From 9074008b6b789908ac69c44aae944366289aed28 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Sep 2024 07:50:14 +0000
Subject: [PATCH 1/2] Bump github/super-linter from 6 to 7

Bumps [github/super-linter](https://github.com/github/super-linter) from 6 to 7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 805c5de6..5005d552 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -23,7 +23,7 @@ jobs:
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter/slim@v6
+        uses: github/super-linter/slim@v7
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From f2369eb871c369f7ef7ad23c88988596133d952c Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Wed, 4 Sep 2024 10:11:35 +0200
Subject: [PATCH 2/2] Apply configuration changes

---
 .github/linters/.checkov.yaml              | 27 ++++++++++++++++++++++
 .github/workflows/ci.yaml                  |  1 +
 zammad/Chart.yaml                          |  4 ++--
 zammad/templates/deployment-scheduler.yaml |  2 ++
 4 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 .github/linters/.checkov.yaml

diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
new file mode 100644
index 00000000..822149e7
--- /dev/null
+++ b/.github/linters/.checkov.yaml
@@ -0,0 +1,27 @@
+---
+# Don't report passed checks in output
+quiet: true
+
+skip-path:
+  - zammad/templates/tests
+  - zammad/ci
+  - zammad/charts
+
+skip-check:
+  # These checks don't seem to make sense with a / our Helm chart
+  - CKV_K8S_21  # "The default namespace should not be used"
+  - CKV_K8S_10  # "CPU requests should be set"
+  - CKV_K8S_11  # "CPU limits should be set"
+  - CKV_K8S_15  # "Image Pull Policy should be Always"
+  - CKV_K8S_12  # "Memory requests should be set"
+  - CKV_K8S_13  # "Memory limits should be set"
+  - CKV_K8S_43  # "Image should use digest"
+  - CKV_K8S_38  # "Ensure that Service Account Tokens are only mounted where necessary"
+  - CKV_K8S_20  # "Containers should not run with allowPrivilegeEscalation"
+  - CKV_K8S_16  # "Container should not be privileged"
+  - CKV_K8S_40  # "Containers should run as a high UID to avoid host conflict"
+  - CKV_K8S_23  # "Minimize the admission of root containers"
+  - CKV_K8S_22  # "Use read-only filesystem for containers where possible"
+
+  # Maybe consider for improvement
+  - CKV_K8S_35  # "Prefer using secrets as files over secrets as environment variables"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5005d552..f203c962 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -32,6 +32,7 @@ jobs:
           VALIDATE_JSCPD: false
           VALIDATE_KUBERNETES_KUBECONFORM: false
           VALIDATE_YAML: false
+          VALIDATE_YAML_PRETTIER: false
 
   lint-chart:
     runs-on: ubuntu-22.04
diff --git a/zammad/Chart.yaml b/zammad/Chart.yaml
index c67d1b71..d09e43ff 100644
--- a/zammad/Chart.yaml
+++ b/zammad/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: zammad
-version: 12.3.5
-appVersion: 6.3.1-130
+version: 12.3.6
+appVersion: 6.3.1-144
 description: Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails.
 home: https://zammad.org
 icon: https://raw.githubusercontent.com/zammad/zammad-documentation/main/images/zammad_logo_600x520.png
diff --git a/zammad/templates/deployment-scheduler.yaml b/zammad/templates/deployment-scheduler.yaml
index e6fa1017..527a3522 100644
--- a/zammad/templates/deployment-scheduler.yaml
+++ b/zammad/templates/deployment-scheduler.yaml
@@ -7,6 +7,8 @@ metadata:
     app.kubernetes.io/component: zammad-scheduler
   annotations:
     {{- include "zammad.annotations" . | nindent 4 }}
+    checkov.io/skip1: CKV_K8S_8=Liveness Probe Should be Configured - not possible with scheduler
+    checkov.io/skip2: CKV_K8S_9=Readiness Probe Should be Configured - not possible with scheduler
 spec:
   replicas: 1 # Not scalable, may only run once per cluster.
   selector: