chore(deps): update azure/k8s-set-context action to v5 (#7)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [azure/k8s-set-context](https://github.com/azure/k8s-set-context) | action | major | `v4.0.2` → `v5.0.0` |

---

### Release Notes

<details>
<summary>azure/k8s-set-context (azure/k8s-set-context)</summary>

### [`v5.0.0`](https://github.com/Azure/k8s-set-context/releases/tag/v5.0.0)

[Compare Source](https://github.com/azure/k8s-set-context/compare/v4.0.2...v5.0.0)

##### Features

- [#&#8203;227](https://github.com/azure/k8s-set-context/issues/227) Migrate to ESM with esbuild, vitest

##### Runtime and platform

- [#&#8203;222](https://github.com/azure/k8s-set-context/issues/222) Update Node version from 20 to 24

##### Dependabot updates

- [#&#8203;231](https://github.com/azure/k8s-set-context/issues/231) Bump github/codeql-action in /.github/workflows in the actions group
- [#&#8203;230](https://github.com/azure/k8s-set-context/issues/230) Bump typescript in the actions group across 1 directory
- [#&#8203;228](https://github.com/azure/k8s-set-context/issues/228) Bump picomatch
- [#&#8203;226](https://github.com/azure/k8s-set-context/issues/226) Bump github/codeql-action in /.github/workflows in the actions group
- [#&#8203;223](https://github.com/azure/k8s-set-context/issues/223) Bump undici from 6.23.0 to 6.24.0
- [#&#8203;221](https://github.com/azure/k8s-set-context/issues/221) Bump the actions group in /.github/workflows with 2 updates
- [#&#8203;218](https://github.com/azure/k8s-set-context/issues/218) Bump the actions group in /.github/workflows with 2 updates
- [#&#8203;219](https://github.com/azure/k8s-set-context/issues/219) Bump minimatch
- [#&#8203;217](https://github.com/azure/k8s-set-context/issues/217) Bump undici and [@&#8203;actions/http-client](https://github.com/actions/http-client)
- [#&#8203;216](https://github.com/azure/k8s-set-context/issues/216) Bump github/codeql-action in /.github/workflows in the actions group
- [#&#8203;214](https://github.com/azure/k8s-set-context/issues/214) Bump the actions group in /.github/workflows with 2 updates
- [#&#8203;212](https://github.com/azure/k8s-set-context/issues/212) Bump the actions group in /.github/workflows with 2 updates
- [#&#8203;211](https://github.com/azure/k8s-set-context/issues/211) Bump the actions group with 3 updates
- [#&#8203;210](https://github.com/azure/k8s-set-context/issues/210) Bump the actions group with 2 updates
- [#&#8203;208](https://github.com/azure/k8s-set-context/issues/208) Bump [@&#8203;types/node](https://github.com/types/node) from 25.0.2 to 25.0.3 in the actions group
- [#&#8203;209](https://github.com/azure/k8s-set-context/issues/209) Bump github/codeql-action in /.github/workflows in the actions group
- [#&#8203;206](https://github.com/azure/k8s-set-context/issues/206) Bump the actions group with 3 updates
- [#&#8203;207](https://github.com/azure/k8s-set-context/issues/207) Bump github/codeql-action in /.github/workflows in the actions group
- [#&#8203;205](https://github.com/azure/k8s-set-context/issues/205) Bump the actions group in /.github/workflows with 4 updates
- [#&#8203;204](https://github.com/azure/k8s-set-context/issues/204) Bump the actions group with 2 updates
- [#&#8203;202](https://github.com/azure/k8s-set-context/issues/202) Bump the actions group in /.github/workflows with 2 updates
- [#&#8203;203](https://github.com/azure/k8s-set-context/issues/203) Bump prettier from 3.6.2 to 3.7.3 in the actions group
- [#&#8203;201](https://github.com/azure/k8s-set-context/issues/201) Bump glob from 10.4.5 to 10.5.0
- [#&#8203;200](https://github.com/azure/k8s-set-context/issues/200) Bump js-yaml from 3.14.1 to 3.14.2
- [#&#8203;198](https://github.com/azure/k8s-set-context/issues/198) Bump js-yaml from 4.1.0 to 4.1.1
- [#&#8203;199](https://github.com/azure/k8s-set-context/issues/199) Bump the actions group with 2 updates

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: https://gitea.t000-n.de/t.behrendt/k_photoprism/pulls/7
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>

.gitea/workflows/deploy.yaml

@@ -4,34 +4,15 @@ on:
   push:
     branches:
       - main
+    paths:
+      - "k8s/**"
 
 jobs:
-  check-changes:
-    runs-on: ubuntu-latest
-    outputs:
-      changes: ${{ steps.filter.outputs.k8s }}
-      helm: ${{ steps.filter.outputs.helm }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
-        id: filter
-        with:
-          filters: |
-            k8s:
-              - 'k8s/**'
-            helm:
-              - 'values/**'
-              - 'helmfile.yaml'
-
   deploy:
     runs-on: ubuntu-latest
-    needs: check-changes
-    if: ${{ needs.check-changes.outputs.changes == 'true' || needs.check-changes.outputs.helm == 'true' }}
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@7993842765aaa808493ab79c5f3c21cf2d30f300 # 0.0.10
         id: namespace
         with:
           repo: ${{ github.repository }}
@@ -39,7 +20,7 @@ jobs:
       - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
         with:
           version: "3.15.0"
-      - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
+      - uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5.0.0
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -47,7 +28,7 @@ jobs:
         uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1
         with:
           namespace: ${{ steps.namespace.outputs.namespace }}
-          secret-name: backupsidecar-secret
+          secret-name: backup-secret
           secret-type: generic
           data: |
             {
@@ -56,6 +37,16 @@ jobs:
               "restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}",
               "gotify_token": "${{ secrets.GOTIFY_TOKEN }}"
             }
+      - name: Set photoprism admin password
+        uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1
+        with:
+          namespace: ${{ steps.namespace.outputs.namespace }}
+          secret-name: prism-credentials
+          secret-type: generic
+          data: |
+            {
+              "admin_password": "${{ secrets.PHOTOPRISM_ADMIN_PASSWORD }}"
+            }
       - name: Deploy
         uses: azure/k8s-deploy@c8cfec839dc09896b3b8cc40cd13d04792680771 # v5.1.0
         with:
@@ -63,7 +54,3 @@ jobs:
           manifests: "k8s/"
           strategy: basic
           namespace: ${{ steps.namespace.outputs.namespace }}
-      - name: Deploy helm
-        uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1
-        with:
-          helmfile-args: apply

.gitea/workflows/run-backup.yaml

@@ -0,0 +1,20 @@
+name: Run Scan
+
+on:
+  workflow_dispatch:
+
+jobs:
+  run-renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@7993842765aaa808493ab79c5f3c21cf2d30f300 # 0.0.10
+        id: namespace
+        with:
+          repo: ${{ github.repository }}
+      - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
+      - uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5.0.0
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+      - run: |
+          kubectl -n photoprism create job --from=cronjob/backup backup-photoprism-${{ github.run_id }}

.gitea/workflows/validate.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@c373c34c836716e663e2d6379e686997bfd7746c # 0.0.6
+      - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@7993842765aaa808493ab79c5f3c21cf2d30f300 # 0.0.10
         id: namespace
         with:
           repo: ${{ github.repository }}
@@ -18,7 +18,7 @@ jobs:
       - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
         with:
           version: "3.15.0"
-      - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2
+      - uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5.0.0
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -28,7 +28,3 @@ jobs:
           namespace: ${{ steps.namespace.outputs.namespace }}
           lintType: dryrun
           manifests: "k8s/"
-      - name: Validate Helm
-        uses: helmfile/helmfile-action@d9fefe29b0d07e9ab187ecfe1d63eff91e0a070c # v2.4.1
-        with:
-          helmfile-args: diff

README.md

@@ -1,17 +1,9 @@
-Template DoDos:
+# Kubernetes Deployment for Photoprism
 
-- Add KUBECONFIG secret to your repo
-- Place your k8s files in ./k8s/
-- Replace \<service\> with the name of the service
-- Replace \<url\> with the URL of the service
-- Replace \<auth\> with the authentication method used
-- Replace \<namespace\> with the namespace where the service is deployed in .github/workflows/deploy.yaml
-- Provide a screenshot of the service in action in ./screenshot.png
+Photoprism is a modern photo management service.
 
-# Kubernetes Deployment for \<service\>
+Deployed to: https://photos.t00n.de
 
-Deployed to: \<url\>
-
-Authentication: \<auth\>
+Authentication: Admin password
 
 ![Screenshot](screenshot.png)

k8s/10_namespace.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: <namespace>
+  name: photoprism

k8s/21_deployment_photoprism.yaml

@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: photoprism
+  name: photoprism
+spec:
+  selector:
+    matchLabels:
+      app: photoprism
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: photoprism
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k3sh0
+      containers:
+        - name: photoprism
+          image: photoprism/photoprism:latest@sha256:5229f68bce0293320547f35c733de584d7c2d5725a0efbddb68d7a118a8fc21c
+          imagePullPolicy: Always
+          resources:
+            limits:
+              cpu: "750m"
+              memory: "4096Mi"
+            requests:
+              cpu: "125m"
+              memory: "512Mi"
+          ports:
+            - containerPort: 2342
+          env:
+            - name: PHOTOPRISM_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: prism-credentials
+                  key: admin_password
+            - name: PHOTOPRISM_SITE_URL
+              value: "https://photos.t00n.de"
+            - name: PHOTOPRISM_ORIGINALS_LIMIT
+              value: "5000"
+            - name: PHOTOPRISM_HTTP_COMPRESSION
+              value: gzip
+            - name: PHOTOPRISM_LOG_LEVEL
+              value: error
+            - name: PHOTOPRISM_PUBLIC
+              value: "false"
+            - name: PHOTOPRISM_READONLY
+              value: "false"
+            - name: PHOTOPRISM_EXPERIMENTAL
+              value: "false"
+            - name: PHOTOPRISM_DISABLE_CHOWN
+              value: "false"
+            - name: PHOTOPRISM_DISABLE_WEBDAV
+              value: "true"
+            - name: PHOTOPRISM_DISABLE_SETTINGS
+              value: "true"
+            - name: PHOTOPRISM_DISABLE_TENSORFLOW
+              value: "false"
+            - name: PHOTOPRISM_DISABLE_FACES
+              value: "false"
+            - name: PHOTOPRISM_DISABLE_CLASSIFICATION
+              value: "false"
+            - name: PHOTOPRISM_DISABLE_RAW
+              value: "false"
+            - name: PHOTOPRISM_RAW_PRESETS
+              value: "false"
+            - name: PHOTOPRISM_JPEG_QUALITY
+              value: "85"
+            - name: PHOTOPRISM_DETECT_NSFW
+              value: "true"
+            - name: PHOTOPRISM_UPLOAD_NSFW
+              value: "true"
+            #- name: PHOTOPRISM_FFMPEG_ENCODER
+            #  value: "intel"
+            #- name: PHOTOPRISM_INIT
+            #  value: "intel tensorflow"
+            - name: PHOTOPRISM_SITE_CAPTION
+              value: ""
+            - name: PHOTOPRISM_SITE_DESCRIPTION
+              value: ""
+            - name: PHOTOPRISM_SITE_AUTHOR
+              value: ""
+            - name: PHOTOPRISM_UID
+              value: "1000"
+            - name: PHOTOPRISM_GID
+              value: "1000"
+          volumeMounts:
+            - mountPath: /photoprism/originals
+              name: originals
+            - mountPath: /photoprism/storage
+              name: storage
+        - name: redis
+          image: redis:6-alpine@sha256:46884be93652d02a96a176ccf173d1040bef365c5706aa7b6a1931caec8bfeef
+          resources:
+            limits:
+              cpu: "500m"
+              memory: "1024Mi"
+            requests:
+              cpu: "125m"
+              memory: "265Mi"
+      volumes:
+        - name: originals
+          hostPath:
+            path: /mnt/longhorn1/svc/photoprism/main/photoprism/originals
+            type: Directory
+        - name: storage
+          hostPath:
+            path: /mnt/longhorn1/svc/photoprism/main/photoprism/storage
+            type: Directory

k8s/22_service_photoprism.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: photoprism
+  name: photoprism
+spec:
+  selector:
+    app: photoprism
+  ports:
+    - port: 2342
+      targetPort: 2342

k8s/23_ingress_photoprism.yaml

@@ -0,0 +1,18 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  namespace: photoprism
+  name: ingressroute
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`photos.t00n.de`)
+      middlewares:
+        - name: localipfilter
+          namespace: kube-system
+      services:
+        - kind: Service
+          name: photoprism
+          port: 2342

k8s/24_backup_photoprism.yaml

@@ -0,0 +1,63 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup
+spec:
+  schedule: "0 20 */14 * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 5
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    metadata:
+      labels:
+        t00n.de/restic-backup: "true"
+    spec:
+      backoffLimit: 3
+      activeDeadlineSeconds: 300
+      template:
+        spec:
+          nodeSelector:
+            kubernetes.io/hostname: k3sh0
+          restartPolicy: OnFailure
+          containers:
+            - name: backup-photoprism
+              image: gitea.t000-n.de/t.behrendt/backupsidecar:6ff6e8759e827b9aa8ec7ecec4356cc04e4ca75a@sha256:f0841b9d74c6c9db8445d130b79c631a5526a2890ce34371859b3bb65f0ee5be
+              env:
+                - name: BACKUP_MODE
+                  value: "directory"
+                - name: RESTIC_REPOSITORY
+                  value: "rest:http://restserver.restic.svc.cluster.local:8000/photoprism"
+                - name: RESTIC_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: restic_password
+                - name: RESTIC_REST_USERNAME
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: restic_rest_username
+                - name: RESTIC_REST_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: restic_rest_password
+                - name: GOTIFYHOST
+                  value: "https://gotify.t000-n.de"
+                - name: GOTIFYTOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: backup-secret
+                      key: gotify_token
+                - name: GOTIFYTOPIC
+                  value: "Photoprism Backup"
+                - name: SOURCEDIR
+                  value: "/data"
+              volumeMounts:
+                - name: source-data
+                  mountPath: /data
+          volumes:
+            - name: source-data
+              hostPath:
+                path: /mnt/longhorn1/svc/photoprism/main
+                type: Directory

renovate.json

@@ -1,13 +1,10 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "local>t.behrendt/renovate-configs:common",
     "local>t.behrendt/renovate-configs:k8s",
     "local>t.behrendt/renovate-configs:action"
   ],
   "kubernetes": {
-    "managerFilePatterns": [
-      "/^k8s/.*\\.yaml$/"
-    ]
+    "managerFilePatterns": ["/^k8s/.*\\.yaml$/"]
   }
 }