Super linter bump (#997)

.github/renovate-config.json5

@@ -4,6 +4,7 @@
   requireConfig: "ignored",
   platform: "github",
   repositories: ["jenkinsci/helm-charts"],
+  // eslint-disable-next-line
   allowedPostUpgradeCommands: ["^\.github\/renovate-postupgrade\.sh {{{depName}}} {{{newVersion}}}$"],
   prConcurrentLimit: 0,
   semanticCommits: "enabled",

.github/workflows/lint-test.yaml

@@ -3,6 +3,9 @@ name: Lint and Test Charts
 
 on: pull_request
 
+permissions:
+  contents: read
+
 jobs:
   lint-test:
     runs-on: ubuntu-latest

.github/workflows/linter.yml

@@ -2,6 +2,9 @@ name: Lint Code Base
 
 on: pull_request
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Lint Code Base
@@ -12,11 +15,10 @@ jobs:
         with:
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v4
+        uses: super-linter/super-linter@v6.0.0
         env:
           VALIDATE_ALL_CODEBASE: true
-          VALIDATE_JSCPD: false
-          VALIDATE_KUBERNETES_KUBEVAL: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
           VALIDATE_YAML: false
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -7,6 +7,9 @@ on:
     paths:
       - 'charts/**'
 
+permissions:
+  contents: write
+
 jobs:
   release:
     runs-on: ubuntu-latest

.github/workflows/renovate.yaml

@@ -4,6 +4,10 @@ on:
     - cron: "0/15 * * * *"
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   renovate:
     runs-on: ubuntu-latest

.github/workflows/sync-readme.yaml

@@ -4,6 +4,10 @@ on:
       - 'main'
     paths:
       - 'README.md'
+
+permissions:
+  contents: write
+
 jobs:
   build:
     runs-on: ubuntu-latest

.gitleaksignore

@@ -0,0 +1,5 @@
+/github/workspace/charts/jenkins/README.md:hashicorp-tf-password:664
+/github/workspace/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml:hashicorp-tf-password:618
+/github/workspace/charts/jenkins/unittests/jenkins-controller-statefulset-test.yaml:hashicorp-tf-password:619
+/github/workspace/charts/jenkins/values.yaml:hashicorp-tf-password:584
+/github/workspace/charts/jenkins/values.yaml:hashicorp-tf-password:590

charts/jenkins/CHANGELOG.md

@@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
 
+## 5.0.4
+
+Updated super-linter to v6. Updated README.md and CHANGELOG.md to fix linting issues.
+
 ## 5.0.2
 
 Update `git` to version `5.2.1`
@@ -1460,13 +1464,13 @@ Make `agent.slaveConnectTimeout` configurable: by increasing this value Jenkins
 
 ## 1.9.7 Update plugin versions
 
-plugin                | old version | new version
---------------------- | ----------- | ----------
-kubernetes            | 1.18.2      | 1.21.2
-workflow-job          | 2.33        | 2.36
-credentials-binding   | 1.19        | 1.20
-git                   | 3.11.0      | 4.0.0
-configuration-as-code | 1.27        | 1.32
+| plugin                | old version | new version |
+|-----------------------|-------------|-------------|
+| kubernetes            | 1.18.2      | 1.21.2      |
+| workflow-job          | 2.33        | 2.36        |
+| credentials-binding   | 1.19        | 1.20        |
+| git                   | 3.11.0      | 4.0.0       |
+| configuration-as-code | 1.27        | 1.32        |
 
 ## 1.9.6
 
@@ -1592,7 +1596,7 @@ JCasC default configuration includes:
   - maxRequestsPerHostStr: "32"
   - name: "kubernetes"
   - namespace
-  - serverUrl: "https://kubernetes.default"
+  - serverUrl: `"https://kubernetes.default"`
   - template
     - containers
       - alwaysPullImage: `agent.alwaysPullImage`

charts/jenkins/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: jenkins
 home: https://jenkins.io/
-version: 5.0.2
+version: 5.0.4
 appVersion: 2.426.3
 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides over 1800 plugins to support building, deploying and automating any project.
 sources:

charts/jenkins/README.md

@@ -645,10 +645,10 @@ controller:
 
 ### HTTPS Keystore Configuration
 
-[This configuration](https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777) enables jenkins to use keystore in order to serve https.
+[This configuration](https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777) enables jenkins to use keystore in order to serve HTTPS.
 Here is the [value file section](https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777#RunningJenkinswithnativeSSL/HTTPS-ConfigureJenkinstouseHTTPSandtheJKSkeystore) related to keystore configuration.
 Keystore itself should be placed in front of `jenkinsKeyStoreBase64Encoded` key and in base64 encoded format. To achieve that after having `keystore.jks` file simply do this: `cat keystore.jks | base64` and paste the output in front of `jenkinsKeyStoreBase64Encoded`.
-After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve https.
+After enabling `httpsKeyStore.enable` make sure that `httpPort` and `targetPort` are not the same, as `targetPort` will serve HTTPS.
 Do not set `controller.httpsKeyStore.httpPort` to `-1` because it will cause readiness and liveliness prob to fail.
 If you already have a kubernetes secret that has keystore and its password you can specify its' name in front of `jenkinsHttpsJksSecretName`, You need to remember that your secret should have proper data key names `jenkins-jks-file` (or override the key name using `jenkinsHttpsJksSecretKey`)
 and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswordSecretKey`; additionally you can make it get the password from a different secret using `jenkinsHttpsJksPasswordSecretName`). Example: