update workflows

Reviewed-on: #144

.gitea/workflows/lint-test.yaml

@@ -5,10 +5,10 @@ on:
 
 jobs:
   lint-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -18,13 +18,14 @@ jobs:
           version: latest
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
-          python-version: "3.13"
+          python-version: '3.14'
-          check-latest: true
 
       - name: Set up Chart Testing
         uses: helm/chart-testing-action@v2.7.0
+        with:
+          yamale_version: "6.0.0"
 
       - name: Run Chart Testing (list-changed)
         id: list-changed
@@ -37,3 +38,18 @@ jobs:
       - name: Run Chart Testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --validate-maintainers=false --target-branch ${{ gitea.event.repository.default_branch }}
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Test Failure - Helm Charts'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Tests have failed for Helm Charts'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
+          image: true

.gitea/workflows/process-issues.yaml

@@ -1,35 +0,0 @@
-name: process-issues
-
-on:
-  schedule:
-    - cron: '@daily'
-
-jobs:
-  process-issues:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Python Script
-        uses: actions/checkout@v4
-        with:
-          repository: alexlebens/workflow-scripts
-          ref: main
-          token: ${{ secrets.BOT_TOKEN }}
-          path: scripts
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.13'
-
-      - name: Install dependencies
-        run: pip install requests
-
-      - name: Run Script
-        env:
-          INSTANCE_URL: ${{ vars.INSTANCE_URL }}
-          REPOSITORY: ${{ gitea.repository }}
-          TOKEN: ${{ secrets.BOT_TOKEN }}
-          STALE_DAYS: 3
-          STALE_TAG: 'stale'
-          EXCLUDE_TAG: 'renovate'
-        run: python ./scripts/scripts/process-issues.py

.gitea/workflows/process-pull-requests.yaml

@@ -1,35 +0,0 @@
-name: process-pull-requests
-
-on:
-  schedule:
-    - cron: '@daily'
-
-jobs:
-  process-pull-requests:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Python Script
-        uses: actions/checkout@v4
-        with:
-          repository: alexlebens/workflow-scripts
-          ref: main
-          token: ${{ secrets.BOT_TOKEN }}
-          path: scripts
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.13'
-
-      - name: Install dependencies
-        run: pip install requests
-
-      - name: Run Script
-        env:
-          INSTANCE_URL: ${{ vars.INSTANCE_URL }}
-          REPOSITORY: ${{ gitea.repository }}
-          TOKEN: ${{ secrets.BOT_TOKEN }}
-          STALE_DAYS: 3
-          STALE_TAG: 'stale'
-          REQUIRED_TAG: 'automerge'
-        run: python ./scripts/scripts/process-pull-requests.py

.gitea/workflows/release-charts-cloudflared.yml

@@ -14,37 +14,80 @@ env:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Helm
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: latest
+          version: v3.19.2
+
+      - name: Add Repositories
+        run: |
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          helm dependency list --max-col-width 120 2> /dev/null \
+            | tail +2 | head -n -1 \
+            | awk '{ print "helm repo add " $1 " " $3 }' \
+            | while read cmd; do echo "$cmd" | sh; done || true
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
 
       - name: Package Helm Chart
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
-          helm dependency build
+
+          echo ">> Building helm dependency ..."
+          helm dependency build --skip-refresh --debug
+
+          echo "----"
+
           echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
 
       - name: Publish Helm Chart to Harbor
         run: |
-          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          echo ">> Logging into Harbor ..."
-          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
+
+          echo ""
+          echo ">> Publishing chart to Harbor ..."
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
+
+          echo "----"
 
       - name: Publish Helm Chart to Gitea
         run: |
-          helm plugin install https://github.com/chartmuseum/helm-push
+          echo ">> Installing Chart Museum plugin ..."
-          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm plugin install https://github.com/chartmuseum/helm-push --debug
-          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+          echo ""
+          echo ">> Adding Gitea repository ..."
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
+
+          echo ""
+          echo ">> Pushing chart to gitea"
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
 
       - name: Extract Chart Metadata
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding Chart metadata to workflow ENV ..."
+          echo ""
+          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
+          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
+
+          echo "----"
+
           echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
           echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
 
@@ -62,10 +105,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Success - ${{ env.CHART_NAME }}'
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has successfully completed!'
+          tags: action,successfully,completed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
 
       - name: ntfy Failed
@@ -74,10 +118,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Failure - ${{ env.CHART_NAME }}'
           priority: 4
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has failed!'
+          tags: action,failed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
           actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-cloudflared.yml", "clear": true}]'
           image: true

.gitea/workflows/release-charts-generic-device-plugin.yml

@@ -14,37 +14,80 @@ env:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Helm
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: latest
+          version: v3.19.2
+
+      - name: Add Repositories
+        run: |
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          helm dependency list --max-col-width 120 2> /dev/null \
+            | tail +2 | head -n -1 \
+            | awk '{ print "helm repo add " $1 " " $3 }' \
+            | while read cmd; do echo "$cmd" | sh; done || true
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
 
       - name: Package Helm Chart
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
-          helm dependency build
+
+          echo ">> Building helm dependency ..."
+          helm dependency build --skip-refresh --debug
+
+          echo "----"
+
           echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
 
       - name: Publish Helm Chart to Harbor
         run: |
-          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          echo ">> Logging into Harbor ..."
-          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
+
+          echo ""
+          echo ">> Publishing chart to Harbor ..."
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
+
+          echo "----"
 
       - name: Publish Helm Chart to Gitea
         run: |
-          helm plugin install https://github.com/chartmuseum/helm-push
+          echo ">> Installing Chart Museum plugin ..."
-          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm plugin install https://github.com/chartmuseum/helm-push --debug
-          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+          echo ""
+          echo ">> Adding Gitea repository ..."
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
+
+          echo ""
+          echo ">> Pushing chart to gitea"
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
 
       - name: Extract Chart Metadata
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding Chart metadata to workflow ENV ..."
+          echo ""
+          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
+          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
+
+          echo "----"
+
           echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
           echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
 
@@ -62,10 +105,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Success - ${{ env.CHART_NAME }}'
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has successfully completed!'
+          tags: action,successfully,completed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
 
       - name: ntfy Failed
@@ -74,10 +118,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Failure - ${{ env.CHART_NAME }}'
           priority: 4
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has failed!'
+          tags: action,failed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
           actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-generic-device-plugin.yml", "clear": true}]'
           image: true

.gitea/workflows/release-charts-gitea-actions.yml

@@ -14,37 +14,80 @@ env:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Helm
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: latest
+          version: v3.19.2
+
+      - name: Add Repositories
+        run: |
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          helm dependency list --max-col-width 120 2> /dev/null \
+            | tail +2 | head -n -1 \
+            | awk '{ print "helm repo add " $1 " " $3 }' \
+            | while read cmd; do echo "$cmd" | sh; done || true
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
 
       - name: Package Helm Chart
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
-          helm dependency build
+
+          echo ">> Building helm dependency ..."
+          helm dependency build --skip-refresh --debug
+
+          echo "----"
+
           echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
 
       - name: Publish Helm Chart to Harbor
         run: |
-          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          echo ">> Logging into Harbor ..."
-          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
+
+          echo ""
+          echo ">> Publishing chart to Harbor ..."
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
+
+          echo "----"
 
       - name: Publish Helm Chart to Gitea
         run: |
-          helm plugin install https://github.com/chartmuseum/helm-push
+          echo ">> Installing Chart Museum plugin ..."
-          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm plugin install https://github.com/chartmuseum/helm-push --debug
-          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+          echo ""
+          echo ">> Adding Gitea repository ..."
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
+
+          echo ""
+          echo ">> Pushing chart to gitea"
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
 
       - name: Extract Chart Metadata
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding Chart metadata to workflow ENV ..."
+          echo ""
+          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
+          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
+
+          echo "----"
+
           echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
           echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
 
@@ -62,10 +105,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Success - ${{ env.CHART_NAME }}'
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has successfully completed!'
+          tags: action,successfully,completed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
 
       - name: ntfy Failed
@@ -74,10 +118,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Failure - ${{ env.CHART_NAME }}'
           priority: 4
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has failed!'
+          tags: action,failed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
           actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-gitea-actions.yml", "clear": true}]'
           image: true

.gitea/workflows/release-charts-postgres-cluster.yml

@@ -14,37 +14,80 @@ env:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up Helm
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: latest
+          version: v3.19.2
+
+      - name: Add Repositories
+        run: |
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          helm dependency list --max-col-width 120 2> /dev/null \
+            | tail +2 | head -n -1 \
+            | awk '{ print "helm repo add " $1 " " $3 }' \
+            | while read cmd; do echo "$cmd" | sh; done || true
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
 
       - name: Package Helm Chart
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
-          helm dependency build
+
+          echo ">> Building helm dependency ..."
+          helm dependency build --skip-refresh --debug
+
+          echo "----"
+
           echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
 
       - name: Publish Helm Chart to Harbor
         run: |
-          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          echo ">> Logging into Harbor ..."
-          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
+
+          echo ""
+          echo ">> Publishing chart to Harbor ..."
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
+
+          echo "----"
 
       - name: Publish Helm Chart to Gitea
         run: |
-          helm plugin install https://github.com/chartmuseum/helm-push
+          echo ">> Installing Chart Museum plugin ..."
-          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm plugin install https://github.com/chartmuseum/helm-push --debug
-          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+          echo ""
+          echo ">> Adding Gitea repository ..."
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
+
+          echo ""
+          echo ">> Pushing chart to gitea"
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
 
       - name: Extract Chart Metadata
         run: |
-          cd $WORKFLOW_DIR
+          cd ${WORKFLOW_DIR}
+
+          echo ">> Adding Chart metadata to workflow ENV ..."
+          echo ""
+          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
+          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
+
+          echo "----"
+
           echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
           echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
 
@@ -62,10 +105,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Success - ${{ env.CHART_NAME }}'
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has successfully completed!'
+          tags: action,successfully,completed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
 
       - name: ntfy Failed
@@ -74,10 +118,11 @@ jobs:
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Gitea Action'
+          title: 'Release Failure - ${{ env.CHART_NAME }}'
           priority: 4
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          details: 'Helm Chart for ${{ env.CHART_NAME }} release workflow has failed!'
+          tags: action,failed
+          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
           actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-postgres-cluster.yml", "clear": true}]'
           image: true

.gitea/workflows/renovate.yaml

@@ -13,10 +13,10 @@ on:
 jobs:
   renovate:
     runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:40
+    container: ghcr.io/renovatebot/renovate:42
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Renovate
         run: renovate

.github/workflows/release-charts.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

.gitignore

@@ -1,12 +1,2 @@
-# Archived
-charts/**/archive
-
 # Compiled Helm chart dependencies
-charts/**/Chart.lock
 charts/**/charts/
-
-# Testing
-__snapshot__/
-
-# Docs
-_site/

charts/cloudflared/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.5.0
+digest: sha256:cd050e107fbec6769024a6d316c3f43701295a55cddf53a9fc304b52ea879560
+generated: "2025-12-04T18:06:50.235715-06:00"

charts/cloudflared/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 1.17.1
+version: 1.23.2
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
@@ -13,6 +13,6 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.1.1
+    version: 4.5.0
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2025.6.0"
+appVersion: "2025.11.1"

charts/cloudflared/README.md

@@ -1,6 +1,6 @@
 # cloudflared
 
-![Version: 1.17.1](https://img.shields.io/badge/Version-1.17.1-informational?style=flat-square) ![AppVersion: 2025.6.0](https://img.shields.io/badge/AppVersion-2025.6.0-informational?style=flat-square)
+![Version: 1.23.2](https://img.shields.io/badge/Version-1.23.2-informational?style=flat-square) ![AppVersion: 2025.11.1](https://img.shields.io/badge/AppVersion-2025.11.1-informational?style=flat-square)
 
 Cloudflared Tunnel
 
@@ -19,7 +19,7 @@ Cloudflared Tunnel
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 4.1.1 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.5.0 |
 
 ## Values
 
@@ -27,7 +27,7 @@ Cloudflared Tunnel
 |-----|------|---------|-------------|
 | existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
 | existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.6.0"}` | Default image |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.11.1"}` | Default image |
 | name | string | `"cloudflared"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
 

charts/cloudflared/values.yaml

@@ -10,7 +10,7 @@ existingSecretKey: cf-tunnel-token
 # -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: "2025.6.0"
+  tag: "2025.11.1"
   pullPolicy: IfNotPresent
 
 # -- Default resources

charts/generic-device-plugin/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.5.0
+digest: sha256:cd050e107fbec6769024a6d316c3f43701295a55cddf53a9fc304b52ea879560
+generated: "2025-12-04T18:08:17.823318-06:00"

charts/generic-device-plugin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.3.1
+version: 0.20.4
 description: Generic Device Plugin
 keywords:
   - generic-device-plugin
@@ -14,5 +14,5 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.1.1
+    version: 4.5.0
-appVersion: 0.2.0
+appVersion: 0.20.4

charts/generic-device-plugin/README.md

@@ -1,6 +1,6 @@
 # generic-device-plugin
 
-![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square)
+![Version: 0.20.4](https://img.shields.io/badge/Version-0.20.4-informational?style=flat-square) ![AppVersion: 0.20.4](https://img.shields.io/badge/AppVersion-0.20.4-informational?style=flat-square)
 
 Generic Device Plugin
 
@@ -19,7 +19,7 @@ Generic Device Plugin
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 4.1.1 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.5.0 |
 
 ## Values
 
@@ -27,10 +27,10 @@ Generic Device Plugin
 |-----|------|---------|-------------|
 | config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
-| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| deviceDomain | string | `"devic.es"` | Domain used by devices for identifcation |
-| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5"}` | Default image |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:4896ffd516624d6eb7572e102bc4397e91f8bc3b2fb38b5bfefd758baae3dcf2"}` | Default image |
 | name | string | `"generic-device-plugin"` | Name override of release |
-| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| resources | object | `{"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
 | service | object | `{"listenPort":8080}` | Service port |
 
 ----------------------------------------------

charts/generic-device-plugin/values.yaml

@@ -4,11 +4,11 @@ name: generic-device-plugin
 # -- Default image
 image:
   repository: ghcr.io/squat/generic-device-plugin
-  tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
+  tag: latest@sha256:4896ffd516624d6eb7572e102bc4397e91f8bc3b2fb38b5bfefd758baae3dcf2
   pullPolicy: Always
 
 # -- Domain used by devices for identifcation
-deviceDomain: squat.ai
+deviceDomain: devic.es
 
 # -- Service port
 service:
@@ -16,9 +16,6 @@ service:
 
 # -- Default resources
 resources:
-  limit:
-    cpu: 100m
-    memory: 20Mi
   requests:
     cpu: 50m
     memory: 10Mi

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 6.4.4
+version: 6.16.1
 description: Cloudnative-pg Cluster
 keywords:
   - database
@@ -11,4 +11,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.26.0
+appVersion: v1.27.0

charts/postgres-cluster/README.md

@@ -1,6 +1,6 @@
 # postgres-cluster
 
-![Version: 6.4.4](https://img.shields.io/badge/Version-6.4.4-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
+![Version: 6.16.1](https://img.shields.io/badge/Version-6.16.1-informational?style=flat-square) ![AppVersion: v1.27.0](https://img.shields.io/badge/AppVersion-v1.27.0-informational?style=flat-square)
 
 Cloudnative-pg Cluster
 
@@ -19,22 +19,21 @@ Cloudnative-pg Cluster
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
+| backup | object | `{"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
-| backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
 | backup.objectStore | list | `[]` | Options for object store backups |
 | backup.scheduledBackups | list | `[]` | List of scheduled backups |
-| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.7-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
 | cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
-| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"}` | Default image |
+| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.7-standard-trixie"}` | Default image |
 | cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
 | cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
 | cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
-| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
+| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}}` | Enable default monitoring and alert rules |
 | cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
 | cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
 | cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
@@ -43,7 +42,7 @@ Cloudnative-pg Cluster
 | cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
 | cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
 | cluster.monitoring.prometheusRule.enabled | bool | `false` | Whether to enable the PrometheusRule automated alerts |
-| cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules |
+| cluster.monitoring.prometheusRule.excludeRules | list | `["CNPGClusterLastFailedArchiveTimeWarning"]` | Exclude specified rules |
 | cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
 | cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
 | cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
@@ -109,7 +108,7 @@ Cloudnative-pg Cluster
 | recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
 | recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
 | recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
-| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `tensorchord` |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/postgres-cluster/prometheus_rules/cluster-last_failed_archive_time-warning.yaml

@@ -6,7 +6,7 @@ annotations:
   description: |-
     Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
 expr: |
-  (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+  (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 2
 for: 1m
 labels:
   severity: warning

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -11,21 +11,8 @@ bootstrap:
     {{- if .Values.cluster.initdb.owner }}
     owner: {{ tpl .Values.cluster.initdb.owner . }}
     {{- end }}
-    {{- if eq .Values.type "tensorchord" }}
+    {{- if (.Values.cluster.initdb.postInitApplicationSQL) }}
-    dataChecksums: true
-    {{- end }}
-    {{- if or (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
     postInitApplicationSQL:
-      {{- if eq .Values.type "tensorchord" }}
-      - ALTER SYSTEM SET search_path TO "$user", public, vectors;
-      - SET search_path TO "$user", public, vectors;
-      - CREATE EXTENSION IF NOT EXISTS "vectors";
-      - CREATE EXTENSION IF NOT EXISTS "cube";
-      - CREATE EXTENSION IF NOT EXISTS "earthdistance";
-      - ALTER SCHEMA vectors OWNER TO "app";
-      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
-      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
-      {{- end }}
       {{- with .Values.cluster.initdb }}
         {{- range .postInitApplicationSQL }}
           {{- printf "- %s" . | nindent 6 }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -83,21 +83,3 @@ Generate recovery server name
     {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
-
-{{/*
-Generate name for recovery object store credentials
-*/}}
-{{- define "cluster.recoveryCredentials" -}}
-  {{- if .Values.recovery.endpointCredentials -}}
-    {{- .Values.recovery.endpointCredentials -}}
-  {{- else -}}
-    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
-  {{- end }}
-{{- end }}
-
-{{/*
-Generate name for backup object store credentials
-*/}}
-{{- define "cluster.backupCredentials" -}}
-    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
-{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -19,13 +19,15 @@ spec:
   {{- end }}
   postgresUID: {{ include "cluster.postgresUID" . }}
   postgresGID: {{ include "cluster.postgresGID" . }}
-  {{ if or (eq .Values.backup.method "objectStore") (eq .Values.recovery.method "objectStore") }}
   plugins:
-  {{ end }}
   {{- range $objectStore := .Values.backup.objectStore }}
     - name: barman-cloud.cloudnative-pg.io
       enabled: true
-      isWALArchiver: {{ $objectStore.isWALArchiver | default true }}
+      {{- if $objectStore.isWALArchiver }}
+      isWALArchiver: true
+      {{- else }}
+      isWALArchiver: false
+      {{- end }}
       parameters:
         barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
         {{- if $objectStore.clusterName }}
@@ -34,10 +36,11 @@ spec:
         serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
         {{- end }}
   {{- end }}
-  {{ if eq .Values.recovery.method "objectStore" }}
+  {{ if (eq .Values.recovery.method "objectStore") }}
-    - name: barman-cloud.cloudnative-pg.io
+  externalClusters:
-      enabled: true
+    - name: recovery
-      isWALArchiver: false
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
         parameters:
           barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
           serverName: {{ include "cluster.recoveryServerName" . }}
@@ -81,11 +84,8 @@ spec:
   enablePDB: {{ .Values.cluster.enablePDB }}
 
   postgresql:
-    {{- if or (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
+    {{- if .Values.cluster.postgresql.shared_preload_libraries }}
     shared_preload_libraries:
-      {{- if eq .Values.type "tensorchord" }}
-      - vectors.so
-      {{- end }}
       {{- with .Values.cluster.postgresql.shared_preload_libraries }}
       {{- toYaml . | nindent 6 }}
       {{- end }}

charts/postgres-cluster/templates/object-store.yaml

@@ -1,4 +1,4 @@
-{{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
+{{ if (eq .Values.backup.method "objectStore") }}
 {{ $context := . -}}
 {{ range .Values.backup.objectStore -}}
 ---
@@ -27,7 +27,7 @@ spec:
       {{ end }}
       maxParallel: {{ .wal.maxParallel | default "1" }}
     {{- end }}
-    {{- if .wal }}
+    {{- if .data }}
     data:
       compression: {{ .data.compression | default "snappy"  }}
       {{- with .data.encryption }}
@@ -37,19 +37,16 @@ spec:
     {{- end }}
     s3Credentials:
       accessKeyId:
-        {{- if .endpointCredentials }}
+        name: {{ .endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-") }}
-        name: {{ .endpointCredentials }}
-        {{- else }}
-        name: {{ include "cluster.backupCredentials" $context }}
-        {{- end }}
         key: ACCESS_KEY_ID
       secretAccessKey:
-        {{- if .endpointCredentials }}
+        name: {{ .endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-") }}
-        name: {{ .endpointCredentials }}
-        {{- else }}
-        name: {{ include "cluster.backupCredentials" $context }}
-        {{- end }}
         key: ACCESS_SECRET_KEY
+    {{- if .endpointCredentialsIncludeRegion }}
+      region:
+        name: {{ .endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-") }}
+        key: ACCESS_REGION
+    {{- end }}
 {{ end -}}
 {{ end }}
 
@@ -85,9 +82,9 @@ spec:
       jobs: {{ .Values.recovery.objectStore.data.jobs }}
     s3Credentials:
       accessKeyId:
-        name: {{ include "cluster.recoveryCredentials" . }}
+        name: {{ .Values.recovery.objectStore.endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-") }}
         key: ACCESS_KEY_ID
       secretAccessKey:
-        name: {{ include "cluster.recoveryCredentials" . }}
+        name: {{ .Values.recovery.objectStore.endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-") }}
         key: ACCESS_SECRET_KEY
 {{ end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,4 +1,3 @@
-{{ if .Values.backup.enabled }}
 {{ $context := . -}}
 {{ range .Values.backup.scheduledBackups -}}
 ---
@@ -10,7 +9,7 @@ metadata:
   labels:
     {{- include "cluster.labels" $context | nindent 4 }}
 spec:
-  immediate: {{ .immediate | default true }}
+  immediate: {{ .immediate | default false }}
   suspend: {{ .suspend | default false }}
   schedule: {{ .schedule | quote | required "Schedule is required" }}
   backupOwnerReference: {{ .backupOwnerReference | default "self" }}
@@ -22,4 +21,3 @@ spec:
     parameters:
       barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
 {{ end -}}
-{{ end }}

charts/postgres-cluster/values.yaml

@@ -6,7 +6,6 @@ namespaceOverride: ""
 
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
-# * `tensorchord`
 type: postgresql
 
 # -- Cluster mode of operation. Available modes:
@@ -21,7 +20,7 @@ cluster:
   # -- Default image
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "17.5-1-bullseye"
+    tag: 17.7-standard-trixie
 
   # -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
   # More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
@@ -131,7 +130,8 @@ cluster:
       enabled: false
 
       # -- Exclude specified rules
-      excludeRules: []
+      excludeRules:
+        - CNPGClusterLastFailedArchiveTimeWarning
 
     # -- Whether the default queries should be injected.
     # Set it to true if you don't want to inject default queries into the cluster.
@@ -417,9 +417,6 @@ recovery:
 # -- Backup settings
 backup:
 
-  # -- You need to configure backups manually, so backups are disabled by default.
-  enabled: false
-
   # -- Method to create backups, options currently are only objectStore
   method: objectStore
 

renovate.json

@@ -6,19 +6,14 @@
     ":rebaseStalePrs"
   ],
   "timezone": "US/Central",
-    "schedule": [ "* */1 * * *" ],
   "labels": [],
   "prHourlyLimit": 0,
   "prConcurrentLimit": 0,
   "packageRules": [
     {
       "description": "Label charts",
-            "matchDatasources": [
+      "matchDatasources": ["helm"],
-                "helm"
+      "addLabels": ["chart"],
-            ],
-            "addLabels": [
-                "chart"
-            ],
       "automerge": false,
       "bumpVersions": [
         {
@@ -30,12 +25,8 @@
     },
     {
       "description": "Label images",
-            "matchDatasources": [
+      "matchDatasources": ["docker"],
-                "docker"
+      "addLabels": ["image"],
-            ],
-            "addLabels": [
-                "image"
-            ],
       "automerge": false,
       "bumpVersions": [
         {
@@ -46,23 +37,18 @@
       ]
     },
     {
-            "description": "CNPG image",
+      "description": "Automerge generic-device-plugin image on digest",
-            "matchDepNames": [
+      "matchDatasources": ["docker"],
-                "ghcr.io/cloudnative-pg/postgresql"
+      "matchDepNames": ["ghcr.io/squat/generic-device-plugin"],
-            ],
+      "matchUpdateTypes": ["digest"],
-            "matchDatasources": [
+      "addLabels": ["image", "automerge"],
-                "docker"
+      "automerge": true,
-            ],
+      "minimumReleaseAge": "1 days",
-            "addLabels": [
-                "image"
-            ],
-            "automerge": false,
-            "versioning": "deb",
       "bumpVersions": [
         {
           "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
           "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
-                "bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
+          "bumpType": "patch"
         }
       ]
     }