Update docker.io/postgres Docker tag to v18

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| alpine | minor | `3.22.2` -> `3.23.0` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19-->

Reviewed-on: #2231
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

.gitea/workflows/render-manifests-automerge.yaml

@@ -1,4 +1,4 @@
-name: render-manfiest-automerge
+name: render-manifests-automerge
 
 on:
   pull_request:
@@ -17,7 +17,7 @@ env:
   MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 
 jobs:
-  render-manfiest-automerge:
+  render-manifests-automerge:
     runs-on: ubuntu-js
     if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'automerge')) }}
     steps:
@@ -64,10 +64,10 @@ jobs:
 
           RENDER_DIR=()
 
-          echo ">> Checking for changes ..."
-          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+          echo ">> Checking for changes from HEAD^..HEAD ..."
+          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
 
-          if [ -n $GIT_DIFF ]; then
+          if [ -n "${GIT_DIFF}" ]; then
             echo ">> Changes detected:"
             echo "$GIT_DIFF"
             for path in $GIT_DIFF; do
@@ -79,7 +79,7 @@ jobs:
 
           fi
 
-          if [ -n $RENDER_DIR ]; then
+          if [ -n "${RENDER_DIR}" ]; then
             echo ">> Directories to Render:"
             echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)"
 
@@ -108,6 +108,11 @@ jobs:
               | while read cmd; do echo "$cmd" | sh; done || true
           done
 
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
           echo "----"
 
       - name: Remove Changed Manifest Files
@@ -153,7 +158,7 @@ jobs:
 
               echo ""
               echo ">> Building helm dependency ..."
-              helm dependency build
+              helm dependency build --skip-refresh
 
               echo ""
               echo ">> Linting helm ..."
@@ -161,7 +166,33 @@ jobs:
 
               echo ""
               echo ">> Rendering templates ..."
-              helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+
+              case "$chart_name" in
+                "stack")
+                  echo ">> Special Rendering for stack ..."
+                  helm template stack ./ --namespace argocd --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "cilium")
+                  echo ">> Special Rendering for cilium ..."
+                  helm template cilium ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "coredns")
+                  echo ">> Special Rendering for coredns ..."
+                  helm template coredns ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "metrics-server")
+                  echo ">> Special Rendering for metrics-server ..."
+                  helm template metrics-server ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "prometheus-operator-crds")
+                  echo ">> Special Rendering for prometheus-operator-crds ..."
+                  helm template prometheus-operator-crds ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                *)
+                  echo ">> Standard Rendering for $chart_name ..."
+                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+                  ;;
+              esac
 
               echo ""
               echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
@@ -287,7 +318,7 @@ jobs:
           GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
           GITEA_URL: ${{ secrets.REPO_URL }}
           BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
-          PR_ID: ${{ steps.prepare-manifest-branch.outputs.pull-request-id }}
+          PR_ID: ${{ steps.create-pull-request.outputs.pull-request-id }}
         run: |
           cd ${MANIFEST_DIR}
 
@@ -363,7 +394,6 @@ jobs:
           details: "Automerge Manifest rendering for Infrastructure!"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
           actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-          image: true
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master

.gitea/workflows/render-manifests-dispatch.yaml

@@ -0,0 +1,381 @@
+name: render-manifests-dispatch
+
+on:
+  workflow_dispatch:
+
+env:
+  CLUSTER: cl01tl
+  BASE_BRANCH: manifests
+  BRANCH_NAME: auto/update-manifests
+  ASSIGNEE: alexlebens
+  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
+
+jobs:
+  render-manifests-dispatch:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout Main
+        uses: actions/checkout@v6
+        with:
+          path: infrastructure
+          fetch-depth: 0
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
+
+      - name: Prepare Manifest Branch
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          echo ">> Checking if PR branch exists ..."
+          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
+            git fetch origin "${BRANCH_NAME}"
+            git checkout "${BRANCH_NAME}"
+            git pull --rebase
+
+          else
+            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
+            git checkout -b $BRANCH_NAME
+          fi
+
+          echo "----"
+
+      - name: Check which Directories have Changes
+        id: check-dir-changes
+        run: |
+          cd ${MAIN_DIR}
+
+          RENDER_DIR=()
+
+          echo ">> Triggered on dispatch, will check all paths ..."
+          RENDER_DIR+=$(ls clusters/cl01tl/helm/)
+
+          if [ -n "${RENDER_DIR}" ]; then
+            echo ">> Directories to Render:"
+            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)"
+
+            echo "----"
+
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "EOF" >> $GITEA_OUTPUT
+          else
+            echo "changes-detected=false" >> $GITEA_OUTPUT
+          fi
+
+      - name: Add Repositories
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          for dir in ${RENDER_DIR}; do
+            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+              | tail +2 | head -n -1 \
+              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | while read cmd; do echo "$cmd" | sh; done || true
+          done
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
+
+      - name: Remove Changed Manifest Files
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Remove manfiest files and rebuild from source ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+
+            echo "$chart_path"
+            rm -rf $chart_path/*
+          done
+
+          echo "----"
+
+      - name: Render Helm Manifests
+        id: render-manifests
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Rendering Manifests ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            chart_name=$(basename "$chart_path")
+
+            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart path $chart_path"
+
+            if [ -f "$chart_path/Chart.yaml" ]; then
+              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+              OUTPUT_FILE="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/$chart_name.yaml"
+
+              cd $chart_path
+
+              echo ""
+              echo ">> Building helm dependency ..."
+              helm dependency build --skip-refresh
+
+              echo ""
+              echo ">> Linting helm ..."
+              helm lint --namespace "$chart_name"
+
+              echo ""
+              echo ">> Rendering templates ..."
+
+              case "$chart_name" in
+                "stack")
+                  echo ">> Special Rendering for stack ..."
+                  helm template stack ./ --namespace argocd --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "cilium")
+                  echo ">> Special Rendering for cilium ..."
+                  helm template cilium ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "coredns")
+                  echo ">> Special Rendering for coredns ..."
+                  helm template coredns ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "metrics-server")
+                  echo ">> Special Rendering for metrics-server ..."
+                  helm template metrics-server ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "prometheus-operator-crds")
+                  echo ">> Special Rendering for prometheus-operator-crds ..."
+                  helm template prometheus-operator-crds ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                *)
+                  echo ">> Standard Rendering for $chart_name ..."
+                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+                  ;;
+              esac
+
+              echo ""
+              echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+              echo ""
+            else
+              echo ""
+              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ""
+            fi
+          done
+
+          echo "----"
+
+      - name: Check for Changes
+        id: check-changes
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          if git status --porcelain | grep -q .; then
+            echo ">> Changes detected"
+            git status --porcelain
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+          else
+            echo ">> No changes detected, skipping PR creation"
+            exit 0
+          fi
+
+          echo "----"
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Commiting changes to ${BRANCH_NAME} ..."
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+
+          echo "----"
+
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
+      - name: Check for Pull Request
+        id: check-for-pull-requst
+        if: steps.commit-push.outputs.push == 'true'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
+
+          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+
+          HTTP_STATUS=$(
+            curl -X GET \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
+            echo ">> Pull Request has been found open, will update"
+            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
+            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
+            echo "pull-request-index=true" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
+            echo ">> Pull Request found, but was closed"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+
+          else
+            echo ">> Pull Request not found"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+          fi
+
+          echo "----"
+
+      - name: Create Pull Request
+        id: create-pull-request
+        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
+
+          PAYLOAD=$( jq -n \
+            --arg head "${HEAD_BRANCH}" \
+            --arg base "${BASE_BRANCH}" \
+            --arg assignee "${ASSIGNEE}" \
+            --arg title "Automated Manifest Update" \
+            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
+            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body'} )
+
+          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+          echo ">> With Payload of:"
+          echo "$PAYLOAD"
+
+          HTTP_STATUS=$(
+            curl -X POST \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              --data "$PAYLOAD" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+            PR_URL=$(cat response_body.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            PR_ID=$(cat response_body.json | jq -r .id)
+            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+
+          elif [ "$HTTP_STATUS" == "409" ]; then
+            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
+
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+          echo "----"
+
+      - name: ntfy Created
+        uses: niniyas/ntfy-action@master
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render PR Created - Infrastructure"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render Failure - Infrastructure"
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Manifest rendering for Infrastructure has failed!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+          image: true

.gitea/workflows/render-manifests-merge.yaml

@@ -0,0 +1,400 @@
+name: render-manifests-merge
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'clusters/cl01tl/helm/**'
+    types:
+      - closed
+
+env:
+  CLUSTER: cl01tl
+  BASE_BRANCH: manifests
+  BRANCH_NAME: auto/update-manifests
+  ASSIGNEE: alexlebens
+  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
+
+jobs:
+  render-manifests-merge:
+    runs-on: ubuntu-js
+    if: ${{ (github.event.pull_request.merged == true) && !(contains(github.event.pull_request.labels.*.name, 'automerge')) }}
+    steps:
+      - name: Checkout Main
+        uses: actions/checkout@v6
+        with:
+          path: infrastructure
+          fetch-depth: 0
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
+
+      - name: Prepare Manifest Branch
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          echo ">> Checking if PR branch exists ..."
+          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
+            git fetch origin "${BRANCH_NAME}"
+            git checkout "${BRANCH_NAME}"
+            git pull --rebase
+
+          else
+            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
+            git checkout -b $BRANCH_NAME
+          fi
+
+          echo "----"
+
+      - name: Check which Directories have Changes
+        id: check-dir-changes
+        run: |
+          cd ${MAIN_DIR}
+
+          RENDER_DIR=()
+
+          echo ">> Checking for changes from HEAD^..HEAD ..."
+          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+
+          if [ -n "${GIT_DIFF}" ]; then
+            echo ">> Changes detected:"
+            echo "$GIT_DIFF"
+            for path in $GIT_DIFF; do
+              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
+            done
+
+          else
+            echo ">> No changes detected"
+
+          fi
+
+          if [ -n "${RENDER_DIR}" ]; then
+            echo ">> Directories to Render:"
+            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)"
+
+            echo "----"
+
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "EOF" >> $GITEA_OUTPUT
+          else
+            echo "changes-detected=false" >> $GITEA_OUTPUT
+          fi
+
+      - name: Add Repositories
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          for dir in ${RENDER_DIR}; do
+            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+              | tail +2 | head -n -1 \
+              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | while read cmd; do echo "$cmd" | sh; done || true
+          done
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
+
+      - name: Remove Changed Manifest Files
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Remove manfiest files and rebuild from source ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+
+            echo "$chart_path"
+            rm -rf $chart_path/*
+          done
+
+          echo "----"
+
+      - name: Render Helm Manifests
+        id: render-manifests
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Rendering Manifests ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            chart_name=$(basename "$chart_path")
+
+            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart path $chart_path"
+
+            if [ -f "$chart_path/Chart.yaml" ]; then
+              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+              OUTPUT_FILE="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/$chart_name.yaml"
+
+              cd $chart_path
+
+              echo ""
+              echo ">> Building helm dependency ..."
+              helm dependency build --skip-refresh
+
+              echo ""
+              echo ">> Linting helm ..."
+              helm lint --namespace "$chart_name"
+
+              echo ""
+              echo ">> Rendering templates ..."
+
+              case "$chart_name" in
+                "stack")
+                  echo ">> Special Rendering for stack ..."
+                  helm template stack ./ --namespace argocd --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "cilium")
+                  echo ">> Special Rendering for cilium ..."
+                  helm template cilium ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "coredns")
+                  echo ">> Special Rendering for coredns ..."
+                  helm template coredns ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "metrics-server")
+                  echo ">> Special Rendering for metrics-server ..."
+                  helm template metrics-server ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                "prometheus-operator-crds")
+                  echo ">> Special Rendering for prometheus-operator-crds ..."
+                  helm template prometheus-operator-crds ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                  ;;
+                *)
+                  echo ">> Standard Rendering for $chart_name ..."
+                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+                  ;;
+              esac
+
+              echo ""
+              echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+              echo ""
+            else
+              echo ""
+              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ""
+            fi
+          done
+
+          echo "----"
+
+      - name: Check for Changes
+        id: check-changes
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          if git status --porcelain | grep -q .; then
+            echo ">> Changes detected"
+            git status --porcelain
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+          else
+            echo ">> No changes detected, skipping PR creation"
+            exit 0
+          fi
+
+          echo "----"
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Commiting changes to ${BRANCH_NAME} ..."
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+
+          echo "----"
+
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
+      - name: Check for Pull Request
+        id: check-for-pull-requst
+        if: steps.commit-push.outputs.push == 'true'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
+
+          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+
+          HTTP_STATUS=$(
+            curl -X GET \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
+            echo ">> Pull Request has been found open, will update"
+            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
+            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
+            echo "pull-request-index=true" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
+            echo ">> Pull Request found, but was closed"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+
+          else
+            echo ">> Pull Request not found"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+          fi
+
+          echo "----"
+
+      - name: Create Pull Request
+        id: create-pull-request
+        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
+
+          PAYLOAD=$( jq -n \
+            --arg head "${HEAD_BRANCH}" \
+            --arg base "${BASE_BRANCH}" \
+            --arg assignee "${ASSIGNEE}" \
+            --arg title "Automated Manifest Update" \
+            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
+            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body'} )
+
+          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+          echo ">> With Payload of:"
+          echo "$PAYLOAD"
+
+          HTTP_STATUS=$(
+            curl -X POST \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              --data "$PAYLOAD" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+            PR_URL=$(cat response_body.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            PR_ID=$(cat response_body.json | jq -r .id)
+            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+
+          elif [ "$HTTP_STATUS" == "409" ]; then
+            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
+
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+          echo "----"
+
+      - name: ntfy Created
+        uses: niniyas/ntfy-action@master
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render PR Created - Infrastructure"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render Failure - Infrastructure"
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Manifest rendering for Infrastructure has failed!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+          image: true

.gitea/workflows/render-manifests-push.yaml

@@ -1,4 +1,4 @@
-name: render-manifests
+name: render-manifests-push
 
 on:
   push:
@@ -7,8 +7,6 @@ on:
     paths:
       - 'clusters/cl01tl/helm/**'
 
-  workflow_dispatch:
-
 env:
   CLUSTER: cl01tl
   BASE_BRANCH: manifests
@@ -18,8 +16,9 @@ env:
   MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 
 jobs:
-  render-manifests:
+  render-manifests-push:
     runs-on: ubuntu-js
+    if: gitea.event.commits[0].author.username != 'renovate-bot'
     steps:
       - name: Checkout Main
         uses: actions/checkout@v6
@@ -68,25 +67,19 @@ jobs:
 
           RENDER_DIR=()
 
-          if [ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]; then
-            echo ">> Triggered on dispatch, will check all paths ..."
-            RENDER_DIR+=$(ls clusters/cl01tl/helm/)
+          echo ">> Checking for changes ..."
+          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+
+          if [ -n "${GIT_DIFF}" ]; then
+            echo ">> Changes detected:"
+            echo "$GIT_DIFF"
+            for path in $GIT_DIFF; do
+              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
+            done
 
           else
-            echo ">> Checking for changes ..."
-            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+            echo ">> No changes detected"
 
-            if [ -n "${GIT_DIFF}" ]; then
-              echo ">> Changes detected:"
-              echo "$GIT_DIFF"
-              for path in $GIT_DIFF; do
-                RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
-              done
-
-            else
-              echo ">> No changes detected"
-
-            fi
           fi
 
           if [ -n "${RENDER_DIR}" ]; then
@@ -385,10 +378,9 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has created a new Pull Request!"
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
           actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-          image: true
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master

clusters/cl01tl/helm/actual/values.yaml

@@ -9,7 +9,7 @@ actual:
         main:
           image:
             repository: ghcr.io/actualbudget/actual
-            tag: 25.11.0
+            tag: 25.12.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/argo-workflows/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: argo-workflows
   repository: https://argoproj.github.io/argo-helm
-  version: 0.45.28
+  version: 0.46.1
 - name: argo-events
   repository: https://argoproj.github.io/argo-helm
   version: 2.4.17
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.0
-digest: sha256:b00fd479a9d9e606661b3799182c8e24395b4f531f8d2bda87bdc5db16a8d66c
-generated: "2025-12-01T19:55:40.18149-06:00"
+digest: sha256:d1e5e0a31c90bdff093db673f95c0e5f1cb5dfa0b910c21e5ec430a3cc4dd6aa
+generated: "2025-12-03T22:50:55.209413276Z"

clusters/cl01tl/helm/argo-workflows/Chart.yaml

@@ -18,7 +18,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: argo-workflows
-    version: 0.45.28
+    version: 0.46.1
     repository: https://argoproj.github.io/argo-helm
   - name: argo-events
     version: 2.4.17

clusters/cl01tl/helm/audiobookshelf/values.yaml

@@ -9,7 +9,7 @@ audiobookshelf:
         main:
           image:
             repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.30.0
+            tag: 2.31.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/booklore/values.yaml

@@ -9,7 +9,7 @@ booklore:
         main:
           image:
             repository: ghcr.io/booklore-app/booklore
-            tag: v1.12.0
+            tag: v1.13.1
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/element-web/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: element-web
   repository: https://ananace.gitlab.io/charts
-  version: 1.4.24
+  version: 1.4.25
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 1.23.1
-digest: sha256:34c49dc55fe68a53e43147dc0474d3eff87c881d8f458cb250fba4390a1026ca
-generated: "2025-12-03T06:02:46.881596134Z"
+digest: sha256:06208f8ba47fc2e2c0e56ea2e08b3539cb4c5d3ac5eeaf22936e84925b7add90
+generated: "2025-12-03T17:03:58.859116734Z"

clusters/cl01tl/helm/element-web/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: element-web
-    version: 1.4.24
+    version: 1.4.25
     repository: https://ananace.gitlab.io/charts
   - name: cloudflared
     alias: cloudflared

clusters/cl01tl/helm/element-web/values.yaml

@@ -2,7 +2,7 @@ element-web:
   replicaCount: 1
   image:
     repository: vectorim/element-web
-    tag: v1.12.4
+    tag: v1.12.6
     pullPolicy: IfNotPresent
   defaultServer:
     url: https://matrix.alexlebens.dev

clusters/cl01tl/helm/eraser/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: eraser
   repository: https://eraser-dev.github.io/eraser/charts
-  version: 1.3.1
-digest: sha256:17b561a00acc809810dccd226e7b6d757db39b34a6095dee879da761098125f9
-generated: "2025-12-01T20:25:36.491841-06:00"
+  version: 1.4.1
+digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
+generated: "2025-12-03T22:53:20.200917773Z"

clusters/cl01tl/helm/eraser/Chart.yaml

@@ -14,7 +14,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: eraser
-    version: v1.3.1
+    version: 1.4.1
     repository: https://eraser-dev.github.io/eraser/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: v1.3.1

clusters/cl01tl/helm/freshrss/values.yaml

@@ -11,7 +11,7 @@ freshrss:
             runAsUser: 0
           image:
             repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
             pullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -35,7 +35,7 @@ freshrss:
             runAsUser: 0
           image:
             repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
             pullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -59,7 +59,7 @@ freshrss:
             runAsUser: 0
           image:
             repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -9,7 +9,7 @@ home-assistant:
         main:
           image:
             repository: ghcr.io/home-assistant/home-assistant
-            tag: 2025.11.3
+            tag: 2025.12.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/karakeep/values.yaml

@@ -9,7 +9,7 @@ karakeep:
         main:
           image:
             repository: ghcr.io/karakeep-app/karakeep
-            tag: 0.28.0
+            tag: 0.29.0
             pullPolicy: IfNotPresent
           env:
             - name: DATA_DIR

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 79.7.1
+  version: 79.11.0
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.4.0
-digest: sha256:e046e7599ad195b57a8cf63b373a82d950778ac5dcc661f2ea135d433b46dacc
-generated: "2025-12-01T19:55:54.093624-06:00"
+digest: sha256:d2539cec03ef75627d94ff85e55349d3c8c71de0227b4eb1caf3344869b91ae9
+generated: "2025-12-03T06:21:52.770404462Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -19,7 +19,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 79.7.1
+    version: 79.11.0
     repository: oci://ghcr.io/prometheus-community/charts
   - name: app-template
     alias: ntfy-alertmanager

clusters/cl01tl/helm/libation/values.yaml

@@ -16,7 +16,7 @@ libation:
         main:
           image:
             repository: rmcrackan/libation
-            tag: 12.7.5
+            tag: 12.8.0
             pullPolicy: IfNotPresent
           env:
             - name: SLEEP_TIME

clusters/cl01tl/helm/n8n/values.yaml

@@ -9,7 +9,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.121.2
+            tag: 1.123.0
             pullPolicy: IfNotPresent
           env:
             - name: GENERIC_TIMEZONE
@@ -93,7 +93,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.121.2
+            tag: 1.123.0
             pullPolicy: IfNotPresent
           command:
             - n8n
@@ -188,7 +188,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.121.2
+            tag: 1.123.0
             pullPolicy: IfNotPresent
           command:
             - n8n

clusters/cl01tl/helm/postiz/values.yaml

@@ -9,7 +9,7 @@ postiz:
         main:
           image:
             repository: ghcr.io/gitroomhq/postiz-app
-            tag: v2.8.3
+            tag: v2.9.0
             pullPolicy: IfNotPresent
           env:
             - name: MAIN_URL

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -190,7 +190,7 @@ qbittorrent:
         qui:
           image:
             repository: ghcr.io/autobrr/qui
-            tag: v1.7.0
+            tag: v1.8.1
             pullPolicy: IfNotPresent
           env:
             - name: QUI__METRICS_ENABLED

clusters/cl01tl/helm/rook-ceph/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: rook-ceph
   repository: https://charts.rook.io/release
-  version: v1.18.7
+  version: v1.18.8
 - name: rook-ceph-cluster
   repository: https://charts.rook.io/release
-  version: v1.18.7
+  version: v1.18.8
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 1.23.1
-digest: sha256:164a4a55d552b0117692e7eab99bb147159db0819729f7e657a7d6e9fcfd7dcb
-generated: "2025-12-03T06:04:41.687015093Z"
+digest: sha256:28467614c6854e04a8733fb95b689d5a12f23878a030c56e529f06f490e5f9d8
+generated: "2025-12-03T21:00:36.655017976Z"

clusters/cl01tl/helm/rook-ceph/Chart.yaml

@@ -16,10 +16,10 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: rook-ceph
-    version: v1.18.7
+    version: v1.18.8
     repository: https://charts.rook.io/release
   - name: rook-ceph-cluster
-    version: v1.18.7
+    version: v1.18.8
     repository: https://charts.rook.io/release
   - name: cloudflared
     alias: cloudflared-rgw

clusters/cl01tl/helm/searxng/values.yaml

@@ -9,7 +9,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:277cb4b82fbdd69d88812089a5755860d379de907f09fb511443ff03d35191af
+            tag: latest@sha256:09dfc123bd7c118ed086471b42d17ed57964827beffeb8d7f012dae3d2608545
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:277cb4b82fbdd69d88812089a5755860d379de907f09fb511443ff03d35191af
+            tag: latest@sha256:09dfc123bd7c118ed086471b42d17ed57964827beffeb8d7f012dae3d2608545
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL

clusters/cl01tl/helm/site-documentation/values.yaml

@@ -11,7 +11,7 @@ site-documentation:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.0.3
+            tag: 0.0.4
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/helm/trivy/values.yaml

@@ -16,7 +16,7 @@ trivy-operator:
     image:
       registry: mirror.gcr.io
       repository: aquasec/trivy
-      tag: 0.67.2
+      tag: 0.68.1
     storageClassEnabled: true
     storageClassName: ceph-block
     storageSize: "5Gi"

clusters/cl01tl/helm/unpoller/values.yaml

@@ -9,7 +9,7 @@ unpoller:
         main:
           image:
             repository: ghcr.io/unpoller/unpoller
-            tag: v2.15.4
+            tag: v2.16.0
             pullPolicy: IfNotPresent
           env:
             - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS

clusters/cl01tl/helm/whodb/values.yaml

@@ -8,7 +8,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.80.0
+            tag: 0.81.0
             pullPolicy: IfNotPresent
           env:
             - name: WHODB_OLLAMA_HOST

hosts/ps10rp/gitea/compose.yaml

@@ -19,7 +19,7 @@ services:
             - /dev/net/tun:/dev/net/tun
 
     postgresql:
-        image: docker.io/postgres:17.7-alpine3.21
+        image: docker.io/postgres:18.1-alpine3.21
         container_name: gitea-postgres
         env_file:
             - .env

renovate.json

@@ -1,99 +1,114 @@
 {
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": [
-        "config:recommended",
-        "mergeConfidence:all-badges",
-        ":rebaseStalePrs"
-    ],
-    "timezone": "US/Central",
-    "labels": [],
-    "prHourlyLimit": 0,
-    "prConcurrentLimit": 0,
-    "packageRules": [
-        {
-            "description": "Label charts",
-            "matchDatasources": [
-                "helm"
-            ],
-            "addLabels": [
-                "chart"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "1 days"
-        },
-        {
-            "description": "Automerge chart patches",
-            "matchUpdateTypes": [
-                "patch"
-            ],
-            "matchDatasources": [
-                "helm"
-            ],
-            "addLabels": [
-                "chart",
-                "automerge"
-            ],
-            "automerge": true,
-            "minimumReleaseAge": "1 days"
-        },
-        {
-            "description": "Label images",
-            "matchDatasources": [
-                "docker"
-            ],
-            "addLabels": [
-                "image"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "1 days"
-        },
-        {
-            "description": "Automerge image patches",
-            "matchUpdateTypes": [
-                "patch",
-                "digest"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "addLabels": [
-                "image",
-                "automerge"
-            ],
-            "automerge": true,
-            "minimumReleaseAge": "1 days"
-        },
-        {
-            "description": "Automerge image updates for certain applications",
-            "matchUpdateTypes": [
-                "minor"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "matchPackageNames": [
-                "clidey/whodb",
-                "eigenfocus/eigenfocus",
-                "ghcr.io/advplyr/audiobookshelf",
-                "ghcr.io/gethomepage/homepage",
-                "ghcr.io/gitroomhq/postiz-app",
-                "ghcr.io/linuxserver/bazarr",
-                "ghcr.io/linuxserver/code-server",
-                "ghcr.io/linuxserver/lidarr",
-                "ghcr.io/linuxserver/plex",
-                "ghcr.io/linuxserver/prowlarr",
-                "ghcr.io/linuxserver/radarr",
-                "ghcr.io/linuxserver/sonarr",
-                "ghcr.io/n8n-io/n8n",
-                "ghcr.io/prometheus-community/charts/kube-prometheus-stack",
-                "vectorim/element-web"
-            ],
-            "addLabels": [
-                "image",
-                "automerge"
-            ],
-            "automerge": true,
-            "minimumReleaseAge": "2 days"
-        }
-    ]
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    "mergeConfidence:all-badges",
+    ":rebaseStalePrs"
+  ],
+  "timezone": "US/Central",
+  "labels": [],
+  "prHourlyLimit": 0,
+  "prConcurrentLimit": 0,
+  "packageRules": [
+    {
+      "description": "Label charts",
+      "matchDatasources": [
+        "helm"
+      ],
+      "addLabels": [
+        "chart"
+      ],
+      "automerge": false,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge chart patches",
+      "matchUpdateTypes": [
+        "patch"
+      ],
+      "matchDatasources": [
+        "helm"
+      ],
+      "addLabels": [
+        "chart",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge helm chart lock files",
+      "matchManagers": [
+        "helm"
+      ],
+      "lockFileMaintenance": {
+        "enabled": true
+      },
+      "addLabels": [
+        "chart",
+        "automerge"
+      ],
+      "automerge": true,
+      "automergeType": "branch"
+    },
+    {
+      "description": "Label images",
+      "matchDatasources": [
+        "docker"
+      ],
+      "addLabels": [
+        "image"
+      ],
+      "automerge": false,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge image patches",
+      "matchUpdateTypes": [
+        "patch",
+        "digest"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge image updates for certain applications",
+      "matchUpdateTypes": [
+        "minor"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchPackageNames": [
+        "clidey/whodb",
+        "eigenfocus/eigenfocus",
+        "ghcr.io/advplyr/audiobookshelf",
+        "ghcr.io/gethomepage/homepage",
+        "ghcr.io/gitroomhq/postiz-app",
+        "ghcr.io/linuxserver/bazarr",
+        "ghcr.io/linuxserver/code-server",
+        "ghcr.io/linuxserver/lidarr",
+        "ghcr.io/linuxserver/plex",
+        "ghcr.io/linuxserver/prowlarr",
+        "ghcr.io/linuxserver/radarr",
+        "ghcr.io/linuxserver/sonarr",
+        "ghcr.io/n8n-io/n8n",
+        "ghcr.io/prometheus-community/charts/kube-prometheus-stack",
+        "vectorim/element-web"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "2 days"
+    }
+  ]
 }