From 46934646f5b4318af36af8d0ce880563f837382d Mon Sep 17 00:00:00 2001
From: Siri Chongasamethaworn <siri@omise.co>
Date: Tue, 17 Jun 2025 15:42:14 +0700
Subject: [PATCH 1/4] update gh actions

---
 .github/workflows/chart-testing.yaml | 12 ++++++------
 .github/workflows/linter.yml         |  4 ++--
 .github/workflows/release.yaml       |  6 +++---
 .github/workflows/sync-readme.yaml   |  4 ++--
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml
index fb406ee..ffaab64 100644
--- a/.github/workflows/chart-testing.yaml
+++ b/.github/workflows/chart-testing.yaml
@@ -7,15 +7,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Fetch history
         run: git fetch --prune --unshallow
 
       - name: Set up Helm
-        uses: azure/setup-helm@v1.1
+        uses: azure/setup-helm@v4.3.0
         with:
-          version: v3.5.1
+          version: v3.13.3
 
       - name: Add dependency chart repos
         run: |
@@ -24,12 +24,12 @@ jobs:
           helm repo add kongz https://charts.kong-z.com
           helm repo add opensearch https://opensearch-project.github.io/helm-charts/
 
-      - uses: actions/setup-python@v2.2.2
+      - uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: '3.13'
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.1.0
+        uses: helm/chart-testing-action@v2.7.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 61d0adf..a91dfc6 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v4
+        uses: github/super-linter@v7.4.0
         env:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_YAML: false
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 7740fc2..c9c16ad 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -24,9 +24,9 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4.3.0
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.1
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/sync-readme.yaml b/.github/workflows/sync-readme.yaml
index fe85f1c..40691af 100644
--- a/.github/workflows/sync-readme.yaml
+++ b/.github/workflows/sync-readme.yaml
@@ -8,10 +8,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - run: |
           cp -f README.md ${{ runner.temp }}/README.md
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           ref: gh-pages
       - run: |

From 8055539284867a0e1a7b17f815a2acac73d61595 Mon Sep 17 00:00:00 2001
From: Siri Chongasamethaworn <siri@omise.co>
Date: Tue, 17 Jun 2025 15:43:58 +0700
Subject: [PATCH 2/4] update gh actions

---
 .github/workflows/linter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index a91dfc6..910c11d 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -15,7 +15,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v7.4.0
+        uses: github/super-linter@v7
         env:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_YAML: false

From d093dd6d3c01ffa5fc5a597b92154dc37a0b4d0d Mon Sep 17 00:00:00 2001
From: Siri Chongasamethaworn <siri@omise.co>
Date: Tue, 17 Jun 2025 15:53:40 +0700
Subject: [PATCH 3/4] update gh actions

---
 .github/ISSUE_TEMPLATE/bug_report.md | 13 ++++---------
 .github/PULL_REQUEST_TEMPLATE.md     |  4 +++-
 .github/workflows/chart-testing.yaml | 17 ++++++++++++++++-
 .github/workflows/linter.yml         | 15 +++++++++++++++
 .github/workflows/release.yaml       | 15 +++++++++++++++
 .github/workflows/sync-readme.yaml   | 22 +++++++++++++++++++---
 6 files changed, 72 insertions(+), 14 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 503d659..86285bb 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,16 +1,15 @@
 ---
 name: Bug report
 about: Create a report to help us improve
-title: 'issue title'
-labels: 'bug'
-assignees: ''
-
+title: "issue title"
+labels: "bug"
+assignees: ""
 ---
 
 <!-- Thanks for filing an issue!
 Before hitting the button, please answer these questions.
 It's helpful to search the existing GitHub issues first.
-It's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware o. 
+It's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware o.
 
 Fill in as much of the template below as you can.
 The more information we have the better we can help you.
@@ -41,13 +40,10 @@ please put the output of it here
 
 **Which version of the chart**:
 
-
 **What happened**:
 
-
 **What you expected to happen**:
 
-
 **How to reproduce it** (as minimally and precisely as possible):
 
 <!--
@@ -63,5 +59,4 @@ helm install my-release kong-z/name-of-chart --version version --values values.y
 ```
 -->
 
-
 **Anything else we need to know**:
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 53d0618..ccea2e2 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -29,13 +29,15 @@ We would like these checks to pass before we even continue reviewing your change
 
 # Which issue this PR fixes
 
-*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*
+_(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)_
 
 - fixes #
 
 # Special notes for your reviewer
 
 # Checklist
+
 <!-- [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
+
 - [ ] [DCO](https://github.com/KongZ/charts/blob/main/CONTRIBUTING.md#sign-off-your-work) signed
 - [ ] Chart Version bumped
diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml
index ffaab64..f9e6487 100644
--- a/.github/workflows/chart-testing.yaml
+++ b/.github/workflows/chart-testing.yaml
@@ -2,6 +2,21 @@ name: Lint and Test Charts
 
 on: pull_request
 
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: read
+  id-token: none
+  issues: none
+  models: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   lint-test:
     runs-on: ubuntu-latest
@@ -26,7 +41,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: '3.13'
+          python-version: "3.13"
 
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.7.0
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 910c11d..133970c 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -5,6 +5,21 @@ name: Lint Code Base
 
 on: pull_request
 
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: none
+  id-token: none
+  issues: none
+  models: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   build:
     name: Lint Code Base
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c9c16ad..88ef096 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,6 +5,21 @@ on:
     branches:
       - main
 
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: write
+  id-token: none
+  issues: none
+  models: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   release:
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
diff --git a/.github/workflows/sync-readme.yaml b/.github/workflows/sync-readme.yaml
index 40691af..38d134a 100644
--- a/.github/workflows/sync-readme.yaml
+++ b/.github/workflows/sync-readme.yaml
@@ -1,9 +1,25 @@
 on:
   push:
     branches:
-      - 'main'
+      - "main"
     paths:
-      - 'README.md'
+      - "README.md"
+
+permissions:
+  actions: read
+  attestations: none
+  checks: none
+  contents: write
+  deployments: read
+  id-token: none
+  issues: none
+  models: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -20,4 +36,4 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
           git add README.md
           git commit --signoff -m "Sync README from main"
-          git push
\ No newline at end of file
+          git push

From d90eb24cf72cd94b7607c92b61f674c312206a68 Mon Sep 17 00:00:00 2001
From: Siri Chongasamethaworn <siri@omise.co>
Date: Tue, 17 Jun 2025 16:02:03 +0700
Subject: [PATCH 4/4] update gh actions

---
 .github/workflows/chart-testing.yaml | 1 -
 .github/workflows/linter.yml         | 1 -
 .github/workflows/release.yaml       | 1 -
 .github/workflows/sync-readme.yaml   | 3 +--
 4 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml
index f9e6487..39dec24 100644
--- a/.github/workflows/chart-testing.yaml
+++ b/.github/workflows/chart-testing.yaml
@@ -10,7 +10,6 @@ permissions:
   deployments: read
   id-token: none
   issues: none
-  models: none
   packages: none
   pages: write
   pull-requests: read
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 133970c..6c23536 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -13,7 +13,6 @@ permissions:
   deployments: none
   id-token: none
   issues: none
-  models: none
   packages: none
   pages: write
   pull-requests: read
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 88ef096..9ada921 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,7 +13,6 @@ permissions:
   deployments: write
   id-token: none
   issues: none
-  models: none
   packages: none
   pages: write
   pull-requests: read
diff --git a/.github/workflows/sync-readme.yaml b/.github/workflows/sync-readme.yaml
index 38d134a..cba3a67 100644
--- a/.github/workflows/sync-readme.yaml
+++ b/.github/workflows/sync-readme.yaml
@@ -8,12 +8,11 @@ on:
 permissions:
   actions: read
   attestations: none
-  checks: none
+  checks: write
   contents: write
   deployments: read
   id-token: none
   issues: none
-  models: none
   packages: none
   pages: write
   pull-requests: read