chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.13.0 (#4791)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile) | minor | `3.12.1` → `3.13.0` |

---

### Release Notes

<details>
<summary>alexlebens/site-profile (harbor.alexlebens.net/images/site-profile)</summary>

### [`v3.13.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/releases/tag/3.13.0)

[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/3.12.1...3.13.0)

##### Bug Fixes

- change execution mode ([a6c889f](a6c889f76a))

##### Features

- add and update pre-commit ([148fe8e](148fe8eeff))
- add fallback ([787479e](787479e077))
- add fallback ([220c29f](220c29f4f7))
- add fallback to run animations on switch ([954112e](954112e30e))
- add semantic-release/npm ([91c9a4b](91c9a4bb91))
- change paths ([9319228](9319228ef6))
- consolidate css into tailwind ([dfeb181](dfeb181a1d))
- downgrade to astro 5 ([f35c73b](f35c73b028))
- move scripts to script folder ([641c7cb](641c7cb33f))
- refactor static paths and photoswipe on blog page, move script to base layout ([93a53ca](93a53cab3d))
- remove react ([e3179b0](e3179b0480))
- revert shiki css changes ([c4104a5](c4104a52d1))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4791
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

.gitea/workflows/lint-test-docker.yaml

@@ -131,4 +131,4 @@ jobs:
           tags: action,failed
           details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}"
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "View Logs", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

.gitea/workflows/lint-test-helm.yaml

@@ -218,9 +218,9 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,failed
-          details: "Helm linting for cluster '${CLUSTER}' failed on charts: ${{ steps.lint.outputs.failed-charts }}"
+          details: "Helm linting for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.lint.outputs.failed-charts }}"
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "View Run", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
           image: true
 
   validate-kubeconform:
@@ -361,7 +361,7 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,failed
-          details: "Kubeconform for cluster '${CLUSTER}' failed on charts: ${{ steps.validate.outputs.failed-charts }}"
+          details: "Kubeconform for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.validate.outputs.failed-charts }}"
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "View Run", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
           image: true

.gitea/workflows/render-manifests-automerge.yaml

@@ -1,463 +0,0 @@
-name: render-manifests-automerge
-
-on:
-  workflow_dispatch:
-  # pull_request:
-  #   branches:
-  #     - main
-  #   paths:
-  #     - 'clusters/cl01tl/helm/**'
-  #   types:
-  #     - closed
-
-env:
-  CLUSTER: cl01tl
-  BASE_BRANCH: manifests
-  BRANCH_NAME_BASE: auto/update-manifests-automerge
-  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
-  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
-
-jobs:
-  render-manifests-automerge:
-    runs-on: ubuntu-js
-    if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'automerge')) }}
-    steps:
-      - name: Checkout Main
-        uses: actions/checkout@v6
-        with:
-          path: infrastructure
-          fetch-depth: 0
-
-      - name: Checkout Manifests
-        uses: actions/checkout@v6
-        with:
-          ref: manifests
-          path: infrastructure-manifests
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
-          cache: true
-
-      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@v4
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBECONFIG }}
-
-      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
-        with:
-          path: |
-            ~/.cache/helm
-            ~/.config/helm
-          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
-          restore-keys: |
-            helm-cache-${{ runner.os }}-
-
-      - name: Prepare Manifest Branch
-        id: prepare-manifest-branch
-        run: |
-          cd ${MANIFEST_DIR}
-
-          BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
-
-          echo ""
-          echo ">> Configure git to use gitea-bot as user ..."
-          git config user.name "gitea-bot"
-          git config user.email "gitea-bot@alexlebens.net"
-
-          echo ""
-          echo ">> Creating branch ..."
-          git checkout -b $BRANCH_NAME
-
-          echo "----"
-
-          echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITEA_OUTPUT
-
-      - name: Check which Directories have Changes
-        id: check-dir-changes
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Checking for changes from HEAD^..HEAD ..."
-
-          # Extract the chart names from the git diff
-          RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
-
-          if [ -n "${RENDER_DIR}" ]; then
-            echo ""
-            echo ">> Directories to Render:"
-            echo "${RENDER_DIR}"
-
-            echo "----"
-
-            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> "$GITEA_OUTPUT"
-
-          else
-            echo ""
-            echo ">> No chart changes detected"
-            echo "changes-detected=false" >> "$GITEA_OUTPUT"
-
-          fi
-
-      - name: Add Repositories
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Adding repositories for chart dependencies ..."
-          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail -n +2 \
-              | awk 'NF > 0 { print $1, $3 }' \
-              | while read -r REPO_NAME REPO_URL; do
-                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ""
-                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-
-                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
-                  helm repo add "${REPO_NAME}" "${REPO_URL}"
-
-                fi
-              done || true
-          done
-
-          if helm repo list > /dev/null 2>&1; then
-            echo ""
-            echo ">> Update repository cache ..."
-            helm repo update
-
-          fi
-
-          echo "----"
-
-      - name: Remove Changed Manifest Files
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Remove manfiest files and rebuild from source ..."
-
-          for DIR in ${RENDER_DIR}; do
-            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
-
-            echo "${CHART_PATH}"
-            rm -rf ${CHART_PATH}/*
-          done
-
-          echo "----"
-
-      - name: Render Helm Manifests
-        id: render-manifests
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd ${MAIN_DIR}
-
-          echo ""
-          echo ">> Rendering Manifests ..."
-
-          render_chart() {
-            local DIR="$1"
-            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
-            local CHART_NAME=$(basename "${CHART_PATH}")
-
-            echo ""
-            echo ">> Rendering ..."
-            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Path: ${CHART_PATH}"
-
-            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-
-              mkdir -p "${OUTPUT_FOLDER}"
-              cd "${CHART_PATH}"
-
-              echo ""
-              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh > /dev/null
-
-              echo ""
-              echo ">> Linting helm chart ..."
-              helm lint --namespace "${CHART_NAME}" --quiet
-
-              local NAMESPACE="${CHART_NAME}"
-              case "${CHART_NAME}" in
-                "stack")
-                  NAMESPACE="argocd"
-                  echo ""
-                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  ;;
-                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
-                  NAMESPACE="kube-system"
-                  echo ""
-                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  ;;
-                *)
-                  echo ""
-                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-              esac
-
-              echo ""
-              echo ">> Formating rendered template ..."
-              local TEMPLATE
-              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-
-              # Format and split rendered template
-              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
-
-              # Strip comments again to ensure formatting correctness
-              for file in "$OUTPUT_FOLDER"/*; do
-                yq -i '... comments=""' $file
-              done
-
-              echo ""
-              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
-              ls $OUTPUT_FOLDER
-              echo ""
-            else
-              echo ""
-              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
-              echo ""
-            fi
-          }
-
-          export -f render_chart
-          export MAIN_DIR CLUSTER MANIFEST_DIR
-
-          # Run rendering in parallel
-          for DIR in ${RENDER_DIR}; do
-            echo "${DIR}"
-          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
-
-          echo "----"
-
-      - name: Check for Changes
-        id: check-changes
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          GIT_CHANGES=$(git status --porcelain)
-
-          if [ -n "${GIT_CHANGES}" ]; then
-            echo ""
-            echo ">> Changes detected"
-            git status --porcelain
-            echo "changes-detected=true" >> $GITEA_OUTPUT
-
-          else
-            echo ""
-            echo ">> No changes detected, skipping PR creation"
-
-          fi
-
-          echo "----"
-
-      - name: Commit and Push Changes
-        id: commit-push
-        if: steps.check-changes.outputs.changes-detected == 'true'
-        env:
-          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Commiting changes to ${BRANCH_NAME} ..."
-          git add .
-          git commit -m "chore: Update manifests after automerge"
-
-          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ""
-          echo ">> Pushing changes to ${REPO_URL} ..."
-
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
-
-          echo "----"
-
-          echo "push=true" >> "$GITEA_OUTPUT"
-
-      - name: Create Pull Request
-        id: create-pull-request
-        if: steps.commit-push.outputs.push == 'true'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
-
-          PAYLOAD=$( jq -n \
-            --arg head "${BRANCH_NAME}" \
-            --arg base "${BASE_BRANCH}" \
-            --arg title "Automated Manifest Update - Automerge" \
-            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. This is expected to be automerged." \
-            '{head: $head, base: $base, title: $title, body: $body}' )
-
-          echo ">> Creating PR from branch ${BRANCH_NAME} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-          echo ">> With Payload of:"
-          echo "$PAYLOAD"
-
-          HTTP_STATUS=$(
-            curl -X POST \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              --data "$PAYLOAD" \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "201" ]; then
-            echo ">> Pull Request created successfully!"
-
-            PR_URL=$(cat response_body.json | jq -r .html_url)
-            echo ">> Pull Request URL: $PR_URL"
-            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
-
-            PR_NUMBER=$(cat response_body.json | jq -r .number)
-            echo ">> Pull Request Number: $PR_NUMBER"
-            echo "pull-request-number=${PR_NUMBER}" >> $GITEA_OUTPUT
-
-            echo "pull-request-operation=created" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "422" ]; then
-            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
-
-          elif [ "$HTTP_STATUS" == "409" ]; then
-            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
-
-          else
-            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
-            exit 1
-          fi
-
-          echo "----"
-
-      - name: Merge Changes
-        id: merge-changes
-        if: steps.commit-push.outputs.push == 'true'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
-          PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
-
-          PAYLOAD=$( jq -n \
-            --arg Do "merge" \
-            '{Do: $Do}' )
-
-          echo ">> Merging PR with ID: ${PR_NUMBER}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-          echo ">> With Payload of:"
-          echo "$PAYLOAD"
-
-          HTTP_STATUS=$(
-            curl -X POST \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              --data "$PAYLOAD" \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "200" ]; then
-            echo ">> Pull Request merged successfully!"
-            echo "pull-request-operation=merged" >> $GITEA_OUTPUT
-
-          else
-            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
-            echo "pull-request-operation=failed" >> $GITEA_OUTPUT
-            exit 1
-          fi
-
-          echo "----"
-
-      - name: Cleanup Branch
-        if: failure()
-        env:
-          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          echo ">> Removing branch: ${BRANCH_NAME}"
-          git push origin --delete ${BRANCH_NAME}
-
-          echo "----"
-
-      - name: ntfy Merged
-        uses: niniyas/ntfy-action@master
-        if: steps.merge-changes.outputs.pull-request-operation == 'merged'
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render PR Merged - Infrastructure"
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: "Automerge Manifest rendering for Infrastructure!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render Failure - Infrastructure"
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: "Automerge Manifest rendering for Infrastructure has failed!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests-automerge.yaml", "clear": true}]'
-          image: true

.gitea/workflows/render-manifests-dispatch.yaml

@@ -1,445 +0,0 @@
-name: render-manifests-dispatch
-
-on:
-  workflow_dispatch:
-  # schedule:
-  #   - cron: '0 15 * * *'
-
-  # workflow_dispatch:
-
-env:
-  CLUSTER: cl01tl
-  BASE_BRANCH: manifests
-  BRANCH_NAME: auto/update-manifests
-  ASSIGNEE: alexlebens
-  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
-  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
-
-jobs:
-  render-manifests-dispatch:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout Main
-        uses: actions/checkout@v6
-        with:
-          path: infrastructure
-          fetch-depth: 0
-
-      - name: Checkout Manifests
-        uses: actions/checkout@v6
-        with:
-          ref: manifests
-          path: infrastructure-manifests
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
-          cache: true
-
-      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@v4
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBECONFIG }}
-
-      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
-        with:
-          path: |
-            ~/.cache/helm
-            ~/.config/helm
-          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
-          restore-keys: |
-            helm-cache-${{ runner.os }}-
-
-      - name: Prepare Manifest Branch
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Configure git to use gitea-bot as user ..."
-          git config user.name "gitea-bot"
-          git config user.email "gitea-bot@alexlebens.net"
-
-          echo ""
-          echo ">> Checking if PR branch exists ..."
-          if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
-            echo ""
-            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
-            git fetch origin "${BRANCH_NAME}"
-            git checkout "${BRANCH_NAME}"
-            git pull --rebase
-
-          else
-            echo ""
-            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
-            git checkout -b "${BRANCH_NAME}"
-
-          fi
-
-          echo "----"
-
-      - name: Check which Directories have Changes
-        id: check-dir-changes
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Triggered on dispatch, will check all paths ..."
-
-          # Extract names of charts
-          RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
-
-          if [ -n "${RENDER_DIR}" ]; then
-            echo ""
-            echo ">> Directories to Render:"
-            echo "${RENDER_DIR}"
-            echo "----"
-
-            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> "$GITEA_OUTPUT"
-
-          else
-            echo ">> No directories found"
-            echo "changes-detected=false" >> "$GITEA_OUTPUT"
-
-          fi
-
-      - name: Add Repositories
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Adding repositories for chart dependencies ..."
-          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail -n +2 \
-              | awk 'NF > 0 { print $1, $3 }' \
-              | while read -r REPO_NAME REPO_URL; do
-                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ""
-                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-
-                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
-                  helm repo add "${REPO_NAME}" "${REPO_URL}"
-
-                fi
-              done || true
-          done
-
-          if helm repo list > /dev/null 2>&1; then
-            echo ""
-            echo ">> Update repository cache ..."
-            helm repo update
-
-          fi
-
-          echo "----"
-
-      - name: Remove Changed Manifest Files
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Remove manfiest files and rebuild from source ..."
-
-          for DIR in ${RENDER_DIR}; do
-            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
-
-            echo "${CHART_PATH}"
-            rm -rf ${CHART_PATH}/*
-          done
-
-          echo "----"
-
-      - name: Render Helm Manifests
-        id: render-manifests
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd ${MAIN_DIR}
-
-          echo ""
-          echo ">> Rendering Manifests ..."
-
-          render_chart() {
-            local DIR="$1"
-            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
-            local CHART_NAME=$(basename "${CHART_PATH}")
-
-            echo ""
-            echo ">> Rendering ..."
-            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Path: ${CHART_PATH}"
-
-            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-
-              mkdir -p "${OUTPUT_FOLDER}"
-              cd "${CHART_PATH}"
-
-              echo ""
-              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh > /dev/null
-
-              echo ""
-              echo ">> Linting helm chart ..."
-              helm lint --namespace "${CHART_NAME}" --quiet
-
-              local NAMESPACE="${CHART_NAME}"
-              case "${CHART_NAME}" in
-                "stack")
-                  NAMESPACE="argocd"
-                  echo ""
-                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  ;;
-                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
-                  NAMESPACE="kube-system"
-                  echo ""
-                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  ;;
-                *)
-                  echo ""
-                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-              esac
-
-              echo ""
-              echo ">> Formating rendered template ..."
-              local TEMPLATE
-              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-
-              # Format and split rendered template
-              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
-
-              # Strip comments again to ensure formatting correctness
-              for file in "$OUTPUT_FOLDER"/*; do
-                yq -i '... comments=""' $file
-              done
-
-              echo ""
-              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
-              ls $OUTPUT_FOLDER
-              echo ""
-            else
-              echo ""
-              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
-              echo ""
-            fi
-          }
-
-          export -f render_chart
-          export MAIN_DIR CLUSTER MANIFEST_DIR
-
-          # Run rendering in parallel
-          for DIR in ${RENDER_DIR}; do
-            echo "${DIR}"
-          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
-
-          echo "----"
-
-      - name: Check for Changes
-        id: check-changes
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          GIT_CHANGES=$(git status --porcelain)
-
-          if [ -n "${GIT_CHANGES}" ]; then
-            echo ""
-            echo ">> Changes detected"
-            git status --porcelain
-            echo "changes-detected=true" >> $GITEA_OUTPUT
-
-          else
-            echo ""
-            echo ">> No changes detected, skipping PR creation"
-
-          fi
-
-          echo "----"
-
-      - name: Commit and Push Changes
-        id: commit-push
-        if: steps.check-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Commiting changes to ${BRANCH_NAME} ..."
-          git add .
-          git commit -m "chore: Update manifests after change"
-
-          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ""
-          echo ">> Pushing changes to ${REPO_URL} ..."
-
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
-
-          echo "----"
-
-          echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
-          echo "push=true" >> "$GITEA_OUTPUT"
-
-      - name: Check for Pull Request
-        id: check-for-pull-requst
-        if: steps.commit-push.outputs.push == 'true'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
-
-          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-
-          HTTP_STATUS=$(
-            curl -X GET \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
-            echo ">> Pull Request has been found open, will update"
-            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
-            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
-            echo "pull-request-index=true" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
-            echo ">> Pull Request found, but was closed"
-            echo "pull-request-exists=false" >> $GITEA_OUTPUT
-
-          else
-            echo ">> Pull Request not found"
-            echo "pull-request-exists=false" >> $GITEA_OUTPUT
-          fi
-
-          echo "----"
-
-      - name: Create Pull Request
-        id: create-pull-request
-        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
-
-          PAYLOAD=$( jq -n \
-            --arg head "${HEAD_BRANCH}" \
-            --arg base "${BASE_BRANCH}" \
-            --arg assignee "${ASSIGNEE}" \
-            --arg title "Automated Manifest Update" \
-            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
-            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
-
-          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-          echo ">> With Payload of:"
-          echo "$PAYLOAD"
-
-          HTTP_STATUS=$(
-            curl -X POST \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              --data "$PAYLOAD" \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "201" ]; then
-            echo ">> Pull Request created successfully!"
-            PR_URL=$(cat response_body.json | jq -r .html_url)
-            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
-            PR_ID=$(cat response_body.json | jq -r .id)
-            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
-            echo "pull-request-operation=created" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "422" ]; then
-            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
-
-          elif [ "$HTTP_STATUS" == "409" ]; then
-            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
-
-          else
-            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
-            exit 1
-          fi
-
-          echo "----"
-
-      - name: ntfy Created
-        uses: niniyas/ntfy-action@master
-        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render PR Created - Infrastructure"
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render Failure - Infrastructure"
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: "Manifest rendering for Infrastructure has failed!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
-          image: true

.gitea/workflows/render-manifests-merge.yaml

@@ -1,451 +0,0 @@
-name: render-manifests-merge
-
-on:
-  workflow_dispatch:
-  # pull_request:
-  #   branches:
-  #     - main
-  #   paths:
-  #     - 'clusters/cl01tl/helm/**'
-  #   types:
-  #     - closed
-
-env:
-  CLUSTER: cl01tl
-  BASE_BRANCH: manifests
-  BRANCH_NAME: auto/update-manifests
-  ASSIGNEE: alexlebens
-  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
-  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
-
-jobs:
-  render-manifests-merge:
-    runs-on: ubuntu-js
-    if: ${{ (github.event.pull_request.merged == true) && !(contains(github.event.pull_request.labels.*.name, 'automerge')) }}
-    steps:
-      - name: Checkout Main
-        uses: actions/checkout@v6
-        with:
-          path: infrastructure
-          fetch-depth: 0
-
-      - name: Checkout Manifests
-        uses: actions/checkout@v6
-        with:
-          ref: manifests
-          path: infrastructure-manifests
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
-          cache: true
-
-      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@v4
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBECONFIG }}
-
-      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
-        with:
-          path: |
-            ~/.cache/helm
-            ~/.config/helm
-          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
-          restore-keys: |
-            helm-cache-${{ runner.os }}-
-
-      - name: Prepare Manifest Branch
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Configure git to use gitea-bot as user ..."
-          git config user.name "gitea-bot"
-          git config user.email "gitea-bot@alexlebens.net"
-
-          echo ""
-          echo ">> Checking if PR branch exists ..."
-          if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
-            echo ""
-            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
-            git fetch origin "${BRANCH_NAME}"
-            git checkout "${BRANCH_NAME}"
-            git pull --rebase
-
-          else
-            echo ""
-            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
-            git checkout -b "${BRANCH_NAME}"
-
-          fi
-
-          echo "----"
-
-      - name: Check which Directories have Changes
-        id: check-dir-changes
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Checking for changes from HEAD^..HEAD ..."
-
-          # Extract the chart names from the git diff
-          RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
-
-          if [ -n "${RENDER_DIR}" ]; then
-            echo ""
-            echo ">> Directories to Render:"
-            echo "${RENDER_DIR}"
-
-            echo "----"
-
-            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> "$GITEA_OUTPUT"
-
-          else
-            echo ""
-            echo ">> No chart changes detected"
-            echo "changes-detected=false" >> "$GITEA_OUTPUT"
-
-          fi
-
-      - name: Add Repositories
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Adding repositories for chart dependencies ..."
-          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail -n +2 \
-              | awk 'NF > 0 { print $1, $3 }' \
-              | while read -r REPO_NAME REPO_URL; do
-                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ""
-                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-
-                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
-                  helm repo add "${REPO_NAME}" "${REPO_URL}"
-
-                fi
-              done || true
-          done
-
-          if helm repo list > /dev/null 2>&1; then
-            echo ""
-            echo ">> Update repository cache ..."
-            helm repo update
-
-          fi
-
-          echo "----"
-
-      - name: Remove Changed Manifest Files
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Remove manfiest files and rebuild from source ..."
-
-          for DIR in ${RENDER_DIR}; do
-            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
-
-            echo "${CHART_PATH}"
-            rm -rf ${CHART_PATH}/*
-          done
-
-          echo "----"
-
-      - name: Render Helm Manifests
-        id: render-manifests
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd ${MAIN_DIR}
-
-          echo ""
-          echo ">> Rendering Manifests ..."
-
-          render_chart() {
-            local DIR="$1"
-            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
-            local CHART_NAME=$(basename "${CHART_PATH}")
-
-            echo ""
-            echo ">> Rendering ..."
-            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Path: ${CHART_PATH}"
-
-            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-
-              mkdir -p "${OUTPUT_FOLDER}"
-              cd "${CHART_PATH}"
-
-              echo ""
-              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh > /dev/null
-
-              echo ""
-              echo ">> Linting helm chart ..."
-              helm lint --namespace "${CHART_NAME}" --quiet
-
-              local NAMESPACE="${CHART_NAME}"
-              case "${CHART_NAME}" in
-                "stack")
-                  NAMESPACE="argocd"
-                  echo ""
-                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  ;;
-                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
-                  NAMESPACE="kube-system"
-                  echo ""
-                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  ;;
-                *)
-                  echo ""
-                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-              esac
-
-              echo ""
-              echo ">> Formating rendered template ..."
-              local TEMPLATE
-              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-
-              # Format and split rendered template
-              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
-
-              # Strip comments again to ensure formatting correctness
-              for file in "$OUTPUT_FOLDER"/*; do
-                yq -i '... comments=""' $file
-              done
-
-              echo ""
-              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
-              ls $OUTPUT_FOLDER
-              echo ""
-            else
-              echo ""
-              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
-              echo ""
-            fi
-          }
-
-          export -f render_chart
-          export MAIN_DIR CLUSTER MANIFEST_DIR
-
-          # Run rendering in parallel
-          for DIR in ${RENDER_DIR}; do
-            echo "${DIR}"
-          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
-
-          echo "----"
-
-      - name: Check for Changes
-        id: check-changes
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          GIT_CHANGES=$(git status --porcelain)
-
-          if [ -n "${GIT_CHANGES}" ]; then
-            echo ""
-            echo ">> Changes detected"
-            git status --porcelain
-            echo "changes-detected=true" >> $GITEA_OUTPUT
-
-          else
-            echo ""
-            echo ">> No changes detected, skipping PR creation"
-
-          fi
-
-          echo "----"
-
-      - name: Commit and Push Changes
-        id: commit-push
-        if: steps.check-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Commiting changes to ${BRANCH_NAME} ..."
-          git add .
-          git commit -m "chore: Update manifests after change"
-
-          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ""
-          echo ">> Pushing changes to ${REPO_URL} ..."
-
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
-
-          echo "----"
-
-          echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
-          echo "push=true" >> "$GITEA_OUTPUT"
-
-      - name: Check for Pull Request
-        id: check-for-pull-requst
-        if: steps.commit-push.outputs.push == 'true'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
-
-          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-
-          HTTP_STATUS=$(
-            curl -X GET \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
-            echo ">> Pull Request has been found open, will update"
-            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
-            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
-            echo "pull-request-index=true" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
-            echo ">> Pull Request found, but was closed"
-            echo "pull-request-exists=false" >> $GITEA_OUTPUT
-
-          else
-            echo ">> Pull Request not found"
-            echo "pull-request-exists=false" >> $GITEA_OUTPUT
-          fi
-
-          echo "----"
-
-      - name: Create Pull Request
-        id: create-pull-request
-        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
-
-          PAYLOAD=$( jq -n \
-            --arg head "${HEAD_BRANCH}" \
-            --arg base "${BASE_BRANCH}" \
-            --arg assignee "${ASSIGNEE}" \
-            --arg title "Automated Manifest Update" \
-            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
-            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
-
-          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-          echo ">> With Payload of:"
-          echo "$PAYLOAD"
-
-          HTTP_STATUS=$(
-            curl -X POST \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              --data "$PAYLOAD" \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "201" ]; then
-            echo ">> Pull Request created successfully!"
-            PR_URL=$(cat response_body.json | jq -r .html_url)
-            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
-            PR_ID=$(cat response_body.json | jq -r .id)
-            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
-            echo "pull-request-operation=created" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "422" ]; then
-            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
-
-          elif [ "$HTTP_STATUS" == "409" ]; then
-            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
-
-          else
-            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
-            exit 1
-          fi
-
-          echo "----"
-
-      - name: ntfy Created
-        uses: niniyas/ntfy-action@master
-        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render PR Created - Infrastructure"
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render Failure - Infrastructure"
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: "Manifest rendering for Infrastructure has failed!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
-          image: true

.gitea/workflows/render-manifests-push.yaml

@@ -1,449 +0,0 @@
-name: render-manifests-push
-
-on:
-  workflow_dispatch:
-  # push:
-  #   branches:
-  #     - main
-  #   paths:
-  #     - 'clusters/cl01tl/helm/**'
-
-env:
-  CLUSTER: cl01tl
-  BASE_BRANCH: manifests
-  BRANCH_NAME: auto/update-manifests
-  ASSIGNEE: alexlebens
-  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
-  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
-
-jobs:
-  render-manifests-push:
-    runs-on: ubuntu-js
-    if: gitea.event.commits[0].author.username != 'renovate-bot'
-    steps:
-      - name: Checkout Main
-        uses: actions/checkout@v6
-        with:
-          path: infrastructure
-          fetch-depth: 0
-
-      - name: Checkout Manifests
-        uses: actions/checkout@v6
-        with:
-          ref: manifests
-          path: infrastructure-manifests
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
-          cache: true
-
-      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@v4
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBECONFIG }}
-
-      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
-        with:
-          path: |
-            ~/.cache/helm
-            ~/.config/helm
-          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
-          restore-keys: |
-            helm-cache-${{ runner.os }}-
-
-      - name: Prepare Manifest Branch
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Configure git to use gitea-bot as user ..."
-          git config user.name "gitea-bot"
-          git config user.email "gitea-bot@alexlebens.net"
-
-          echo ">> Checking if PR branch exists ..."
-          if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
-            echo ""
-            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
-            git fetch origin "${BRANCH_NAME}"
-            git checkout "${BRANCH_NAME}"
-            git pull --rebase
-
-          else
-            echo ""
-            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
-            git checkout -b "${BRANCH_NAME}"
-
-          fi
-
-          echo "----"
-
-      - name: Check which Directories have Changes
-        id: check-dir-changes
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Checking for changes ..."
-
-          # Extract the chart names from the git diff
-          RENDER_DIR=$(git diff --name-only ${{ gitea.event.before }}..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
-
-          if [ -n "${RENDER_DIR}" ]; then
-            echo ""
-            echo ">> Directories to Render:"
-            echo "${RENDER_DIR}"
-
-            echo "----"
-
-            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> "$GITEA_OUTPUT"
-
-          else
-            echo ""
-            echo ">> No chart changes detected"
-            echo "changes-detected=false" >> "$GITEA_OUTPUT"
-
-          fi
-
-      - name: Add Repositories
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MAIN_DIR}"
-
-          echo ""
-          echo ">> Adding repositories for chart dependencies ..."
-          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail -n +2 \
-              | awk 'NF > 0 { print $1, $3 }' \
-              | while read -r REPO_NAME REPO_URL; do
-                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ""
-                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-
-                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
-                  helm repo add "${REPO_NAME}" "${REPO_URL}"
-
-                fi
-              done || true
-          done
-
-          if helm repo list > /dev/null 2>&1; then
-            echo ""
-            echo ">> Update repository cache ..."
-            helm repo update
-
-          fi
-
-          echo "----"
-
-      - name: Remove Changed Manifest Files
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Remove manfiest files and rebuild from source ..."
-
-          for DIR in ${RENDER_DIR}; do
-            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
-
-            echo ""
-            echo "${CHART_PATH}"
-            rm -rf ${CHART_PATH}/*
-          done
-
-          echo "----"
-
-      - name: Render Helm Manifests
-        id: render-manifests
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        env:
-          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
-        run: |
-          cd ${MAIN_DIR}
-
-          echo ""
-          echo ">> Rendering Manifests ..."
-
-          render_chart() {
-            local DIR="$1"
-            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
-            local CHART_NAME=$(basename "${CHART_PATH}")
-
-            echo ""
-            echo ">> Rendering ..."
-            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Path: ${CHART_PATH}"
-
-            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-
-              mkdir -p "${OUTPUT_FOLDER}"
-              cd "${CHART_PATH}"
-
-              echo ""
-              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh > /dev/null
-
-              echo ""
-              echo ">> Linting helm chart ..."
-              helm lint --namespace "${CHART_NAME}" --quiet
-
-              local NAMESPACE="${CHART_NAME}"
-              case "${CHART_NAME}" in
-                "stack")
-                  NAMESPACE="argocd"
-                  echo ""
-                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  ;;
-                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
-                  NAMESPACE="kube-system"
-                  echo ""
-                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  ;;
-                *)
-                  echo ""
-                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-              esac
-
-              echo ""
-              echo ">> Formating rendered template ..."
-              local TEMPLATE
-              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-
-              # Format and split rendered template
-              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
-
-              # Strip comments again to ensure formatting correctness
-              for file in "$OUTPUT_FOLDER"/*; do
-                yq -i '... comments=""' $file
-              done
-
-              echo ""
-              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
-              ls $OUTPUT_FOLDER
-              echo ""
-            else
-              echo ""
-              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
-              echo ""
-            fi
-          }
-
-          export -f render_chart
-          export MAIN_DIR CLUSTER MANIFEST_DIR
-
-          # Run rendering in parallel
-          for DIR in ${RENDER_DIR}; do
-            echo "${DIR}"
-          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
-
-          echo "----"
-
-      - name: Check for Changes
-        id: check-changes
-        if: steps.check-dir-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          GIT_CHANGES=$(git status --porcelain)
-
-          if [ -n "${GIT_CHANGES}" ]; then
-            echo ""
-            echo ">> Changes detected"
-            git status --porcelain
-            echo "changes-detected=true" >> $GITEA_OUTPUT
-
-          else
-            echo ""
-            echo ">> No changes detected, skipping PR creation"
-
-          fi
-
-          echo "----"
-
-      - name: Commit and Push Changes
-        id: commit-push
-        if: steps.check-changes.outputs.changes-detected == 'true'
-        run: |
-          cd "${MANIFEST_DIR}"
-
-          echo ""
-          echo ">> Commiting changes to ${BRANCH_NAME} ..."
-          git add .
-          git commit -m "chore: Update manifests after change"
-
-          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ""
-          echo ">> Pushing changes to ${REPO_URL} ..."
-
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
-
-          echo "----"
-
-          echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
-          echo "push=true" >> "$GITEA_OUTPUT"
-
-      - name: Check for Pull Request
-        id: check-for-pull-requst
-        if: steps.commit-push.outputs.push == 'true'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
-
-          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-
-          HTTP_STATUS=$(
-            curl -X GET \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
-            echo ">> Pull Request has been found open, will update"
-            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
-            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
-            echo "pull-request-index=true" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
-            echo ">> Pull Request found, but was closed"
-            echo "pull-request-exists=false" >> $GITEA_OUTPUT
-
-          else
-            echo ">> Pull Request not found"
-            echo "pull-request-exists=false" >> $GITEA_OUTPUT
-          fi
-
-          echo "----"
-
-      - name: Create Pull Request
-        id: create-pull-request
-        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
-        env:
-          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          GITEA_URL: ${{ secrets.REPO_URL }}
-          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-        run: |
-          cd ${MANIFEST_DIR}
-
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
-
-          PAYLOAD=$( jq -n \
-            --arg head "${HEAD_BRANCH}" \
-            --arg base "${BASE_BRANCH}" \
-            --arg assignee "${ASSIGNEE}" \
-            --arg title "Automated Manifest Update" \
-            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
-            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
-
-          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          echo ">> With Endpoint of:"
-          echo "$API_ENDPOINT"
-          echo ">> With Payload of:"
-          echo "$PAYLOAD"
-
-          HTTP_STATUS=$(
-            curl -X POST \
-              --silent \
-              --write-out '%{http_code}' \
-              --output response_body.json \
-              --dump-header response_headers.txt \
-              --data "$PAYLOAD" \
-              -H "Authorization: token ${GITEA_TOKEN}" \
-              -H "Content-Type: application/json" \
-              "$API_ENDPOINT" 2> response_errors.txt
-          )
-
-          echo ">> HTTP Status Code: $HTTP_STATUS"
-          echo ">> Response Output ..."
-          echo "----"
-          cat response_body.json
-          echo "----"
-          cat response_headers.txt
-          echo "----"
-          cat response_errors.txt
-          echo "----"
-
-          if [ "$HTTP_STATUS" == "201" ]; then
-            echo ">> Pull Request created successfully!"
-            PR_URL=$(cat response_body.json | jq -r .html_url)
-            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
-            PR_ID=$(cat response_body.json | jq -r .id)
-            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
-            echo "pull-request-operation=created" >> $GITEA_OUTPUT
-
-          elif [ "$HTTP_STATUS" == "422" ]; then
-            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
-
-          elif [ "$HTTP_STATUS" == "409" ]; then
-            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
-
-          else
-            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
-            exit 1
-          fi
-
-          echo "----"
-
-      - name: ntfy Created
-        uses: niniyas/ntfy-action@master
-        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render PR Created - Infrastructure"
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render Failure - Infrastructure"
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: "Manifest rendering for Infrastructure has failed!"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
-          image: true

.gitea/workflows/render-manifests.yaml

@@ -6,12 +6,6 @@ on:
 
   workflow_dispatch:
 
-  push:
-    branches:
-      - main
-    paths:
-      - 'clusters/cl01tl/helm/**'
-
   pull_request:
     branches:
       - main
@@ -34,7 +28,6 @@ jobs:
     if: >-
       github.event_name == 'schedule' ||
       github.event_name == 'workflow_dispatch' ||
-      (github.event_name == 'push' && github.actor != 'renovate-bot') ||
       (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
     steps:
       - name: Checkout Main
@@ -95,10 +88,6 @@ jobs:
 
             DIFF_TARGET="HEAD^..HEAD"
 
-          elif [[ "${{ github.event_name }}" == "push" ]]; then
-            echo ">> Mode: Push (Standard)"
-            DIFF_TARGET="${{ github.event.before }}..HEAD"
-
           fi
 
           echo ""
@@ -111,6 +100,7 @@ jobs:
       - name: Prepare Manifest Branch
         id: prepare-manifest-branch
         env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
           IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
         run: |
           cd "${MANIFEST_DIR}"
@@ -120,10 +110,10 @@ jobs:
           git config user.email "gitea-bot@alexlebens.net"
 
           if [[ "$IS_AUTOMERGE" == "true" ]]; then
+            BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-${PR_NUMBER}"
             echo ""
             echo ">> Creating branch ${BRANCH_NAME} ..."
-            BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-$(date +%Y%m%d%H%M%S)"
-            git checkout -b "$BRANCH_NAME"
+            git checkout -B "$BRANCH_NAME"
 
           else
             echo ""
@@ -416,7 +406,6 @@ jobs:
             echo "----"
 
             echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT"
-            echo "pull-request-url=$(cat response_body.json | jq -r .[0].html_url)" >> "$GITHUB_OUTPUT"
 
           else
             echo ""
@@ -468,7 +457,6 @@ jobs:
             echo ""
             echo "----"
 
-            echo "pull-request-url=$(jq -r .html_url response_body.json)" >> "$GITHUB_OUTPUT"
             echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT"
             echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT"
             echo "pull-request-operation=created" >> "$GITHUB_OUTPUT"
@@ -589,9 +577,9 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,successfully,completed
-          details: "Created renderd manifests for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
+          details: "Created renderd manifests for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
 
       - name: ntfy Updated
         uses: niniyas/ntfy-action@master
@@ -603,9 +591,9 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,successfully,completed
-          details: "Updated rendered manifests PR for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
+          details: "Updated rendered manifests PR for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.check-for-pull-request.outputs.pull-request-url }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
 
       - name: ntfy Merged
         uses: niniyas/ntfy-action@master
@@ -617,9 +605,9 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,successfully,completed
-          details: "Automerged manifest rendering for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
+          details: "Automerged manifest rendering for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master
@@ -633,4 +621,4 @@ jobs:
           tags: action,failed
           details: "Manifest rendering for Infrastructure has failed!"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
-          actions: '[{"action": "view", "label": "View Logs", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
+          actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.3.0
+    rev: v6.0.0
     hooks:
       - id: end-of-file-fixer
       - id: trailing-whitespace
@@ -9,7 +9,9 @@ repos:
         exclude: '^.*\/templates\/.*$'
         args:
           - --multi
+      - id: check-merge-conflict
+      - id: check-json
   - repo: https://github.com/IamTheFij/docker-pre-commit
-    rev: v2.0.0
+    rev: v3.0.1
     hooks:
       - id: docker-compose-check

clusters/cl01tl/helm/argo-workflows/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 7.10.0
 digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
-generated: "2026-03-15T17:50:49.014962137Z"
+generated: "2026-03-15T20:04:18.080966008Z"

clusters/cl01tl/helm/authentik/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
-generated: "2026-03-15T17:51:03.111099345Z"
+generated: "2026-03-15T20:04:35.99407071Z"

clusters/cl01tl/helm/dawarich/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
-generated: "2026-03-15T17:51:17.169173561Z"
+generated: "2026-03-15T20:04:49.68456485Z"

clusters/cl01tl/helm/dawarich/Chart.yaml

@@ -26,4 +26,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
 # renovate: datasource=github-releases depName=Freika/dawarich
-appVersion: 1.3.3
+appVersion: 1.3.4

clusters/cl01tl/helm/dawarich/values.yaml

@@ -9,7 +9,7 @@ dawarich:
         main:
           image:
             repository: freikin/dawarich
-            tag: 1.3.3
+            tag: 1.3.4
             pullPolicy: IfNotPresent
           command: ["web-entrypoint.sh"]
           args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
         sidekiq:
           image:
             repository: freikin/dawarich
-            tag: 1.3.3
+            tag: 1.3.4
             pullPolicy: IfNotPresent
           command: ["sidekiq-entrypoint.sh"]
           args: ["sidekiq"]

clusters/cl01tl/helm/directus/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
-generated: "2026-03-15T17:51:30.574186467Z"
+generated: "2026-03-15T20:05:03.156596646Z"

clusters/cl01tl/helm/freshrss/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
-generated: "2026-03-15T17:51:42.0562045Z"
+generated: "2026-03-15T20:05:14.085780861Z"

clusters/cl01tl/helm/gatus/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
-generated: "2026-03-15T17:51:53.853065795Z"
+generated: "2026-03-15T20:05:27.625292422Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
   repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.21
-digest: sha256:4f1359a01b8b85722ab1805426a86f3ea64d0134513ce14fe9c55f3f918a21fb
-generated: "2026-03-09T23:02:42.799515974Z"
+  version: 0.20.22
+digest: sha256:14e5aa3f02ce6a1271dadc3f76997c739fc9434e669b05655c079d0b873c56ca
+generated: "2026-03-15T20:35:40.676997293Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.yaml

@@ -15,6 +15,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.21
+    version: 0.20.22
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/helm/gitea/Chart.lock

@@ -7,7 +7,7 @@ dependencies:
   version: 0.0.3
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.27.0
+  version: 0.28.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.4.0
@@ -23,5 +23,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:095caf06888cd4663eb5d389399ebad167861007b604016fc4907308474558ab
-generated: "2026-03-15T17:52:07.79293374Z"
+digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3
+generated: "2026-03-16T15:56:55.197735783Z"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -33,7 +33,7 @@ dependencies:
     repository: https://dl.gitea.com/charts/
     version: 0.0.3
   - name: meilisearch
-    version: 0.27.0
+    version: 0.28.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts

clusters/cl01tl/helm/gitea/values.yaml

@@ -57,6 +57,7 @@ gitea:
         ROOT_URL: https://gitea.alexlebens.dev
         LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
         START_SSH_SERVER: true
+        HTTP_PORT: 3000
         SSH_DOMAIN: gitea.alexlebens.net
         SSH_PORT: 22
         SSH_LISTEN_PORT: 22

clusters/cl01tl/helm/grafana-operator/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 digest: sha256:9cbba52d093e40b20917af87263e1fb0e478912440f660543f3527e70452edc7
-generated: "2026-03-15T17:52:27.363666106Z"
+generated: "2026-03-15T20:05:59.855514102Z"

clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml

@@ -358,6 +358,25 @@ spec:
   resyncPeriod: 1h
   url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
 
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: grafana-dashboard-tdarr
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grafana-dashboard-tdarr
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  instanceSelector:
+    matchLabels:
+      app: grafana-main
+  contentCacheDuration: 1h
+  folderUID: grafana-folder-service
+  resyncPeriod: 1h
+  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
+
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard

clusters/cl01tl/helm/harbor/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 digest: sha256:14c2b7d09631dbb573e9c9d4613ebe52e330146662da0da15f74c31ec519ed15
-generated: "2026-03-15T17:52:43.495433328Z"
+generated: "2026-03-15T20:06:13.615175051Z"

clusters/cl01tl/helm/immich/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:b79ea8c506f0172deed820247a33c79329f34426435c8b5eb27b206ac8831b13
-generated: "2026-03-15T17:53:01.416603323Z"
+generated: "2026-03-15T20:06:27.091094433Z"

clusters/cl01tl/helm/jellyfin/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.27.0
+  version: 0.28.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:ca384647a640ae717ac874a2627f00ac9a1e5c97ff5eeb8f326ebdd471ab1623
-generated: "2026-03-09T15:04:08.648165537Z"
+digest: sha256:57b007c6e19dda1300f5025332d9e8104bfb9a50cd7124260bfa68ce2432628b
+generated: "2026-03-16T15:57:13.466372254Z"

clusters/cl01tl/helm/jellyfin/Chart.yaml

@@ -25,7 +25,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.6.2
   - name: meilisearch
-    version: 0.27.0
+    version: 0.28.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/jellystat/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:f779185ce82045b47fc75bf95c4a8215acbd387f44a4bdb764486406d9b03748
-generated: "2026-03-15T17:53:14.444764813Z"
+generated: "2026-03-15T20:06:38.720993367Z"

clusters/cl01tl/helm/karakeep/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 4.6.2
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.27.0
+  version: 0.28.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.4.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:75f92316d4b6229d00e3dfa39ed5026ad39a28f833321cd3887a2048cdac34c7
-generated: "2026-03-09T22:04:48.630821646Z"
+digest: sha256:49e37e17dc859927048c6474ce27cb063a020f291d6d2d24876d0427eddc3656
+generated: "2026-03-16T15:57:28.156797159Z"

clusters/cl01tl/helm/karakeep/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.6.2
   - name: meilisearch
-    version: 0.27.0
+    version: 0.28.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts

clusters/cl01tl/helm/komodo/Chart.lock

@@ -6,4 +6,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 7.10.0
 digest: sha256:a6f33512d929c5a1b70bde6c3294902f5d707855aabbaa815f32e23aa54b266f
-generated: "2026-03-15T17:53:27.253725765Z"
+generated: "2026-03-15T20:06:49.233053802Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 82.10.3
+  version: 82.10.4
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.6.2
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:37ffa4a21ed29703cae9c9f3fb029566a1dd6af6e0fe8cc3862a2226d6644114
-generated: "2026-03-10T19:02:41.11005238Z"
+digest: sha256:d6bbbfdd1a781b5eb82c2dc8571836a43d23bf8526eac1bcd40f38030be642db
+generated: "2026-03-15T20:38:11.961621853Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -20,7 +20,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 82.10.3
+    version: 82.10.4
     repository: oci://ghcr.io/prometheus-community/charts
   - name: app-template
     alias: ntfy-alertmanager

clusters/cl01tl/helm/lidarr/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:0f1a2923a7042b364a817edc64729d5e1c18b0552555c035d974de626f372692
-generated: "2026-03-15T17:53:38.573362054Z"
+generated: "2026-03-15T20:07:00.750754951Z"

clusters/cl01tl/helm/matrix-synapse/Chart.lock

@@ -39,4 +39,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:1578e2c48447f217e72bffb3afcb6f1f15c427a4acce5dbca830cdd7045b1348
-generated: "2026-03-15T17:53:53.319976393Z"
+generated: "2026-03-15T20:07:12.751000922Z"

clusters/cl01tl/helm/ntfy/Chart.yaml

@@ -20,4 +20,4 @@ dependencies:
     version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
 # renovate: datasource=github-releases depName=binwiederhier/ntfy
-appVersion: 2.18.0
+appVersion: 2.19.0

clusters/cl01tl/helm/ntfy/values.yaml

@@ -9,7 +9,7 @@ ntfy:
         main:
           image:
             repository: binwiederhier/ntfy
-            tag: v2.18.0
+            tag: v2.19.0
             pullPolicy: IfNotPresent
           args: ["serve"]
           env:

clusters/cl01tl/helm/ollama/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:d0f47712bf5d2bab8136c43f1d5bac41860f067b53c741282a4647ce93a7cd93
-generated: "2026-03-15T17:54:10.972630195Z"
+generated: "2026-03-15T20:07:27.179378683Z"

clusters/cl01tl/helm/outline/Chart.lock

@@ -15,4 +15,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:02780454fad48c10e95851e73e45e8a98091596d9dce8ada9e361e7212e581df
-generated: "2026-03-15T17:54:24.437295193Z"
+generated: "2026-03-15T20:07:38.818063491Z"

clusters/cl01tl/helm/outline/Chart.yaml

@@ -39,4 +39,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
 # renovate: datasource=github-releases depName=outline/outline
-appVersion: 1.5.0
+appVersion: 1.6.0

clusters/cl01tl/helm/outline/values.yaml

@@ -12,7 +12,7 @@ outline:
         main:
           image:
             repository: outlinewiki/outline
-            tag: 1.5.0
+            tag: 1.6.0
             pullPolicy: IfNotPresent
           env:
             - name: NODE_ENV

clusters/cl01tl/helm/photoview/Chart.lock

@@ -6,4 +6,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 7.10.0
 digest: sha256:fe266f506edd672979091e0ad12379d6ad7dddd2c982e196e602dcda268d6f76
-generated: "2026-03-15T17:54:40.259209933Z"
+generated: "2026-03-15T20:07:52.831926834Z"

clusters/cl01tl/helm/plex/values.yaml

@@ -9,7 +9,7 @@ plex:
         main:
           image:
             repository: ghcr.io/linuxserver/plex
-            tag: 1.43.0@sha256:79dfc89947410ec120a3e34cf68f746f6f154de20772e6f27b9998ca9bd65a5e
+            tag: 1.43.0@sha256:84f8646e799f6636876ab4f283d9fc8f6c51d56098ea74cba82bfb85074b68df
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/postiz/Chart.lock

@@ -18,4 +18,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:de3fb540df1cf7385a19316741854d01e002740c0bf346f3da0ff3a809b1fc3d
-generated: "2026-03-15T17:54:52.887850682Z"
+generated: "2026-03-15T20:08:06.855136249Z"

clusters/cl01tl/helm/radarr-4k/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:d76563fe1a7a9f8ceaf6937831bd0c5511eb7369abb8eb54110dfb69e6dce224
-generated: "2026-03-15T17:55:05.545155333Z"
+generated: "2026-03-15T20:08:21.236792423Z"

clusters/cl01tl/helm/radarr-anime/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:21bde3a8778fb94e40f2177383ca418123e69f3f3f463b31d35e9f9bf83dfa9d
-generated: "2026-03-15T17:55:17.844614721Z"
+generated: "2026-03-15T20:08:35.497440433Z"

clusters/cl01tl/helm/radarr-standup/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:ebd25d2a12ca1924b66c62d6dd2c69476ae4526825020796198b65c2ebd2c6eb
-generated: "2026-03-15T17:55:30.565670113Z"
+generated: "2026-03-15T20:08:49.811429784Z"

clusters/cl01tl/helm/radarr/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:05ce0d746d9c42a00338df5e6673fde8baeefa6f598ef8c85a32e6bc393b94ca
-generated: "2026-03-15T17:55:44.280145467Z"
+generated: "2026-03-15T20:09:03.538226001Z"

clusters/cl01tl/helm/roundcube/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856
-generated: "2026-03-15T17:55:56.664735635Z"
+generated: "2026-03-15T20:09:18.053504671Z"

clusters/cl01tl/helm/rybbit/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa
-generated: "2026-03-15T17:56:11.153595526Z"
+generated: "2026-03-15T20:09:33.800790437Z"

clusters/cl01tl/helm/site-documentation/values.yaml

@@ -11,7 +11,7 @@ site-documentation:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.2.0
+            tag: 0.3.0
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/helm/site-profile/values.yaml

@@ -11,7 +11,7 @@ site-profile:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-profile
-            tag: 3.12.1
+            tag: 3.13.0
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/helm/sonarr-4k/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:27cc019786592c0e7fce9509543792c9f281a4e676c463ce5d6ba2a6df05e3b2
-generated: "2026-03-15T17:56:24.687596728Z"
+generated: "2026-03-15T20:09:49.767646568Z"

clusters/cl01tl/helm/sonarr-anime/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:0f8016577e9fedaf8e5bd36688da2bf19b51185bc8100b817b64ce48ec87433b
-generated: "2026-03-15T17:56:39.105428794Z"
+generated: "2026-03-15T20:10:04.000906771Z"

clusters/cl01tl/helm/sonarr/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:a20b4dd7e2f0c8777ed2be1bd2c702bc4d7cfeb51e4a29d781c041c555821aa1
-generated: "2026-03-15T17:56:51.305050861Z"
+generated: "2026-03-15T20:10:17.242764683Z"

clusters/cl01tl/helm/stalwart/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:6ffe4bd6af377f2ba5134389027e86085928d5e1108bb5ecf0d4b1e4cc908b67
-generated: "2026-03-15T17:57:04.378433691Z"
+generated: "2026-03-15T20:10:31.966910173Z"

clusters/cl01tl/helm/tdarr/values.yaml

@@ -165,6 +165,7 @@ tdarr:
 tdarr-exporter:
   image:
     name: homeylab/tdarr-exporter
+    # renovate: datasource=docker depName=homeylab/tdarr-exporter
     tag: 1.4.2
   metrics:
     serviceMonitor:

clusters/cl01tl/helm/traefik/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 39.0.5
 - name: traefik-crds
   repository: https://traefik.github.io/charts
-  version: 1.14.0
-digest: sha256:8ae6a524708becb7af3a30d2ca4e671c92b7627842f6c6917656526298e2eba5
-generated: "2026-03-09T17:04:21.522089828Z"
+  version: 1.15.0
+digest: sha256:8edf8d2dcabdba2c2b8d6a9508f001ba5ef4bec205423f864b92f2adedd73b60
+generated: "2026-03-16T15:32:49.364653199Z"

clusters/cl01tl/helm/traefik/Chart.yaml

@@ -18,7 +18,7 @@ dependencies:
     version: 39.0.5
     repository: https://traefik.github.io/charts
   - name: traefik-crds
-    version: 1.14.0
+    version: 1.15.0
     repository: https://traefik.github.io/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
 # renovate: datasource=github-releases depName=traefik/traefik

clusters/cl01tl/helm/trivy/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: trivy-operator
+  repository: https://aquasecurity.github.io/helm-charts/
+  version: 0.32.1
+digest: sha256:7e25850fc3115f52e6c65151c76668929eee6713228e935862d9f156397c2ede
+generated: "2026-03-15T17:21:41.373519-05:00"

clusters/cl01tl/helm/trivy/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: trivy
+version: 1.0.0
+description: Trivy
+keywords:
+  - trivy
+  - vulnerability
+  - monitoring
+  - kubernetes
+home: https://wiki.alexlebens.dev/s/
+sources:
+  - https://github.com/aquasecurity/trivy
+  - https://github.com/aquasecurity/trivy-operator
+  - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: trivy-operator
+    version: 0.32.1
+    repository: https://aquasecurity.github.io/helm-charts/
+icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
+# renovate: github=aquasecurity/trivy
+appVersion: 0.32.1

clusters/cl01tl/helm/trivy/templates/namespace.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: trivy
+  labels:
+    app.kubernetes.io/name: trivy
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/helm/trivy/values.yaml

@@ -0,0 +1,87 @@
+trivy-operator:
+  targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
+  operator:
+    replicas: 1
+    scanJobsConcurrentLimit: 3
+    vulnerabilityScannerEnabled: true
+    sbomGenerationEnabled: true
+    clusterSbomCacheEnabled: true
+    configAuditScannerEnabled: true
+    rbacAssessmentScannerEnabled: true
+    infraAssessmentScannerEnabled: true
+    clusterComplianceEnabled: false
+    vulnerabilityScannerScanOnlyCurrentRevisions: true
+    accessGlobalSecretsAndServiceAccount: true
+    metricsFindingsEnabled: true
+    exposedSecretScannerEnabled: true
+  serviceMonitor:
+    enabled: true
+  trivy:
+    createConfig: true
+    image:
+      registry: mirror.gcr.io
+      repository: aquasec/trivy
+      tag: 0.69.3
+    storageClassEnabled: true
+    storageClassName: ceph-block
+    storageSize: "10Gi"
+    registry:
+      mirror:
+        "registry-1.docker.io": proxy-registry-1.docker.io
+        "quay.io": proxy-quay.io
+        "registry.k8s.io": proxy-registry.k8s
+        "gcr.io": proxy-gcr.io
+        "ghcr.io": proxy-ghcr.io
+        "hub.docker": proxy-hub.docker
+    severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+    slow: true
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128M
+    supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
+    server:
+      resources:
+        requests:
+          cpu: 200m
+          memory: 512Mi
+      replicas: 1
+nodeCollector:
+  volumeMounts:
+    - name: var-lib-etcd
+      mountPath: /var/lib/etcd
+      readOnly: true
+    - name: var-lib-kubelet
+      mountPath: /var/lib/kubelet
+      readOnly: true
+    - name: var-lib-kube-scheduler
+      mountPath: /var/lib/kube-scheduler
+      readOnly: true
+    - name: var-lib-kube-controller-manager
+      mountPath: /var/lib/kube-controller-manager
+      readOnly: true
+    - name: etc-kubernetes
+      mountPath: /etc/kubernetes
+      readOnly: true
+    - name: etc-cni-netd
+      mountPath: /etc/cni/net.d/
+      readOnly: true
+  volumes:
+    - name: var-lib-etcd
+      hostPath:
+        path: /var/lib/etcd
+    - name: var-lib-kubelet
+      hostPath:
+        path: /var/lib/kubelet
+    - name: var-lib-kube-scheduler
+      hostPath:
+        path: /var/lib/kube-scheduler
+    - name: var-lib-kube-controller-manager
+      hostPath:
+        path: /var/lib/kube-controller-manager
+    - name: etc-kubernetes
+      hostPath:
+        path: /etc/kubernetes
+    - name: etc-cni-netd
+      hostPath:
+        path: /etc/cni/net.d/

clusters/cl01tl/helm/vaultwarden/Chart.lock

@@ -12,4 +12,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1
-generated: "2026-03-15T17:57:17.405059956Z"
+generated: "2026-03-15T20:10:47.852109985Z"

clusters/cl01tl/helm/yamtrack/Chart.lock

@@ -9,4 +9,4 @@ dependencies:
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
-generated: "2026-03-15T17:57:30.586754631Z"
+generated: "2026-03-15T20:11:03.591727143Z"

renovate.json

@@ -57,6 +57,9 @@
   "labels": [],
   "prHourlyLimit": 0,
   "prConcurrentLimit": 0,
+  "baseBranchPatterns": [
+    "main"
+  ],
   "packageRules": [
     {
       "description": "Label charts",