chore(ci): Update YAML files to comply with YAMLLINT

.gitlab-ci.yml

@@ -27,7 +27,7 @@ variables:
     description: "The name of namespaces to deploy to."
     value: ""
   CLUSTER:
-    description: "Define which cluster to use - don't select prototype when you are not explicitly knowing what you are doing!"
+    description: "Define which cluster to use"
     value: "develop"
     options:
       - "dev"
@@ -61,7 +61,7 @@ variables:
       - "yes"
       - "no"
   DEPLOY_UCS:
-    description: "Enable Univention Corporate Server deployment. Depends on `DEPLOY_KEYCLOAK` and `DEPLOY_VAULT`."
+    description: "Enable Univention Corporate Server deployment."
     value: "no"
     options:
       - "yes"
@@ -79,7 +79,7 @@ variables:
       - "yes"
       - "no"
   DEPLOY_KEYCLOAK:
-    description: "Enable Keycloak deployment. 'yes' deploys upstream (bitnami) Keycloak, select 'keycloak_univention' to install Univention maintained Keycloak."
+    description: "Enable Keycloak deployment."
     value: "no"
     options:
       - "yes"
@@ -156,14 +156,15 @@ variables:
         field: "credentials"
       file: false
   script:
-    - cd "${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
+    - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
-      # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
+    # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
     - |
       if ! [ -z "${MASTER_PASSWORD_WEB_VAR}" ]; then
         export MASTER_PASSWORD="${MASTER_PASSWORD_WEB_VAR}"
       fi;
-    - echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}"
+    - >
-    - helmfile --namespace ${NAMESPACE} apply --suppress-diff
+      echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}"
+    - "helmfile --namespace ${NAMESPACE} apply --suppress-diff"
   tags:
     - "docker"
     - "kubernetes"
@@ -178,7 +179,10 @@ env-cleanup:
     action: "stop"
   needs: []
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $ENV_STOP_BEFORE != "no"
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          $ENV_STOP_BEFORE != "no"
       when: "always"
   script:
     - "helmfile destroy --namespace ${NAMESPACE}"
@@ -193,10 +197,12 @@ env-start:
   extends: ".deploy-common"
   image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/
       when: "always"
   script:
-    - 'echo "Deploying to Environment ${NAMESPACE} in ${CLUSTER} Cluster"'
+    - "echo \"Deploying to Environment ${NAMESPACE} in ${CLUSTER} Cluster\""
     - "kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -"
     - >
       kubectl create secret
@@ -212,8 +218,11 @@ services-deploy:
   stage: "basic-services-deploy"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_SERVICES != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_SERVICES != "no")
+      when: "always"
   variables:
     COMPONENT: "services"
 
@@ -221,8 +230,11 @@ ucs-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no")
+      when: "always"
   variables:
     COMPONENT: "univention-corporate-container"
 
@@ -230,8 +242,11 @@ provisioning-deploy:
   stage: "component-deploy-stage-2"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no")
+      when: "always"
   variables:
     COMPONENT: "provisioning"
 
@@ -239,18 +254,24 @@ keycloak-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
+      when: "always"
   variables:
     COMPONENT: "keycloak"
 
 keycloak-bootstrap-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
-  timeout: 30m
+  timeout: "30m"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_KEYCLOAK != "no")
+      when: "always"
   variables:
     COMPONENT: "keycloak-bootstrap"
 
@@ -258,8 +279,11 @@ ox-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OX != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OX != "no")
+      when: "always"
   variables:
     COMPONENT: "open-xchange"
 
@@ -267,8 +291,11 @@ ics-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no")
+      when: "always"
   variables:
     COMPONENT: "intercom-service"
 
@@ -276,8 +303,11 @@ xwiki-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_XWIKI != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_XWIKI != "no")
+      when: "always"
   variables:
     COMPONENT: "xwiki"
 
@@ -285,8 +315,11 @@ collabora-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_COLLABORA != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_COLLABORA != "no")
+      when: "always"
   variables:
     COMPONENT: "collabora"
 
@@ -294,8 +327,11 @@ nextcloud-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no")
+      when: "always"
   variables:
     COMPONENT: "nextcloud"
 
@@ -303,8 +339,11 @@ openproject-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OPENPROJECT != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_OPENPROJECT != "no")
+      when: "always"
   variables:
     COMPONENT: "openproject"
 
@@ -312,8 +351,11 @@ jitsi-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_JITSI != "no")
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
+          $NAMESPACE =~ /.+/ &&
+          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_JITSI != "no")
+      when: "always"
   variables:
     COMPONENT: "jitsi"
 
@@ -325,10 +367,12 @@ env-stop:
   image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
   needs: []
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/
       when: "manual"
   script:
-    - "echo 'We do not stop the env (delete the namespace) at the moment in this stage, as deleting a branches also triggers this env-stop stage and we do not want this to happen.'"
+    - "echo 'We do not stop the env (delete the namespace) at the moment in this stage, as deleting a branches also
+      triggers this env-stop stage and we do not want this to happen.'"
     # - kubectl delete namespace "${NAMESPACE}"
   stage: "env-stop"
   variables:
@@ -344,8 +388,9 @@ run-tests:
     - "${CLUSTER}"
   stage: "tests"
   rules:
-    - if: $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
+    - if: >
-      when: always
+          $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
+      when: "always"
   script:
     - |
       COMPONENTS="login or portal or profile or navigation"
@@ -383,10 +428,11 @@ run-tests:
 
 common-yaml-linter:
   except:
-    - tags
+    - "tags"
-    - web
+    - "web"
 
 reuse-linter:
+  allow_failure: false
   except:
-    - tags
+    - "tags"
-    - web
+    - "web"

helmfile/apps/keycloak/values-keycloak-idp.yaml

@@ -3,6 +3,7 @@
 ---
 keycloakConfigCli:
   configuration:
+    # yamllint disable rule:line-length
     idp.json: |
       {
         "id": "$(IDENTIFIER)",
@@ -1688,4 +1689,5 @@ keycloakConfigCli:
         ],
         "browserFlow": "2fa-browser"
       }
+    # yamllint enable rule:line-length
 ...

helmfile/apps/keycloak/values-keycloak.yaml

@@ -10,12 +10,14 @@ auth:
   adminUser: "kcadmin"
 # not working as expected with older helm chart, check if it works with most recent one.
 # meanwhile we set the loglevel using the extraEnvVars a bit below.
-#logging:
+# logging:
-#  level: "DEBUG"
+#   level: "DEBUG"
 extraEnvVars:
   - name: "KC_LOG_LEVEL"
     value: "INFO"
-extraStartupArgs: "-Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled"
+extraStartupArgs: >
+  -Dkeycloak.profile.feature.token_exchange=enabled
+  -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
 
 service:
   type: "ClusterIP"
@@ -44,8 +46,12 @@ extraVolumeMounts:
 
 keycloakConfigCli:
   enabled: true
-  command: [ "java", "-jar" ,"/opt/bitnami/keycloak-config-cli/keycloak-config-cli-19.0.3.jar" ]
+  command:
-  args: [ "--import.var-substitution.enabled=true" ]
+    - "java"
+    - "-jar"
+    - "/opt/bitnami/keycloak-config-cli/keycloak-config-cli-19.0.3.jar"
+  args:
+    - "--import.var-substitution.enabled=true"
   cache:
     enabled: false
 

helmfile/apps/nextcloud/values-nextcloud.yaml

@@ -17,7 +17,9 @@ cronjob:
     postStartCommand:
       - "sh"
       - "-c"
-      - 'sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f \/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data'
+      - >
+        sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f
+        \/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data
 
 internalDatabase:
   enabled: false

helmfile/apps/open-xchange/values-openxchange.yaml

@@ -13,13 +13,13 @@ appsuite:
       status:
         # enable admin pack
         # admin: enabled
-        documents: disabled
+        documents: "disabled"
-        guard: enabled
+        guard: "enabled"
     packages:
       status:
-        open-xchange-oidc: enabled
+        open-xchange-oidc: "enabled"
-        open-xchange-authentication-database: disabled
+        open-xchange-authentication-database: "disabled"
-        open-xchange-authentication-oauth: enabled
+        open-xchange-authentication-oauth: "enabled"
     properties:
       com.openexchange.UIWebPath: "/appsuite/"
       # OIDC
@@ -50,10 +50,10 @@ appsuite:
       com.openexchange.mail.transportServer: "postfix"
       com.openexchange.mail.transportServerSource: "global"
       # Mailfilter
-      com.openexchange.mail.filter.loginType: global
+      com.openexchange.mail.filter.loginType: "global"
-      com.openexchange.mail.filter.credentialSource: mail
+      com.openexchange.mail.filter.credentialSource: "mail"
-      com.openexchange.mail.filter.server: dovecot
+      com.openexchange.mail.filter.server: "dovecot"
-      com.openexchange.mail.filter.preferredSaslMech: XOAUTH2
+      com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
       # Capabilities
       com.openexchange.capability.client-onboarding: "true"
       com.openexchange.capability.dynamic-theme: "true"
@@ -64,7 +64,7 @@ appsuite:
       com.openexchange.capability.public-sector: "true"
       com.openexchange.capability.smime: "true"
       # Secondary Accounts
-      com.openexchange.mail.secondary.authType: XOAUTH2
+      com.openexchange.mail.secondary.authType: "XOAUTH2"
       # Nextcloud integration
       com.openexchange.file.storage.nextcloud.oauth.url: "http://nextcloud/"
       com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user"
@@ -97,17 +97,18 @@ appsuite:
       io.ox/core//features/managedResources: "true"
       # Categories
       io.ox/core//features/categories: "true"
-      io.ox/core//categories/predefined: '[{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]'
+      io.ox/core//categories/predefined: >
+        [{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]
       # Nextcloud integration
       # io.ox.nextcloud//server: "https://ics.<DOMAIN>/fs/"
       # Central navigation
-      io.ox.public-sector//navigation/oxtabname: tab_groupware
+      io.ox.public-sector//navigation/oxtabname: "tab_groupware"
       # io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
       io.ox/core//apps/quickLaunchCount: "0"
       io.ox/core//coloredIcons: "false"
       # Dynamic theme
       io.ox/dynamic-theme//mainColor: "#004B76"
-      io.ox/dynamic-theme//logoURL: io.ox.public-sector/logo.svg
+      io.ox/dynamic-theme//logoURL: "io.ox.public-sector/logo.svg"
       io.ox/dynamic-theme//logoWidth: "80"
       io.ox/dynamic-theme//topbarBackground: "#fff"
       io.ox/dynamic-theme//topbarColor: "#1f1f1f"
@@ -120,10 +121,10 @@ appsuite:
 
     asConfig:
       default:
-        host: all
+        host: "all"
         pageHeaderPrefix: "as8.souvap App Suite"
         oidcLogin: true
-        oidcPath: /oidc
+        oidcPath: "/oidc"
 
   core-ui:
     enabled: true

helmfile/apps/openproject/values.yaml

@@ -27,7 +27,8 @@ openproject:
   # seed will only be executed on initial installation
   seed_locale: "de"
 
-# For more details and more options see https://www.openproject.org/docs/installation-and-operations/configuration/environment/
+# For more details and more options see
+# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
 environment:
   OPENPROJECT_LOG__LEVEL: "info"
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN: "phoenixusername"

helmfile/apps/provisioning/values-oxconnector.yaml

@@ -6,7 +6,7 @@ ingress:
 
 oxConnector:
   ldapHost: "univention-corporate-container"
-  #ldapHostIp: ""
+  # ldapHostIp: ""
   ldapBaseDn: "dc=swp-ldap,dc=internal"
   ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
   notifierServer: "univention-corporate-container"

helmfile/apps/xwiki/values.yaml

@@ -39,10 +39,13 @@ properties:
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-color": "@brand-primary"
-  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color": "@brand-primary"
+  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color":
-  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color": "@brand-primary"
+    "@brand-primary"
+  "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color":
+    "@brand-primary"
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "#fff"
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "#fff"
+  # yamllint disable-line rule:line-length
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "'@list-group-active-border: @list-group-border; @gray-light: #727272; @text-muted: @gray; @xwiki-drawer-menu-item-hover-bg: @list-group-hover-bg; @xwiki-drawer-menu-item-hover-color: @list-group-link-hover-color; @well-bg: @body-bg; .navbar-default { border-bottom: 3px solid @brand-primary !important; } #menuview .navbar-brand img { padding: 5px; }'"
   "property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
 
@@ -52,8 +55,9 @@ customConfigs:
   xwiki.properties:
     oidc.scope: "openid,profile,email,address,phoenix"
     oidc.endpoint.userinfo.method: "GET"
-    oidc.user.nameFormater: '${oidc.user.phoenixusername._lowerCase}'
+    oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
-    oidc.user.subjectFormater: '${oidc.user.subject}'
+    oidc.user.subjectFormater: "${oidc.user.subject}"
+    # yamllint disable-line rule:line-length
     oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
     oidc.clientid: "xwiki"
     oidc.endpoint.token.auth_method: "client_secret_basic"