:
       micromark-util-character: 2.1.1
       micromark-util-sanitize-uri: 2.0.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-extension-gfm-footnote@2.1.0:
     dependencies:
       devlop: 1.1.0
-      micromark-core-commonmark: 2.0.2
+      micromark-core-commonmark: 2.0.3
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-normalize-identifier: 2.0.1
       micromark-util-sanitize-uri: 2.0.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
-  micromark-extension-gfm-table@2.1.0:
+  micromark-extension-gfm-table@2.1.1:
     dependencies:
       devlop: 1.1.0
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-extension-math@3.1.0:
     dependencies:
-      '@types/katex': 0.16.7
+      '@types/katex': 0.16.8
       devlop: 1.1.0
-      katex: 0.16.21
+      katex: 0.16.44
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-factory-destination@2.0.1:
     dependencies:
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-factory-label@2.0.1:
     dependencies:
       devlop: 1.1.0
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-factory-space@2.0.1:
     dependencies:
       micromark-util-character: 2.1.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-factory-title@2.0.1:
     dependencies:
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-factory-whitespace@2.0.1:
     dependencies:
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-util-character@2.1.1:
     dependencies:
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-util-chunked@2.0.1:
     dependencies:
@@ -765,12 +634,12 @@ snapshots:
     dependencies:
       micromark-util-character: 2.1.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-util-combine-extensions@2.0.1:
     dependencies:
       micromark-util-chunked: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-util-decode-numeric-character-reference@2.0.2:
     dependencies:
@@ -786,7 +655,7 @@ snapshots:
 
   micromark-util-resolve-all@2.0.1:
     dependencies:
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-util-sanitize-uri@2.0.1:
     dependencies:
@@ -799,19 +668,19 @@ snapshots:
       devlop: 1.1.0
       micromark-util-chunked: 2.0.1
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
 
   micromark-util-symbol@2.0.1: {}
 
-  micromark-util-types@2.0.1: {}
+  micromark-util-types@2.0.2: {}
 
-  micromark@4.0.1:
+  micromark@4.0.2:
     dependencies:
-      '@types/debug': 4.1.12
+      '@types/debug': 4.1.13
-      debug: 4.4.0
+      debug: 4.4.3
-      decode-named-character-reference: 1.1.0
+      decode-named-character-reference: 1.3.0
       devlop: 1.1.0
-      micromark-core-commonmark: 2.0.2
+      micromark-core-commonmark: 2.0.3
       micromark-factory-space: 2.0.1
       micromark-util-character: 2.1.1
       micromark-util-chunked: 2.0.1
@@ -823,48 +692,39 @@ snapshots:
       micromark-util-sanitize-uri: 2.0.1
       micromark-util-subtokenize: 2.1.0
       micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.1
+      micromark-util-types: 2.0.2
     transitivePeerDependencies:
       - supports-color
 
-  minimatch@3.1.2:
+  minimatch@10.1.3:
     dependencies:
-      brace-expansion: 1.1.11
+      brace-expansion: 5.0.5
 
-  minimatch@9.0.5:
+  minimatch@3.1.5:
     dependencies:
-      brace-expansion: 2.0.1
+      brace-expansion: 1.1.13
 
   minimist@1.2.8: {}
 
-  minipass@7.1.2: {}
-
   ms@2.1.3: {}
 
   once@1.4.0:
     dependencies:
       wrappy: 1.0.2
 
-  package-json-from-dist@1.0.1: {}
-
   parse-entities@4.0.2:
     dependencies:
       '@types/unist': 2.0.11
       character-entities-legacy: 3.0.0
       character-reference-invalid: 2.0.1
-      decode-named-character-reference: 1.1.0
+      decode-named-character-reference: 1.3.0
       is-alphanumerical: 2.0.1
       is-decimal: 2.0.1
       is-hexadecimal: 2.0.1
 
   path-is-absolute@1.0.1: {}
 
-  path-key@3.1.1: {}
+  picomatch@4.0.4: {}
-
-  path-scurry@1.11.1:
-    dependencies:
-      lru-cache: 10.4.3
-      minipass: 7.1.2
 
   punycode.js@2.3.1: {}
 
@@ -877,56 +737,26 @@ snapshots:
       minimist: 1.2.8
       strip-json-comments: 3.1.1
 
-  shebang-command@2.0.0:
+  smol-toml@1.5.2: {}
+
+  string-width@8.1.0:
     dependencies:
-      shebang-regex: 3.0.0
+      get-east-asian-width: 1.5.0
+      strip-ansi: 7.2.0
 
-  shebang-regex@3.0.0: {}
+  strip-ansi@7.2.0:
-
-  signal-exit@4.1.0: {}
-
-  smol-toml@1.3.1: {}
-
-  string-width@4.2.3:
     dependencies:
-      emoji-regex: 8.0.0
+      ansi-regex: 6.2.2
-      is-fullwidth-code-point: 3.0.0
-      strip-ansi: 6.0.1
-
-  string-width@5.1.2:
-    dependencies:
-      eastasianwidth: 0.2.0
-      emoji-regex: 9.2.2
-      strip-ansi: 7.1.0
-
-  strip-ansi@6.0.1:
-    dependencies:
-      ansi-regex: 5.0.1
-
-  strip-ansi@7.1.0:
-    dependencies:
-      ansi-regex: 6.1.0
 
   strip-json-comments@3.1.1: {}
 
+  tinyglobby@0.2.15:
+    dependencies:
+      fdir: 6.5.0(picomatch@4.0.4)
+      picomatch: 4.0.4
+
   uc.micro@2.1.0: {}
 
-  which@2.0.2:
-    dependencies:
-      isexe: 2.0.0
-
-  wrap-ansi@7.0.0:
-    dependencies:
-      ansi-styles: 4.3.0
-      string-width: 4.2.3
-      strip-ansi: 6.0.1
-
-  wrap-ansi@8.1.0:
-    dependencies:
-      ansi-styles: 6.2.1
-      string-width: 5.1.2
-      strip-ansi: 7.1.0
-
   wrappy@1.0.2: {}
 
-  yaml@2.7.0: {}
+  yaml@2.8.3: {}

renovate.json5

@@ -9,19 +9,19 @@
   labels: [
     'kind/dependency',
   ],
-  "digest": {
+  digest: {
-    "automerge": true
+    automerge: true,
   },
   automergeStrategy: 'squash',
   'git-submodules': {
-    'enabled': true
+    enabled: true,
   },
   customManagers: [
     {
       description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
       customType: 'regex',
-      fileMatch: [
+      managerFilePatterns: [
-        '.gitea/workflows/.+\\.ya?ml$',
+        '/.gitea/workflows/.+\\.ya?ml$/',
       ],
       matchStrings: [
         '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
@@ -30,13 +30,23 @@
     {
       description: 'Detect helm-unittest yaml schema file',
       customType: 'regex',
-      fileMatch: ['.vscode/settings\\.json$'],
+      managerFilePatterns: [
+        '/.vscode/settings\\.json$/',
+      ],
       matchStrings: [
         'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
       ],
       datasourceTemplate: 'github-releases',
     },
   ],
+  lockFileMaintenance: {
+    "enabled": true,
+    "commitMessageAction": "update",
+    "commitMessageTopic": "lockfiles",
+    schedule: [
+      'at any time',
+    ]
+  },
   packageRules: [
     {
       groupName: 'subcharts (minor & patch)',
@@ -49,6 +59,17 @@
         'digest',
       ],
     },
+    {
+      groupName: 'bats testing framework',
+      matchManagers: [
+        'git-submodules',
+      ],
+      matchUpdateTypes: [
+        'minor',
+        'patch',
+        'digest',
+      ],
+    },
     {
       groupName: 'workflow dependencies (minor & patch)',
       matchManagers: [

templates/_helpers.tpl

@@ -84,5 +84,48 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
 {{- define "gitea.actions.local_root_url" -}}
-  {{- .Values.giteaRootURL -}}
+  {{- tpl .Values.giteaRootURL . -}}
+{{- end -}}
+
+{{/*
+Common create image implementation
+*/}}
+{{- define "gitea.actions.common.image" -}}
+{{- $fullOverride := .image.fullOverride | default "" -}}
+{{- $registry := .root.Values.global.imageRegistry | default .image.registry -}}
+{{- $repository :=  .image.repository -}}
+{{- $separator := ":" -}}
+{{- $tag := .image.tag | default .root.Chart.AppVersion | toString -}}
+{{- $digest := "" -}}
+{{- if .image.digest }}
+    {{- $digest = (printf "@%s" (.image.digest | toString)) -}}
+{{- end -}}
+{{- if $fullOverride }}
+    {{- printf "%s" $fullOverride -}}
+{{- else if $registry }}
+    {{- printf "%s/%s%s%s%s" $registry $repository $separator $tag $digest -}}
+{{- else -}}
+    {{- printf "%s%s%s%s" $repository $separator $tag $digest -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create image for the Gitea Actions Act Runner
+*/}}
+{{- define "gitea.actions.actRunner.image" -}}
+{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.actRunner) }}
+{{- end -}}
+
+{{/*
+Create image for DinD
+*/}}
+{{- define "gitea.actions.dind.image" -}}
+{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.dind) }}
+{{- end -}}
+
+{{/*
+Create image for Init
+*/}}
+{{- define "gitea.actions.init.image" -}}
+{{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }}
 {{- end -}}

templates/config-act-runner.yaml

@@ -10,6 +10,10 @@ metadata:
 data:
   config.yaml: |
     {{- with .Values.statefulset.actRunner.config -}}
+    {{- if kindIs "string" . -}}
     {{ . | nindent 4}}
+    {{- else -}}
+    {{ toYaml . | nindent 4}}
+    {{- end -}}
     {{- end -}}
 {{- end }}

templates/statefulset.yaml

@@ -30,9 +30,18 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      restartPolicy: Always
+      {{- if .Values.statefulset.serviceAccountName }}
+      serviceAccountName: {{ .Values.statefulset.serviceAccountName }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.statefulset.securityContext | nindent 8 }}
       initContainers:
+        {{- if .Values.preExtraInitContainers }}
+        {{- toYaml .Values.preExtraInitContainers | nindent 8 }}
+        {{- end }}
         - name: init-gitea
-          image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
+          image: "{{ include "gitea.actions.init.image" . }}"
           command:
             - sh
             - -c
@@ -43,62 +52,90 @@ spec:
                 echo "Trying again in 3 seconds..."
               done
               echo "Gitea has been reached!"
+        - name: dind
+          image: "{{ include "gitea.actions.dind.image" . }}"
+          restartPolicy: Always
+          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
+          {{- if .Values.statefulset.dind.extraEnvs }}
+          env:
+            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
+          {{- end }}
+          securityContext:
+            privileged: true
+          startupProbe:
+            exec:
+              command:
+                - /usr/bin/test
+                - -S
+                {{- if .Values.statefulset.dind.rootless }}
+                - /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
+                {{- else }}
+                - /var/run/docker.sock
+                {{- end }}
+          livenessProbe:
+            exec:
+              command:
+                - /usr/bin/test
+                - -S
+                {{- if .Values.statefulset.dind.rootless }}
+                - /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
+                {{- else }}
+                - /var/run/docker.sock
+                {{- end }}
+          resources:
+            {{- toYaml .Values.statefulset.resources | nindent 12 }}
+          volumeMounts:
+            {{- if .Values.statefulset.dind.rootless }}
+            - mountPath: /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/
+            {{- else }}
+            - mountPath: /var/run/
+            {{- end }}
+              name: docker-socket
+            {{- with .Values.statefulset.dind.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+        {{- if .Values.postExtraInitContainers }}
+        {{- toYaml .Values.postExtraInitContainers | nindent 8 }}
+        {{- end }}
       containers:
         - name: act-runner
-          image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
+          image: "{{ include "gitea.actions.actRunner.image" . }}"
           imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
           workingDir: /data
           env:
-            - name: DOCKER_HOST
-              value: tcp://127.0.0.1:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/server
             - name: GITEA_RUNNER_REGISTRATION_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Values.existingSecret | default $secretName }}"
+                  name: "{{ (tpl .Values.existingSecret . ) | default $secretName }}"
-                  key: "{{ .Values.existingSecretKey | default "token" }}"
+                  key: "{{ (tpl .Values.existingSecretKey . ) | default "token" }}"
             - name: GITEA_INSTANCE_URL
               value: {{ include "gitea.actions.local_root_url" . }}
             - name: CONFIG_FILE
               value: /actrunner/config.yaml
+            - name: TZ
+              value: {{ .Values.statefulset.timezone | default "Etc/UTC" }}
+            {{- if .Values.statefulset.actRunner.extraEnvs }}
+            {{- toYaml .Values.statefulset.actRunner.extraEnvs | nindent 12 }}
+            {{- end }}
           resources:
             {{- toYaml .Values.statefulset.resources | nindent 12 }}
           volumeMounts:
             - mountPath: /actrunner/config.yaml
               name: act-runner-config
               subPath: config.yaml
-            - mountPath: /certs/server
+            - mountPath: /var/run/docker.sock
-              name: docker-certs
+              name: docker-socket
+              subPath: docker.sock
             - mountPath: /data
               name: data-act-runner
             {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
-        - name: dind
+      {{- if .Values.global.imagePullSecrets }}
-          image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}"
+      imagePullSecrets:
-          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
+      {{- range .Values.global.imagePullSecrets }}
-          env:
+        - name: {{ . }}
-            - name: DOCKER_HOST
-              value: tcp://127.0.0.1:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/server
-            {{- if .Values.statefulset.dind.extraEnvs }}
-            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
       {{- end }}
-          securityContext:
-            privileged: true
-          resources:
-            {{- toYaml .Values.statefulset.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /certs/server
-              name: docker-certs
-            {{- with .Values.statefulset.dind.extraVolumeMounts }}
-            {{- toYaml . | nindent 12 }}
       {{- end }}
       {{- range $key, $value := .Values.statefulset.nodeSelector }}
       nodeSelector:
@@ -116,7 +153,7 @@ spec:
         - name: act-runner-config
           configMap:
             name: {{ include "gitea.actions.fullname" . }}-act-runner-config
-        - name: docker-certs
+        - name: docker-socket
           emptyDir: {}
         {{- with .Values.statefulset.extraVolumes }}
         {{- toYaml . | nindent 8 }}
@@ -126,7 +163,9 @@ spec:
         name: data-act-runner
       spec:
         accessModes: [ "ReadWriteOnce" ]
-        {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
+        {{- if .Values.global.storageClass }}
+        {{- include "gitea.actions.persistence.storageClass" . | indent 8 }}
+        {{- end }}
         resources:
           requests:
             storage: {{ .Values.statefulset.persistence.size }}

unittests/helm/config-act-runner.yaml

@@ -42,3 +42,27 @@ tests:
             runner:
               labels:
                 - "ubuntu-latest"
+  - it: renders a ConfigMap with inline yaml
+    template: templates/config-act-runner.yaml
+    set:
+      enabled: true
+      statefulset:
+        actRunner:
+          config: |
+            container:
+              valid_volumes:
+                - /var/run/docker.sock
+              options: -v /var/run/docker.sock:/var/run/docker.sock
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: ConfigMap
+          apiVersion: v1
+          name: gitea-unittests-actions-act-runner-config
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: '(?m)^\s*valid_volumes:\s*\n\s*-\s*/var/run/docker.sock\s*$'

unittests/helm/statefulset.yaml

@@ -6,6 +6,216 @@ templates:
   - templates/statefulset.yaml
   - templates/config-act-runner.yaml
 tests:
+  - it: act-runner uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: test.io/act_runner:x.y.z
+  - it: act-runner uses digest
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset.actRunner.tag: 0.2.13
+      statefulset.actRunner.digest: sha256:abcdef123456
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
+  - it: act-runner uses global.imageRegistry
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      global.imageRegistry: test.io
+      statefulset.actRunner.tag: 0.2.13
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: test.io/act_runner:0.2.13
+  - it: dind uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset.dind.fullOverride: test.io/dind:x.y.z
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[1].image
+          value: test.io/dind:x.y.z
+  - it: dind uses global.imageRegistry
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      global.imageRegistry: test.io
+      statefulset.dind.tag: 28.3.3-dind
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[1].image
+          value: test.io/docker:28.3.3-dind
+  - it: init uses fullOverride
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      init.image.fullOverride: test.io/busybox:x.y.z
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[0].image
+          value: test.io/busybox:x.y.z
+  - it: init uses global.imageRegistry
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      global.imageRegistry: test.io
+      init.image.tag: 1.37.0
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.initContainers[0].image
+          value: test.io/busybox:1.37.0
+  - it: renders additional environment variables for act-runner container in StatefulSet
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset:
+        actRunner:
+          extraEnvs:
+            - name: "CUSTOM_ENV"
+              value: "1"
+            - name: "GITEA_RUNNER_NAME"
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[4]
+          value:
+            name: CUSTOM_ENV
+            value: "1"
+      - matchRegex:
+          path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
+          pattern: "metadata\\.name"
+      - matchRegex:
+          path: spec.template.spec.containers[0].env[5].name
+          pattern: "GITEA_RUNNER_NAME"
+  - it: Has fsGroup in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset.securityContext:
+        fsGroup: 1000
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroup"]
+          value: 1000
+  - it: Has fsGroupChangePolicy in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset.securityContext:
+        fsGroupChangePolicy: OnRootMismatch
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
+          value: "OnRootMismatch"
+  - it: Has Always in securityContext
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      existingSecret: "my-secret"
+      existingSecretKey: "my-secret-key"
+      statefulset.securityContext:
+        fsGroupChangePolicy: Always
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
+          value: "Always"
   - it: doesn't renders a StatefulSet by default
     template: templates/statefulset.yaml
     asserts:
@@ -25,7 +235,7 @@ tests:
           apiVersion: apps/v1
           name: gitea-unittests-actions-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[3]
+          path: spec.template.spec.containers[0].env[0]
           value:
             name: GITEA_RUNNER_REGISTRATION_TOKEN
             valueFrom:
@@ -46,7 +256,7 @@ tests:
           apiVersion: apps/v1
           name: gitea-unittests-actions-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[3]
+          path: spec.template.spec.containers[0].env[0]
           value:
             name: GITEA_RUNNER_REGISTRATION_TOKEN
             valueFrom:
@@ -69,7 +279,7 @@ tests:
           name: gitea-unittests-actions-act-runner
       - equal:
           path: spec.template.metadata.annotations["checksum/config"]
-          value: "7566d9c60261bf8cbff6a6936fc7aead96cec540d8c793d142a5ad4664c56ba5"
+          value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
   - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
     template: templates/statefulset.yaml
     set:
@@ -85,7 +295,7 @@ tests:
           apiVersion: apps/v1
           name: gitea-unittests-actions-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[1]
           value:
             name: GITEA_INSTANCE_URL
             value: "http://git.example.com"
@@ -113,7 +323,7 @@ tests:
           apiVersion: apps/v1
           name: gitea-unittests-actions-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[1]
           value:
             name: GITEA_INSTANCE_URL
             value: "https://git.example.com"
@@ -141,7 +351,7 @@ tests:
           apiVersion: apps/v1
           name: gitea-unittests-actions-act-runner
       - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[1]
           value:
             name: GITEA_INSTANCE_URL
             value: "https://git.example.com:8443"
@@ -165,7 +375,7 @@ tests:
               value: "custom env value"
     asserts:
       - equal:
-          path: spec.template.spec.containers[1].env[3]
+          path: spec.template.spec.initContainers[1].env[0]
           value:
             name: "CUSTOM_ENV_NAME"
             value: "custom env value"
@@ -215,7 +425,78 @@ tests:
           name: gitea-unittests-actions-act-runner
       - contains:
           any: true
-          path: spec.template.spec.containers[1].volumeMounts
+          path: spec.template.spec.initContainers[1].volumeMounts
           content:
             mountPath: /mnt
             name: my-dind-volume
+  - it: should interpret existingSecret & existingSecretKey templating
+    template: templates/statefulset.yaml
+    set:
+      gitea:
+        token:
+          secret:
+            name: "gitea-secret"
+            key: "secret-key"
+      enabled: true
+      existingSecret: "{{ .Release.Name }}-{{ .Values.gitea.token.secret.name}}"
+      existingSecretKey: "{{ .Values.gitea.token.secret.key}}"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[0].name
+          value: "GITEA_RUNNER_REGISTRATION_TOKEN"
+      - equal:
+          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
+          value: "gitea-unittests-gitea-secret"
+      - equal:
+          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
+          value: "secret-key"
+  - it: should interpret Gitea Root URL templating
+    template: templates/statefulset.yaml
+    set:
+      global:
+        gitea:
+          service:
+            name: "my-gitea-svc-http"
+            port: 3210
+      enabled: true
+      giteaRootURL: "http://{{ .Values.global.gitea.service.name }}:{{ .Values.global.gitea.service.port }}"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: StatefulSet
+          apiVersion: apps/v1
+          name: gitea-unittests-actions-act-runner
+      - equal:
+          path: spec.template.spec.containers[0].env[1].name
+          value: "GITEA_INSTANCE_URL"
+      - equal:
+          path: spec.template.spec.containers[0].env[1].value
+          value: "http://my-gitea-svc-http:3210"
+      - equal:
+          path: spec.template.spec.initContainers[0].command[2]
+          value: |
+            echo 'Trying to reach Gitea on http://my-gitea-svc-http:3210'
+            until timeout 10 wget --no-check-certificate --spider http://my-gitea-svc-http:3210; do
+              sleep 3
+              echo "Trying again in 3 seconds..."
+            done
+            echo "Gitea has been reached!"
+  - it: should render service account name correctly
+    template: templates/statefulset.yaml
+    set:
+      enabled: true
+      statefulset:
+        serviceAccountName: "my-service-account"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.template.spec.serviceAccountName
+          value: "my-service-account"

values.yaml

@@ -2,9 +2,8 @@
 ## @section Gitea Actions
 #
 ## @param enabled Create an act runner StatefulSet.
-## @param init.image.repository The image used for the init containers
-## @param init.image.tag The image tag used for the init containers
 ## @param statefulset.replicas the amount of (replica) runner pods deployed
+## @param statefulset.timezone is the timezone that will be set in the act_runner image
 ## @param statefulset.annotations Act runner annotations
 ## @param statefulset.labels Act runner labels
 ## @param statefulset.resources Act runner resources
@@ -12,23 +11,32 @@
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
+## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
+## @param statefulset.actRunner.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
+## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
 ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
+## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
+## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
+## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
+## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
+## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
+## @param statefulset.dind.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
 ## @param statefulset.persistence.size Size for persistence to store act runner data
-## @param existingSecret Secret that contains the token
+## @param statefulset.securityContext Customize the SecurityContext
-## @param existingSecretKey Secret key
+## @param statefulset.serviceAccountName Customize the service account name
-## @param giteaRootURL URL the act_runner registers and connect with
 enabled: false
 statefulset:
   replicas: 1
+  timezone: Etc/UTC
   annotations: {}
   labels: {}
   resources: {}
@@ -36,12 +44,23 @@ statefulset:
   tolerations: []
   affinity: {}
   extraVolumes: []
+  securityContext: {}
+  serviceAccountName: ""
 
   actRunner:
-    repository: gitea/act_runner
+    registry: "docker.gitea.com"
-    tag: 0.2.11
+    repository: act_runner
+    tag: 0.3.0
+    digest: ""
     pullPolicy: IfNotPresent
+    fullOverride: ""
     extraVolumeMounts: []
+    extraEnvs:
+      []
+      # - name: "GITEA_RUNNER_NAME"
+      #   valueFrom:
+      #     fieldRef:
+      #       fieldPath: metadata.name
 
     # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
     config: |
@@ -49,11 +68,19 @@ statefulset:
         level: debug
       cache:
         enabled: false
+      container:
+        require_docker: true
+        docker_timeout: 300s
 
   dind:
+    rootless: false
+    uid: ""
+    registry: "docker.io"
     repository: docker
-    tag: 25.0.2-dind
+    tag: 29.3.1-dind
+    digest: ""
     pullPolicy: IfNotPresent
+    fullOverride: ""
     extraVolumeMounts: []
 
     # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
@@ -66,24 +93,56 @@ statefulset:
   persistence:
     size: 1Gi
 
+## @section Gitea Actions Init
+#
+## @param init.image.registry image registry, e.g. gcr.io,docker.io
+## @param init.image.repository The init image
+## @param init.image.tag the init image tag
+## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
+## @param init.image.pullPolicy The init image pullPolicy
+## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest.
 init:
   image:
+    registry: ""
     repository: busybox
     # Overrides the image tag whose default is the chart appVersion.
     tag: "1.37.0"
+    digest: ""
+    pullPolicy: IfNotPresent
+    fullOverride: ""
 
-## Specify an existing token secret
+## @section Runner Token Secret Configuration
-##
+#
+## @param existingSecret Secret that contains the token
+## @param existingSecretKey Secret key
 existingSecret: ""
 existingSecretKey: ""
 
-## Specify the root URL of the Gitea instance
+## @section Gitea URL Setting
+#
+## @param giteaRootURL URL the act_runner registers and connect with
 giteaRootURL: ""
 
+## @section Extra Init Containers
+#
+## @param preExtraInitContainers Additional init containers to run in the pod before gitea-actions runs it owns init containers.
+## @param postExtraInitContainers Additional init containers to run in the pod after gitea-actions runs it owns init containers.
+preExtraInitContainers: []
+# - name: pre-init-container
+#   image: docker.io/library/busybox
+#   command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
+
+postExtraInitContainers: []
+# - name: post-init-container
+#   image: docker.io/library/busybox
+#   command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
+
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image registry pull secrets
 ## @param global.storageClass global storage class override
 global:
   imageRegistry: ""
+  imagePullSecrets: []
   storageClass: ""