Update stakater/.github action to v0.0.112 (#365)

* Update stakater/.github action to v0.0.112

* update

* update

* update

* update

* update

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Karl Johan Grahn <[email protected]>

.github/workflows/pull_request.yaml

@@ -7,13 +7,13 @@ on:
 
 jobs:
   qa:
-    uses: stakater/.github/.github/workflows/[email protected].110
+    uses: stakater/.github/.github/workflows/[email protected].112
     with:
       MD_CONFIG: .github/md_config.json
       DOC_SRC: content README.md
       MD_LINT_CONFIG: .markdownlint.yaml
   build:
-    uses: stakater/.github/.github/workflows/[email protected].110
+    uses: stakater/.github/.github/workflows/[email protected].112
     with:
       DOCKER_FILE_PATH: Dockerfile
       CONTAINER_REGISTRY_URL: ghcr.io/stakater

.github/workflows/push.yaml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   push:
-    uses: stakater/.github/.github/workflows/[email protected].110
+    uses: stakater/.github/.github/workflows/[email protected].112
     with:
       DOCKER_FILE_PATH: Dockerfile
       RELEASE_BRANCH: main

.github/workflows/release.yaml

@@ -7,6 +7,6 @@ on:
 
 jobs:
   release:
-    uses: stakater/.github/.github/workflows/[email protected].110
+    uses: stakater/.github/.github/workflows/[email protected].112
     secrets:
       SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

content/about/cloud-providers/aws.md

@@ -9,7 +9,7 @@ An AWS account is needed to create and manage cluster on AWS. The following crit
   |Type        | Limit |
   |------------|------------|
   | Virtual Machines | Varies. The limit should be 12 initially. (Initial deployment is 3 control plane + 3 infra + 3 worker)|
-  | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMS (worker + infra + control plane), B = vCPUs per VM) |
+  | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMs (worker + infra + control plane), B = vCPUs per VM) |
   | Elastic IPs (EIPs) | 5 |
   | Virtual Private Clouds (VPCs) | 5 |
   | Elastic Load Balancing (ELB/NLB) | 3 |

content/about/cloud-providers/azure.md

@@ -9,7 +9,7 @@ An Azure subscription is needed to create and manage cluster on Azure. The follo
   |Type        | Limit |
   |------------|------------|
   | Virtual Machines | Varies. The limit should be 12 initially. (Initial deployment is 3 control plane + 3 infra + 3 worker) |
-  | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMS (worker + infra + control plane), B = vCPUs per VM) |
+  | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMs (worker + infra + control plane), B = vCPUs per VM) |
   | Public IP addresses | 5 |
   | Private IP Addresses | 7 |
   | Network Interfaces | 6 |

content/about/cloud-providers/binero.md

@@ -29,6 +29,6 @@ An OpenStack account is needed to run SAAP on [Binero](https://binero.com/en/).
 
 ## Cloud network configuration
 
-### Floating Ips
+### Floating IPs
 
 - 20 SEK per IPV4 IP Address

content/about/cloud-providers/gcp.md

@@ -9,7 +9,7 @@ A GCP account is needed to create and manage cluster on GCP. The following crite
   |Type        | Limit |
   |------------|------------|
   | Virtual Machines | Varies. The limit should be 12 initially. (Initial deployment is 3 control plane + 3 infra + 3 worker)|
-  | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMS (worker + infra + control plane), B = vCPUs per VM) |
+  | Regional vCPUs | The limit should be A x B x 2 , where A = no. of VMs (worker + infra + control plane), B = vCPUs per VM) |
   | In-use global IP addresses | 4 |
   | Service accounts | 5 |
   | Firewall Rules | 11|

content/about/service-definition.md

@@ -176,7 +176,7 @@ SAAP has a default router/ingress load-balancer that is the default application
 
 SAAP has an optional router/ingress load-balancer that is a secondary application load-balancer, denoted by `apps2` in the URL. The secondary load-balancer can be configured in SAAP to be either publicly accessible over the internet, or only privately accessible over a pre-existing private connection. If a 'Label match' is configured for this router load-balancer, then only application routes matching this label will be exposed on this router load-balancer, otherwise all application routes are also exposed on this router load-balancer.
 
-SAAP has optional load-balancers for services that can be mapped to a service running on SAAP to enable advanced ingress features, such as non-HTTP/SNI traffic or the use of non-standard ports. Cloud providers may have a quota that limits the number of load-balancers that can be used within each cluster.
+SAAP has optional load-balancers for services that can be mapped to a service running on SAAP to enable advanced ingress features, such as non-http/SNI traffic or the use of non-standard ports. Cloud providers may have a quota that limits the number of load-balancers that can be used within each cluster.
 
 ### Network use
 

content/about/service-definition/networking.md

@@ -22,7 +22,7 @@ SAAP has a default router/ingress load-balancer that is the default application
 
 SAAP has an optional router/ingress load-balancer that is a secondary application load-balancer, denoted by `apps2` in the URL. The secondary load-balancer can be configured in SAAP to be either publicly accessible over the internet, or only privately accessible over a pre-existing private connection. If a 'Label match' is configured for this router load-balancer, then only application routes matching this label will be exposed on this router load-balancer, otherwise all application routes are also exposed on this router load-balancer.
 
-SAAP has optional load-balancers for services that can be mapped to a service running on SAAP to enable advanced ingress features, such as non-HTTP/SNI traffic or the use of non-standard ports. Cloud providers may have a quota that limits the number of load-balancers that can be used within each cluster.
+SAAP has optional load-balancers for services that can be mapped to a service running on SAAP to enable advanced ingress features, such as non-http/SNI traffic or the use of non-standard ports. Cloud providers may have a quota that limits the number of load-balancers that can be used within each cluster.
 
 ## Network use
 

content/for-administrators/help/faq.md

@@ -2,5 +2,5 @@
 
 ## Why do we reserve memory/CPU on each node?
 
-An OpenShift/Kubernetes Node consist system services that ensure the smooth running of cluster e.g. Kubelet, KubeAPIServer and other OS processes/services. These services can be starved by the workloads running on these nodes and can be starved of CPU time or can cause unexpected Out of Memory (OOM) Exceptions. In order to prevent these issues, a small chunk of resources needs to be permanently allocated to these services so they can run smoothly.
+An OpenShift/Kubernetes Node consist system services that ensure the smooth running of cluster e.g. kubelet, KubeAPIServer and other OS processes/services. These services can be starved by the workloads running on these nodes and can be starved of CPU time or can cause unexpected Out of Memory (OOM) Exceptions. In order to prevent these issues, a small chunk of resources needs to be permanently allocated to these services so they can run smoothly.
 In order to fully utilize resources. An automatic script calculates and allocates CPU/memory resources according to the node utilization. For more details see [capacity reservation docs](https://docs.openshift.com/container-platform/latest/nodes/nodes/nodes-nodes-resources-configuring.html#nodes-nodes-resources-configuring-auto_nodes-nodes-resources-configuring) for OpenShift.

content/for-administrators/how-to-guides/certificate-management/tls-certs.md

@@ -10,9 +10,9 @@ Go to `common-shared-secret` path in Vault and create a secret `external-dns-cre
 
 | Key | Required/Optional | Explanation |
 |----------|----------|----------|
-| `api-token`   | required   | API token generated from DNS provider being used. In case of Cloudflare, it should have the following access <br> - `DNS:Edit` <br> - `Zone:Read`   |
-| `domain-filter`    | optional   | This field should contain base domain that becomes base for registering further subdomains. For example: `example.com`.   |
-| `zone-id-filter`| optional   | In case of Cloudflare, if you want to give more restrictive access of only few zones to this token, then this field should contain these zone ids.
+| `api-token`   | required   | API token generated from DNS provider being used. In case of Cloudflare, it should have the following access <br> - `DNS:Edit` <br> - `Zone:Read` |
+| `domain-filter`    | optional   | This field should contain base domain that becomes base for registering further subdomains. For example: `example.com`. |
+| `zone-id-filter`| optional   | In case of Cloudflare, if you want to give more restrictive access of only few zones to this token, then this field should contain these zone ids. |
 
 ## Step 2: Create Cert Manager Issuer Resource
 

content/for-administrators/secure-your-cluster/saap-authorization-roles.md

@@ -75,9 +75,9 @@ The permissions for the Customer Admin role includes:
 
 #### Compute
 
-- can view machines, machinesets, nodes, machine configs, machine config pools, imagestreams
+- can view machines, MachineSets, nodes, machine configs, machine config pools, imagestreams
 - can start `anyuid` and `nonroot` SCCs
-- can not delete machines, machinesets, nodes, machine configs, machine config pools, imagestreams
+- can not delete machines, MachineSets, nodes, machine configs, machine config pools, imagestreams
 
 #### User Management
 

content/for-administrators/user-stories.md

@@ -6,4 +6,4 @@ As an administrator, I want to configure node autoscaling, including scale-up to
 
 ![type:video](https://www.youtube.com/embed/c3FvQXgZdRE)
 
-Tags: AutoScaling
+Tags: Autoscaling

content/for-cisos-dpos/bsi-it-grundschutz.md

@@ -19,7 +19,7 @@ SAAP enables the implementation of all 31 controls defined in the SYS.1.6 and AP
 - **Role-Based Access Control (RBAC) (APP.4.4)**: Implementing least privilege access and detailed role management through OpenShift’s integrated RBAC.
 - **Logging and Monitoring (APP.4.4)**: Ensuring comprehensive audit logging and monitoring with OpenShift Logging and Prometheus.
 - **Resource Quotas and Limits (APP.4.4)**: Managing resource usage through Kubernetes’ Resource Quotas and LimitRanges.
-- **Container Runtime Security (SYS.1.6)**: Restricting runtime capabilities using OpenShift’s Security Context Constraints (SCCs).
+- **Container runtime Security (SYS.1.6)**: Restricting runtime capabilities using OpenShift’s Security Context Constraints (SCCs).
 - **Persistent Data Security (APP.4.4)**: Encrypting data at rest and securing Persistent Volumes (PVs) with Kubernetes RBAC and OpenShift storage features.
 - **Network Isolation (SYS.1.6 and APP.4.4)**: Securing inter-service communication using OpenShift NetworkPolicies and Service Mesh.
 

content/for-cisos-dpos/cis.md

@@ -17,7 +17,7 @@ The CIS Kubernetes Benchmark provides over **120 recommendations** for securing
         - Enforcing Role-Based Access Control (RBAC) to restrict unauthorized access.
         - Securing API server communication with TLS encryption.
     - **Node Security**:
-        - Disabling anonymous Kubelet access (--anonymous-auth=false).
+        - Disabling anonymous `kubelet` access (`--anonymous-auth=false`).
         - Restricting workload communications with NetworkPolicies.
     - **Data Protection**:
         - Encrypting Secrets in etcd using Kubernetes encryption providers.
@@ -27,7 +27,7 @@ The CIS Kubernetes Benchmark provides over **120 recommendations** for securing
 - **Partially Applicable Recommendations**: SAAP supports an additional 30–40 recommendations through configurable features and organization-specific configurations. For example:
 
     - **Audit Logging**: SAAP enables centralized logging and monitoring but requires the organization to actively review and act on the logs.
-    - **Runtime Security**: Provides mechanisms to monitor workloads but relies on organization-defined actions for runtime behavior validation.
+    - **runtime Security**: Provides mechanisms to monitor workloads but relies on organization-defined actions for runtime behavior validation.
     - **Container Image Security**: Enforces trusted container image policies but depends on organizational processes to ensure compliance with image signing and verification standards.
 
 SAAP directly or partially addresses over **100 recommendations** from the CIS Kubernetes Benchmark, making it a comprehensive solution for securing Kubernetes workloads. By focusing on technical enforcement, automation, and integration, SAAP simplifies the path to compliance, reducing the operational burden for organizations.

content/for-developers/explanation/deploying-secrets.md

@@ -36,7 +36,7 @@ The following secrets are needed for running a fully functional pipeline using p
     * _Used for_: Communicating with RHACS API to scan images and deployments
     * _Lifecycle_: Created at the time of RHACS deployment. The secret is then copied over to build namespaces of tenants.
     * _Comment_: Needs to be deployed in build namespace. We deploy it using TGI.
-    * _Deployment Process_: After StackRox is installed on the SAAP cluster. An api token is created and stored in the rox-creds secret in the `stakater-stackrox` namespaces. We then use a Template and a TemplateGroupInstance with the same name to distribute the secret in the build namespace of tenants.
+    * _Deployment Process_: After StackRox is installed on the SAAP cluster. An API token is created and stored in the rox-creds secret in the `stakater-stackrox` namespaces. We then use a Template and a TemplateGroupInstance with the same name to distribute the secret in the build namespace of tenants.
 
 ## Customer Managed Secrets
 

content/for-developers/explanation/plan-your-deployment.md

@@ -55,14 +55,14 @@ You can make many different types of workloads for your application. The followi
 | ReplicaSet  | ReplicaSet ensure a multiple replicas of pods keep running. If your pod is deleted, it schedules another pod. Find More Info on ReplicaSet [here](https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/)                                                                                                                                                        |
 | Deployment  | Deployment is a controller that manages ReplicaSets, It allows you to manage updates, scaling and `rollouts`. Find More Info on Deployment [here](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)                                                                                                                                                          |
 | StatefulSet | StatefulSets is a controller that manages ReplicaSets, like deployments, but ensures that your pod has a unique network identity and storage that maintains its state across rescheduling. This type of workload is used for stateful applications like databases. Find More Info on StatefulSet [here](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) |
-| DaemonSet   | DaemonSet is a controller that runs same pod on every worker node typically used log collection applications. Find More Info on DaemonSet [here](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/)                                                                                                                                                          |
+| Daemonset   | Daemonset is a controller that runs same pod on every worker node typically used log collection applications. Find More Info on Daemonset [here](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/)                                                                                                                                                          |
 | Job         | Job ensures that a number of pods are completed successfully. You can use jobs for batch or parallel processing or configuring other services. Additionally, you can use CronJob to schedule Job at certain times. Find More Info on Job [here](https://kubernetes.io/docs/concepts/workloads/controllers/job/)                                                                 |
 
 ### What if I want my app configuration to use variables?
 
-If your application uses environments variables or configuration files, you can define them in separate ConfigMap or Secrets. You can reference values from these resources and specify them as either files at required path or environment variables.
+If your application uses environments variables or configuration files, you can define them in separate Configmap or Secrets. You can reference values from these resources and specify them as either files at required path or environment variables.
 
-Typically, [ConfigMaps](https://kubernetes.io/docs/concepts/configuration/configmap/) are used for storing non-sensitive configuration information. [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) are used for sensitive information like system credentials or personally identifiable information.
+Typically, [Configmaps](https://kubernetes.io/docs/concepts/configuration/configmap/) are used for storing non-sensitive configuration information. [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) are used for sensitive information like system credentials or personally identifiable information.
 
 ### How can I make sure that my app has the correct resources?
 
@@ -106,9 +106,9 @@ See [StatefulSet Updates](https://kubernetes.io/docs/concepts/workloads/controll
 
 There can be multiple ways to scale your application.
 
-- Use Horizontal Pod Autoscaler (HPA) to specify how OpenShift Container Platform should automatically increase or decrease the scale of a replication controller or deployment configuration, based on metrics collected from the pods that belong to that replication controller or deployment configuration. See [Horizontal Pod AutoScaling Kubernetes](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) & [Horizontal Pod AutoScaling OpenShift](https://docs.openshift.com/container-platform/4.9/nodes/pods/nodes-pods-autoscaling.html)
+- Use Horizontal Pod Autoscaler (HPA) to specify how OpenShift Container Platform should automatically increase or decrease the scale of a replication controller or deployment configuration, based on metrics collected from the pods that belong to that replication controller or deployment configuration. See [Horizontal Pod Autoscaling Kubernetes](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) & [Horizontal Pod Autoscaling OpenShift](https://docs.openshift.com/container-platform/4.9/nodes/pods/nodes-pods-autoscaling.html)
 
-- Use Vertical Pod Autoscaler Operator (VPA) to automatically reviews the historic and current CPU and memory resources for containers in pods and can update the resource limits and requests based on the usage values it learns. See [Vertical Pod AutoScaling](https://docs.openshift.com/container-platform/4.9/nodes/pods/nodes-pods-vertical-autoscaler.html)
+- Use Vertical Pod Autoscaler Operator (VPA) to automatically reviews the historic and current CPU and memory resources for containers in pods and can update the resource limits and requests based on the usage values it learns. See [Vertical Pod Autoscaling](https://docs.openshift.com/container-platform/4.9/nodes/pods/nodes-pods-vertical-autoscaler.html)
 
 ### How can I automate my app deployment?
 

content/for-developers/explanation/production-best-practices.md

@@ -28,7 +28,7 @@ Configure appropriate values for your Kubernetes resources while keeping the fol
 ### Configuration Management
 
 - Review the application's configuration requirements and determine how they will be managed in the Kubernetes environment.
-- Decide whether to use environment variables, ConfigMaps, or a configuration management tool (e.g., Helm).
+- Decide whether to use environment variables, Configmaps, or a configuration management tool (e.g., Helm).
 
 ### Externalise all configuration
 
@@ -203,6 +203,6 @@ Implement logging, tracing, and monitoring mechanisms to gain visibility into th
 
 - Pod security policies are configurations that define which security-related conditions a Kubernetes pod has to meet in order to be accepted into a cluster
 
-## Documentation and Runbook
+## Documentation and runbook
 
 Create detailed documentation or a runbook that outlines the deployment process, including all necessary steps and configurations. Include troubleshooting guides, common issues, and solutions for reference during the go-live process and ongoing maintenance.