chore(deps): update workflow dependencies (minor & patch)

2026-04-14 05:30:39 +00:00 · 2025-10-20 00:19:45 +00:00
18 changed files with 692 additions and 741 deletions
--- a/.gitea/workflows/changelog.yml
+++ b/.gitea/workflows/changelog.yml
@ -8,12 +8,12 @@ on:
 jobs:
  changelog:
    runs-on: ubuntu-latest
-    container: docker.io/thegeeklab/git-sv:2.0.11
+    container: docker.io/thegeeklab/git-sv:2.0.6
    steps:
      - name: install tools
        run: |
          apk add -q --update --no-cache nodejs curl jq sed
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Generate upcoming changelog
--- a/.gitea/workflows/commitlint.yml
+++ b/.gitea/workflows/commitlint.yml
@ -11,9 +11,9 @@ on:
 jobs:
  check-and-test:
    runs-on: ubuntu-latest
-    container: commitlint/commitlint:20.5.1
+    container: commitlint/commitlint:19.9.1
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - name: check PR title
        run: |
          echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json
--- a/.gitea/workflows/release-version.yml
+++ b/.gitea/workflows/release-version.yml
@ -7,76 +7,64 @@ on:
 env:
  # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "4.1.4"
+  HELM_VERSION: "3.19.0"
 jobs:
  generate-chart-publish:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - name: install Docker CLI
        uses: https://github.com/docker/setup-buildx-action@v4 # Gitea
        #uses: docker/setup-buildx-action@v4 # Github / Act
      - name: install Helm
        uses: https://github.com/Azure/setup-helm@v5 # Gitea
        #uses: Azure/setup-helm@v5 # Github / Act
        with:
          version: "${{ env.HELM_VERSION }}"
      - name: install tools
        run: |
-          apt update
+          apt update -y
-          apt install -y curl ca-certificates curl gnupg python3 python3-pip apt-transport-https
+          apt install -y curl ca-certificates curl gnupg
          # helm
          curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
          tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
          mv linux-amd64/helm /usr/local/bin/
          rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
          helm version
          # docker
          install -m 0755 -d /etc/apt/keyrings
          curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
          chmod a+r /etc/apt/keyrings/docker.gpg
          echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
          apt update -y
          apt install -y python3 python3-pip apt-transport-https docker-ce-cli
          pip install awscli --break-system-packages
-      - name: import GPG key
+      - name: Import GPG key
        id: import_gpg
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v7 # Gitea
+        uses: https://github.com/crazy-max/ghaction-import-gpg@v6
        #uses: crazy-max/ghaction-import-gpg@v7 # Github / Act
        with:
          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
      - name: log into Docker Hub
        uses: https://github.com/docker/login-action@v4 # Gitea
        #uses: docker/login-action@v4 # Github / Act
        with:
          username: ${{ secrets.DOCKER_CHARTS_USERNAME }}
          password: ${{ secrets.DOCKER_CHARTS_PASSWORD }}
      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
      - name: package chart
        run: |
-          # Install Helm GPG plugin
+          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
-          helm plugin install https://github.com/technosophos/helm-gpg.git --verify=false
+          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
          helm plugin install https://github.com/pat-s/helm-gpg
          helm dependency build
          helm package --version "${GITHUB_REF#refs/tags/v}" ./
          # Package the chart
          mkdir actions
          mv actions*.tgz actions/
          curl -s -L -o actions/index.yaml https://dl.gitea.com/charts/index.yaml
          helm repo index actions/ --url https://dl.gitea.com/charts --merge actions/index.yaml
-
+          # push to dockerhub
          # Push to Docker Hub
          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
          helm push actions/actions-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
          helm registry logout registry-1.docker.io
        env:
          TAR_OPTIONS: "--wildcards"
      - name: aws credential configure
-        uses: https://github.com/aws-actions/configure-aws-credentials@v6 # Gitea
+        uses: https://github.com/aws-actions/configure-aws-credentials@v5
        #uses: aws-actions/configure-aws-credentials@v6 # Github / Act
        with:
          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
-      - name: copy files to S3 and clear cache
+      - name: Copy files to S3 and clear cache
        if: startsWith(github.ref, 'refs/tags/')
        run: |
          aws s3 sync actions/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
--- a/.gitea/workflows/shellcheck.yml
+++ b/.gitea/workflows/shellcheck.yml
@ -1,4 +1,4 @@
-name: shellcheck
+name: Lint Shell files
 on:
  pull_request:
@ -9,6 +9,6 @@ jobs:
  shellcheck:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - run: apt update --yes && apt install --yes shellcheck
      - run: find . -type f -name "*.sh" -exec shellcheck -a {} \;
--- a/.gitea/workflows/test-pr.yml
+++ b/.gitea/workflows/test-pr.yml
@ -1,7 +1,6 @@
 name: check-and-test
-"on":
+on:
  "workflow_dispatch":
  pull_request:
    branches:
      - "*"
@ -16,27 +15,26 @@ env:
 jobs:
  check-and-test:
    runs-on: ubuntu-latest
-    container: alpine/helm:4.1.4
+    container: alpine/helm:3.19.0
    steps:
      - name: install tools
        run: |
          apk update
          apk add --update bash make nodejs npm yamllint ncurses
      - name: Install pnpm
-        uses: pnpm/action-setup@v6
+        uses: pnpm/action-setup@v4
        with:
          version: 10
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - name: install chart dependencies
        run: helm dependency build
      - name: lint
-        run: helm lint .
+        run: helm lint
      - name: template
        run: helm template --debug gitea-actions .
      - name: prepare unit test environment
        run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} --verify=false \
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
            https://github.com/helm-unittest/helm-unittest.git # https://github.com/helm-unittest/helm-unittest?tab=readme-ov-file#install
          git submodule update --init --recursive
      - name: unit tests
        env:
@ -48,5 +46,4 @@ jobs:
          make readme
          git diff --exit-code --name-only README.md
      - name: yaml lint
-        # uses: ibiqlik/action-yamllint@v3 # Github / Act
+        uses: https://github.com/ibiqlik/action-yamllint@v3
        uses: https://github.com/ibiqlik/action-yamllint@v3 # Gitea
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,3 @@ charts/
 node_modules/
 .DS_Store
 unittests/*/__snapshot__/
 *secret*.yaml
--- a/README.md
+++ b/README.md
@ -6,9 +6,17 @@ The parameters which can be used to customize the deployment are described below
 If you want to propose a new feature or mechanism, submit an [issue here](https://gitea.com/gitea/helm-actions/issues).
-## Quick-start
+## Docs
-[Documentation](./docs/README.md)
+[Docs](./docs/README.md)
 ## Rootless Defaults
 If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
 - If `.Values.provisioning.enabled: true`, then uses the rootless Gitea image, must match helm-Gitea.
 ## Quick-start
 To get started, add the Helm repo, assuming you have not already:
@ -31,26 +39,6 @@ helm upgrade --install gitea-actions gitea-charts/actions -f values.yaml
 You should be good to go!
 ### Runner Token Secret Template
 For reference, a template for the secret is given below:  
 ```yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: runner-secret
  namespace: "my-gitea-namespace"
 type: Opaque
 stringData:
    runner-token: "my-cool-runner-token-given-by-gitea"
 ```
 ### Rootless Options
 If `.Values.statefulset.dind.rootless: true` is set, then the following will be required:  
 `.Values.statefulset.dind.tag` must be a rootless image such as: `29.3.1-dind-rootless`
 ## Parameters
 ### Gitea Actions
@ -58,6 +46,8 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
 | Name                                      | Description                                                                                                                                 | Value                          |
 | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `enabled`                                 | Create an act runner StatefulSet.                                                                                                           | `false`                        |
 | `init.image.repository`                   | The image used for the init containers                                                                                                      | `busybox`                      |
 | `init.image.tag`                          | The image tag used for the init containers                                                                                                  | `1.37.0`                       |
 | `statefulset.replicas`                    | the amount of (replica) runner pods deployed                                                                                                | `1`                            |
 | `statefulset.timezone`                    | is the timezone that will be set in the act_runner image                                                                                    | `Etc/UTC`                      |
 | `statefulset.annotations`                 | Act runner annotations                                                                                                                      | `{}`                           |
@ -67,33 +57,27 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
 | `statefulset.tolerations`                 | Tolerations for the statefulset                                                                                                             | `[]`                           |
 | `statefulset.affinity`                    | Affinity for the statefulset                                                                                                                | `{}`                           |
 | `statefulset.extraVolumes`                | Extra volumes for the statefulset                                                                                                           | `[]`                           |
 | `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
 | `statefulset.securityContext`             | Customize the SecurityContext                                                                                                               | `{}`                           |
 | `statefulset.serviceAccountName`          | Customize the service account name                                                                                                          | `""`                           |
 | `statefulset.runtimeClassName`            | Select a different RuntimeClass for pods                                                                                                    | `""`                           |
 | `statefulset.hostAliases`                 | Inject entries into the /etc/hosts file                                                                                                     | `[]`                           |
 | `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
 | `statefulset.actRunner.registry`          | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.gitea.com`             |
 | `statefulset.actRunner.repository`        | The Gitea act runner image                                                                                                                  | `act_runner`                   |
-| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.3.1`                        |
+| `statefulset.actRunner.tag`               | The Gitea act runner tag                                                                                                                    | `0.2.13`                       |
 | `statefulset.actRunner.digest`            | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.actRunner.pullPolicy`        | The Gitea act runner pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.actRunner.fullOverride`      | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.actRunner.extraVolumeMounts` | Allows mounting extra volumes in the act runner container                                                                                   | `[]`                           |
 | `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
 | `statefulset.actRunner.flushCache`        | whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time                           | `false`                        |
 | `statefulset.actRunner.config`            | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` |
-| `statefulset.dind.rootless`               | a simple flag to let helm know we are dealing with a rootless dind container                                                                | `false`                        |
+| `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `""`                           |
-| `statefulset.dind.uid`                    | a field to set the running user id for the rootless dind container, so it knows where to look for the socket                                | `""`                           |
+| `statefulset.actRunner.extraEnvs`         | Allows adding custom environment variables                                                                                                  | `[]`                           |
 | `statefulset.dind.registry`               | image registry, e.g. gcr.io,docker.io                                                                                                       | `docker.io`                    |
 | `statefulset.dind.repository`             | The Docker-in-Docker image                                                                                                                  | `docker`                       |
-| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `29.4.0-dind`                  |
+| `statefulset.dind.tag`                    | The Docker-in-Docker image tag                                                                                                              | `28.3.3-dind`                  |
 | `statefulset.dind.digest`                 | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`                                  | `""`                           |
 | `statefulset.dind.fullOverride`           | Completely overrides the image registry, path/image, tag and digest.                                                                        | `""`                           |
 | `statefulset.dind.pullPolicy`             | The Docker-in-Docker pullPolicy                                                                                                             | `IfNotPresent`                 |
 | `statefulset.dind.extraVolumeMounts`      | Allows mounting extra volumes in the Docker-in-Docker container                                                                             | `[]`                           |
 | `statefulset.dind.extraEnvs`              | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`                                                                | `[]`                           |
-| `statefulset.dind.extraArgs`              | Allows adding custom arguments to the Docker Daemon                                                                                         | `[]`                           |
+| `statefulset.persistence.size`            | Size for persistence to store act runner data                                                                                               | `1Gi`                          |
 | `existingSecret`                          | Secret that contains the token                                                                                                              | `""`                           |
 | `existingSecretKey`                       | Secret key                                                                                                                                  | `""`                           |
 | `giteaRootURL`                            | URL the act_runner registers and connect with                                                                                               | `""`                           |
 ### Gitea Actions Init
@ -106,30 +90,9 @@ If `.Values.statefulset.dind.rootless: true` is set, then the following will be
 | `init.image.pullPolicy`   | The init image pullPolicy                                                                                  | `IfNotPresent` |
 | `init.image.fullOverride` | Completely overrides the image registry, path/image, tag and digest.                                       | `""`           |
 ### Runner Token Secret Configuration
 | Name                | Description                    | Value |
 | ------------------- | ------------------------------ | ----- |
 | `existingSecret`    | Secret that contains the token | `""`  |
 | `existingSecretKey` | Secret key                     | `""`  |
 ### Gitea URL Setting
 | Name           | Description                                   | Value |
 | -------------- | --------------------------------------------- | ----- |
 | `giteaRootURL` | URL the act_runner registers and connect with | `""`  |
 ### Extra Init Containers
 | Name                      | Description                                                                                     | Value |
 | ------------------------- | ----------------------------------------------------------------------------------------------- | ----- |
 | `preExtraInitContainers`  | Additional init containers to run in the pod before Gitea-actions runs it owns init containers. | `[]`  |
 | `postExtraInitContainers` | Additional init containers to run in the pod after Gitea-actions runs it owns init containers.  | `[]`  |
 ### Global
-| Name                      | Description                        | Value |
+| Name                   | Description                    | Value |
-| ------------------------- | ---------------------------------- | ----- |
+| ---------------------- | ------------------------------ | ----- |
-| `global.imageRegistry`    | global image registry override     | `""`  |
+| `global.imageRegistry` | global image registry override | `""`  |
-| `global.imagePullSecrets` | global image registry pull secrets | `[]`  |
+| `global.storageClass`  | global storage class override  | `""`  |
 | `global.storageClass`     | global storage class override      | `""`  |
--- a/docs/actions-dev.md
+++ b/docs/actions-dev.md
@ -26,6 +26,8 @@ In this case, you can use either the Web UI to generate the token or run a shell
 the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
 ```yaml
 provisioning:
  enabled: false
 existingSecret: "secret-name"
 existingSecretKey: "secret-key"
 ```
--- a/docs/share-dind-with-job-container.md
+++ b/docs/share-dind-with-job-container.md
@ -4,19 +4,25 @@ You can weaken isolation and allow jobs to call docker commands.
 ## Limitations
-
+- Docker bind mounts like `-v /path/on/self/container:/path/to/new/container` do not work, because they are going to mount the path from the dind container
 - Docker port expose to local host `-e 80:8080` is not going to work
 ## Example Values
 ```yaml
 enabled: true
 statefulset:
  actRunner:
    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
    config: |
      log:
        level: debug
      cache:
        enabled: false
      container:
-        require_docker: true
+        valid_volumes:
-        docker_timeout: 300s
+        - /var/run/docker.sock
        options: -v /var/run/docker.sock:/var/run/docker.sock
 ## Specify an existing token secret
 ##
@ -27,4 +33,4 @@ existingSecretKey: "token"
 giteaRootURL: "http://192.168.1.2:3000"
 ```
-Now you can run docker commands inside your jobs.
+Now you can run docker commands inside your jobs.
--- a/package.json
+++ b/package.json
@ -14,6 +14,6 @@
  },
  "devDependencies": {
    "@bitnami/readme-generator-for-helm": "^2.7.0",
-    "markdownlint-cli": "^0.48.0"
+    "markdownlint-cli": "^0.45.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -12,8 +12,8 @@ importers:
        specifier: ^2.7.0
        version: 2.7.2
      markdownlint-cli:
-        specifier: ^0.48.0
+        specifier: ^0.45.0
-        version: 0.48.0
+        version: 0.45.0
 packages:
@ -21,11 +21,23 @@ packages:
    resolution: {integrity: sha512-7eXyJzxQTQj2ajpHlIhadciCCYWOqN8ieaweU25bStHOZowQ2c2CQyjO/bX4gxIf73LoRKxHhEYgLTllJY9SIw==}
    hasBin: true
-  '@types/debug@4.1.13':
+  '@isaacs/balanced-match@4.0.1':
-    resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==}
+    resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
    engines: {node: 20 || >=22}
-  '@types/katex@0.16.8':
+  '@isaacs/brace-expansion@5.0.0':
-    resolution: {integrity: sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==}
+    resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==}
    engines: {node: 20 || >=22}
  '@isaacs/cliui@8.0.2':
    resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
    engines: {node: '>=12'}
  '@types/debug@4.1.12':
    resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
  '@types/katex@0.16.7':
    resolution: {integrity: sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==}
  '@types/ms@2.1.0':
    resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
@ -33,26 +45,30 @@ packages:
  '@types/unist@2.0.11':
    resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==}
  ansi-regex@5.0.1:
    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
    engines: {node: '>=8'}
  ansi-regex@6.2.2:
    resolution: {integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==}
    engines: {node: '>=12'}
  ansi-styles@4.3.0:
    resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
    engines: {node: '>=8'}
  ansi-styles@6.2.3:
    resolution: {integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==}
    engines: {node: '>=12'}
  argparse@2.0.1:
    resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
  balanced-match@1.0.2:
    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
-  balanced-match@4.0.4:
+  brace-expansion@1.1.12:
-    resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
+    resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
    engines: {node: 18 || 20 || >=22}
  brace-expansion@1.1.14:
    resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==}
  brace-expansion@5.0.5:
    resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
    engines: {node: 18 || 20 || >=22}
  character-entities-legacy@3.0.0:
    resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==}
@ -63,14 +79,17 @@ packages:
  character-reference-invalid@2.0.1:
    resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==}
  color-convert@2.0.1:
    resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
    engines: {node: '>=7.0.0'}
  color-name@1.1.4:
    resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
  commander@13.1.0:
    resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==}
    engines: {node: '>=18'}
  commander@14.0.3:
    resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==}
    engines: {node: '>=20'}
  commander@6.2.1:
    resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==}
    engines: {node: '>= 6'}
@ -82,6 +101,10 @@ packages:
  concat-map@0.0.1:
    resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
  cross-spawn@7.0.6:
    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
    engines: {node: '>= 8'}
  debug@4.4.3:
    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
    engines: {node: '>=6.0'}
@ -91,8 +114,8 @@ packages:
      supports-color:
        optional: true
-  decode-named-character-reference@1.3.0:
+  decode-named-character-reference@1.2.0:
-    resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==}
+    resolution: {integrity: sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==}
  deep-extend@0.6.0:
    resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==}
@ -109,29 +132,34 @@ packages:
    resolution: {integrity: sha512-xHF8EP4XH/Ba9fvAF2LDd5O3IITVolerVV6xvkxoM8zlGEiCUrggpAnHyOoKJKCrhvPcGATFAUwIujj7bRG5UA==}
    hasBin: true
  eastasianwidth@0.2.0:
    resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
  emoji-regex@8.0.0:
    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
  emoji-regex@9.2.2:
    resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==}
  entities@4.5.0:
    resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
    engines: {node: '>=0.12'}
-  fdir@6.5.0:
+  foreground-child@3.3.1:
-    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
+    resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==}
-    engines: {node: '>=12.0.0'}
+    engines: {node: '>=14'}
    peerDependencies:
      picomatch: ^3 || ^4
    peerDependenciesMeta:
      picomatch:
        optional: true
  fs.realpath@1.0.0:
    resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
-  get-east-asian-width@1.5.0:
+  glob@11.0.3:
-    resolution: {integrity: sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==}
+    resolution: {integrity: sha512-2Nim7dha1KVkaiF4q6Dj+ngPPMdfvLJEOpZk/jKiUAkqKebpGAWQXAq9z1xu9HKu5lWfqw/FASuccEjyznjPaA==}
-    engines: {node: '>=18'}
+    engines: {node: 20 || >=22}
    hasBin: true
  glob@7.2.3:
    resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
-    deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
+    deprecated: Glob versions prior to v9 are no longer supported
  ignore@7.0.5:
    resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==}
@ -157,11 +185,22 @@ packages:
  is-decimal@2.0.1:
    resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==}
  is-fullwidth-code-point@3.0.0:
    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
    engines: {node: '>=8'}
  is-hexadecimal@2.0.1:
    resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==}
-  js-yaml@4.1.1:
+  isexe@2.0.0:
-    resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
+    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
  jackspeak@4.1.1:
    resolution: {integrity: sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==}
    engines: {node: 20 || >=22}
  js-yaml@4.1.0:
    resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
    hasBin: true
  jsonc-parser@3.3.1:
@ -171,30 +210,34 @@ packages:
    resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
    engines: {node: '>=0.10.0'}
-  katex@0.16.45:
+  katex@0.16.22:
-    resolution: {integrity: sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==}
+    resolution: {integrity: sha512-XCHRdUw4lf3SKBaJe4EvgqIuWwkPSo9XoeO8GjQW94Bp7TWv9hNhzZjZ+OH9yf1UmLygb7DIT5GSFQiyt16zYg==}
    hasBin: true
  linkify-it@5.0.0:
    resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
-  lodash@4.18.1:
+  lodash@4.17.21:
-    resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==}
+    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
-  markdown-it@14.1.1:
+  lru-cache@11.2.2:
-    resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==}
+    resolution: {integrity: sha512-F9ODfyqML2coTIsQpSkRHnLSZMtkU8Q+mSfcaIyKwy58u+8k5nvAYeiNhsyMARvzNcXJ9QfWVrcPsC9e9rAxtg==}
    engines: {node: 20 || >=22}
  markdown-it@14.1.0:
    resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
    hasBin: true
  markdown-table@2.0.0:
    resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==}
-  markdownlint-cli@0.48.0:
+  markdownlint-cli@0.45.0:
-    resolution: {integrity: sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==}
+    resolution: {integrity: sha512-GiWr7GfJLVfcopL3t3pLumXCYs8sgWppjIA1F/Cc3zIMgD3tmkpyZ1xkm1Tej8mw53B93JsDjgA3KOftuYcfOw==}
    engines: {node: '>=20'}
    hasBin: true
-  markdownlint@0.40.0:
+  markdownlint@0.38.0:
-    resolution: {integrity: sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==}
+    resolution: {integrity: sha512-xaSxkaU7wY/0852zGApM8LdlIfGCW8ETZ0Rr62IQtAnUMlMuifsg09vWJcNYeL4f0anvr8Vo4ZQar8jGpV0btQ==}
    engines: {node: '>=20'}
  mdurl@2.0.0:
@ -275,22 +318,29 @@ packages:
  micromark@4.0.2:
    resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==}
-  minimatch@10.2.5:
+  minimatch@10.0.3:
-    resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
+    resolution: {integrity: sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==}
-    engines: {node: 18 || 20 || >=22}
+    engines: {node: 20 || >=22}
-  minimatch@3.1.5:
+  minimatch@3.1.2:
-    resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
+    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
  minimist@1.2.8:
    resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
  minipass@7.1.2:
    resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
    engines: {node: '>=16 || 14 >=14.17'}
  ms@2.1.3:
    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
  once@1.4.0:
    resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
  package-json-from-dist@1.0.1:
    resolution: {integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==}
  parse-entities@4.0.2:
    resolution: {integrity: sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==}
@ -298,9 +348,13 @@ packages:
    resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
    engines: {node: '>=0.10.0'}
-  picomatch@4.0.4:
+  path-key@3.1.1:
-    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
+    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
-    engines: {node: '>=12'}
+    engines: {node: '>=8'}
  path-scurry@2.0.0:
    resolution: {integrity: sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==}
    engines: {node: 20 || >=22}
  punycode.js@2.3.1:
    resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==}
@ -314,34 +368,63 @@ packages:
    resolution: {integrity: sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==}
    hasBin: true
-  smol-toml@1.6.1:
+  shebang-command@2.0.0:
-    resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==}
+    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
    engines: {node: '>=8'}
  shebang-regex@3.0.0:
    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
    engines: {node: '>=8'}
  signal-exit@4.1.0:
    resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==}
    engines: {node: '>=14'}
  smol-toml@1.3.4:
    resolution: {integrity: sha512-UOPtVuYkzYGee0Bd2Szz8d2G3RfMfJ2t3qVdZUAozZyAk+a0Sxa+QKix0YCwjL/A1RR0ar44nCxaoN9FxdJGwA==}
    engines: {node: '>= 18'}
-  string-width@8.1.0:
+  string-width@4.2.3:
-    resolution: {integrity: sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==}
+    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
-    engines: {node: '>=20'}
+    engines: {node: '>=8'}
-  strip-ansi@7.2.0:
+  string-width@5.1.2:
-    resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==}
+    resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==}
    engines: {node: '>=12'}
  strip-ansi@6.0.1:
    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
    engines: {node: '>=8'}
  strip-ansi@7.1.2:
    resolution: {integrity: sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==}
    engines: {node: '>=12'}
  strip-json-comments@3.1.1:
    resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
    engines: {node: '>=8'}
  tinyglobby@0.2.16:
    resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
    engines: {node: '>=12.0.0'}
  uc.micro@2.1.0:
    resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==}
  which@2.0.2:
    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
    engines: {node: '>= 8'}
    hasBin: true
  wrap-ansi@7.0.0:
    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
    engines: {node: '>=10'}
  wrap-ansi@8.1.0:
    resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==}
    engines: {node: '>=12'}
  wrappy@1.0.2:
    resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
-  yaml@2.8.3:
+  yaml@2.8.1:
-    resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==}
+    resolution: {integrity: sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==}
    engines: {node: '>= 14.6'}
    hasBin: true
@ -351,46 +434,67 @@ snapshots:
    dependencies:
      commander: 13.1.0
      dot-object: 2.1.5
-      lodash: 4.18.1
+      lodash: 4.17.21
      markdown-table: 2.0.0
-      yaml: 2.8.3
+      yaml: 2.8.1
-  '@types/debug@4.1.13':
+  '@isaacs/balanced-match@4.0.1': {}
  '@isaacs/brace-expansion@5.0.0':
    dependencies:
      '@isaacs/balanced-match': 4.0.1
  '@isaacs/cliui@8.0.2':
    dependencies:
      string-width: 5.1.2
      string-width-cjs: string-width@4.2.3
      strip-ansi: 7.1.2
      strip-ansi-cjs: strip-ansi@6.0.1
      wrap-ansi: 8.1.0
      wrap-ansi-cjs: wrap-ansi@7.0.0
  '@types/debug@4.1.12':
    dependencies:
      '@types/ms': 2.1.0
-  '@types/katex@0.16.8': {}
+  '@types/katex@0.16.7': {}
  '@types/ms@2.1.0': {}
  '@types/unist@2.0.11': {}
  ansi-regex@5.0.1: {}
  ansi-regex@6.2.2: {}
  ansi-styles@4.3.0:
    dependencies:
      color-convert: 2.0.1
  ansi-styles@6.2.3: {}
  argparse@2.0.1: {}
  balanced-match@1.0.2: {}
-  balanced-match@4.0.4: {}
+  brace-expansion@1.1.12:
  brace-expansion@1.1.14:
    dependencies:
      balanced-match: 1.0.2
      concat-map: 0.0.1
  brace-expansion@5.0.5:
    dependencies:
      balanced-match: 4.0.4
  character-entities-legacy@3.0.0: {}
  character-entities@2.0.2: {}
  character-reference-invalid@2.0.1: {}
-  commander@13.1.0: {}
+  color-convert@2.0.1:
    dependencies:
      color-name: 1.1.4
-  commander@14.0.3: {}
+  color-name@1.1.4: {}
  commander@13.1.0: {}
  commander@6.2.1: {}
@ -398,11 +502,17 @@ snapshots:
  concat-map@0.0.1: {}
  cross-spawn@7.0.6:
    dependencies:
      path-key: 3.1.1
      shebang-command: 2.0.0
      which: 2.0.2
  debug@4.4.3:
    dependencies:
      ms: 2.1.3
-  decode-named-character-reference@1.3.0:
+  decode-named-character-reference@1.2.0:
    dependencies:
      character-entities: 2.0.2
@ -419,22 +529,36 @@ snapshots:
      commander: 6.2.1
      glob: 7.2.3
  eastasianwidth@0.2.0: {}
  emoji-regex@8.0.0: {}
  emoji-regex@9.2.2: {}
  entities@4.5.0: {}
-  fdir@6.5.0(picomatch@4.0.4):
+  foreground-child@3.3.1:
-    optionalDependencies:
+    dependencies:
-      picomatch: 4.0.4
+      cross-spawn: 7.0.6
      signal-exit: 4.1.0
  fs.realpath@1.0.0: {}
-  get-east-asian-width@1.5.0: {}
+  glob@11.0.3:
    dependencies:
      foreground-child: 3.3.1
      jackspeak: 4.1.1
      minimatch: 10.0.3
      minipass: 7.1.2
      package-json-from-dist: 1.0.1
      path-scurry: 2.0.0
  glob@7.2.3:
    dependencies:
      fs.realpath: 1.0.0
      inflight: 1.0.6
      inherits: 2.0.4
-      minimatch: 3.1.5
+      minimatch: 3.1.2
      once: 1.4.0
      path-is-absolute: 1.0.1
@ -458,9 +582,17 @@ snapshots:
  is-decimal@2.0.1: {}
  is-fullwidth-code-point@3.0.0: {}
  is-hexadecimal@2.0.1: {}
-  js-yaml@4.1.1:
+  isexe@2.0.0: {}
  jackspeak@4.1.1:
    dependencies:
      '@isaacs/cliui': 8.0.2
  js-yaml@4.1.0:
    dependencies:
      argparse: 2.0.1
@ -468,7 +600,7 @@ snapshots:
  jsonpointer@5.0.1: {}
-  katex@0.16.45:
+  katex@0.16.22:
    dependencies:
      commander: 8.3.0
@ -476,9 +608,11 @@ snapshots:
    dependencies:
      uc.micro: 2.1.0
-  lodash@4.18.1: {}
+  lodash@4.17.21: {}
-  markdown-it@14.1.1:
+  lru-cache@11.2.2: {}
  markdown-it@14.1.0:
    dependencies:
      argparse: 2.0.1
      entities: 4.5.0
@ -491,24 +625,23 @@ snapshots:
    dependencies:
      repeat-string: 1.6.1
-  markdownlint-cli@0.48.0:
+  markdownlint-cli@0.45.0:
    dependencies:
-      commander: 14.0.3
+      commander: 13.1.0
-      deep-extend: 0.6.0
+      glob: 11.0.3
      ignore: 7.0.5
-      js-yaml: 4.1.1
+      js-yaml: 4.1.0
      jsonc-parser: 3.3.1
      jsonpointer: 5.0.1
-      markdown-it: 14.1.1
+      markdown-it: 14.1.0
-      markdownlint: 0.40.0
+      markdownlint: 0.38.0
-      minimatch: 10.2.5
+      minimatch: 10.0.3
      run-con: 1.3.2
-      smol-toml: 1.6.1
+      smol-toml: 1.3.4
      tinyglobby: 0.2.16
    transitivePeerDependencies:
      - supports-color
-  markdownlint@0.40.0:
+  markdownlint@0.38.0:
    dependencies:
      micromark: 4.0.2
      micromark-core-commonmark: 2.0.3
@ -518,7 +651,6 @@ snapshots:
      micromark-extension-gfm-table: 2.1.1
      micromark-extension-math: 3.1.0
      micromark-util-types: 2.0.2
      string-width: 8.1.0
    transitivePeerDependencies:
      - supports-color
@ -526,7 +658,7 @@ snapshots:
  micromark-core-commonmark@2.0.3:
    dependencies:
-      decode-named-character-reference: 1.3.0
+      decode-named-character-reference: 1.2.0
      devlop: 1.1.0
      micromark-factory-destination: 2.0.1
      micromark-factory-label: 2.0.1
@ -581,9 +713,9 @@ snapshots:
  micromark-extension-math@3.1.0:
    dependencies:
-      '@types/katex': 0.16.8
+      '@types/katex': 0.16.7
      devlop: 1.1.0
-      katex: 0.16.45
+      katex: 0.16.22
      micromark-factory-space: 2.0.1
      micromark-util-character: 2.1.1
      micromark-util-symbol: 2.0.1
@ -676,9 +808,9 @@ snapshots:
  micromark@4.0.2:
    dependencies:
-      '@types/debug': 4.1.13
+      '@types/debug': 4.1.12
      debug: 4.4.3
-      decode-named-character-reference: 1.3.0
+      decode-named-character-reference: 1.2.0
      devlop: 1.1.0
      micromark-core-commonmark: 2.0.3
      micromark-factory-space: 2.0.1
@ -696,35 +828,44 @@ snapshots:
    transitivePeerDependencies:
      - supports-color
-  minimatch@10.2.5:
+  minimatch@10.0.3:
    dependencies:
-      brace-expansion: 5.0.5
+      '@isaacs/brace-expansion': 5.0.0
-  minimatch@3.1.5:
+  minimatch@3.1.2:
    dependencies:
-      brace-expansion: 1.1.14
+      brace-expansion: 1.1.12
  minimist@1.2.8: {}
  minipass@7.1.2: {}
  ms@2.1.3: {}
  once@1.4.0:
    dependencies:
      wrappy: 1.0.2
  package-json-from-dist@1.0.1: {}
  parse-entities@4.0.2:
    dependencies:
      '@types/unist': 2.0.11
      character-entities-legacy: 3.0.0
      character-reference-invalid: 2.0.1
-      decode-named-character-reference: 1.3.0
+      decode-named-character-reference: 1.2.0
      is-alphanumerical: 2.0.1
      is-decimal: 2.0.1
      is-hexadecimal: 2.0.1
  path-is-absolute@1.0.1: {}
-  picomatch@4.0.4: {}
+  path-key@3.1.1: {}
  path-scurry@2.0.0:
    dependencies:
      lru-cache: 11.2.2
      minipass: 7.1.2
  punycode.js@2.3.1: {}
@ -737,26 +878,56 @@ snapshots:
      minimist: 1.2.8
      strip-json-comments: 3.1.1
-  smol-toml@1.6.1: {}
+  shebang-command@2.0.0:
  string-width@8.1.0:
    dependencies:
-      get-east-asian-width: 1.5.0
+      shebang-regex: 3.0.0
      strip-ansi: 7.2.0
-  strip-ansi@7.2.0:
+  shebang-regex@3.0.0: {}
  signal-exit@4.1.0: {}
  smol-toml@1.3.4: {}
  string-width@4.2.3:
    dependencies:
      emoji-regex: 8.0.0
      is-fullwidth-code-point: 3.0.0
      strip-ansi: 6.0.1
  string-width@5.1.2:
    dependencies:
      eastasianwidth: 0.2.0
      emoji-regex: 9.2.2
      strip-ansi: 7.1.2
  strip-ansi@6.0.1:
    dependencies:
      ansi-regex: 5.0.1
  strip-ansi@7.1.2:
    dependencies:
      ansi-regex: 6.2.2
  strip-json-comments@3.1.1: {}
  tinyglobby@0.2.16:
    dependencies:
      fdir: 6.5.0(picomatch@4.0.4)
      picomatch: 4.0.4
  uc.micro@2.1.0: {}
  which@2.0.2:
    dependencies:
      isexe: 2.0.0
  wrap-ansi@7.0.0:
    dependencies:
      ansi-styles: 4.3.0
      string-width: 4.2.3
      strip-ansi: 6.0.1
  wrap-ansi@8.1.0:
    dependencies:
      ansi-styles: 6.2.3
      string-width: 5.1.2
      strip-ansi: 7.1.2
  wrappy@1.0.2: {}
-  yaml@2.8.3: {}
+  yaml@2.8.1: {}
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -14,14 +14,14 @@ If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gitea.actions.fullname" -}}
 {{- if .Values.fullnameOverride -}}
-  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
-  {{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
-  {{- if contains $name .Release.Name -}}
+{{- if contains $name .Release.Name -}}
-    {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-    {{- else -}}
+{{- else -}}
-    {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-  {{- end -}}
+{{- end -}}
 {{- end -}}
 {{- end -}}
@ -36,7 +36,7 @@ Create a default worker name.
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gitea.actions.chart" -}}
-  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
@ -45,7 +45,7 @@ Storage Class
 {{- define "gitea.actions.persistence.storageClass" -}}
 {{- $storageClass :=  default (tpl ( default "" .Values.global.storageClass) .) }}
 {{- if $storageClass }}
-  storageClassName: {{ $storageClass | quote }}
+storageClassName: {{ $storageClass | quote }}
 {{- end }}
 {{- end -}}
@ -84,7 +84,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "gitea.actions.local_root_url" -}}
-  {{- tpl .Values.giteaRootURL . -}}
+  {{- .Values.giteaRootURL -}}
 {{- end -}}
 {{/*
@ -128,4 +128,4 @@ Create image for Init
 */}}
 {{- define "gitea.actions.init.image" -}}
 {{ include "gitea.actions.common.image" (dict "root" . "image" .Values.init.image) }}
-{{- end -}}
+{{- end -}}
--- a/templates/config-act-runner.yaml
+++ b/templates/config-act-runner.yaml
@ -11,9 +11,9 @@ data:
  config.yaml: |
    {{- with .Values.statefulset.actRunner.config -}}
    {{- if kindIs "string" . -}}
-      {{ . | nindent 4}}
+    {{ . | nindent 4}}
    {{- else -}}
-      {{ toYaml . | nindent 4}}
+    {{ toYaml . | nindent 4}}
    {{- end -}}
    {{- end -}}
 {{- end }}
--- a/templates/statefulset.yaml
+++ b/templates/statefulset.yaml
@ -30,42 +30,7 @@ spec:
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      restartPolicy: Always
      {{- if .Values.statefulset.serviceAccountName }}
      serviceAccountName: {{ .Values.statefulset.serviceAccountName | quote }}
      {{- end }}
      {{- if .Values.statefulset.securityContext }}
      securityContext:
        {{- toYaml .Values.statefulset.securityContext | nindent 8 }}
      {{- end }}
      {{- if .Values.statefulset.runtimeClassName }}
      runtimeClassName: {{ .Values.statefulset.runtimeClassName | quote }}
      {{- end }}
      {{- if .Values.statefulset.hostAliases }}
      hostAliases:
        {{- toYaml .Values.statefulset.hostAliases | nindent 8 }}
      {{- end }}
      initContainers:
        {{- if .Values.preExtraInitContainers }}
        {{- toYaml .Values.preExtraInitContainers | nindent 8 }}
        {{- end }}
        {{- if .Values.statefulset.actRunner.flushCache }}
        - name: cache-flusher
          image: "{{ include "gitea.actions.init.image" . }}"
          command:
            - sh
            - -c
            - |
              if [[ -f /data/.runner ]]; then
                echo "Removing cache at /data/.runner"
                rm -v /data/.runner
              else
                echo "No .runner file to remove"
              fi
          volumeMounts:
            - mountPath: /data
              name: data-act-runner
        {{- end }}
        - name: init-gitea
          image: "{{ include "gitea.actions.init.image" . }}"
          command:
@ -78,66 +43,23 @@ spec:
                echo "Trying again in 3 seconds..."
              done
              echo "Gitea has been reached!"
        - name: dind
          image: "{{ include "gitea.actions.dind.image" . }}"
          restartPolicy: Always
          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
          {{- if .Values.statefulset.dind.extraEnvs }}
          env:
            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
          {{- end }}
          securityContext:
            privileged: true
          {{- if .Values.statefulset.dind.extraArgs }}
          args:
            {{- toYaml .Values.statefulset.dind.extraArgs | nindent 12 }}
          {{- end }}
          startupProbe:
            exec:
              command:
                - /usr/bin/test
                - -S
                {{- if .Values.statefulset.dind.rootless }}
                - /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
                {{- else }}
                - /var/run/docker.sock
                {{- end }}
          livenessProbe:
            exec:
              command:
                - /usr/bin/test
                - -S
                {{- if .Values.statefulset.dind.rootless }}
                - /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/docker.sock
                {{- else }}
                - /var/run/docker.sock
                {{- end }}
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            {{- if .Values.statefulset.dind.rootless }}
            - mountPath: /run/user/{{ .Values.statefulset.dind.uid | default 1000 }}/
            {{- else }}
            - mountPath: /var/run/
            {{- end }}
              name: docker-socket
            {{- with .Values.statefulset.dind.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
        {{- if .Values.postExtraInitContainers }}
        {{- toYaml .Values.postExtraInitContainers | nindent 8 }}
        {{- end }}
      containers:
        - name: act-runner
          image: "{{ include "gitea.actions.actRunner.image" . }}"
          imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
          workingDir: /data
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/client
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: "{{ (tpl .Values.existingSecret . ) | default $secretName }}"
+                  name: "{{ .Values.existingSecret | default $secretName }}"
-                  key: "{{ (tpl .Values.existingSecretKey . ) | default "token" }}"
+                  key: "{{ .Values.existingSecretKey | default "token" }}"
            - name: GITEA_INSTANCE_URL
              value: {{ include "gitea.actions.local_root_url" . }}
            - name: CONFIG_FILE
@ -153,20 +75,36 @@ spec:
            - mountPath: /actrunner/config.yaml
              name: act-runner-config
              subPath: config.yaml
-            - mountPath: /var/run/docker.sock
+            - mountPath: /certs/client
-              name: docker-socket
+              name: docker-certs
              subPath: docker.sock
            - mountPath: /data
              name: data-act-runner
            {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
-      {{- if .Values.global.imagePullSecrets }}
+        - name: dind
-      imagePullSecrets:
+          image: "{{ include "gitea.actions.dind.image" . }}"
-      {{- range .Values.global.imagePullSecrets }}
+          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
-        - name: {{ . }}
+          env:
-      {{- end }}
+            - name: DOCKER_HOST
-      {{- end }}
+              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/client
            {{- if .Values.statefulset.dind.extraEnvs }}
            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
            {{- end }}
          securityContext:
            privileged: true
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /certs/client
              name: docker-certs
            {{- with .Values.statefulset.dind.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
      {{- range $key, $value := .Values.statefulset.nodeSelector }}
      nodeSelector:
        {{ $key }}: {{ $value | quote }}
@ -183,7 +121,7 @@ spec:
        - name: act-runner-config
          configMap:
            name: {{ include "gitea.actions.fullname" . }}-act-runner-config
-        - name: docker-socket
+        - name: docker-certs
          emptyDir: {}
        {{- with .Values.statefulset.extraVolumes }}
        {{- toYaml . | nindent 8 }}
--- a/unittests/helm/01-consistency-checks.yaml
+++ b/unittests/helm/01-consistency-checks.yaml
@ -1,6 +1,6 @@
 suite: actions template | consistency checks
 release:
-  name: gitea-actions-unittests
+  name: gitea-unittests
  namespace: testing
 templates:
  - templates/01-consistency-checks.yaml
--- a/unittests/helm/config-act-runner.yaml
+++ b/unittests/helm/config-act-runner.yaml
@ -1,7 +1,7 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: actions template | config-act-runner
 release:
-  name: gitea-actions-unittests
+  name: gitea-unittests
  namespace: testing
 templates:
  - templates/config-act-runner.yaml
@ -31,7 +31,7 @@ tests:
      - containsDocument:
          kind: ConfigMap
          apiVersion: v1
-          name: gitea-actions-unittests-act-runner-config
+          name: gitea-unittests-actions-act-runner-config
      - equal:
          path: data["config.yaml"]
          value: |
@ -48,7 +48,7 @@ tests:
      enabled: true
      statefulset:
        actRunner:
-          config: |
+          config:
            container:
              valid_volumes:
                - /var/run/docker.sock
@ -59,7 +59,7 @@ tests:
      - containsDocument:
          kind: ConfigMap
          apiVersion: v1
-          name: gitea-actions-unittests-act-runner-config
+          name: gitea-unittests-actions-act-runner-config
      - matchRegex:
          path: data["config.yaml"]
          pattern: '(?m)^\s*options:\s*-v /var/run/docker.sock:/var/run/docker.sock\s*$'
--- a/unittests/helm/statefulset.yaml
+++ b/unittests/helm/statefulset.yaml
@ -1,225 +1,17 @@
 suite: actions template | statefulset
 release:
-  name: gitea-actions-unittests
+  name: gitea-unittests
  namespace: testing
 templates:
  - templates/statefulset.yaml
  - templates/config-act-runner.yaml
 tests:
-#
+  - it: act-runner uses fullOverride
 ## GENERIC
 #
  - it: doesn't renders a StatefulSet by default
    template: templates/statefulset.yaml
    asserts:
      - hasDocuments:
          count: 0
  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
    template: templates/statefulset.yaml
    set:
      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
      enabled: true
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.metadata.annotations["checksum/config"]
          value: "368836e4e5d947f06f2d65c7cc3fc3ad050aaced506443f54a8ffc17bb11afd2"
  - it: Has fsGroup in securityContext
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset.securityContext:
        fsGroup: 1000
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.securityContext["fsGroup"]
          value: 1000
  - it: Has fsGroupChangePolicy in securityContext
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset.securityContext:
        fsGroupChangePolicy: OnRootMismatch
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
          value: "OnRootMismatch"
  - it: Has Always in securityContext
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset.securityContext:
        fsGroupChangePolicy: Always
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.securityContext["fsGroupChangePolicy"]
          value: "Always"
  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[0]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
              secretKeyRef:
                name: "my-secret"
                key: "my-secret-key"
  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
      giteaRootURL: "http://git.example.com"
      enabled: true
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[1]
          value:
            name: GITEA_INSTANCE_URL
            value: "http://git.example.com"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on http://git.example.com'
            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
      giteaRootURL: "https://git.example.com"
      enabled: true
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[1]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on https://git.example.com'
            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
  - it: renders a StatefulSet https with explicit port (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
      giteaRootURL: "https://git.example.com:8443"
      enabled: true
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[1]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com:8443"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on https://git.example.com:8443'
            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
  - it: should render service account name correctly
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset:
        serviceAccountName: "my-service-account"
    asserts:
      - hasDocuments:
          count: 1
      - equal:
          path: spec.template.spec.serviceAccountName
          value: "my-service-account"
  - it: should render runtime class name correctly
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset:
        runtimeClassName: "my-runtime-class-name"
    asserts:
      - hasDocuments:
          count: 1
      - equal:
          path: spec.template.spec.runtimeClassName
          value: "my-runtime-class-name"
 #
 ## ACT_RUNNER
 #
  - it: act-runner uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset.actRunner.fullOverride: test.io/act_runner:x.y.z
    asserts:
      - hasDocuments:
@ -227,16 +19,17 @@ tests:
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
-          name: gitea-actions-unittests-act-runner
+          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].image
          value: test.io/act_runner:x.y.z
  - it: act-runner uses digest
    template: templates/statefulset.yaml
    set:
      enabled: true
-      statefulset.actRunner.tag: 0.3.1
+      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.actRunner.tag: 0.2.13
      statefulset.actRunner.digest: sha256:abcdef123456
    asserts:
      - hasDocuments:
@ -244,32 +37,104 @@ tests:
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
-          name: gitea-actions-unittests-act-runner
+          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].image
-          value: docker.gitea.com/act_runner:0.3.1@sha256:abcdef123456
+          value: docker.gitea.com/act_runner:0.2.13@sha256:abcdef123456
  - it: act-runner uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      global.imageRegistry: test.io
-      statefulset.actRunner.tag: 0.3.1
+      statefulset.actRunner.tag: 0.2.13
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
-          name: gitea-actions-unittests-act-runner
+          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].image
-          value: test.io/act_runner:0.3.1
+          value: test.io/act_runner:0.2.13
-
+  - it: dind uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset.dind.fullOverride: test.io/dind:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[1].image
          value: test.io/dind:x.y.z
  - it: dind uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      global.imageRegistry: test.io
      statefulset.dind.tag: 28.3.3-dind
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[1].image
          value: test.io/docker:28.3.3-dind
  - it: init uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      init.image.fullOverride: test.io/busybox:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.initContainers[0].image
          value: test.io/busybox:x.y.z
  - it: init uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      global.imageRegistry: test.io
      init.image.tag: 1.37.0
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.initContainers[0].image
          value: test.io/busybox:1.37.0
  - it: renders additional environment variables for act-runner container in StatefulSet
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
      statefulset:
        actRunner:
          extraEnvs:
@ -285,19 +150,181 @@ tests:
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
-          name: gitea-actions-unittests-act-runner
+          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[7]
          value:
            name: CUSTOM_ENV
            value: "1"
      - matchRegex:
-          path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
+          path: spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath
          pattern: "metadata\\.name"
      - matchRegex:
-          path: spec.template.spec.containers[0].env[5].name
+          path: spec.template.spec.containers[0].env[8].name
          pattern: "GITEA_RUNNER_NAME"
-
+  - it: doesn't renders a StatefulSet by default
    template: templates/statefulset.yaml
    asserts:
      - hasDocuments:
          count: 0
  - it: renders a StatefulSet (with given existingSecret/existingSecretKey)
    template: templates/statefulset.yaml
    set:
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[3]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
              secretKeyRef:
                name: "my-secret"
                key: "my-secret-key"
  - it: renders a StatefulSet (with secret reference defaults for enabled provisioning)
    template: templates/statefulset.yaml
    set:
      enabled: true
      provisioning:
        enabled: true
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[3]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
              secretKeyRef:
                name: "gitea-unittests-actions-token"
                key: "token"
  - it: renders a StatefulSet (that tracks changes of the runner configuration as annotation)
    template: templates/statefulset.yaml
    set:
      image.tag: "1.22.3" # lock image tag to prevent test failures on future Gitea upgrades
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.metadata.annotations["checksum/config"]
          value: "2bafbf04b3c4293c8ddf895ae3d908e14176ee54a6c724c8cf5b2a1e43c6ece7"
  - it: renders a StatefulSet http (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
      giteaRootURL: "http://git.example.com"
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[4]
          value:
            name: GITEA_INSTANCE_URL
            value: "http://git.example.com"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on http://git.example.com'
            until timeout 10 wget --no-check-certificate --spider http://git.example.com; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
      giteaRootURL: "https://git.example.com"
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[4]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on https://git.example.com'
            until timeout 10 wget --no-check-certificate --spider https://git.example.com; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
  - it: renders a StatefulSet https (with correct GITEA_INSTANCE_URL env from giteaRootURL)
    template: templates/statefulset.yaml
    set:
      giteaRootURL: "https://git.example.com:8443"
      enabled: true
      existingSecret: "my-secret"
      existingSecretKey: "my-secret-key"
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
          path: spec.template.spec.containers[0].env[4]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com:8443"
      - equal:
          path: spec.template.spec.initContainers[0].command[2]
          value: |
            echo 'Trying to reach Gitea on https://git.example.com:8443'
            until timeout 10 wget --no-check-certificate --spider https://git.example.com:8443; do
              sleep 3
              echo "Trying again in 3 seconds..."
            done
            echo "Gitea has been reached!"
  - it: allows adding custom environment variables to the docker-in-docker container
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset:
        dind:
          extraEnvs:
            - name: "CUSTOM_ENV_NAME"
              value: "custom env value"
    asserts:
      - equal:
          path: spec.template.spec.containers[1].env[3]
          value:
            name: "CUSTOM_ENV_NAME"
            value: "custom env value"
  - it: should mount an extra volume in the act runner container
    template: templates/statefulset.yaml
    set:
@ -316,67 +343,13 @@ tests:
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
-          name: gitea-actions-unittests-act-runner
+          name: gitea-unittests-actions-act-runner
      - contains:
          any: true
          path: spec.template.spec.containers[0].volumeMounts
          content:
            mountPath: /mnt
            name: my-act-runner-volume
 #
 ## DIND
 #
  - it: dind uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset.dind.fullOverride: test.io/dind:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.initContainers[1].image
          value: test.io/dind:x.y.z
  - it: dind uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      global.imageRegistry: test.io
      statefulset.dind.tag: 28.3.3-dind
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.initContainers[1].image
          value: test.io/docker:28.3.3-dind
  - it: allows adding custom environment variables to the docker-in-docker container
    template: templates/statefulset.yaml
    set:
      enabled: true
      statefulset:
        dind:
          extraEnvs:
            - name: "CUSTOM_ENV_NAME"
              value: "custom env value"
    asserts:
      - equal:
          path: spec.template.spec.initContainers[1].env[0]
          value:
            name: "CUSTOM_ENV_NAME"
            value: "custom env value"
  - it: should mount an extra volume in the docker-in-docker container
    template: templates/statefulset.yaml
    set:
@ -395,47 +368,10 @@ tests:
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
-          name: gitea-actions-unittests-act-runner
+          name: gitea-unittests-actions-act-runner
      - contains:
          any: true
-          path: spec.template.spec.initContainers[1].volumeMounts
+          path: spec.template.spec.containers[1].volumeMounts
          content:
            mountPath: /mnt
            name: my-dind-volume
 #
 ## INIT
 #
  - it: init uses fullOverride
    template: templates/statefulset.yaml
    set:
      enabled: true
      init.image.fullOverride: test.io/busybox:x.y.z
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.initContainers[0].image
          value: test.io/busybox:x.y.z
  - it: init uses global.imageRegistry
    template: templates/statefulset.yaml
    set:
      enabled: true
      global.imageRegistry: test.io
      init.image.tag: 1.37.0
    asserts:
      - hasDocuments:
          count: 1
      - containsDocument:
          kind: StatefulSet
          apiVersion: apps/v1
          name: gitea-actions-unittests-act-runner
      - equal:
          path: spec.template.spec.initContainers[0].image
          value: test.io/busybox:1.37.0
--- a/values.yaml
+++ b/values.yaml
@ -2,6 +2,8 @@
 ## @section Gitea Actions
 #
 ## @param enabled Create an act runner StatefulSet.
 ## @param init.image.repository The image used for the init containers
 ## @param init.image.tag The image tag used for the init containers
 ## @param statefulset.replicas the amount of (replica) runner pods deployed
 ## @param statefulset.timezone is the timezone that will be set in the act_runner image
 ## @param statefulset.annotations Act runner annotations
@ -11,14 +13,6 @@
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
 ## @param statefulset.persistence.size Size for persistence to store act runner data
 ## @param statefulset.securityContext Customize the SecurityContext
 ## @param statefulset.serviceAccountName Customize the service account name
 ## @param statefulset.runtimeClassName Select a different RuntimeClass for pods
 ## @param statefulset.hostAliases Inject entries into the /etc/hosts file
 #
 ## @param statefulset.persistence.size Size for persistence to store act runner data
 #
 ## @param statefulset.actRunner.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
@ -26,13 +20,9 @@
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
 ## @param statefulset.actRunner.fullOverride Completely overrides the image registry, path/image, tag and digest.
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
 ## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
 ## @param statefulset.actRunner.flushCache whether to clear the .runner (cache) file by creating an extra init container, can slightly increase boot-up time
 ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
 #
 ## @param statefulset.dind.rootless [default: false] a simple flag to let helm know we are dealing with a rootless dind container
 ## @param statefulset.dind.uid a field to set the running user id for the rootless dind container, so it knows where to look for the socket
 ## @param statefulset.dind.registry image registry, e.g. gcr.io,docker.io
 ## @param statefulset.actRunner.extraEnvs Allows adding custom environment variables
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
 ## @param statefulset.dind.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
@ -40,8 +30,10 @@
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
-## @param statefulset.dind.extraArgs Allows adding custom arguments to the Docker Daemon
+## @param statefulset.persistence.size Size for persistence to store act runner data
-#
+## @param existingSecret Secret that contains the token
 ## @param existingSecretKey Secret key
 ## @param giteaRootURL URL the act_runner registers and connect with
 enabled: false
 statefulset:
  replicas: 1
@ -53,25 +45,11 @@ statefulset:
  tolerations: []
  affinity: {}
  extraVolumes: []
  securityContext: {}
  serviceAccountName: ""
  runtimeClassName: ""
  # Add /etc/hosts injections into the pods
  hostAliases:
    []
  #  - ip: 8.8.8.8
  #    hostnames:
  #      - googel.com
  #      - googol.com
  persistence:
    size: 1Gi
  actRunner:
    registry: "docker.gitea.com"
    repository: act_runner
-    tag: 0.3.1
+    tag: 0.2.13
    digest: ""
    pullPolicy: IfNotPresent
    fullOverride: ""
@ -83,8 +61,6 @@ statefulset:
      #     fieldRef:
      #       fieldPath: metadata.name
    # See full details: https://gitea.com/gitea/helm-actions/issues/73
    flushCache: false
    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
    config: |
      log:
@ -96,11 +72,9 @@ statefulset:
        docker_timeout: 300s
  dind:
-    rootless: false
+    registry: ""
    uid: ""
    registry: "docker.io"
    repository: docker
-    tag: 29.4.0-dind
+    tag: 28.3.3-dind
    digest: ""
    pullPolicy: IfNotPresent
    fullOverride: ""
@ -113,11 +87,8 @@ statefulset:
      #  - name: "DOCKER_IPTABLES_LEGACY"
      #    value: "1"
-    # Option to add extra arguments/commands to the container/pod:
+  persistence:
-    # [#22](https://gitea.com/gitea/helm-actions/issues/22) [k8s docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/)
+    size: 1Gi
    extraArgs:
      []
      #  - --mtu=1400
 ## @section Gitea Actions Init
 #
@ -137,38 +108,18 @@ init:
    pullPolicy: IfNotPresent
    fullOverride: ""
-## @section Runner Token Secret Configuration
+## Specify an existing token secret
-#
+##
 ## @param existingSecret Secret that contains the token
 ## @param existingSecretKey Secret key
 existingSecret: ""
 existingSecretKey: ""
-## @section Gitea URL Setting
+## Specify the root URL of the Gitea instance
 #
 ## @param giteaRootURL URL the act_runner registers and connect with
 giteaRootURL: ""
 ## @section Extra Init Containers
 #
 ## @param preExtraInitContainers Additional init containers to run in the pod before Gitea-actions runs it owns init containers.
 ## @param postExtraInitContainers Additional init containers to run in the pod after Gitea-actions runs it owns init containers.
 preExtraInitContainers: []
 # - name: pre-init-container
 #   image: docker.io/library/busybox
 #   command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
 postExtraInitContainers: []
 # - name: post-init-container
 #   image: docker.io/library/busybox
 #   command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
 ## @param global.imagePullSecrets global image registry pull secrets
 ## @param global.storageClass global storage class override
 global:
  imageRegistry: ""
  imagePullSecrets: []
  storageClass: ""