.gitea/workflows/release-version.yml aktualisiert

2026-04-05 09:10:46 +00:00 · 2025-08-15 20:01:39 +00:00
20 changed files with 466 additions and 853 deletions
--- a/.gitea/workflows/changelog.yml
+++ b/.gitea/workflows/changelog.yml
@ -8,12 +8,12 @@ on:
 jobs:
  changelog:
    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.9
+    container: docker.io/thegeeklab/git-sv:1.0.12
    steps:
      - name: install tools
        run: |
          apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Generate upcoming changelog
--- a/.gitea/workflows/commitlint.yml
+++ b/.gitea/workflows/commitlint.yml
@ -11,9 +11,9 @@ on:
 jobs:
  check-and-test:
    runs-on: ubuntu-latest
-    container: commitlint/commitlint:20.4.1
+    container: commitlint/commitlint:19.7.1
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: check PR title
        run: |
          echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json
--- a/.gitea/workflows/e2e.yml
+++ b/.gitea/workflows/e2e.yml
@ -1,76 +0,0 @@
 on: pull_request
 jobs:
  k8s-test:
    runs-on: ubuntu-latest
    env:
      CLUSTER_NAME: test-cluster
    steps:
      - uses: actions/checkout@v4
      - name: Install Docker CLI, kind, and kubectl
        run: |
          # Install Docker CLI (to talk to the host daemon via the mounted socket)
          apt-get update && apt-get install -y docker.io jq
          # Install kind
          curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64
          chmod +x /usr/local/bin/kind
          # Install kubectl
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          install kubectl /usr/local/bin/
      - name: Create kind cluster
        run: |
          kind delete cluster test-cluster2
          docker inspect ${CLUSTER_NAME}-control-plane && mkdir -p ~/.kube && kind get kubeconfig --name ${CLUSTER_NAME} > ~/.kube/config || kind create cluster --name ${CLUSTER_NAME} --wait 5m
      - name: Connect kind to the job container's network and fix kubeconfig
        if: always()
        run: |
          # 1. Find the Docker network the job container is on
          #    The job container's hostname is the container ID
          JOB_CONTAINER_ID=$(hostname)
          NETWORK_NAME=$(docker inspect "$JOB_CONTAINER_ID" \
            --format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}}{{end}}')
          echo "NETWORK_NAME=$NETWORK_NAME" >> $GITHUB_ENV
          echo "Job container network: $NETWORK_NAME"
          # 2. Get the kind control-plane container name
          KIND_CONTAINER="${CLUSTER_NAME}-control-plane"
          echo "KIND_CONTAINER=$KIND_CONTAINER" >> $GITHUB_ENV
          # 3. Connect the kind container to the same network
          docker network connect "$NETWORK_NAME" "$KIND_CONTAINER"
          # 4. Get the kind container's IP on that network
          KIND_IP=$(docker inspect "$KIND_CONTAINER" \
            --format "{{(index .NetworkSettings.Networks \"$NETWORK_NAME\").IPAddress}}")
          echo "Kind container IP on shared network: $KIND_IP"
          # 5. Rewrite the kubeconfig to use the kind container's IP
          #    kind's API server listens on port 6443 inside the container
          kubectl config set-cluster kind-${CLUSTER_NAME} \
            --server="https://${KIND_IP}:6443"
          # 6. Since the TLS cert won't match the new IP, use insecure mode
          #    OR set insecure-skip-tls-verify
          kubectl config set-cluster kind-${CLUSTER_NAME} \
            --insecure-skip-tls-verify=true
      - name: Verify cluster access
        if: always()
        run: |
          kubectl cluster-info
          kubectl get nodes
          kubectl get pods -A
      - name: Disconnect Kind Network
        if: always()
        run: |
          docker network disconnect "$NETWORK_NAME" "$KIND_CONTAINER"
--- a/.gitea/workflows/release-version.yml
+++ b/.gitea/workflows/release-version.yml
@ -1,70 +1,68 @@
-name: generate-chart
+name: check-secrets
 on:
  push:
    tags:
      - "*"
 env:
  # renovate: datasource=docker depName=alpine/helm
  HELM_VERSION: "3.20.0"
 jobs:
-  generate-chart-publish:
+  check-secrets:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
-      - name: install tools
+      
      - name: Check all required secrets
        run: |
-          apt update -y
+          echo "=== Checking availability of required secrets ==="
-          apt install -y curl ca-certificates curl gnupg
+          
-          # helm
+          # List of all secrets used in the original workflow
-          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+          SECRETS=(
-          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+            "GPGSIGN_KEY"
-          mv linux-amd64/helm /usr/local/bin/
+            "GPGSIGN_PASSPHRASE"
-          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+            "DOCKER_CHARTS_PASSWORD"
-          helm version
+            "DOCKER_CHARTS_USERNAME"
-          # docker
+            "AWS_KEY_ID"
-          install -m 0755 -d /etc/apt/keyrings
+            "AWS_SECRET_ACCESS_KEY"
-          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+            "AWS_REGION"
-          chmod a+r /etc/apt/keyrings/docker.gpg
+            "AWS_S3_BUCKET"
-          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+          )
-          apt update -y
+          
-          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
+          MISSING_SECRETS=()
-          pip install awscli --break-system-packages
+          AVAILABLE_SECRETS=()
-
+          
-      - name: Import GPG key
+          for secret in "${SECRETS[@]}"; do
-        id: import_gpg
+            # Check if secret is set (not empty)
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v7
+            if [ -z "${!secret:-}" ]; then
-        with:
+              echo "❌ Secret '$secret' is NOT available or empty"
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+              MISSING_SECRETS+=("$secret")
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+            else
-          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
+              echo "✅ Secret '$secret' is available"
-
+              AVAILABLE_SECRETS+=("$secret")
-      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
+            fi
-      - name: package chart
+          done
-        run: |
+          
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
+          echo ""
-          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
+          echo "=== Summary ==="
-          helm plugin install https://github.com/pat-s/helm-gpg
+          echo "Available secrets: ${#AVAILABLE_SECRETS[@]}"
-          helm dependency build
+          echo "Missing secrets: ${#MISSING_SECRETS[@]}"
-          helm package --version "${GITHUB_REF#refs/tags/v}" ./
+          
-          mkdir actions
+          if [ ${#MISSING_SECRETS[@]} -gt 0 ]; then
-          mv actions*.tgz actions/
+            echo ""
-          curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
+            echo "Missing secrets:"
-          helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
+            for secret in "${MISSING_SECRETS[@]}"; do
-          # push to dockerhub
+              echo "  - $secret"
-          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
+            done
-          helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
+            echo ""
-          helm registry logout registry-1.docker.io
+            echo "❌ Some secrets are missing. Please configure them in repository settings."
-
+            exit 1
-      - name: aws credential configure
+          else
-        uses: https://github.com/aws-actions/configure-aws-credentials@v6
+            echo ""
-        with:
+            echo "✅ All required secrets are available!"
-          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
+          fi
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        env:
-          aws-region: ${{ secrets.AWS_REGION }}
+          GPGSIGN_KEY: ${{ secrets.GPGSIGN_KEY }}
-
+          GPGSIGN_PASSPHRASE: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: Copy files to S3 and clear cache
+          DOCKER_CHARTS_PASSWORD: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
-        run: |
+          DOCKER_CHARTS_USERNAME: ${{ secrets.DOCKER_CHARTS_USERNAME }}
-          aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
+          AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
--- a/.gitea/workflows/shellcheck.yml
+++ b/.gitea/workflows/shellcheck.yml
@ -9,6 +9,6 @@ jobs:
  shellcheck:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.2.2
      - run: apt update --yes && apt install --yes shellcheck
      - run: find . -type f -name "*.sh" -exec shellcheck -a {} \;
--- a/.gitea/workflows/test-pr.yml
+++ b/.gitea/workflows/test-pr.yml
@ -10,12 +10,12 @@ on:
 env:
  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v1.0.3"
+  HELM_UNITTEST_VERSION: "v0.7.2"
 jobs:
  check-and-test:
    runs-on: ubuntu-latest
-    container: alpine/helm:3.20.0
+    container: alpine/helm:3.17.1
    steps:
      - name: install tools
        run: |
@ -25,7 +25,7 @@ jobs:
        uses: pnpm/action-setup@v4
        with:
          version: 10
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: install chart dependencies
        run: helm dependency build
      - name: lint
--- a/1
+++ b/1
@ -1 +0,0 @@
 * @DaanSelen @volker.raschek @ChristopherHX
--- a/Chart.yaml
+++ b/Chart.yaml
@ -13,18 +13,7 @@ keywords:
 sources:
  - https://gitea.com/gitea/helm-actions
  - https://gitea.com/gitea/act
-
+# FIXME:
-maintainers:
+# maintainers:
  # https://gitea.com/DaanSelen
  - name: Daan Selen
    email: dselen@nerthus.nl
  # https://gitea.com/volker.raschek
  - name: Markus Pesch
    email: markus.pesch+apps@cryptic.systems
  # https://gitea.com/ChristopherHX
  - name: Christopher Homberger
    email: christopher.homberger@web.de
 dependencies: []
--- a/README.md
+++ b/README.md
@ -6,39 +6,12 @@ The parameters which can be used to customize the deployment are described below
 If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
 ## Docs
 [Docs](./docs/README.md)
 ## Rootless Defaults
 If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
 - If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
 ## Quick-start
 To get started, add the Helm repo, assuming you have not already:
 ```sh
 helm repo add gitea-charts https://dl.gitea.com/charts/
 helm repo update
 ```
 Then pull the values.yaml file and fill it accordingly.
 ```sh
 helm show values gitea-charts/actions > values.yaml
 ```
 Deploy with your values, make sure the path is correct:
 ```sh
 helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
 ```
 You should be good to go!
 ## Parameters
 ### Gitea Actions
@ -49,7 +22,6 @@ You should be good to go!
 | `init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      |
 | `init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       |
 | `statefulset.replicas`                    | the amount of (replica) runner pods deployed                                                                                                | `1`                            |
 | `statefulset.timezone`                    | is the timezone that will be set in the act_runner image                                                                                    | `Etc/UTC`                      |
 | `statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           |
 | `statefulset.labels`                      | Act runner labels                                                                                                                           | `{}`                           |
 | `statefulset.resources`                   | Act runner resources                                                                                                                        | `{}`                           |
@ -57,40 +29,21 @@ You should be good to go!
 | `statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           |
 | `statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           |
 | `statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           |
-| `statefulset.actRunner.registry`          | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.gitea.com`             |
+| `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `gitea/act_runner`             |
-| `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `act_runner`                   |
+| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.11`                       |
 | `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.13`                       |
 | `statefulset.actRunner.digest`            | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.actRunner.fullOverride`      | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           |
 | `statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
 | `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `""`                           |
 | `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
 | `statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       |
-| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `28.3.3-dind`                  |
+| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `25.0.2-dind`                  |
 | `statefulset.dind.digest`                 | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.dind.fullOverride`           | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
 | `statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
 | `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
 | `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
 | `existingSecret`                          | Secret that contains the token                                                                                                              | `""`                           |
 | `existingSecretKey`                       | Secret key                                                                                                                                  | `""`                           |
 | `giteaRootURL`                            | URL the act_runner registers and connect with                                                                                               | `""`                           |
 ### Gitea Actions Init
 | Name                      | Description                                                                                                | Value          |
 | ------------------------- | ---------------------------------------------------------------------------------------------------------- | -------------- |
 | `init.image.registry`     | image registry, e.g. gcr.io,docker.io                                                                      | `""`           |
 | `init.image.repository`   | The init image                                                                                             | `busybox`      |
 | `init.image.tag`          | the init image tag                                                                                         | `1.37.0`       |
 | `init.image.digest`       | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""`           |
 | `init.image.pullPolicy`   | The init image pullPolicy                                                                                  | `IfNotPresent` |
 | `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest.                                       | `""`           |
 ### Global
 | Name                   | Description                    | Value |
--- a/docs/README.md
+++ b/docs/README.md
@ -1,3 +0,0 @@
 # Gitea Actions Helm Chart Docs
 - [Share dind with job container](share-dind-with-job-container.md)
--- a/docs/share-dind-with-job-container.md
+++ b/docs/share-dind-with-job-container.md
@ -1,36 +0,0 @@
 # Share dind with job container
 You can weaken isolation and allow jobs to call docker commands.
 ## Limitations
 - Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
 - Docker port expose to local host `-e 80:8080` is not going to work
 ## Example Values
 ```yaml
 enabled: true
 statefulset:
  actRunner:
    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
    config: |
      log:
        level: debug
      cache:
        enabled: false
      container:
        valid_volumes:
        - /var/run/docker.sock
        options: -v /var/run/docker.sock:/var/run/docker.sock
 ## Specify an existing token secret
 ##
 existingSecret: "runner-token2"
 existingSecretKey: "token"
 ## Specify the root URL of the Gitea instance
 giteaRootURL: "http://192.168.1.2:3000"
 ```
 Now you can run docker commands inside your jobs.
--- a/package.json
+++ b/package.json
@ -14,6 +14,6 @@
  },
  "devDependencies": {
    "@bitnami/readme-generator-for-helm": "^2.7.0",
-    "markdownlint-cli": "^0.47.0"
+    "markdownlint-cli": "^0.44.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -10,30 +10,30 @@ importers:
    devDependencies:
      '@bitnami/readme-generator-for-helm':
        specifier: ^2.7.0
-        version: 2.7.2
+        version: 2.7.0
      markdownlint-cli:
-        specifier: ^0.47.0
+        specifier: ^0.44.0
-        version: 0.47.0
+        version: 0.44.0
 packages:
-  '@bitnami/readme-generator-for-helm@2.7.2':
+  '@bitnami/readme-generator-for-helm@2.7.0':
-    resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
+    resolution: {integrity: sha512-fVxExmcuJ9NZb9ZE9OW3+lG8pUlXJAJdaO8UukV3A7WzYu4qOTr03MXPH9Gt5e/6mo3x4WYI/cXBksKfS0qn3w==}
    hasBin: true
-  '@isaacs/balanced-match@4.0.1':
+  '@isaacs/cliui@8.0.2':
-    resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
+    resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
-    engines: {node: 20 || >=22}
+    engines: {node: '>=12'}
-  '@isaacs/brace-expansion@5.0.1':
+  '@pkgjs/parseargs@0.11.0':
-    resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==}
+    resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
-    engines: {node: 20 || >=22}
+    engines: {node: '>=14'}
  '@types/debug@4.1.12':
    resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
-  '@types/katex@0.16.8':
+  '@types/katex@0.16.7':
-    resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
+    resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==}
  '@types/ms@2.1.0':
    resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
@ -41,8 +41,20 @@ packages:
  '@types/unist@2.0.11':
    resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==}
-  ansi-regex@6.2.2:
+  ansi-regex@5.0.1:
-    resolution: {integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==}
+    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
    engines: {node: '>=8'}
  ansi-regex@6.1.0:
    resolution: {integrity: sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==}
    engines: {node: '>=12'}
  ansi-styles@4.3.0:
    resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
    engines: {node: '>=8'}
  ansi-styles@6.2.1:
    resolution: {integrity: sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==}
    engines: {node: '>=12'}
  argparse@2.0.1:
@ -51,8 +63,11 @@ packages:
  balanced-match@1.0.2:
    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
-  brace-expansion@1.1.12:
+  brace-expansion@1.1.11:
-    resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
+    resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
  brace-expansion@2.0.1:
    resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==}
  character-entities-legacy@3.0.0:
    resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@ -63,14 +78,17 @@ packages:
  character-reference-invalid@2.0.1:
    resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==}
  color-convert@2.0.1:
    resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
    engines: {node: '>=7.0.0'}
  color-name@1.1.4:
    resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
  commander@13.1.0:
    resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==}
    engines: {node: '>=18'}
  commander@14.0.3:
    resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==}
    engines: {node: '>=20'}
  commander@6.2.1:
    resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==}
    engines: {node: '>= 6'}
@ -82,8 +100,12 @@ packages:
  concat-map@0.0.1:
    resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
-  debug@4.4.3:
+  cross-spawn@7.0.6:
-    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
+    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
    engines: {node: '>= 8'}
  debug@4.4.0:
    resolution: {integrity: sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==}
    engines: {node: '>=6.0'}
    peerDependencies:
      supports-color: '*'
@ -91,8 +113,8 @@ packages:
      supports-color:
        optional: true
-  decode-named-character-reference@1.3.0:
+  decode-named-character-reference@1.1.0:
-    resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==}
+    resolution: {integrity: sha512-Wy+JTSbFThEOXQIR2L6mxJvEs+veIzpmqD7ynWxMXGpnk3smkHQOp6forLdHsKpAMW9iJpaBBIxz285t1n1C3w==}
  deep-extend@0.6.0:
    resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==}
@ -109,32 +131,36 @@ packages:
    resolution: {integrity: sha512-xHF8EP4XH/Ba9fvAF2LDd5O3IITVolerVV6xvkxoM8zlGEiCUrggpAnHyOoKJKCrhvPcGATFAUwIujj7bRG5UA==}
    hasBin: true
  eastasianwidth@0.2.0:
    resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
  emoji-regex@8.0.0:
    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
  emoji-regex@9.2.2:
    resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==}
  entities@4.5.0:
    resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
    engines: {node: '>=0.12'}
-  fdir@6.5.0:
+  foreground-child@3.3.1:
-    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
+    resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==}
-    engines: {node: '>=12.0.0'}
+    engines: {node: '>=14'}
    peerDependencies:
      picomatch: ^3 || ^4
    peerDependenciesMeta:
      picomatch:
        optional: true
  fs.realpath@1.0.0:
    resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
-  get-east-asian-width@1.4.0:
+  glob@10.4.5:
-    resolution: {integrity: sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==}
+    resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==}
-    engines: {node: '>=18'}
+    hasBin: true
  glob@7.2.3:
    resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
-    deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
+    deprecated: Glob versions prior to v9 are no longer supported
-  ignore@7.0.5:
+  ignore@7.0.3:
-    resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==}
+    resolution: {integrity: sha512-bAH5jbK/F3T3Jls4I0SO1hmPR0dKU0a7+SY6n1yzRtG54FLO8d6w/nxLFX2Nb7dBu6cCWXPaAME6cYqFUMmuCA==}
    engines: {node: '>= 4'}
  inflight@1.0.6:
@ -157,11 +183,21 @@ packages:
  is-decimal@2.0.1:
    resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==}
  is-fullwidth-code-point@3.0.0:
    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
    engines: {node: '>=8'}
  is-hexadecimal@2.0.1:
    resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==}
-  js-yaml@4.1.1:
+  isexe@2.0.0:
-    resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
+    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
  jackspeak@3.4.3:
    resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}
  js-yaml@4.1.0:
    resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
    hasBin: true
  jsonc-parser@3.3.1:
@ -171,15 +207,18 @@ packages:
    resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
    engines: {node: '>=0.10.0'}
-  katex@0.16.28:
+  katex@0.16.21:
-    resolution: {integrity: sha512-YHzO7721WbmAL6Ov1uzN/l5mY5WWWhJBSW+jq4tkfZfsxmo1hu6frS0EOswvjBUnWE6NtjEs48SFn5CQESRLZg==}
+    resolution: {integrity: sha512-XvqR7FgOHtWupfMiigNzmh+MgUVmDGU2kXZm899ZkPfcuoPuFxyHmXsgATDpFZDAXCI8tvinaVcDo8PIIJSo4A==}
    hasBin: true
  linkify-it@5.0.0:
    resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
-  lodash@4.17.23:
+  lodash@4.17.21:
-    resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==}
+    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
  lru-cache@10.4.3:
    resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==}
  markdown-it@14.1.0:
    resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
@ -188,23 +227,23 @@ packages:
  markdown-table@2.0.0:
    resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
-  markdownlint-cli@0.47.0:
+  markdownlint-cli@0.44.0:
-    resolution: {integrity: sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==}
+    resolution: {integrity: sha512-ZJTAONlvF9NkrIBltCdW15DxN9UTbPiKMEqAh2EU2gwIFlrCMavyCEPPO121cqfYOrLUJWW8/XKWongstmmTeQ==}
-    engines: {node: '>=20'}
+    engines: {node: '>=18'}
    hasBin: true
-  markdownlint@0.40.0:
+  markdownlint@0.37.4:
-    resolution: {integrity: sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==}
+    resolution: {integrity: sha512-u00joA/syf3VhWh6/ybVFkib5Zpj2e5KB/cfCei8fkSRuums6nyisTWGqjTWIOFoFwuXoTBQQiqlB4qFKp8ncQ==}
-    engines: {node: '>=20'}
+    engines: {node: '>=18'}
  mdurl@2.0.0:
    resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==}
-  micromark-core-commonmark@2.0.3:
+  micromark-core-commonmark@2.0.2:
-    resolution: {integrity: sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==}
+    resolution: {integrity: sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==}
-  micromark-extension-directive@4.0.0:
+  micromark-extension-directive@3.0.2:
-    resolution: {integrity: sha512-/C2nqVmXXmiseSSuCdItCMho7ybwwop6RrrRPk0KbOHW21JKoCldC+8rFOaundDoRBUWBnJJcxeA/Kvi34WQXg==}
+    resolution: {integrity: sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==}
  micromark-extension-gfm-autolink-literal@2.1.0:
    resolution: {integrity: sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==}
@ -212,8 +251,8 @@ packages:
  micromark-extension-gfm-footnote@2.1.0:
    resolution: {integrity: sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==}
-  micromark-extension-gfm-table@2.1.1:
+  micromark-extension-gfm-table@2.1.0:
-    resolution: {integrity: sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==}
+    resolution: {integrity: sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==}
  micromark-extension-math@3.1.0:
    resolution: {integrity: sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==}
@ -269,28 +308,35 @@ packages:
  micromark-util-symbol@2.0.1:
    resolution: {integrity: sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==}
-  micromark-util-types@2.0.2:
+  micromark-util-types@2.0.1:
-    resolution: {integrity: sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==}
+    resolution: {integrity: sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==}
-  micromark@4.0.2:
+  micromark@4.0.1:
-    resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
+    resolution: {integrity: sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==}
  minimatch@10.1.2:
    resolution: {integrity: sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==}
    engines: {node: 20 || >=22}
  minimatch@3.1.2:
    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
  minimatch@9.0.5:
    resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==}
    engines: {node: '>=16 || 14 >=14.17'}
  minimist@1.2.8:
    resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
  minipass@7.1.2:
    resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
    engines: {node: '>=16 || 14 >=14.17'}
  ms@2.1.3:
    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
  once@1.4.0:
    resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
  package-json-from-dist@1.0.1:
    resolution: {integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==}
  parse-entities@4.0.2:
    resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==}
@ -298,9 +344,13 @@ packages:
    resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
    engines: {node: '>=0.10.0'}
-  picomatch@4.0.3:
+  path-key@3.1.1:
-    resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
+    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
-    engines: {node: '>=12'}
+    engines: {node: '>=8'}
  path-scurry@1.11.1:
    resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
    engines: {node: '>=16 || 14 >=14.18'}
  punycode.js@2.3.1:
    resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==}
@ -314,83 +364,134 @@ packages:
    resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
    hasBin: true
-  smol-toml@1.5.2:
+  shebang-command@2.0.0:
-    resolution: {integrity: sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==}
+    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
    engines: {node: '>=8'}
  shebang-regex@3.0.0:
    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
    engines: {node: '>=8'}
  signal-exit@4.1.0:
    resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==}
    engines: {node: '>=14'}
  smol-toml@1.3.1:
    resolution: {integrity: sha512-tEYNll18pPKHroYSmLLrksq233j021G0giwW7P3D24jC54pQ5W5BXMsQ/Mvw1OJCmEYDgY+lrzT+3nNUtoNfXQ==}
    engines: {node: '>= 18'}
-  string-width@8.1.0:
+  string-width@4.2.3:
-    resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
+    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
-    engines: {node: '>=20'}
+    engines: {node: '>=8'}
-  strip-ansi@7.1.2:
+  string-width@5.1.2:
-    resolution: {integrity: sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==}
+    resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==}
    engines: {node: '>=12'}
  strip-ansi@6.0.1:
    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
    engines: {node: '>=8'}
  strip-ansi@7.1.0:
    resolution: {integrity: sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==}
    engines: {node: '>=12'}
  strip-json-comments@3.1.1:
    resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
    engines: {node: '>=8'}
  tinyglobby@0.2.15:
    resolution: {integrity: sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==}
    engines: {node: '>=12.0.0'}
  uc.micro@2.1.0:
    resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==}
  which@2.0.2:
    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
    engines: {node: '>= 8'}
    hasBin: true
  wrap-ansi@7.0.0:
    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
    engines: {node: '>=10'}
  wrap-ansi@8.1.0:
    resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==}
    engines: {node: '>=12'}
  wrappy@1.0.2:
    resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
-  yaml@2.8.2:
+  yaml@2.7.0:
-    resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==}
+    resolution: {integrity: sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==}
-    engines: {node: '>= 14.6'}
+    engines: {node: '>= 14'}
    hasBin: true
 snapshots:
-  '@bitnami/readme-generator-for-helm@2.7.2':
+  '@bitnami/readme-generator-for-helm@2.7.0':
    dependencies:
      commander: 13.1.0
      dot-object: 2.1.5
-      lodash: 4.17.23
+      lodash: 4.17.21
      markdown-table: 2.0.0
-      yaml: 2.8.2
+      yaml: 2.7.0
-  '@isaacs/balanced-match@4.0.1': {}
+  '@isaacs/cliui@8.0.2':
  '@isaacs/brace-expansion@5.0.1':
    dependencies:
-      '@isaacs/balanced-match': 4.0.1
+      string-width: 5.1.2
      string-width-cjs: string-width@4.2.3
      strip-ansi: 7.1.0
      strip-ansi-cjs: strip-ansi@6.0.1
      wrap-ansi: 8.1.0
      wrap-ansi-cjs: wrap-ansi@7.0.0
  '@pkgjs/parseargs@0.11.0':
    optional: true
  '@types/debug@4.1.12':
    dependencies:
      '@types/ms': 2.1.0
-  '@types/katex@0.16.8': {}
+  '@types/katex@0.16.7': {}
  '@types/ms@2.1.0': {}
  '@types/unist@2.0.11': {}
-  ansi-regex@6.2.2: {}
+  ansi-regex@5.0.1: {}
  ansi-regex@6.1.0: {}
  ansi-styles@4.3.0:
    dependencies:
      color-convert: 2.0.1
  ansi-styles@6.2.1: {}
  argparse@2.0.1: {}
  balanced-match@1.0.2: {}
-  brace-expansion@1.1.12:
+  brace-expansion@1.1.11:
    dependencies:
      balanced-match: 1.0.2
      concat-map: 0.0.1
  brace-expansion@2.0.1:
    dependencies:
      balanced-match: 1.0.2
  character-entities-legacy@3.0.0: {}
  character-entities@2.0.2: {}
  character-reference-invalid@2.0.1: {}
-  commander@13.1.0: {}
+  color-convert@2.0.1:
    dependencies:
      color-name: 1.1.4
-  commander@14.0.3: {}
+  color-name@1.1.4: {}
  commander@13.1.0: {}
  commander@6.2.1: {}
@ -398,11 +499,17 @@ snapshots:
  concat-map@0.0.1: {}
-  debug@4.4.3:
+  cross-spawn@7.0.6:
    dependencies:
      path-key: 3.1.1
      shebang-command: 2.0.0
      which: 2.0.2
  debug@4.4.0:
    dependencies:
      ms: 2.1.3
-  decode-named-character-reference@1.3.0:
+  decode-named-character-reference@1.1.0:
    dependencies:
      character-entities: 2.0.2
@ -419,15 +526,29 @@ snapshots:
      commander: 6.2.1
      glob: 7.2.3
  eastasianwidth@0.2.0: {}
  emoji-regex@8.0.0: {}
  emoji-regex@9.2.2: {}
  entities@4.5.0: {}
-  fdir@6.5.0(picomatch@4.0.3):
+  foreground-child@3.3.1:
-    optionalDependencies:
+    dependencies:
-      picomatch: 4.0.3
+      cross-spawn: 7.0.6
      signal-exit: 4.1.0
  fs.realpath@1.0.0: {}
-  get-east-asian-width@1.4.0: {}
+  glob@10.4.5:
    dependencies:
      foreground-child: 3.3.1
      jackspeak: 3.4.3
      minimatch: 9.0.5
      minipass: 7.1.2
      package-json-from-dist: 1.0.1
      path-scurry: 1.11.1
  glob@7.2.3:
    dependencies:
@ -438,7 +559,7 @@ snapshots:
      once: 1.4.0
      path-is-absolute: 1.0.1
-  ignore@7.0.5: {}
+  ignore@7.0.3: {}
  inflight@1.0.6:
    dependencies:
@ -458,9 +579,19 @@ snapshots:
  is-decimal@2.0.1: {}
  is-fullwidth-code-point@3.0.0: {}
  is-hexadecimal@2.0.1: {}
-  js-yaml@4.1.1:
+  isexe@2.0.0: {}
  jackspeak@3.4.3:
    dependencies:
      '@isaacs/cliui': 8.0.2
    optionalDependencies:
      '@pkgjs/parseargs': 0.11.0
  js-yaml@4.1.0:
    dependencies:
      argparse: 2.0.1
@ -468,7 +599,7 @@ snapshots:
  jsonpointer@5.0.1: {}
-  katex@0.16.28:
+  katex@0.16.21:
    dependencies:
      commander: 8.3.0
@ -476,7 +607,9 @@ snapshots:
    dependencies:
      uc.micro: 2.1.0
-  lodash@4.17.23: {}
+  lodash@4.17.21: {}
  lru-cache@10.4.3: {}
  markdown-it@14.1.0:
    dependencies:
@ -491,42 +624,40 @@ snapshots:
    dependencies:
      repeat-string: 1.6.1
-  markdownlint-cli@0.47.0:
+  markdownlint-cli@0.44.0:
    dependencies:
-      commander: 14.0.3
+      commander: 13.1.0
-      deep-extend: 0.6.0
+      glob: 10.4.5
-      ignore: 7.0.5
+      ignore: 7.0.3
-      js-yaml: 4.1.1
+      js-yaml: 4.1.0
      jsonc-parser: 3.3.1
      jsonpointer: 5.0.1
-      markdown-it: 14.1.0
+      markdownlint: 0.37.4
-      markdownlint: 0.40.0
+      minimatch: 9.0.5
      minimatch: 10.1.2
      run-con: 1.3.2
-      smol-toml: 1.5.2
+      smol-toml: 1.3.1
      tinyglobby: 0.2.15
    transitivePeerDependencies:
      - supports-color
-  markdownlint@0.40.0:
+  markdownlint@0.37.4:
    dependencies:
-      micromark: 4.0.2
+      markdown-it: 14.1.0
-      micromark-core-commonmark: 2.0.3
+      micromark: 4.0.1
-      micromark-extension-directive: 4.0.0
+      micromark-core-commonmark: 2.0.2
      micromark-extension-directive: 3.0.2
      micromark-extension-gfm-autolink-literal: 2.1.0
      micromark-extension-gfm-footnote: 2.1.0
-      micromark-extension-gfm-table: 2.1.1
+      micromark-extension-gfm-table: 2.1.0
      micromark-extension-math: 3.1.0
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
      string-width: 8.1.0
    transitivePeerDependencies:
      - supports-color
  mdurl@2.0.0: {}
-  micromark-core-commonmark@2.0.3:
+  micromark-core-commonmark@2.0.2:
    dependencies:
-      decode-named-character-reference: 1.3.0
+      decode-named-character-reference: 1.1.0
      devlop: 1.1.0
      micromark-factory-destination: 2.0.1
      micromark-factory-label: 2.0.1
@ -541,16 +672,16 @@ snapshots:
      micromark-util-resolve-all: 2.0.1
      micromark-util-subtokenize: 2.1.0
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
-  micromark-extension-directive@4.0.0:
+  micromark-extension-directive@3.0.2:
    dependencies:
      devlop: 1.1.0
      micromark-factory-space: 2.0.1
      micromark-factory-whitespace: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
      parse-entities: 4.0.2
  micromark-extension-gfm-autolink-literal@2.1.0:
@ -558,73 +689,73 @@ snapshots:
      micromark-util-character: 2.1.1
      micromark-util-sanitize-uri: 2.0.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-extension-gfm-footnote@2.1.0:
    dependencies:
      devlop: 1.1.0
-      micromark-core-commonmark: 2.0.3
+      micromark-core-commonmark: 2.0.2
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-normalize-identifier: 2.0.1
      micromark-util-sanitize-uri: 2.0.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
-  micromark-extension-gfm-table@2.1.1:
+  micromark-extension-gfm-table@2.1.0:
    dependencies:
      devlop: 1.1.0
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-extension-math@3.1.0:
    dependencies:
-      '@types/katex': 0.16.8
+      '@types/katex': 0.16.7
      devlop: 1.1.0
-      katex: 0.16.28
+      katex: 0.16.21
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-factory-destination@2.0.1:
    dependencies:
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-factory-label@2.0.1:
    dependencies:
      devlop: 1.1.0
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-factory-space@2.0.1:
    dependencies:
      micromark-util-character: 2.1.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-factory-title@2.0.1:
    dependencies:
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-factory-whitespace@2.0.1:
    dependencies:
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-util-character@2.1.1:
    dependencies:
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-util-chunked@2.0.1:
    dependencies:
@ -634,12 +765,12 @@ snapshots:
    dependencies:
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-util-combine-extensions@2.0.1:
    dependencies:
      micromark-util-chunked: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-util-decode-numeric-character-reference@2.0.2:
    dependencies:
@ -655,7 +786,7 @@ snapshots:
  micromark-util-resolve-all@2.0.1:
    dependencies:
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-util-sanitize-uri@2.0.1:
    dependencies:
@ -668,19 +799,19 @@ snapshots:
      devlop: 1.1.0
      micromark-util-chunked: 2.0.1
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
  micromark-util-symbol@2.0.1: {}
-  micromark-util-types@2.0.2: {}
+  micromark-util-types@2.0.1: {}
-  micromark@4.0.2:
+  micromark@4.0.1:
    dependencies:
      '@types/debug': 4.1.12
-      debug: 4.4.3
+      debug: 4.4.0
-      decode-named-character-reference: 1.3.0
+      decode-named-character-reference: 1.1.0
      devlop: 1.1.0
-      micromark-core-commonmark: 2.0.3
+      micromark-core-commonmark: 2.0.2
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-chunked: 2.0.1
@ -692,39 +823,48 @@ snapshots:
      micromark-util-sanitize-uri: 2.0.1
      micromark-util-subtokenize: 2.1.0
      micromark-util-symbol: 2.0.1
-      micromark-util-types: 2.0.2
+      micromark-util-types: 2.0.1
    transitivePeerDependencies:
      - supports-color
  minimatch@10.1.2:
    dependencies:
      '@isaacs/brace-expansion': 5.0.1
  minimatch@3.1.2:
    dependencies:
-      brace-expansion: 1.1.12
+      brace-expansion: 1.1.11
  minimatch@9.0.5:
    dependencies:
      brace-expansion: 2.0.1
  minimist@1.2.8: {}
  minipass@7.1.2: {}
  ms@2.1.3: {}
  once@1.4.0:
    dependencies:
      wrappy: 1.0.2
  package-json-from-dist@1.0.1: {}
  parse-entities@4.0.2:
    dependencies:
      '@types/unist': 2.0.11
      character-entities-legacy: 3.0.0
      character-reference-invalid: 2.0.1
-      decode-named-character-reference: 1.3.0
+      decode-named-character-reference: 1.1.0
      is-alphanumerical: 2.0.1
      is-decimal: 2.0.1
      is-hexadecimal: 2.0.1
  path-is-absolute@1.0.1: {}
-  picomatch@4.0.3: {}
+  path-key@3.1.1: {}
  path-scurry@1.11.1:
    dependencies:
      lru-cache: 10.4.3
      minipass: 7.1.2
  punycode.js@2.3.1: {}
@ -737,26 +877,56 @@ snapshots:
      minimist: 1.2.8
      strip-json-comments: 3.1.1
-  smol-toml@1.5.2: {}
+  shebang-command@2.0.0:
  string-width@8.1.0:
    dependencies:
-      get-east-asian-width: 1.4.0
+      shebang-regex: 3.0.0
      strip-ansi: 7.1.2
-  strip-ansi@7.1.2:
+  shebang-regex@3.0.0: {}
  signal-exit@4.1.0: {}
  smol-toml@1.3.1: {}
  string-width@4.2.3:
    dependencies:
-      ansi-regex: 6.2.2
+      emoji-regex: 8.0.0
      is-fullwidth-code-point: 3.0.0
      strip-ansi: 6.0.1
  string-width@5.1.2:
    dependencies:
      eastasianwidth: 0.2.0
      emoji-regex: 9.2.2
      strip-ansi: 7.1.0
  strip-ansi@6.0.1:
    dependencies:
      ansi-regex: 5.0.1
  strip-ansi@7.1.0:
    dependencies:
      ansi-regex: 6.1.0
  strip-json-comments@3.1.1: {}
  tinyglobby@0.2.15:
    dependencies:
      fdir: 6.5.0(picomatch@4.0.3)
      picomatch: 4.0.3
  uc.micro@2.1.0: {}
  which@2.0.2:
    dependencies:
      isexe: 2.0.0
  wrap-ansi@7.0.0:
    dependencies:
      ansi-styles: 4.3.0
      string-width: 4.2.3
      strip-ansi: 6.0.1
  wrap-ansi@8.1.0:
    dependencies:
      ansi-styles: 6.2.1
      string-width: 5.1.2
      strip-ansi: 7.1.0
  wrappy@1.0.2: {}
-  yaml@2.8.2: {}
+  yaml@2.7.0: {}
--- a/renovate.json5
+++ b/renovate.json5
@ -9,19 +9,19 @@
  labels: [
    'kind/dependency',
  ],
-  digest: {
+  "digest": {
-    automerge: true,
+    "automerge": true
  },
  automergeStrategy: 'squash',
  'git-submodules': {
-    enabled: true,
+    'enabled': true
  },
  customManagers: [
    {
      description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
      customType: 'regex',
-      managerFilePatterns: [
+      fileMatch: [
-        '/.gitea/workflows/.+\\.ya?ml$/',
+        '.gitea/workflows/.+\\.ya?ml$',
      ],
      matchStrings: [
        '# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
@ -30,23 +30,13 @@
    {
      description: 'Detect helm-unittest yaml schema file',
      customType: 'regex',
-      managerFilePatterns: [
+      fileMatch: ['.vscode/settings\\.json$'],
        '/.vscode/settings\\.json$/',
      ],
      matchStrings: [
        'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
      ],
      datasourceTemplate: 'github-releases',
    },
  ],
  lockFileMaintenance: {
    "enabled": true,
    "commitMessageAction": "update",
    "commitMessageTopic": "lockfiles",
    schedule: [
      'at any time',
    ]
  },
  packageRules: [
    {
      groupName: 'subcharts (minor & patch)',
@ -59,17 +49,6 @@
        'digest',
      ],
    },
    {
      groupName: 'bats testing framework',
      matchManagers: [
        'git-submodules',
      ],
      matchUpdateTypes: [
        'minor',
        'patch',
        'digest',
      ],
    },
    {
      groupName: 'workflow dependencies (minor & patch)',
      matchManagers: [
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -84,48 +84,5 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "gitea.actions.local_root_url" -}}
-  {{- tpl .Values.giteaRootURL . -}}
+  {{- .Values.giteaRootURL -}}
 {{- end -}}
 {{/*
 Common create image implementation
 */}}
 {{- define "gitea.actions.common.image" -}}
 {{- $fullOverride := .image.fullOverride | default "" -}}
 {{- $registry := .root.Values.global.imageRegistry | default .image.registry -}}
 {{- $repository :=  .image.repository -}}
 {{- $separator := ":" -}}
 {{- $tag := .image.tag | default .root.Chart.AppVersion | toString -}}
 {{- $digest := "" -}}
 {{- if .image.digest }}
    {{- $digest = (printf "@%s" (.image.digest | toString)) -}}
 {{- end -}}
 {{- if $fullOverride }}
    {{- printf "%s" $fullOverride -}}
 {{- else if $registry }}
    {{- printf "%s/%s%s%s%s" $registry $repository $separator $tag $digest -}}
 {{- else -}}
    {{- printf "%s%s%s%s" $repository $separator $tag $digest -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create image for the Gitea Actions Act Runner
 */}}
 {{- define "gitea.actions.actRunner.image" -}}
 {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.actRunner) }}
 {{- end -}}
 {{/*
 Create image for DinD
 */}}
 {{- define "gitea.actions.dind.image" -}}
 {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.statefulset.dind) }}
 {{- end -}}
 {{/*
 Create image for Init
 */}}
 {{- define "gitea.actions.init.image" -}}
 {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }}
 {{- end -}}
--- a/templates/config-act-runner.yaml
+++ b/templates/config-act-runner.yaml
@ -10,10 +10,6 @@ metadata:
 data:
  config.yaml: |
    {{- with .Values.statefulset.actRunner.config -}}
    {{- if kindIs "string" . -}}
    {{ . | nindent 4}}
    {{- else -}}
    {{ toYaml . | nindent 4}}
    {{- end -}}
    {{- end -}}
 {{- end }}
--- a/templates/statefulset.yaml
+++ b/templates/statefulset.yaml
@ -30,11 +30,9 @@ spec:
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      securityContext:
        {{- toYaml .Values.statefulset.securityContext | nindent 8 }}
      initContainers:
        - name: init-gitea
-          image: "{{ include "gitea.actions.init.image" . }}"
+          image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
          command:
            - sh
            - -c
@ -45,42 +43,18 @@ spec:
                echo "Trying again in 3 seconds..."
              done
              echo "Gitea has been reached!"
        - name: dind
          image: "{{ include "gitea.actions.dind.image" . }}"
          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
          {{- if .Values.statefulset.dind.extraEnvs }}
          env:
            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
          {{- end }}
          restartPolicy: Always
          securityContext:
            privileged: true
          startupProbe:
            exec:
              command:
                - /usr/bin/test
                - -S
                - /var/run/docker.sock
          livenessProbe:
            exec:
              command:
                - /usr/bin/test
                - -S
                - /var/run/docker.sock
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /var/run/
              name: docker-socket
            {{- with .Values.statefulset.dind.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
      containers:
        - name: act-runner
-          image: "{{ include "gitea.actions.actRunner.image" . }}"
+          image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
          imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
          workingDir: /data
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/server
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
@ -90,25 +64,42 @@ spec:
              value: {{ include "gitea.actions.local_root_url" . }}
            - name: CONFIG_FILE
              value: /actrunner/config.yaml
            - name: TZ
              value: {{ .Values.statefulset.timezone | default "Etc/UTC" }}
            {{- if .Values.statefulset.actRunner.extraEnvs }}
            {{- toYaml .Values.statefulset.actRunner.extraEnvs | nindent 12 }}
            {{- end }}
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /actrunner/config.yaml
              name: act-runner-config
              subPath: config.yaml
-            - mountPath: /var/run/docker.sock
+            - mountPath: /certs/server
-              name: docker-socket
+              name: docker-certs
              subPath: docker.sock
            - mountPath: /data
              name: data-act-runner
            {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
        - name: dind
          image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}"
          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/server
            {{- if .Values.statefulset.dind.extraEnvs }}
            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
            {{- end }}
          securityContext:
            privileged: true
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /certs/server
              name: docker-certs
            {{- with .Values.statefulset.dind.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
      {{- range $key, $value := .Values.statefulset.nodeSelector }}
      nodeSelector:
        {{ $key }}: {{ $value | quote }}
@ -125,7 +116,7 @@ spec:
        - name: act-runner-config
          configMap:
            name: {{ include "gitea.actions.fullname" . }}-act-runner-config
-        - name: docker-socket
+        - name: docker-certs
          emptyDir: {}
        {{- with .Values.statefulset.extraVolumes }}
        {{- toYaml . | nindent 8 }}
--- a/unittests/helm/config-act-runner.yaml
+++ b/unittests/helm/config-act-runner.yaml
@ -42,27 +42,3 @@ tests:
            runner:
              labels:
                - "ubuntu-latest"
  - it: renders a ConfigMap with inline yaml
    template: templates/config-act-runner.yaml
    set:
      enabled: true
      statefulset:
        actRunner:
          config:
            container:
              valid_volumes:
                - /var/run/docker.sock
              options: -v /var/run/docker.sock:/var/run/docker.sock
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: ConfigMap
          apiVersion: v1
          name: gitea-unittests-actions-act-runner-config
      - matchRegex:
          path: data["config.yaml"]
          pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'
      - matchRegex:
          path: data["config.yaml"]
          pattern: '(?m)^\s*valid_volumes:\s*\n\s*-\s*/var/run/docker.sock\s*$'
--- a/unittests/helm/statefulset.yaml
+++ b/unittests/helm/statefulset.yaml
@ -6,216 +6,6 @@ templates:
  - templates/statefulset.yaml
  - templates/config-act-runner.yaml
 tests:
  - it: act-runner uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].image
          value: test.io/act_runner:x.y.z
  - it: act-runner uses digest
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.actRunner.tag: 0.2.13
      statefulset.actRunner.digest: sha256:abcdef123456
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].image
          value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
  - it: act-runner uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      global.imageRegistry: test.io
      statefulset.actRunner.tag: 0.2.13
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].image
          value: test.io/act_runner:0.2.13
  - it: dind uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.dind.fullOverride: test.io/dind:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.initContainers[1].image
          value: test.io/dind:x.y.z
  - it: dind uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      global.imageRegistry: test.io
      statefulset.dind.tag: 28.3.3-dind
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.initContainers[1].image
          value: test.io/docker:28.3.3-dind
  - it: init uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      init.image.fullOverride: test.io/busybox:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.initContainers[0].image
          value: test.io/busybox:x.y.z
  - it: init uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      global.imageRegistry: test.io
      init.image.tag: 1.37.0
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.initContainers[0].image
          value: test.io/busybox:1.37.0
  - it: renders additional environment variables for act-runner container in StatefulSet
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset:
        actRunner:
          extraEnvs:
            - name: "CUSTOM_ENV"
              value: "1"
            - name: "GITEA_RUNNER_NAME"
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[4]
          value:
            name: CUSTOM_ENV
            value: "1"
      - matchRegex:
          path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
          pattern: "metadata\\.name"
      - matchRegex:
          path: spec.template.spec.containers[0].env[5].name
          pattern: "GITEA_RUNNER_NAME"
  - it: Has fsGroup in securityContext
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.securityContext:
        fsGroup: 1000
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.securityContext["fsGroup"]
          value: 1000
  - it: Has fsGroupChangePolicy in securityContext
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.securityContext:
        fsGroupChangePolicy: OnRootMismatch
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
          value: "OnRootMismatch"
  - it: Has Always in securityContext
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.securityContext:
        fsGroupChangePolicy: Always
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
          value: "Always"
  - it: doesn't renders a StatefulSet by default
    template: templates/statefulset.yaml
    asserts:
@ -235,7 +25,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[0]
+          path: spec.template.spec.containers[0].env[3]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
@ -256,7 +46,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[0]
+          path: spec.template.spec.containers[0].env[3]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
@ -279,7 +69,7 @@ tests:
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.metadata.annotations["checksum/config"]
-          value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
+          value: "7566d9c60261bf8cbff6a6936fc7aead96cec540d8c793d142a5ad4664c56ba5"
  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
@ -295,7 +85,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[1]
+          path: spec.template.spec.containers[0].env[4]
          value:
            name: GITEA_INSTANCE_URL
            value: "http://git.example.com"
@ -323,7 +113,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[1]
+          path: spec.template.spec.containers[0].env[4]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com"
@ -351,7 +141,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[1]
+          path: spec.template.spec.containers[0].env[4]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com:8443"
@ -375,7 +165,7 @@ tests:
              value: "custom env value"
    asserts:
      - equal:
-          path: spec.template.spec.initContainers[1].env[0]
+          path: spec.template.spec.containers[1].env[3]
          value:
            name: "CUSTOM_ENV_NAME"
            value: "custom env value"
@ -425,39 +215,7 @@ tests:
          name: gitea-unittests-actions-act-runner
      - contains:
          any: true
-          path: spec.template.spec.initContainers[1].volumeMounts
+          path: spec.template.spec.containers[1].volumeMounts
          content:
            mountPath: /mnt
            name: my-dind-volume
  - it: should interpret Gitea Root URL templating
    template: templates/statefulset.yaml
    set:
      global:
        gitea:
          service:
            name: "my-gitea-svc-http"
            port: 3210
      enabled: true
      giteaRootURL: "http://{{ .Values.global.gitea.service.name }}:{{ .Values.global.gitea.service.port }}"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[1].name
          value: "GITEA_INSTANCE_URL"
      - equal:
          path: spec.template.spec.containers[0].env[1].value
          value: "http://my-gitea-svc-http:3210"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on http://my-gitea-svc-http:3210'
            until timeout 10 wget --no-check-certificate --spider http://my-gitea-svc-http:3210; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
--- a/values.yaml
+++ b/values.yaml
@ -5,7 +5,6 @@
 ## @param init.image.repository The image used for the init containers
 ## @param init.image.tag The image tag used for the init containers
 ## @param statefulset.replicas the amount of (replica) runner pods deployed
 ## @param statefulset.timezone is the timezone that will be set in the act_runner image
 ## @param statefulset.annotations Act runner annotations
 ## @param statefulset.labels Act runner labels
 ## @param statefulset.resources Act runner resources
@ -13,32 +12,23 @@
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
 ## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
 ## @param statefulset.actRunner.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
 ## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
 ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
 ## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
 ## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
 ## @param statefulset.dind.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
 ## @param statefulset.persistence.size Size for persistence to store act runner data
 ## @param statefulset.securityContext Customize the SecurityContext
 ## @param existingSecret Secret that contains the token
 ## @param existingSecretKey Secret key
 ## @param giteaRootURL URL the act_runner registers and connect with
 enabled: false
 statefulset:
  replicas: 1
  timezone: Etc/UTC
  annotations: {}
  labels: {}
  resources: {}
@ -46,22 +36,12 @@ statefulset:
  tolerations: []
  affinity: {}
  extraVolumes: []
  securityContext: {}
  actRunner:
-    registry: "docker.gitea.com"
+    repository: gitea/act_runner
-    repository: act_runner
+    tag: 0.2.11
    tag: 0.2.13
    digest: ""
    pullPolicy: IfNotPresent
    fullOverride: ""
    extraVolumeMounts: []
    extraEnvs:
      []
      # - name: "GITEA_RUNNER_NAME"
      #   valueFrom:
      #     fieldRef:
      #       fieldPath: metadata.name
    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
    config: |
@ -69,17 +49,11 @@ statefulset:
        level: debug
      cache:
        enabled: false
      container:
        require_docker: true
        docker_timeout: 300s
  dind:
    registry: ""
    repository: docker
-    tag: 28.3.3-dind
+    tag: 25.0.2-dind
    digest: ""
    pullPolicy: IfNotPresent
    fullOverride: ""
    extraVolumeMounts: []
    # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
@ -92,23 +66,11 @@ statefulset:
  persistence:
    size: 1Gi
 ## @section Gitea Actions Init
 #
 ## @param init.image.registry image registry, e.g. gcr.io,docker.io
 ## @param init.image.repository The init image
 ## @param init.image.tag the init image tag
 ## @param init.image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
 ## @param init.image.pullPolicy The init image pullPolicy
 ## @param init.image.fullOverride Completely overrides the image registry, path/image, tag and digest.
 init:
  image:
    registry: ""
    repository: busybox
    # Overrides the image tag whose default is the chart appVersion.
    tag: "1.37.0"
    digest: ""
    pullPolicy: IfNotPresent
    fullOverride: ""
 ## Specify an existing token secret
 ##
		`@ -1,3 +0,0 @@`
			`# Gitea Actions Helm Chart Docs`

			`- [Share dind with job container](share-dind-with-job-container.md)`