feat: remove push render

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [freikin/dawarich](https://github.com/Freika/dawarich) | patch | `1.3.3` → `1.3.4` |

---

### Release Notes

<details>
<summary>Freika/dawarich (freikin/dawarich)</summary>

### [`v1.3.4`](https://github.com/Freika/dawarich/blob/HEAD/CHANGELOG.md#134---2026-03-15)

[Compare Source](https://github.com/Freika/dawarich/compare/1.3.3...1.3.4)

##### Changed

- Redesigned onboarding modal with two paths: "I have data" (inline file import) and "Start tracking" (app download + QR code). New users with existing location data can now start importing within 2 clicks of signing up.
- Onboarding completion is now persisted server-side (`settings.onboarding_completed`) instead of relying solely on localStorage, preventing the modal from reappearing after browser data clears.
- Route opacity data migration now runs as a background job instead of inline during migration, improving deployment reliability for large instances.

##### Fixed

- Fix admin and supporter tooltip overflowing the page on narrow screens. [#&#8203;1449](https://github.com/Freika/dawarich/issues/1449)
- Fix date navigation arrow tooltips overlapping with the navbar on map pages. [#&#8203;2229](https://github.com/Freika/dawarich/issues/2229) [#&#8203;2100](https://github.com/Freika/dawarich/issues/2100)
- Fix infinite loading spinner when a trip has no points in its date range. [#&#8203;2293](https://github.com/Freika/dawarich/issues/2293)
- Fix Insights monthly digest panels disappearing when switching months. [#&#8203;2305](https://github.com/Freika/dawarich/issues/2305)
- Fix suggested visit confirm/decline not removing the visit from the list. [#&#8203;2307](https://github.com/Freika/dawarich/issues/2307)
- Fix Stats page reloading when clicking "countries, cities" link. [#&#8203;2270](https://github.com/Freika/dawarich/issues/2270)
- Fix map base layer selection not being restored after page reload (Maps v1). [#&#8203;2093](https://github.com/Freika/dawarich/issues/2093)
- Fix duplicate country names in stats caused by geocoder returning different spellings. [#&#8203;2044](https://github.com/Freika/dawarich/issues/2044)
- Fix total distance display overlapping layer picker when distance is in miles. [#&#8203;2017](https://github.com/Freika/dawarich/issues/2017)
- Fix default route opacity displaying as 6000% for new users. [#&#8203;1891](https://github.com/Freika/dawarich/issues/1891)
- Fix shared month stats map missing hexagons from the last day of the month. [#&#8203;1934](https://github.com/Freika/dawarich/issues/1934)
- Fix Nominatim reverse geocoder producing all places named "Suggested place" instead of actual place names. [#&#8203;2182](https://github.com/Freika/dawarich/issues/2182)
- Fix IDL-crossing route segmenter returning inconsistent coordinate types. `unwrapCoordinates` now always returns a uniform array-of-arrays structure. [#&#8203;2038](https://github.com/Freika/dawarich/issues/2038)
- Fix a migration taking too long. [#&#8203;2375](https://github.com/Freika/dawarich/issues/2375)
- Fix family sharing not including the requesting user's own location. [#&#8203;2153](https://github.com/Freika/dawarich/issues/2153)
- The "Destroy" button on the trip page is now orange. [#&#8203;2348](https://github.com/Freika/dawarich/issues/2348)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4767
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

.gitea/workflows/lint-test-docker.yaml

@@ -14,7 +14,7 @@ on:
       - 'hosts/**'
 
 env:
-  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
+  BASE_BRANCH: "origin/${{ github.base_ref }}"
 
 jobs:
   lint-docker-compose:
@@ -36,19 +36,20 @@ jobs:
         id: branch-exists
         if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
         run: |
-          if [ ${{ github.event_name == 'push' }} ]; then
+          if [ "${{ github.event_name }}" == "push" ]; then
             echo ">> Action is from a push event, will continue with linting"
 
           else
-            echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
+            echo ">> Branch ${{ github.base_ref }} exists, will continue with linting"
 
           fi
 
+          echo ""
           echo "----"
 
-          echo "exists=true" >> $GITEA_OUTPUT
+          echo "exists=true" >> $GITHUB_OUTPUT
 
-      - name: Set up Node.js
+      - name: Set Up Node.js
         if: steps.branch-exists.outputs.exists == 'true'
         uses: actions/setup-node@v6
         with:
@@ -58,58 +59,48 @@ jobs:
         id: check-dir-changes
         if: steps.branch-exists.outputs.exists == 'true'
         run: |
-          CHANGED_COMPOSE=()
-
           echo ">> Target branch for diff is: ${BASE_BRANCH}"
 
           if [ "${{ github.event_name }}" == "pull_request" ]; then
+            DIFF_TARGET="${BASE_BRANCH}"
             echo ""
             echo ">> Checking for changes in a pull request ..."
-            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
+
           else
+            DIFF_TARGET="${{ github.event.before }}..HEAD"
             echo ""
             echo ">> Checking for changes from a push ..."
-            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
-          fi
-
-          if [ -n "${GIT_DIFF}" ]; then
-            echo ""
-            echo ">> Changes detected:"
-            echo "$GIT_DIFF"
-
-            for path in $GIT_DIFF; do
-              if echo "$path" | grep -q -E "hosts/[^/]+/[^/]+"; then
-                echo ""
-                echo ">> Adding path: $path"
-                CHANGED_COMPOSE+=$(echo "$path")
-                CHANGED_COMPOSE+=$(echo " ")
-              fi
-            done
-
-          else
-            echo ""
-            echo ">> No changes detected"
 
           fi
 
+          CHANGED_COMPOSE=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^hosts/[^/]+/[^/]+/" | cut -d/ -f1,2,3 | sort -u || true)
+
           if [ -n "${CHANGED_COMPOSE}" ]; then
             echo ""
             echo ">> Compose to Lint:"
-            echo "$(echo "${CHANGED_COMPOSE}" | sort -u)"
+            echo ""
+            echo "${CHANGED_COMPOSE}"
 
+            CHANGED_COMPOSE_CSV=$(echo "$CHANGED_COMPOSE" | paste -sd ',' -)
+
+            echo ""
             echo "----"
 
-            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "changes-detected=true" >> $GITHUB_OUTPUT
-            echo "compose-dir<<EOF" >> $GITEA_OUTPUT
+            echo "compose-dir-csv=${CHANGED_COMPOSE_CSV}" >> $GITHUB_OUTPUT
-            echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
+            echo "compose-dir<<EOF" >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITEA_OUTPUT
+            echo "${CHANGED_COMPOSE}" >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+
           else
             echo ""
             echo ">> Did not find any docker compose files to lint"
 
+            echo ""
             echo "----"
 
-            echo "changes-detected=false" >> $GITEA_OUTPUT
+            echo "changes-detected=false" >> $GITHUB_OUTPUT
+
           fi
 
       - name: Lint Docker Compose
@@ -117,25 +108,27 @@ jobs:
         env:
           CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
         run: |
-          echo ">> Running dclint on changed compose files:"
+          echo ">> Running dclint on changed compose files ..."
-          echo "$CHANGED_COMPOSE"
+
+          for COMPOSE in $CHANGED_COMPOSE; do
+            echo ">> Linting ${COMPOSE} ..."
+            npx dclint ${COMPOSE}
 
-          for compose in $CHANGED_COMPOSE; do
-            echo ">> Linting $compose ..."
-            npx dclint $compose
           done
 
+          echo ""
+          echo "----"
+
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master
         if: failure()
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Test Failure - Infrastructure'
+          title: 'Docker Compose Test Failure'
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,failed
-          details: 'Docker linting on Pull Request for Infrastructure has failed!'
+          details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}"
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
+          actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
-          image: true

.gitea/workflows/lint-test-helm.yaml

@@ -15,11 +15,17 @@ on:
 
 env:
   CLUSTER: cl01tl
-  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
+  BASE_BRANCH: "origin/${{ github.base_ref }}"
+  # renovate: datasource=github-releases depName=yannh/kubeconform
+  KUBECONFORM_VERSION: "v0.6.7"
 
 jobs:
   lint-helm:
     runs-on: ubuntu-js
+    outputs:
+      chart-dir: ${{ steps.check-dir-changes.outputs.chart-dir }}
+      chart-dir-csv: ${{ steps.check-dir-changes.outputs.chart-dir-csv }}
+      changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -31,88 +37,91 @@ jobs:
         if: github.event_name == 'pull_request'
         uses: GuillaumeFalourd/branch-exists@v1.1
         with:
-          branch: ${{ gitea.base_ref }}
+          branch: ${{ github.base_ref }}
 
       - name: Report Branch Exists
         id: branch-exists
         if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
         run: |
-          if [ ${{ github.event_name == 'push' }} ]; then
+          if [ "${{ github.event_name }}" == "push" ]; then
             echo ">> Action is from a push event, will continue with linting"
 
           else
-            echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
+            echo ">> Branch ${{ github.base_ref }} exists, will continue with linting"
 
           fi
 
+          echo ""
           echo "----"
 
-          echo "exists=true" >> $GITEA_OUTPUT
+          echo "exists=true" >> $GITHUB_OUTPUT
 
-      - name: Set up Helm
+      - name: Set Up Helm
         if: steps.branch-exists.outputs.exists == 'true'
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.19.2
+          # renovate: datasource=github-releases depName=helm/helm
+          version: v4.1.3
           cache: true
 
+      - name: Cache Helm Dependencies
+        if: steps.branch-exists.outputs.exists == 'true'
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
       - name: Check Directories for Changes
         id: check-dir-changes
         if: steps.branch-exists.outputs.exists == 'true'
         run: |
-          CHANGED_CHARTS=()
-
           echo ">> Target branch for diff is: ${BASE_BRANCH}"
 
           if [ "${{ github.event_name }}" == "pull_request" ]; then
+            DIFF_TARGET="${BASE_BRANCH}"
             echo ""
             echo ">> Checking for changes in a pull request ..."
-            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
+
           else
+            DIFF_TARGET="${{ github.event.before }}..HEAD"
             echo ""
             echo ">> Checking for changes from a push ..."
-            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
-          fi
-
-          if [ -n "${GIT_DIFF}" ]; then
-            echo ""
-            echo ">> Changes detected:"
-            echo "$GIT_DIFF"
-
-            for path in $GIT_DIFF; do
-              if echo "$path" | grep -q -E "clusters/[^/]+/helm/[^/]+"; then
-                echo ""
-                echo ">> Adding path: $path"
-                CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
-                CHANGED_CHARTS+=$(echo "\n")
-              fi
-            done
-
-          else
-            echo ""
-            echo ">> No changes detected"
 
           fi
 
+          CHANGED_CHARTS=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
+
           if [ -n "${CHANGED_CHARTS}" ]; then
             echo ""
             echo ">> Chart to Lint:"
-            echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
+            echo ""
+            echo "${CHANGED_CHARTS}"
 
+            CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
+
+            echo ""
             echo "----"
 
-            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "changes-detected=true" >> $GITHUB_OUTPUT
-            echo "chart-dir<<EOF" >> $GITEA_OUTPUT
+            echo "chart-dir-csv=${CHANGED_CHARTS_CSV}" >> $GITHUB_OUTPUT
-            echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
+            echo "chart-dir<<EOF" >> $GITHUB_OUTPUT
-            echo "EOF" >> $GITEA_OUTPUT
+            echo "${CHANGED_CHARTS}" >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+
           else
             echo ""
             echo ">> Did not find any helm charts files to lint"
 
+            echo ""
             echo "----"
 
-            echo "changes-detected=false" >> $GITEA_OUTPUT
+            echo "changes-detected=false" >> $GITHUB_OUTPUT
+
           fi
 
       - name: Add Repositories
@@ -121,68 +130,238 @@ jobs:
           CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
         run: |
           echo ">> Adding repositories for chart dependencies ..."
-          for dir in ${CHANGED_CHARTS}; do
+          echo ""
-            helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+
-              | tail +2 | head -n -1 \
+          for DIR in ${CHANGED_CHARTS}; do
-              | awk '{ print "helm repo add " $1 " " $3 }' \
+            helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
-              | while read cmd; do
+              | tail -n +2 \
-                if [[ "$cmd" == "*oci://*" ]]; then
+              | awk 'NF > 0 { print $1, $3 }' \
-                  echo ">> Ignoring OCI repo"
+              | while read -r REPO_NAME REPO_URL; do
-                else
+                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ">> Command: $cmd"
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-                  echo "$cmd" | sh;
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
                 fi
+
               done || true
           done
 
-          if helm repo list | tail +2 | read -r; then
+          if helm repo list > /dev/null 2>&1; then
             echo ""
             echo ">> Update repository cache ..."
             helm repo update
+
           fi
 
+          echo ""
           echo "----"
 
       - name: Lint Helm Chart
+        id: lint
         if: steps.check-dir-changes.outputs.changes-detected == 'true'
         env:
           CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
         run: |
+          EXIT_CODE=0
+          FAILED_CHARTS=""
+
           echo ">> Running linting on changed charts ..."
 
-          for dir in ${CHANGED_CHARTS}; do
+          for DIR in ${CHANGED_CHARTS}; do
-            chart_path=clusters/${CLUSTER}/helm/$dir
+            CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
-            chart_name=$(basename "$chart_path")
+            CHART_NAME=$(basename "${CHART_PATH}")
 
-            if [ -f "$chart_path/Chart.yaml" ]; then
+            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              cd $chart_path
+              echo ""
+              echo ">> Building helm dependency for ${CHART_NAME} ..."
+              helm dependency build "${CHART_PATH}" --skip-refresh
 
               echo ""
-              echo ">> Building helm dependency ..."
+              echo ">> Linting helm chart ${CHART_NAME} ..."
-              helm dependency build --skip-refresh
 
-              echo ""
+              if ! helm lint "${CHART_PATH}" --namespace "default"; then
-              echo ">> Linting helm ..."
+                EXIT_CODE=1
-              helm lint --namespace "$chart_name"
+
+                if [ -z "${FAILED_CHARTS}" ]; then
+                  FAILED_CHARTS="${DIR}"
+
+                else
+                  FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
+
+                fi
+              fi
 
             else
               echo ""
-              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
-              echo ""
+
             fi
+
           done
 
+          echo ""
+          echo "----"
+
+          echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
+
+          exit $EXIT_CODE
+
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master
         if: failure()
         with:
           url: '${{ secrets.NTFY_URL }}'
           topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Test Failure - Infrastructure'
+          title: 'Helm Test Failure'
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,failed
-          details: 'Helm linting on Pull Request for Infrastructure has failed!'
+          details: "Helm linting for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.lint.outputs.failed-charts }}"
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
+          actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
+          image: true
+
+  validate-kubeconform:
+    needs: lint-helm
+    runs-on: ubuntu-js
+    if: |
+      needs.lint-helm.result == 'success' &&
+      needs.lint-helm.outputs.changes-detected == 'true' &&
+      github.event_name == 'pull_request'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Install Kubeconform
+        run: |
+          echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
+          wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
+
+          echo ""
+          echo ">> Extracting Kubeconform ..."
+          tar xf kubeconform-linux-amd64.tar.gz
+
+          echo ""
+          echo ">> Installing Kubeconform ..."
+          sudo mv kubeconform /usr/local/bin/
+
+          echo ""
+          echo ">> Verifying installation ..."
+          kubeconform -v
+
+          echo ""
+          echo "----"
+
+      - name: Set Up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          # renovate: datasource=github-releases depName=helm/helm
+          version: v4.1.3
+          cache: true
+
+      - name: Cache Helm Dependencies
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
+      - name: Add Repositories
+        env:
+          CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
+        run: |
+          echo ">> Adding repositories for chart dependencies ..."
+          echo ""
+
+          for DIR in ${CHANGED_CHARTS}; do
+            helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
+              | tail -n +2 \
+              | awk 'NF > 0 { print $1, $3 }' \
+              | while read -r REPO_NAME REPO_URL; do
+                if [[ "${REPO_URL}" == oci://* ]]; then
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
+                fi
+
+              done || true
+          done
+
+          if helm repo list > /dev/null 2>&1; then
+            echo ""
+            echo ">> Update repository cache ..."
+            helm repo update
+
+          fi
+
+          echo ""
+          echo "----"
+
+      - name: Validate Rendered Templates
+        id: validate
+        env:
+          CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
+        run: |
+          SCHEMA_LOCATIONS="-schema-location default -schema-location https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
+
+          EXIT_CODE=0
+          FAILED_CHARTS=""
+
+          for DIR in ${CHANGED_CHARTS}; do
+            CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
+            echo ""
+            echo ">> Validating: ${DIR}"
+
+            helm dependency build "${CHART_PATH}" --skip-refresh
+
+            if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
+              kubeconform \
+                ${SCHEMA_LOCATIONS} \
+                -ignore-missing-schemas \
+                -strict \
+                -summary; then
+
+              EXIT_CODE=1
+
+              if [ -z "${FAILED_CHARTS}" ]; then
+                FAILED_CHARTS="${DIR}"
+
+              else
+                FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
+
+              fi
+            fi
+
+          done
+
+          echo ""
+          echo "----"
+
+          echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
+
+          exit $EXIT_CODE
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Kubeconform Test Failure'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Kubeconform for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.validate.outputs.failed-charts }}"
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
           image: true

.gitea/workflows/render-manifests-automerge.yaml

@@ -1,13 +1,14 @@
 name: render-manifests-automerge
 
 on:
-  pull_request:
+  workflow_dispatch:
-    branches:
+  # pull_request:
-      - main
+  #   branches:
-    paths:
+  #     - main
-      - 'clusters/cl01tl/helm/**'
+  #   paths:
-    types:
+  #     - 'clusters/cl01tl/helm/**'
-      - closed
+  #   types:
+  #     - closed
 
 env:
   CLUSTER: cl01tl
@@ -46,6 +47,16 @@ jobs:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
+      - name: Cache Helm Dependencies
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
       - name: Prepare Manifest Branch
         id: prepare-manifest-branch
         run: |
@@ -53,10 +64,12 @@ jobs:
 
           BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
 
+          echo ""
           echo ">> Configure git to use gitea-bot as user ..."
           git config user.name "gitea-bot"
           git config user.email "gitea-bot@alexlebens.net"
 
+          echo ""
           echo ">> Creating branch ..."
           git checkout -b $BRANCH_NAME
 
@@ -67,38 +80,31 @@ jobs:
       - name: Check which Directories have Changes
         id: check-dir-changes
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
-
-          RENDER_DIR=()
 
+          echo ""
           echo ">> Checking for changes from HEAD^..HEAD ..."
-          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
 
-          if [ -n "${GIT_DIFF}" ]; then
+          # Extract the chart names from the git diff
-            echo ">> Changes detected:"
+          RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
-            echo "$GIT_DIFF"
-            for path in $GIT_DIFF; do
-              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
-              RENDER_DIR+=$(echo " ")
-            done
-
-          else
-            echo ">> No changes detected"
-
-          fi
 
           if [ -n "${RENDER_DIR}" ]; then
+            echo ""
             echo ">> Directories to Render:"
-            echo "$(echo "${RENDER_DIR}" | sort -u)"
+            echo "${RENDER_DIR}"
 
             echo "----"
 
-            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
+            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> $GITEA_OUTPUT
+            echo "EOF" >> "$GITEA_OUTPUT"
+
           else
-            echo "changes-detected=false" >> $GITEA_OUTPUT
+            echo ""
+            echo ">> No chart changes detected"
+            echo "changes-detected=false" >> "$GITEA_OUTPUT"
+
           fi
 
       - name: Add Repositories
@@ -106,25 +112,31 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
 
+          echo ""
           echo ">> Adding repositories for chart dependencies ..."
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail +2 | head -n -1 \
+              | tail -n +2 \
-              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | awk 'NF > 0 { print $1, $3 }' \
-              | while read cmd; do
+              | while read -r REPO_NAME REPO_URL; do
-                if [[ "$cmd" == "*oci://*" ]]; then
+                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ">> Ignoring OCI repo"
+                  echo ""
-                else
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-                  echo "$cmd" | sh;
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
                 fi
               done || true
           done
 
-          if helm repo list | tail +2 | read -r; then
+          if helm repo list > /dev/null 2>&1; then
+            echo ""
             echo ">> Update repository cache ..."
             helm repo update
+
           fi
 
           echo "----"
@@ -134,15 +146,16 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Remove manfiest files and rebuild from source ..."
 
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
 
-            echo "$chart_path"
+            echo "${CHART_PATH}"
-            rm -rf $chart_path/*
+            rm -rf ${CHART_PATH}/*
           done
 
           echo "----"
@@ -155,60 +168,57 @@ jobs:
         run: |
           cd ${MAIN_DIR}
 
+          echo ""
           echo ">> Rendering Manifests ..."
 
-          for dir in ${RENDER_DIR}; do
+          render_chart() {
-            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            local DIR="$1"
-            chart_name=$(basename "$chart_path")
+            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
+            local CHART_NAME=$(basename "${CHART_PATH}")
 
             echo ""
-            echo ""
+            echo ">> Rendering ..."
-            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Chart path $chart_path"
+            echo ">> Path: ${CHART_PATH}"
 
-            if [ -f "$chart_path/Chart.yaml" ]; then
+            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-              TEMPLATE=""
 
-              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+              mkdir -p "${OUTPUT_FOLDER}"
-
+              cd "${CHART_PATH}"
-              cd $chart_path
 
               echo ""
-              echo ">> Updating helm dependency ..."
+              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh
+              helm dependency update --skip-refresh > /dev/null
 
               echo ""
-              echo ">> Building helm dependency ..."
+              echo ">> Linting helm chart ..."
-              helm dependency build --skip-refresh
+              helm lint --namespace "${CHART_NAME}" --quiet
 
-              echo ""
+              local NAMESPACE="${CHART_NAME}"
-              echo ">> Linting helm ..."
+              case "${CHART_NAME}" in
-              helm lint --namespace "$chart_name"
-
-              echo ""
-              echo ">> Rendering templates ..."
-              case "$chart_name" in
                 "stack")
+                  NAMESPACE="argocd"
                   echo ""
-                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
-                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
+                  NAMESPACE="kube-system"
                   echo ""
-                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
                 *)
                   echo ""
-                  echo ">> Standard Rendering for $chart_name ..."
+                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-                  ;;
               esac
 
               echo ""
               echo ">> Formating rendered template ..."
-              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+              local TEMPLATE
+              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
+
+              # Format and split rendered template
+              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
 
               # Strip comments again to ensure formatting correctness
               for file in "$OUTPUT_FOLDER"/*; do
@@ -216,15 +226,23 @@ jobs:
               done
 
               echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
               ls $OUTPUT_FOLDER
               echo ""
             else
               echo ""
-              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
               echo ""
             fi
-          done
+          }
+
+          export -f render_chart
+          export MAIN_DIR CLUSTER MANIFEST_DIR
+
+          # Run rendering in parallel
+          for DIR in ${RENDER_DIR}; do
+            echo "${DIR}"
+          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
 
           echo "----"
 
@@ -232,16 +250,18 @@ jobs:
         id: check-changes
         if: steps.check-dir-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
           GIT_CHANGES=$(git status --porcelain)
 
-          if [ -n "$GIT_CHANGES" ]; then
+          if [ -n "${GIT_CHANGES}" ]; then
+            echo ""
             echo ">> Changes detected"
             git status --porcelain
             echo "changes-detected=true" >> $GITEA_OUTPUT
 
           else
+            echo ""
             echo ">> No changes detected, skipping PR creation"
 
           fi
@@ -254,19 +274,22 @@ jobs:
         env:
           BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Commiting changes to ${BRANCH_NAME} ..."
           git add .
           git commit -m "chore: Update manifests after automerge"
 
           REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ">> Pushing changes to $REPO_URL ..."
+          echo ""
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+          echo ">> Pushing changes to ${REPO_URL} ..."
+
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
 
           echo "----"
 
-          echo "push=true" >> $GITEA_OUTPUT
+          echo "push=true" >> "$GITEA_OUTPUT"
 
       - name: Create Pull Request
         id: create-pull-request

.gitea/workflows/render-manifests-dispatch.yaml

@@ -1,10 +1,11 @@
 name: render-manifests-dispatch
 
 on:
-  schedule:
-    - cron: '0 3 * * *'
-
   workflow_dispatch:
+  # schedule:
+  #   - cron: '0 15 * * *'
+
+  # workflow_dispatch:
 
 env:
   CLUSTER: cl01tl
@@ -43,24 +44,39 @@ jobs:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
+      - name: Cache Helm Dependencies
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
       - name: Prepare Manifest Branch
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Configure git to use gitea-bot as user ..."
           git config user.name "gitea-bot"
           git config user.email "gitea-bot@alexlebens.net"
 
+          echo ""
           echo ">> Checking if PR branch exists ..."
-          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+          if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
+            echo ""
             echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
             git fetch origin "${BRANCH_NAME}"
             git checkout "${BRANCH_NAME}"
             git pull --rebase
 
           else
+            echo ""
             echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
-            git checkout -b $BRANCH_NAME
+            git checkout -b "${BRANCH_NAME}"
+
           fi
 
           echo "----"
@@ -68,25 +84,29 @@ jobs:
       - name: Check which Directories have Changes
         id: check-dir-changes
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
-
-          RENDER_DIR=()
 
+          echo ""
           echo ">> Triggered on dispatch, will check all paths ..."
-          RENDER_DIR+=$(ls clusters/cl01tl/helm/)
+
+          # Extract names of charts
+          RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
 
           if [ -n "${RENDER_DIR}" ]; then
+            echo ""
             echo ">> Directories to Render:"
-            echo "$(echo "${RENDER_DIR}" | sort -u)"
+            echo "${RENDER_DIR}"
-
             echo "----"
 
-            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
+            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> $GITEA_OUTPUT
+            echo "EOF" >> "$GITEA_OUTPUT"
+
           else
-            echo "changes-detected=false" >> $GITEA_OUTPUT
+            echo ">> No directories found"
+            echo "changes-detected=false" >> "$GITEA_OUTPUT"
+
           fi
 
       - name: Add Repositories
@@ -94,29 +114,54 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
 
+          echo ""
           echo ">> Adding repositories for chart dependencies ..."
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail +2 | head -n -1 \
+              | tail -n +2 \
-              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | awk 'NF > 0 { print $1, $3 }' \
-              | while read cmd; do
+              | while read -r REPO_NAME REPO_URL; do
-                if [[ "$cmd" == "*oci://*" ]]; then
+                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ">> Ignoring OCI repo"
+                  echo ""
-                else
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-                  echo "$cmd" | sh;
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
                 fi
               done || true
           done
 
-          if helm repo list | tail +2 | read -r; then
+          if helm repo list > /dev/null 2>&1; then
+            echo ""
             echo ">> Update repository cache ..."
             helm repo update
+
           fi
 
           echo "----"
 
+      - name: Remove Changed Manifest Files
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          echo ""
+          echo ">> Remove manfiest files and rebuild from source ..."
+
+          for DIR in ${RENDER_DIR}; do
+            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
+
+            echo "${CHART_PATH}"
+            rm -rf ${CHART_PATH}/*
+          done
+
+          echo "----"
+
       - name: Render Helm Manifests
         id: render-manifests
         if: steps.check-dir-changes.outputs.changes-detected == 'true'
@@ -125,60 +170,57 @@ jobs:
         run: |
           cd ${MAIN_DIR}
 
+          echo ""
           echo ">> Rendering Manifests ..."
 
-          for dir in ${RENDER_DIR}; do
+          render_chart() {
-            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            local DIR="$1"
-            chart_name=$(basename "$chart_path")
+            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
+            local CHART_NAME=$(basename "${CHART_PATH}")
 
             echo ""
-            echo ""
+            echo ">> Rendering ..."
-            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Chart path $chart_path"
+            echo ">> Path: ${CHART_PATH}"
 
-            if [ -f "$chart_path/Chart.yaml" ]; then
+            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-              TEMPLATE=""
 
-              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+              mkdir -p "${OUTPUT_FOLDER}"
-
+              cd "${CHART_PATH}"
-              cd $chart_path
 
               echo ""
-              echo ">> Updating helm dependency ..."
+              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh
+              helm dependency update --skip-refresh > /dev/null
 
               echo ""
-              echo ">> Building helm dependency ..."
+              echo ">> Linting helm chart ..."
-              helm dependency build --skip-refresh
+              helm lint --namespace "${CHART_NAME}" --quiet
 
-              echo ""
+              local NAMESPACE="${CHART_NAME}"
-              echo ">> Linting helm ..."
+              case "${CHART_NAME}" in
-              helm lint --namespace "$chart_name"
-
-              echo ""
-              echo ">> Rendering templates ..."
-              case "$chart_name" in
                 "stack")
+                  NAMESPACE="argocd"
                   echo ""
-                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
-                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
+                  NAMESPACE="kube-system"
                   echo ""
-                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
                 *)
                   echo ""
-                  echo ">> Standard Rendering for $chart_name ..."
+                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-                  ;;
               esac
 
               echo ""
               echo ">> Formating rendered template ..."
-              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+              local TEMPLATE
+              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
+
+              # Format and split rendered template
+              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
 
               # Strip comments again to ensure formatting correctness
               for file in "$OUTPUT_FOLDER"/*; do
@@ -186,15 +228,23 @@ jobs:
               done
 
               echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
               ls $OUTPUT_FOLDER
               echo ""
             else
               echo ""
-              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
               echo ""
             fi
-          done
+          }
+
+          export -f render_chart
+          export MAIN_DIR CLUSTER MANIFEST_DIR
+
+          # Run rendering in parallel
+          for DIR in ${RENDER_DIR}; do
+            echo "${DIR}"
+          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
 
           echo "----"
 
@@ -202,16 +252,18 @@ jobs:
         id: check-changes
         if: steps.check-dir-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
           GIT_CHANGES=$(git status --porcelain)
 
-          if [ -n "$GIT_CHANGES" ]; then
+          if [ -n "${GIT_CHANGES}" ]; then
+            echo ""
             echo ">> Changes detected"
             git status --porcelain
             echo "changes-detected=true" >> $GITEA_OUTPUT
 
           else
+            echo ""
             echo ">> No changes detected, skipping PR creation"
 
           fi
@@ -222,20 +274,23 @@ jobs:
         id: commit-push
         if: steps.check-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Commiting changes to ${BRANCH_NAME} ..."
           git add .
           git commit -m "chore: Update manifests after change"
 
           REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ">> Pushing changes to $REPO_URL ..."
+          echo ""
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+          echo ">> Pushing changes to ${REPO_URL} ..."
+
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
 
           echo "----"
 
-          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
-          echo "push=true" >> $GITEA_OUTPUT
+          echo "push=true" >> "$GITEA_OUTPUT"
 
       - name: Check for Pull Request
         id: check-for-pull-requst

.gitea/workflows/render-manifests-merge.yaml

@@ -1,13 +1,14 @@
 name: render-manifests-merge
 
 on:
-  pull_request:
+  workflow_dispatch:
-    branches:
+  # pull_request:
-      - main
+  #   branches:
-    paths:
+  #     - main
-      - 'clusters/cl01tl/helm/**'
+  #   paths:
-    types:
+  #     - 'clusters/cl01tl/helm/**'
-      - closed
+  #   types:
+  #     - closed
 
 env:
   CLUSTER: cl01tl
@@ -47,24 +48,39 @@ jobs:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
+      - name: Cache Helm Dependencies
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
       - name: Prepare Manifest Branch
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Configure git to use gitea-bot as user ..."
           git config user.name "gitea-bot"
           git config user.email "gitea-bot@alexlebens.net"
 
+          echo ""
           echo ">> Checking if PR branch exists ..."
-          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+          if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
+            echo ""
             echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
             git fetch origin "${BRANCH_NAME}"
             git checkout "${BRANCH_NAME}"
             git pull --rebase
 
           else
+            echo ""
             echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
-            git checkout -b $BRANCH_NAME
+            git checkout -b "${BRANCH_NAME}"
+
           fi
 
           echo "----"
@@ -72,38 +88,31 @@ jobs:
       - name: Check which Directories have Changes
         id: check-dir-changes
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
-
-          RENDER_DIR=()
 
+          echo ""
           echo ">> Checking for changes from HEAD^..HEAD ..."
-          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
 
-          if [ -n "${GIT_DIFF}" ]; then
+          # Extract the chart names from the git diff
-            echo ">> Changes detected:"
+          RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
-            echo "$GIT_DIFF"
-            for path in $GIT_DIFF; do
-              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
-              RENDER_DIR+=$(echo " ")
-            done
-
-          else
-            echo ">> No changes detected"
-
-          fi
 
           if [ -n "${RENDER_DIR}" ]; then
+            echo ""
             echo ">> Directories to Render:"
-            echo "$(echo "${RENDER_DIR}" | sort -u)"
+            echo "${RENDER_DIR}"
 
             echo "----"
 
-            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
+            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> $GITEA_OUTPUT
+            echo "EOF" >> "$GITEA_OUTPUT"
+
           else
-            echo "changes-detected=false" >> $GITEA_OUTPUT
+            echo ""
+            echo ">> No chart changes detected"
+            echo "changes-detected=false" >> "$GITEA_OUTPUT"
+
           fi
 
       - name: Add Repositories
@@ -111,25 +120,31 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
 
+          echo ""
           echo ">> Adding repositories for chart dependencies ..."
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail +2 | head -n -1 \
+              | tail -n +2 \
-              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | awk 'NF > 0 { print $1, $3 }' \
-              | while read cmd; do
+              | while read -r REPO_NAME REPO_URL; do
-                if [[ "$cmd" == "*oci://*" ]]; then
+                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ">> Ignoring OCI repo"
+                  echo ""
-                else
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-                  echo "$cmd" | sh;
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
                 fi
               done || true
           done
 
-          if helm repo list | tail +2 | read -r; then
+          if helm repo list > /dev/null 2>&1; then
+            echo ""
             echo ">> Update repository cache ..."
             helm repo update
+
           fi
 
           echo "----"
@@ -139,15 +154,16 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Remove manfiest files and rebuild from source ..."
 
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
 
-            echo "$chart_path"
+            echo "${CHART_PATH}"
-            rm -rf $chart_path/*
+            rm -rf ${CHART_PATH}/*
           done
 
           echo "----"
@@ -160,60 +176,57 @@ jobs:
         run: |
           cd ${MAIN_DIR}
 
+          echo ""
           echo ">> Rendering Manifests ..."
 
-          for dir in ${RENDER_DIR}; do
+          render_chart() {
-            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            local DIR="$1"
-            chart_name=$(basename "$chart_path")
+            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
+            local CHART_NAME=$(basename "${CHART_PATH}")
 
             echo ""
-            echo ""
+            echo ">> Rendering ..."
-            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Chart path $chart_path"
+            echo ">> Path: ${CHART_PATH}"
 
-            if [ -f "$chart_path/Chart.yaml" ]; then
+            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-              TEMPLATE=""
 
-              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+              mkdir -p "${OUTPUT_FOLDER}"
-
+              cd "${CHART_PATH}"
-              cd $chart_path
 
               echo ""
-              echo ">> Updating helm dependency ..."
+              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh
+              helm dependency update --skip-refresh > /dev/null
 
               echo ""
-              echo ">> Building helm dependency ..."
+              echo ">> Linting helm chart ..."
-              helm dependency build --skip-refresh
+              helm lint --namespace "${CHART_NAME}" --quiet
 
-              echo ""
+              local NAMESPACE="${CHART_NAME}"
-              echo ">> Linting helm ..."
+              case "${CHART_NAME}" in
-              helm lint --namespace "$chart_name"
-
-              echo ""
-              echo ">> Rendering templates ..."
-              case "$chart_name" in
                 "stack")
+                  NAMESPACE="argocd"
                   echo ""
-                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
-                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
+                  NAMESPACE="kube-system"
                   echo ""
-                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
                 *)
                   echo ""
-                  echo ">> Standard Rendering for $chart_name ..."
+                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-                  ;;
               esac
 
               echo ""
               echo ">> Formating rendered template ..."
-              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+              local TEMPLATE
+              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
+
+              # Format and split rendered template
+              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
 
               # Strip comments again to ensure formatting correctness
               for file in "$OUTPUT_FOLDER"/*; do
@@ -221,15 +234,23 @@ jobs:
               done
 
               echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
               ls $OUTPUT_FOLDER
               echo ""
             else
               echo ""
-              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
               echo ""
             fi
-          done
+          }
+
+          export -f render_chart
+          export MAIN_DIR CLUSTER MANIFEST_DIR
+
+          # Run rendering in parallel
+          for DIR in ${RENDER_DIR}; do
+            echo "${DIR}"
+          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
 
           echo "----"
 
@@ -237,16 +258,18 @@ jobs:
         id: check-changes
         if: steps.check-dir-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
           GIT_CHANGES=$(git status --porcelain)
 
-          if [ -n "$GIT_CHANGES" ]; then
+          if [ -n "${GIT_CHANGES}" ]; then
+            echo ""
             echo ">> Changes detected"
             git status --porcelain
             echo "changes-detected=true" >> $GITEA_OUTPUT
 
           else
+            echo ""
             echo ">> No changes detected, skipping PR creation"
 
           fi
@@ -257,20 +280,23 @@ jobs:
         id: commit-push
         if: steps.check-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Commiting changes to ${BRANCH_NAME} ..."
           git add .
           git commit -m "chore: Update manifests after change"
 
           REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ">> Pushing changes to $REPO_URL ..."
+          echo ""
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+          echo ">> Pushing changes to ${REPO_URL} ..."
+
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
 
           echo "----"
 
-          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
-          echo "push=true" >> $GITEA_OUTPUT
+          echo "push=true" >> "$GITEA_OUTPUT"
 
       - name: Check for Pull Request
         id: check-for-pull-requst

.gitea/workflows/render-manifests-push.yaml

@@ -1,11 +1,12 @@
 name: render-manifests-push
 
 on:
-  push:
+  workflow_dispatch:
-    branches:
+  # push:
-      - main
+  #   branches:
-    paths:
+  #     - main
-      - 'clusters/cl01tl/helm/**'
+  #   paths:
+  #     - 'clusters/cl01tl/helm/**'
 
 env:
   CLUSTER: cl01tl
@@ -45,24 +46,38 @@ jobs:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
+      - name: Cache Helm Dependencies
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
       - name: Prepare Manifest Branch
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Configure git to use gitea-bot as user ..."
           git config user.name "gitea-bot"
           git config user.email "gitea-bot@alexlebens.net"
 
           echo ">> Checking if PR branch exists ..."
-          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+          if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
+            echo ""
             echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
             git fetch origin "${BRANCH_NAME}"
             git checkout "${BRANCH_NAME}"
             git pull --rebase
 
           else
+            echo ""
             echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
-            git checkout -b $BRANCH_NAME
+            git checkout -b "${BRANCH_NAME}"
+
           fi
 
           echo "----"
@@ -70,38 +85,31 @@ jobs:
       - name: Check which Directories have Changes
         id: check-dir-changes
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
-
-          RENDER_DIR=()
 
+          echo ""
           echo ">> Checking for changes ..."
-          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
 
-          if [ -n "${GIT_DIFF}" ]; then
+          # Extract the chart names from the git diff
-            echo ">> Changes detected:"
+          RENDER_DIR=$(git diff --name-only ${{ gitea.event.before }}..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
-            echo "$GIT_DIFF"
-            for path in $GIT_DIFF; do
-              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
-              RENDER_DIR+=$(echo " ")
-            done
-
-          else
-            echo ">> No changes detected"
-
-          fi
 
           if [ -n "${RENDER_DIR}" ]; then
+            echo ""
             echo ">> Directories to Render:"
-            echo "$(echo "${RENDER_DIR}" | sort -u)"
+            echo "${RENDER_DIR}"
 
             echo "----"
 
-            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "changes-detected=true" >> "$GITEA_OUTPUT"
-            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
-            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
+            echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
-            echo "EOF" >> $GITEA_OUTPUT
+            echo "EOF" >> "$GITEA_OUTPUT"
+
           else
-            echo "changes-detected=false" >> $GITEA_OUTPUT
+            echo ""
+            echo ">> No chart changes detected"
+            echo "changes-detected=false" >> "$GITEA_OUTPUT"
+
           fi
 
       - name: Add Repositories
@@ -109,25 +117,31 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MAIN_DIR}
+          cd "${MAIN_DIR}"
 
+          echo ""
           echo ">> Adding repositories for chart dependencies ..."
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
-              | tail +2 | head -n -1 \
+              | tail -n +2 \
-              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | awk 'NF > 0 { print $1, $3 }' \
-              | while read cmd; do
+              | while read -r REPO_NAME REPO_URL; do
-                if [[ "$cmd" == "*oci://*" ]]; then
+                if [[ "${REPO_URL}" == oci://* ]]; then
-                  echo ">> Ignoring OCI repo"
+                  echo ""
-                else
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
-                  echo "$cmd" | sh;
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
                 fi
               done || true
           done
 
-          if helm repo list | tail +2 | read -r; then
+          if helm repo list > /dev/null 2>&1; then
+            echo ""
             echo ">> Update repository cache ..."
             helm repo update
+
           fi
 
           echo "----"
@@ -137,15 +151,17 @@ jobs:
         env:
           RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Remove manfiest files and rebuild from source ..."
 
-          for dir in ${RENDER_DIR}; do
+          for DIR in ${RENDER_DIR}; do
-            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+            CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
 
-            echo "$chart_path"
+            echo ""
-            rm -rf $chart_path/*
+            echo "${CHART_PATH}"
+            rm -rf ${CHART_PATH}/*
           done
 
           echo "----"
@@ -158,60 +174,57 @@ jobs:
         run: |
           cd ${MAIN_DIR}
 
+          echo ""
           echo ">> Rendering Manifests ..."
 
-          for dir in ${RENDER_DIR}; do
+          render_chart() {
-            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            local DIR="$1"
-            chart_name=$(basename "$chart_path")
+            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
+            local CHART_NAME=$(basename "${CHART_PATH}")
 
             echo ""
-            echo ""
+            echo ">> Rendering ..."
-            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart: ${CHART_NAME}"
-            echo ">> Chart path $chart_path"
+            echo ">> Path: ${CHART_PATH}"
 
-            if [ -f "$chart_path/Chart.yaml" ]; then
+            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
-              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
-              TEMPLATE=""
 
-              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+              mkdir -p "${OUTPUT_FOLDER}"
-
+              cd "${CHART_PATH}"
-              cd $chart_path
 
               echo ""
-              echo ">> Updating helm dependency ..."
+              echo ">> Updating helm dependencies ..."
-              helm dependency update --skip-refresh
+              helm dependency update --skip-refresh > /dev/null
 
               echo ""
-              echo ">> Building helm dependency ..."
+              echo ">> Linting helm chart ..."
-              helm dependency build --skip-refresh
+              helm lint --namespace "${CHART_NAME}" --quiet
 
-              echo ""
+              local NAMESPACE="${CHART_NAME}"
-              echo ">> Linting helm ..."
+              case "${CHART_NAME}" in
-              helm lint --namespace "$chart_name"
-
-              echo ""
-              echo ">> Rendering templates ..."
-              case "$chart_name" in
                 "stack")
+                  NAMESPACE="argocd"
                   echo ""
-                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  echo ">> Special Rendering into 'argocd' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
-                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
+                  NAMESPACE="kube-system"
                   echo ""
-                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
-                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
                   ;;
                 *)
                   echo ""
-                  echo ">> Standard Rendering for $chart_name ..."
+                  echo ">> Standard Rendering for ${CHART_NAME} ..."
-                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
-                  ;;
               esac
 
               echo ""
               echo ">> Formating rendered template ..."
-              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+              local TEMPLATE
+              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
+
+              # Format and split rendered template
+              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
 
               # Strip comments again to ensure formatting correctness
               for file in "$OUTPUT_FOLDER"/*; do
@@ -219,15 +232,23 @@ jobs:
               done
 
               echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
               ls $OUTPUT_FOLDER
               echo ""
             else
               echo ""
-              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
               echo ""
             fi
-          done
+          }
+
+          export -f render_chart
+          export MAIN_DIR CLUSTER MANIFEST_DIR
+
+          # Run rendering in parallel
+          for DIR in ${RENDER_DIR}; do
+            echo "${DIR}"
+          done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
 
           echo "----"
 
@@ -235,16 +256,18 @@ jobs:
         id: check-changes
         if: steps.check-dir-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
           GIT_CHANGES=$(git status --porcelain)
 
-          if [ -n "$GIT_CHANGES" ]; then
+          if [ -n "${GIT_CHANGES}" ]; then
+            echo ""
             echo ">> Changes detected"
             git status --porcelain
             echo "changes-detected=true" >> $GITEA_OUTPUT
 
           else
+            echo ""
             echo ">> No changes detected, skipping PR creation"
 
           fi
@@ -255,20 +278,23 @@ jobs:
         id: commit-push
         if: steps.check-changes.outputs.changes-detected == 'true'
         run: |
-          cd ${MANIFEST_DIR}
+          cd "${MANIFEST_DIR}"
 
+          echo ""
           echo ">> Commiting changes to ${BRANCH_NAME} ..."
           git add .
           git commit -m "chore: Update manifests after change"
 
           REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
-          echo ">> Pushing changes to $REPO_URL ..."
+          echo ""
-          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+          echo ">> Pushing changes to ${REPO_URL} ..."
+
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
 
           echo "----"
 
-          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
-          echo "push=true" >> $GITEA_OUTPUT
+          echo "push=true" >> "$GITEA_OUTPUT"
 
       - name: Check for Pull Request
         id: check-for-pull-requst

.gitea/workflows/render-manifests.yaml

@@ -0,0 +1,624 @@
+name: render-manifests
+
+on:
+  schedule:
+    - cron: '0 15 * * *'
+
+  workflow_dispatch:
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'clusters/cl01tl/helm/**'
+    types:
+      - closed
+
+env:
+  CLUSTER: cl01tl
+  BASE_BRANCH: manifests
+  BRANCH_NAME_BASE: auto/update-manifests
+  ASSIGNEE: alexlebens
+  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
+
+jobs:
+  render-manifests:
+    runs-on: ubuntu-js
+    if: >-
+      github.event_name == 'schedule' ||
+      github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
+    steps:
+      - name: Checkout Main
+        uses: actions/checkout@v6
+        with:
+          path: infrastructure
+          fetch-depth: 0
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
+
+      - name: Set Up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
+          cache: true
+
+      - name: Configure Kubeconfig
+        uses: azure/k8s-set-context@v4
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+
+      - name: Cache Helm Dependencies
+        uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cache/helm
+            ~/.config/helm
+          key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
+          restore-keys: |
+            helm-cache-${{ runner.os }}-
+
+      - name: Determine Workflow Mode
+        id: mode
+        run: |
+          IS_AUTOMERGE="false"
+          RENDER_ALL="false"
+          DIFF_TARGET=""
+
+          if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            echo ">> Mode: Dispatch/Schedule (Render All)"
+            RENDER_ALL="true"
+
+          elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            if [[ "${{ contains(github.event.pull_request.labels.*.name, 'automerge') }}" == "true" ]]; then
+              echo ">> Mode: PR Merged (Automerge)"
+              IS_AUTOMERGE="true"
+
+            else
+              echo ">> Mode: PR Merged (Standard)"
+
+            fi
+
+            DIFF_TARGET="HEAD^..HEAD"
+
+          fi
+
+          echo ""
+          echo "----"
+
+          echo "is-automerge=${IS_AUTOMERGE}" >> "$GITHUB_OUTPUT"
+          echo "render-all=${RENDER_ALL}" >> "$GITHUB_OUTPUT"
+          echo "diff-target=${DIFF_TARGET}" >> "$GITHUB_OUTPUT"
+
+      - name: Prepare Manifest Branch
+        id: prepare-manifest-branch
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          if [[ "$IS_AUTOMERGE" == "true" ]]; then
+            BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-${PR_NUMBER}"
+            echo ""
+            echo ">> Creating branch ${BRANCH_NAME} ..."
+            git checkout -B "$BRANCH_NAME"
+
+          else
+            echo ""
+            echo ">> Checking if PR branch exists ..."
+            BRANCH_NAME="${BRANCH_NAME_BASE}"
+
+            if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
+              echo ""
+              echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
+              git fetch origin "${BRANCH_NAME}"
+              git checkout "${BRANCH_NAME}"
+              git pull --rebase
+
+            else
+              echo ""
+              echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
+              git checkout -b "${BRANCH_NAME}"
+
+            fi
+          fi
+
+          echo ""
+          echo "----"
+
+          echo "branch-name=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
+
+      - name: Check Which Directories Have Changes
+        id: check-dir-changes
+        env:
+          RENDER_ALL: ${{ steps.mode.outputs.render-all }}
+          DIFF_TARGET: ${{ steps.mode.outputs.diff-target }}
+        run: |
+          cd "${MAIN_DIR}"
+
+          if [[ "$RENDER_ALL" == "true" ]]; then
+            echo ">> Triggered on dispatch, will check all paths ..."
+            RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
+
+          else
+            echo ">> Checking for changes from ${DIFF_TARGET} ..."
+            RENDER_DIR=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
+
+          fi
+
+          if [ -n "${RENDER_DIR}" ]; then
+            echo ""
+            echo ">> Directories to Render:"
+            echo ""
+            echo "${RENDER_DIR}"
+
+            echo ""
+            echo "----"
+
+            echo "changes-detected=true" >> "$GITHUB_OUTPUT"
+            echo "render-dir<<EOF" >> "$GITHUB_OUTPUT"
+            echo "${RENDER_DIR}" >> "$GITHUB_OUTPUT"
+            echo "EOF" >> "$GITHUB_OUTPUT"
+
+          else
+            echo ""
+            echo ">> No chart changes detected"
+
+            echo ""
+            echo "----"
+
+            echo "changes-detected=false" >> "$GITHUB_OUTPUT"
+
+          fi
+
+      - name: Add Repositories
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd "${MAIN_DIR}"
+
+          echo ">> Adding repositories for chart dependencies ..."
+          echo ""
+
+          for DIR in ${RENDER_DIR}; do
+            helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
+              | tail -n +2 \
+              | awk 'NF > 0 { print $1, $3 }' \
+              | while read -r REPO_NAME REPO_URL; do
+                if [[ "${REPO_URL}" == oci://* ]]; then
+                  echo ">> Ignoring OCI repo: ${REPO_URL}"
+
+                elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
+                  helm repo add "${REPO_NAME}" "${REPO_URL}"
+
+                fi
+
+              done || true
+          done
+
+          if helm repo list > /dev/null 2>&1; then
+            echo ""
+            echo ">> Update repository cache ..."
+            helm repo update
+
+          fi
+
+          echo ""
+          echo "----"
+
+      - name: Remove Changed Manifest Files
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          echo ">> Remove manifest files and rebuild from source ..."
+          echo ""
+
+          for DIR in ${RENDER_DIR}; do
+            CHART_PATH="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}"
+
+            echo "${CHART_PATH}"
+            rm -rf "${CHART_PATH}"/*
+
+          done
+
+          echo ""
+          echo "----"
+
+      - name: Render Helm Manifests
+        id: render-manifests
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd "${MAIN_DIR}"
+
+          echo ">> Rendering Manifests ..."
+
+          render_chart() {
+            local DIR="$1"
+            local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
+            local CHART_NAME=$(basename "${CHART_PATH}")
+
+            echo ""
+            echo ">> Rendering chart: ${CHART_NAME}"
+
+            if [ -f "${CHART_PATH}/Chart.yaml" ]; then
+              local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
+
+              mkdir -p "${OUTPUT_FOLDER}"
+              cd "${CHART_PATH}"
+
+              helm dependency update --skip-refresh > /dev/null
+              helm lint --namespace "${CHART_NAME}" --quiet
+
+              local NAMESPACE="${CHART_NAME}"
+              case "${CHART_NAME}" in
+                "stack")
+                  NAMESPACE="argocd"
+                  echo ">> Special Rendering into 'argocd' namespace ..."
+                  ;;
+                "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
+                  NAMESPACE="kube-system"
+                  echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
+                  ;;
+                *)
+                  echo ">> Standard Rendering ..."
+              esac
+
+              echo ">> Formating rendered template ..."
+              local TEMPLATE
+              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
+
+              # Format and split rendered template
+              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
+
+              # Strip comments again to ensure formatting correctness
+              for file in "$OUTPUT_FOLDER"/*; do
+                yq -i '... comments=""' $file
+
+              done
+
+              echo ">> Manifests for ${CHART_NAME} rendered successfully to $OUTPUT_FOLDER:"
+              echo ""
+              ls $OUTPUT_FOLDER
+              echo ""
+
+            else
+              echo ""
+              echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
+
+            fi
+
+          }
+
+          export -f render_chart
+          export MAIN_DIR CLUSTER MANIFEST_DIR
+
+          # Run rendering in parallel
+          for DIR in ${RENDER_DIR}; do
+            echo "${DIR}"
+
+          done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
+
+          echo ""
+          echo "----"
+
+      - name: Check for Changes
+        id: check-changes
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          GIT_CHANGES=$(git status --porcelain)
+
+          if [ -n "${GIT_CHANGES}" ]; then
+            echo ">> Changes detected"
+            git status --porcelain
+
+            CHANGED_CHARTS=$(echo "$GIT_CHANGES" | grep -oE "clusters/${CLUSTER}/manifests/[^/]+" | awk -F '/' '{print $4}' | sort -u | paste -sd ',' -)
+
+            echo ""
+            echo "----"
+
+            echo "changes-detected=true" >> "$GITHUB_OUTPUT"
+            echo "changed-charts-csv=${CHANGED_CHARTS}" >> "$GITHUB_OUTPUT"
+
+          else
+            echo ">> No changes detected, skipping PR creation"
+
+            echo ""
+            echo "----"
+
+          fi
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        env:
+          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
+          IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          MSG="chore: Update manifests after change"
+
+          if [[ "$IS_AUTOMERGE" == "true" ]]; then
+            MSG="chore: Update manifests after automerge"
+
+          fi
+
+          echo ">> Commiting changes to ${BRANCH_NAME} ..."
+          git add .
+          git commit -m "${MSG}"
+
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+
+          echo ""
+          echo ">> Pushing changes to ${REPO_URL} ..."
+
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
+
+          echo ""
+          echo "----"
+
+          echo "push=true" >> "$GITHUB_OUTPUT"
+          echo "head-branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
+
+      - name: Check for Pull Request
+        id: check-for-pull-request
+        if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'false'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
+
+          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+
+          HTTP_STATUS=$(curl -X GET -s -w '%{http_code}' -o response_body.json -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
+
+          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
+            echo ""
+            echo ">> Pull Request has been found open, will update"
+
+            echo ""
+            echo "----"
+
+            echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT"
+
+          else
+            echo ""
+            echo ">> Pull Request not found"
+
+            echo ""
+            echo "----"
+
+            echo "pull-request-exists=false" >> "$GITHUB_OUTPUT"
+
+          fi
+
+      - name: Create Pull Request
+        id: create-pull-request
+        if: steps.commit-push.outputs.push == 'true' && (steps.mode.outputs.is-automerge == 'true' || steps.check-for-pull-request.outputs.pull-request-exists == 'false')
+        env:
+          IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
+          CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
+          EVENT_NAME: ${{ github.event_name }}
+          ACTOR: ${{ github.actor }}
+          SHA: ${{ github.sha }}
+          REF: ${{ github.ref_name }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
+
+          BODY=$(printf "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.\n\n### Details\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
+
+          if [[ "$IS_AUTOMERGE" == "true" ]]; then
+            TITLE="Automated Manifest Update - Automerge"
+            BODY=$(printf "%s\n\n_This PR is expected to be automerged._" "${BODY}")
+
+          else
+            TITLE="Automated Manifest Update"
+
+          fi
+
+          PAYLOAD=$(jq -n --arg head "${HEAD_BRANCH}" --arg base "${BASE_BRANCH}" --arg assignee "${ASSIGNEE}" --arg title "${TITLE}" --arg body "${BODY}" '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}')
+
+          HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+
+            echo ""
+            echo "----"
+
+            echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT"
+            echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT"
+            echo "pull-request-operation=created" >> "$GITHUB_OUTPUT"
+
+          elif [[ "$HTTP_STATUS" == "422" || "$HTTP_STATUS" == "409" ]]; then
+            echo ""
+            echo ">> Failed to create PR (Already exists)"
+
+            echo ""
+            echo "----"
+
+          else
+            echo ""
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+
+            echo ""
+            echo "----"
+
+            exit 1
+
+          fi
+
+      - name: Update Pull Request
+        id: update-pull-request
+        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          PR_NUMBER: ${{ steps.check-for-pull-request.outputs.pull-request-exists }}
+          CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
+          EVENT_NAME: ${{ github.event_name }}
+          ACTOR: ${{ github.actor }}
+          SHA: ${{ github.sha }}
+          REF: ${{ github.ref_name }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}"
+
+          EXISTING_BODY=$(jq -r '.[0].body' response_body.json)
+
+          NEW_DETAILS=$(printf "### Update Details (%s)\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "$(date -u +'%Y-%m-%d %H:%M UTC')" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
+
+          UPDATED_BODY=$(printf "%s\n\n%s" "${EXISTING_BODY}" "${NEW_DETAILS}")
+
+          PAYLOAD=$(jq -n --arg body "${UPDATED_BODY}" '{body: $body}')
+
+          HTTP_STATUS=$(curl -X PATCH -s -w '%{http_code}' -o update_response.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
+
+          if [ "$HTTP_STATUS" == "201" ] || [ "$HTTP_STATUS" == "200" ]; then
+            echo ">> Pull Request updated successfully!"
+
+            echo ""
+            echo "----"
+
+            echo "pull-request-operation=updated" >> "$GITHUB_OUTPUT"
+
+          else
+            echo ">> Failed to update PR, HTTP status code: $HTTP_STATUS"; exit 1
+
+            echo ""
+            echo "----"
+
+          fi
+
+      - name: Merge Changes
+        id: merge-changes
+        if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'true'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
+
+          PAYLOAD=$(jq -n --arg Do "merge" '{Do: $Do}')
+
+          HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
+
+          if [ "$HTTP_STATUS" == "200" ]; then
+            echo ">> Pull Request merged successfully!"
+
+            echo ""
+            echo "----"
+
+            echo "pull-request-operation=merged" >> "$GITHUB_OUTPUT"
+
+          else
+            echo ">> Failed to merge PR, HTTP status code: $HTTP_STATUS"; exit 1
+
+            echo ""
+            echo "----"
+
+          fi
+
+      - name: Cleanup Branch
+        if: failure() && steps.mode.outputs.is-automerge == 'true'
+        env:
+          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
+        run: |
+          cd "${MANIFEST_DIR}"
+
+          echo ">> Removing branch: ${BRANCH_NAME}"
+          git push origin --delete "${BRANCH_NAME}" || true
+
+          echo ""
+          echo "----"
+
+      - name: ntfy Created
+        uses: niniyas/ntfy-action@master
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render - Open PR"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Created renderd manifests for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
+
+      - name: ntfy Updated
+        uses: niniyas/ntfy-action@master
+        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render - PR Updated"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Updated rendered manifests PR for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
+
+      - name: ntfy Merged
+        uses: niniyas/ntfy-action@master
+        if: steps.merge-changes.outputs.pull-request-operation == 'merged'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render - Automerged"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Automerged manifest rendering for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render Failure"
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Manifest rendering for Infrastructure has failed!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

clusters/cl01tl/helm/argo-workflows/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: argo-workflows
   repository: https://argoproj.github.io/argo-helm
-  version: 0.47.5
+  version: 1.0.2
 - name: argo-events
   repository: https://argoproj.github.io/argo-helm
   version: 2.4.20
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
-digest: sha256:5b7f498040dd93f99a00c708c80fcefdb64dcdf473cfd3edcf8a94255b80b3b4
+digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
-generated: "2026-03-12T13:02:52.109982708Z"
+generated: "2026-03-15T20:04:18.080966008Z"

clusters/cl01tl/helm/argo-workflows/Chart.yaml

@@ -18,14 +18,14 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: argo-workflows
-    version: 0.47.5
+    version: 1.0.2
     repository: https://argoproj.github.io/argo-helm
   - name: argo-events
     version: 2.4.20
     repository: https://argoproj.github.io/argo-helm
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 # renovate: datasource=github-releases depName=argoproj/argo-workflows

clusters/cl01tl/helm/argo-workflows/values.yaml

@@ -1,4 +1,14 @@
 argo-workflows:
+  crds:
+    install: true
+    keep: true
+    # -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
+    # Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
+    full: true
+    upgradeJob:
+      image:
+        repository: registry.k8s.io/kubectl
+        tag: v1.35.2
   controller:
     metricsConfig:
       enabled: true

clusters/cl01tl/helm/authentik/Chart.lock

@@ -7,9 +7,9 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:abb34b7bb54393236e695453aa1940497cb4def3d3a56a45ca004a22f8e05648
+digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
-generated: "2026-03-11T22:55:49.936164674Z"
+generated: "2026-03-15T20:04:35.99407071Z"

clusters/cl01tl/helm/authentik/Chart.yaml

@@ -28,7 +28,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey

clusters/cl01tl/helm/bazarr/Chart.yaml

@@ -6,7 +6,7 @@ keywords:
   - bazarr
   - servarr
   - subtitles
-home: https://wiki.alexlebens.dev/s/92784d53-1d43-42fd-b509-f42c73454226
+home: https://wiki.alexlebens.dev/s/
 sources:
   - https://github.com/morpheus65535/bazarr
   - https://github.com/linuxserver/docker-bazarr

clusters/cl01tl/helm/booklore/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 4.6.2
 - name: mariadb-cluster
   repository: https://helm.mariadb.com/mariadb-operator
-  version: 25.10.4
+  version: 26.3.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:d4c7bf75f72f7eab4ad968bf9f55daac9392c9b2df08f8a27c5dc4f8fffb5f57
+digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
-generated: "2026-03-06T01:06:05.696573273Z"
+generated: "2026-03-14T23:57:22.721295098Z"

clusters/cl01tl/helm/booklore/Chart.yaml

@@ -18,7 +18,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.6.2
   - name: mariadb-cluster
-    version: 25.10.4
+    version: 26.3.0
     repository: https://helm.mariadb.com/mariadb-operator
   - name: volsync-target
     alias: volsync-target-config
@@ -30,4 +30,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
 # renovate: datasource=github-releases depName=booklore-app/BookLore
-appVersion: v2.2.0
+appVersion: v2.2.1

clusters/cl01tl/helm/booklore/values.yaml

@@ -9,7 +9,7 @@ booklore:
         main:
           image:
             repository: ghcr.io/booklore-app/booklore
-            tag: v2.2.0
+            tag: v2.2.1
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/coredns/Chart.yaml

@@ -7,7 +7,7 @@ keywords:
   - dns
   - network
   - kubernetes
-home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072
+home: https://wiki.alexlebens.dev/s/
 sources:
   - https://github.com/coredns/coredns
   - https://github.com/coredns/helm

clusters/cl01tl/helm/coredns/values.yaml

@@ -1,7 +1,7 @@
 coredns:
   image:
     repository: registry.k8s.io/coredns/coredns
-    tag: v1.14.1
+    tag: v1.14.2
   replicaCount: 3
   resources:
     requests:

clusters/cl01tl/helm/dawarich/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:9524709cf393c01f28b0d073ef6870a2f1afd46f3bc5f564e73c55450aba8dd0
+digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
-generated: "2026-03-11T22:56:11.749729235Z"
+generated: "2026-03-15T20:04:49.68456485Z"

clusters/cl01tl/helm/dawarich/Chart.yaml

@@ -18,7 +18,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey
@@ -26,4 +26,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
 # renovate: datasource=github-releases depName=Freika/dawarich
-appVersion: 1.3.3
+appVersion: 1.3.4

clusters/cl01tl/helm/dawarich/values.yaml

@@ -9,7 +9,7 @@ dawarich:
         main:
           image:
             repository: freikin/dawarich
-            tag: 1.3.3
+            tag: 1.3.4
             pullPolicy: IfNotPresent
           command: ["web-entrypoint.sh"]
           args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
         sidekiq:
           image:
             repository: freikin/dawarich
-            tag: 1.3.3
+            tag: 1.3.4
             pullPolicy: IfNotPresent
           command: ["sidekiq-entrypoint.sh"]
           args: ["sidekiq"]

clusters/cl01tl/helm/directus/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:0b50b4938669a7210930d6ee86a9602611b54cd13774f3386dbad04b4771e7f4
+digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
-generated: "2026-03-11T22:56:26.818980186Z"
+generated: "2026-03-15T20:05:03.156596646Z"

clusters/cl01tl/helm/directus/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey

clusters/cl01tl/helm/freshrss/Chart.lock

@@ -7,9 +7,9 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:a3703e245881145524304af8a03c89d309c602479be3f7f8953c2fba120bf341
+digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
-generated: "2026-03-11T22:56:41.856429843Z"
+generated: "2026-03-15T20:05:14.085780861Z"

clusters/cl01tl/helm/freshrss/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/gatus/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 1.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:2fe7c088e99a11e0c6dd09fe48bb1e292eb58e22d9f8ff681bb6c6790945d54e
+digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
-generated: "2026-03-11T22:56:56.957400817Z"
+generated: "2026-03-15T20:05:27.625292422Z"

clusters/cl01tl/helm/gatus/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     version: 1.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
   repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.21
+  version: 0.20.22
-digest: sha256:4f1359a01b8b85722ab1805426a86f3ea64d0134513ce14fe9c55f3f918a21fb
+digest: sha256:14e5aa3f02ce6a1271dadc3f76997c739fc9434e669b05655c079d0b873c56ca
-generated: "2026-03-09T23:02:42.799515974Z"
+generated: "2026-03-15T20:35:40.676997293Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.yaml

@@ -15,6 +15,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.21
+    version: 0.20.22
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/helm/gitea/Chart.lock

@@ -13,7 +13,7 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
@@ -23,5 +23,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:8f243465537fe443e97a8813e23e95d3608a6a2898b93209d03cf43f4ca8cc5d
+digest: sha256:095caf06888cd4663eb5d389399ebad167861007b604016fc4907308474558ab
-generated: "2026-03-11T22:57:17.026946319Z"
+generated: "2026-03-15T20:05:41.388335307Z"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -40,7 +40,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey-gitea

clusters/cl01tl/helm/gitea/values.yaml

@@ -57,6 +57,7 @@ gitea:
         ROOT_URL: https://gitea.alexlebens.dev
         LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
         START_SSH_SERVER: true
+        HTTP_PORT: 3000
         SSH_DOMAIN: gitea.alexlebens.net
         SSH_PORT: 22
         SSH_LISTEN_PORT: 22

clusters/cl01tl/helm/grafana-operator/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 5.22.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:932d9b24ad52ab2a28311f522714ecbad2bedea512ce48d26fcb95cc74b51af9
+digest: sha256:9cbba52d093e40b20917af87263e1fb0e478912440f660543f3527e70452edc7
-generated: "2026-03-14T19:50:53.708173087Z"
+generated: "2026-03-15T20:05:59.855514102Z"

clusters/cl01tl/helm/grafana-operator/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://grafana.github.io/helm-charts
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey-unified-alerting

clusters/cl01tl/helm/harbor/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 1.18.2
 - name: postgres-cluster
   repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:898f51eabee5959b9e7ebe90640cb915cb2dee446e6a6649a29499fecab8b6c7
+digest: sha256:14c2b7d09631dbb573e9c9d4613ebe52e330146662da0da15f74c31ec519ed15
-generated: "2026-03-11T22:58:00.955579445Z"
+generated: "2026-03-15T20:06:13.615175051Z"

clusters/cl01tl/helm/harbor/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://helm.goharbor.io
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
   - name: valkey
     alias: valkey

clusters/cl01tl/helm/immich/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:b886b0a1555ea75fbff52a58ccbf1659acbda20e933107bcbab9b00192aa25bd
+digest: sha256:b79ea8c506f0172deed820247a33c79329f34426435c8b5eb27b206ac8831b13
-generated: "2026-03-11T22:58:20.294240859Z"
+generated: "2026-03-15T20:06:27.091094433Z"

clusters/cl01tl/helm/immich/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey

clusters/cl01tl/helm/jellystat/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:29b92b08c230d5f3abc13949b299acccd1e9f8ff7df1f691a5dec41df5405595
+digest: sha256:f779185ce82045b47fc75bf95c4a8215acbd387f44a4bdb764486406d9b03748
-generated: "2026-03-11T22:58:35.766813121Z"
+generated: "2026-03-15T20:06:38.720993367Z"

clusters/cl01tl/helm/jellystat/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/komodo/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
-digest: sha256:833a88f82c14f78d63abea99244f2473bee2f5124a533a898a34844956f62b27
+digest: sha256:a6f33512d929c5a1b70bde6c3294902f5d707855aabbaa815f32e23aa54b266f
-generated: "2026-03-11T22:58:51.287064579Z"
+generated: "2026-03-15T20:06:49.233053802Z"

clusters/cl01tl/helm/komodo/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgresql-17-fdb-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
 # renovate: datasource=github-releases depName=moghtech/komodo

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 82.10.3
+  version: 82.10.4
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.6.2
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:37ffa4a21ed29703cae9c9f3fb029566a1dd6af6e0fe8cc3862a2226d6644114
+digest: sha256:d6bbbfdd1a781b5eb82c2dc8571836a43d23bf8526eac1bcd40f38030be642db
-generated: "2026-03-10T19:02:41.11005238Z"
+generated: "2026-03-15T20:38:11.961621853Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -20,7 +20,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 82.10.3
+    version: 82.10.4
     repository: oci://ghcr.io/prometheus-community/charts
   - name: app-template
     alias: ntfy-alertmanager

clusters/cl01tl/helm/lidarr/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:d43b95fa1fc70c93541b9d73180406b31059c6cc45aa57a0cc8d9386c64833c3
+digest: sha256:0f1a2923a7042b364a817edc64729d5e1c18b0552555c035d974de626f372692
-generated: "2026-03-11T22:59:07.151659257Z"
+generated: "2026-03-15T20:07:00.750754951Z"

clusters/cl01tl/helm/lidarr/Chart.yaml

@@ -24,7 +24,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/mariadb-operator/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: mariadb-operator
   repository: https://helm.mariadb.com/mariadb-operator
-  version: 25.10.4
+  version: 26.3.0
 - name: mariadb-operator-crds
   repository: https://helm.mariadb.com/mariadb-operator
   version: 26.3.0
-digest: sha256:a159f646b8f7501cc5285a508e21dcc96ced71722a3c911b1ee0c73ef7fc0e3a
+digest: sha256:95f9484c385d08f9b15f55cbb0f8d82c55b8c1a055a4c7697335d4ca51c35d7e
-generated: "2026-03-14T18:39:29.639188669Z"
+generated: "2026-03-14T23:23:02.743862932Z"

clusters/cl01tl/helm/mariadb-operator/Chart.yaml

@@ -15,11 +15,11 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: mariadb-operator
-    version: 25.10.4
+    version: 26.3.0
     repository: https://helm.mariadb.com/mariadb-operator
   - name: mariadb-operator-crds
     version: 26.3.0
     repository: https://helm.mariadb.com/mariadb-operator
 icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
 # renovate: datasource=github-releases depName=mariadb-operator/mariadb-operator
-appVersion: 25.10.4
+appVersion: 26.3.0

clusters/cl01tl/helm/matrix-synapse/Chart.lock

@@ -19,7 +19,7 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
@@ -38,5 +38,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:fb87880d3de281064519117d8046d7de14f41450ec8ff8c3c603f0179004768e
+digest: sha256:1578e2c48447f217e72bffb3afcb6f1f15c427a4acce5dbca830cdd7045b1348
-generated: "2026-03-12T11:03:45.232564538Z"
+generated: "2026-03-15T20:07:12.751000922Z"

clusters/cl01tl/helm/matrix-synapse/Chart.yaml

@@ -53,7 +53,7 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey-matrix-synapse

clusters/cl01tl/helm/ntfy/Chart.yaml

@@ -20,4 +20,4 @@ dependencies:
     version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
 # renovate: datasource=github-releases depName=binwiederhier/ntfy
-appVersion: 2.18.0
+appVersion: 2.19.0

clusters/cl01tl/helm/ntfy/values.yaml

@@ -9,7 +9,7 @@ ntfy:
         main:
           image:
             repository: binwiederhier/ntfy
-            tag: v2.18.0
+            tag: v2.19.0
             pullPolicy: IfNotPresent
           args: ["serve"]
           env:

clusters/cl01tl/helm/ollama/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:a3201fc53ddfbaeb5a81d08e9d20135fb59174879e20f0b4986b1b8540011e03
+digest: sha256:d0f47712bf5d2bab8136c43f1d5bac41860f067b53c741282a4647ce93a7cd93
-generated: "2026-03-11T22:59:44.389634096Z"
+generated: "2026-03-15T20:07:27.179378683Z"

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/outline/Chart.lock

@@ -7,12 +7,12 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:1f2e4e46e3ae2985ff3e7708c7d75a36f506f0402e02921d95f797ea0403db93
+digest: sha256:02780454fad48c10e95851e73e45e8a98091596d9dce8ada9e361e7212e581df
-generated: "2026-03-11T23:00:00.871137498Z"
+generated: "2026-03-15T20:07:38.818063491Z"

clusters/cl01tl/helm/outline/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey
@@ -39,4 +39,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
 # renovate: datasource=github-releases depName=outline/outline
-appVersion: 1.5.0
+appVersion: 1.6.0

clusters/cl01tl/helm/outline/values.yaml

@@ -12,7 +12,7 @@ outline:
         main:
           image:
             repository: outlinewiki/outline
-            tag: 1.5.0
+            tag: 1.6.0
             pullPolicy: IfNotPresent
           env:
             - name: NODE_ENV

clusters/cl01tl/helm/photoview/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
-digest: sha256:e9b0673f31b8309beb326635e784964c41bafc10f3bde7eb17ea316d83076854
+digest: sha256:fe266f506edd672979091e0ad12379d6ad7dddd2c982e196e602dcda268d6f76
-generated: "2026-03-11T23:00:19.541959816Z"
+generated: "2026-03-15T20:07:52.831926834Z"

clusters/cl01tl/helm/photoview/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
 # renovate: datasource=github-releases depName=photoview/photoview

clusters/cl01tl/helm/postiz/Chart.lock

@@ -7,7 +7,7 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
@@ -17,5 +17,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:cf9b71f29450c69550b0f59d792193788f9dd7ffa2c623db27eb423c0f6e3109
+digest: sha256:de3fb540df1cf7385a19316741854d01e002740c0bf346f3da0ff3a809b1fc3d
-generated: "2026-03-11T23:00:37.739141183Z"
+generated: "2026-03-15T20:08:06.855136249Z"

clusters/cl01tl/helm/postiz/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -28,7 +28,7 @@ qbittorrent:
         qbittorrent:
           image:
             repository: ghcr.io/linuxserver/qbittorrent
-            tag: 5.1.4@sha256:6a7ffbfff04dd109bff37c474bfee00aa08dea5edb78c670439be3ed242b70fa
+            tag: 5.1.4@sha256:855e5f4805ac218f406a5ae989a62a77e03f7e5f70128335b7970550a58c96e1
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/radarr-4k/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:7e873c90668a70b423efb04d4f2683d25022e8982248ba32a8e5820e323f9b7d
+digest: sha256:d76563fe1a7a9f8ceaf6937831bd0c5511eb7369abb8eb54110dfb69e6dce224
-generated: "2026-03-11T23:00:55.780623797Z"
+generated: "2026-03-15T20:08:21.236792423Z"

clusters/cl01tl/helm/radarr-4k/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr-anime/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:0a7ae6aa3062beedc4b4bcba61edb9f70d441dab0146e5b9559583fa12a319a8
+digest: sha256:21bde3a8778fb94e40f2177383ca418123e69f3f3f463b31d35e9f9bf83dfa9d
-generated: "2026-03-11T23:01:12.399079707Z"
+generated: "2026-03-15T20:08:35.497440433Z"

clusters/cl01tl/helm/radarr-anime/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr-standup/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:600685215060deb3d8bb6530fa0df437c0ed3d9d6bad2792cedcce959207c7e6
+digest: sha256:ebd25d2a12ca1924b66c62d6dd2c69476ae4526825020796198b65c2ebd2c6eb
-generated: "2026-03-11T23:01:28.449666027Z"
+generated: "2026-03-15T20:08:49.811429784Z"

clusters/cl01tl/helm/radarr-standup/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:fdad6659ae4ef46c46d62b4213d7fcf85dbb478809e094bbe7de4a86a98589f2
+digest: sha256:05ce0d746d9c42a00338df5e6673fde8baeefa6f598ef8c85a32e6bc393b94ca
-generated: "2026-03-11T23:01:46.420629722Z"
+generated: "2026-03-15T20:09:03.538226001Z"

clusters/cl01tl/helm/radarr/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/roundcube/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:5cfad7a46f5671378adac77c3e39df224430a7481aeb16f7d3713f134e5d1dab
+digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856
-generated: "2026-03-11T23:02:03.844844518Z"
+generated: "2026-03-15T20:09:18.053504671Z"

clusters/cl01tl/helm/roundcube/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/rybbit/Chart.lock

@@ -7,9 +7,9 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:4cc27a45f60df729db0cff4780bfb49655db739fdd35f6a46eb3a0489efdc88f
+digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa
-generated: "2026-03-11T23:02:21.670318334Z"
+generated: "2026-03-15T20:09:33.800790437Z"

clusters/cl01tl/helm/rybbit/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-clickhouse-data

clusters/cl01tl/helm/sonarr-4k/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:487799d20d30d26443b4b7ffdd31dcba61e27e01067a6a0d7f3f265097a9d9af
+digest: sha256:27cc019786592c0e7fce9509543792c9f281a4e676c463ce5d6ba2a6df05e3b2
-generated: "2026-03-11T23:02:43.378419214Z"
+generated: "2026-03-15T20:09:49.767646568Z"

clusters/cl01tl/helm/sonarr-4k/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/sonarr-anime/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:b2899ddbca96333330da52c7819c54d010691894d085b9f21a8ebd8d679a9823
+digest: sha256:0f8016577e9fedaf8e5bd36688da2bf19b51185bc8100b817b64ce48ec87433b
-generated: "2026-03-11T23:03:04.501966653Z"
+generated: "2026-03-15T20:10:04.000906771Z"

clusters/cl01tl/helm/sonarr-anime/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/sonarr/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:828d3934111d24f54e39bb433da9d8a3aeeec21dcd8228737a6e496852fb6b5f
+digest: sha256:a20b4dd7e2f0c8777ed2be1bd2c702bc4d7cfeb51e4a29d781c041c555821aa1
-generated: "2026-03-11T23:03:21.968129945Z"
+generated: "2026-03-15T20:10:17.242764683Z"

clusters/cl01tl/helm/sonarr/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/stalwart/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:aef9a2c62df9bf44adf02d84b032ccd198c34cee56ff8d86d7200e9f5b21a5c1
+digest: sha256:6ffe4bd6af377f2ba5134389027e86085928d5e1108bb5ecf0d4b1e4cc908b67
-generated: "2026-03-11T23:03:39.658857007Z"
+generated: "2026-03-15T20:10:31.966910173Z"

clusters/cl01tl/helm/stalwart/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey

clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml

@@ -11,4 +11,5 @@ spec:
   nameserver:
     image:
       repo: tailscale/k8s-nameserver
-      tag: unstable-v1.93.44
+      # renovate: datasource=docker depName=tailscale/k8s-nameserver
+      tag: v1.94.2

clusters/cl01tl/helm/tdarr/values.yaml

@@ -48,7 +48,7 @@ tdarr:
         main:
           image:
             repository: ghcr.io/haveagitgat/tdarr_node
-            tag: 2.62.01
+            tag: 2.63.01
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/vaultwarden/Chart.lock

@@ -7,9 +7,9 @@ dependencies:
   version: 2.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:1d6f670bfe76dbc3d59a2ff762cb5536be8d1f5ce0ed12b44bd9792076607bed
+digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1
-generated: "2026-03-11T23:03:57.367242959Z"
+generated: "2026-03-15T20:10:47.852109985Z"

clusters/cl01tl/helm/vaultwarden/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 2.4.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/yamtrack/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.9.1
+  version: 7.10.0
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:e2398649941bcdbcba86bf8b7fbeaf5187e2ba29c5046d28be62ab9f37494c7e
+digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
-generated: "2026-03-11T23:04:20.045077529Z"
+generated: "2026-03-15T20:11:03.591727143Z"

clusters/cl01tl/helm/yamtrack/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     version: 4.6.2
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.9.1
+    version: 7.10.0
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: valkey
     alias: valkey

renovate.json

@@ -7,14 +7,50 @@
   ],
   "customManagers": [
     {
+      "description": "Update appVersion in Chart.yaml",
       "customType": "regex",
       "managerFilePatterns": [
         "/(^|/)Chart\\.yaml$/"
       ],
       "matchStrings": [
         "#\\s*renovate:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
+      ]
+    },
+    {
+      "description": "Update images in templates",
+      "customType": "regex",
+      "managerFilePatterns": [
+        "/(^|/)templates/.*\\.yaml$/"
       ],
-      "datasourceTemplate": "github-releases"
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+tag: (?<currentValue>.*)"
+      ]
+    },
+    {
+      "description": "Update Helm CLI version in GitHub Actions",
+      "customType": "regex",
+      "managerFilePatterns": [
+        "/^\\.github/workflows/.*\\.ya?ml$/"
+      ],
+      "matchStrings": [
+        "uses: azure/setup-helm@v4[\\s\\S]*?version: (?<currentValue>v?\\d+\\.\\d+\\.\\d+)"
+      ],
+      "depNameTemplate": "helm/helm",
+      "datasourceTemplate": "github-releases",
+      "versioningTemplate": "semver"
+    },
+    {
+      "description": "Update Kubeconform version in GitHub Actions env",
+      "customType": "regex",
+      "managerFilePatterns": [
+        "/^\\.github/workflows/.*\\.ya?ml$/"
+      ],
+      "matchStrings": [
+        "KUBECONFORM_VERSION: \"(?<currentValue>v?\\d+\\.\\d+\\.\\d+)\""
+      ],
+      "depNameTemplate": "yannh/kubeconform",
+      "datasourceTemplate": "github-releases",
+      "versioningTemplate": "semver"
     }
   ],
   "timezone": "US/Central",
@@ -65,7 +101,8 @@
     {
       "description": "Label images, helm",
       "matchManagers": [
-        "custom.regex", "helm-values"
+        "custom.regex",
+        "helm-values"
       ],
       "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
       "groupSlug": "unified-{{{groupName}}}",
@@ -91,7 +128,8 @@
         "digest"
       ],
       "matchManagers": [
-        "custom.regex", "helm-values"
+        "custom.regex",
+        "helm-values"
       ],
       "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
       "groupSlug": "unified-{{{groupName}}}",