Feat: Initial implementation of chart with argo workflows init hook (#1)

.github/configs/cr.yaml

@@ -0,0 +1,12 @@
+## Reference: https://github.com/helm/chart-releaser
+index-path: "./index.yaml"
+
+# PGP signing
+sign: true
+key: garage-cf
+# keyring:          # Set via env variable CR_KEYRING
+# passphrase-file:  # Set via env variable CR_PASSPHRASE_FILE
+
+# Enable automatic generation of release notes using GitHubs release notes generator.
+# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+generate-release-notes: true

.github/configs/ct-install.yaml

@@ -0,0 +1,12 @@
+## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
+# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
+# Only Used for the CT Install Stage
+remote: origin
+charts:
+- script/helm/garage
+helm-extra-args: "--timeout 600s"
+validate-chart-schema: false
+validate-maintainers: true
+validate-yaml: true
+exclude-deprecated: true
+excluded-charts: []

.github/configs/ct-lint.yaml

@@ -0,0 +1,11 @@
+## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
+# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
+# Only Used for the CT Lint Stage
+remote: origin
+charts:
+- script/helm/garage
+validate-chart-schema: false
+validate-maintainers: false
+validate-yaml: true
+exclude-deprecated: true
+excluded-charts: []

.github/configs/kind-config.yaml

@@ -0,0 +1,7 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+  - role: worker
+  - role: worker
+  - role: worker

.github/configs/lintconf.yaml

@@ -0,0 +1,42 @@
+---
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    require-starting-space: true
+    min-spaces-from-content: 1
+  document-end: disable
+  document-start: disable # No --- to start a file
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: consistent
+    indent-sequences: whatever # - list indentation will handle both indentation and without
+    check-multi-line-strings: false
+  key-duplicates: enable
+  line-length: disable # Lines can be any length
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    level: warning

.github/workflows/lint-and-test.yml

@@ -0,0 +1,58 @@
+## Reference: https://github.com/helm/chart-testing-action
+name: Linting and Testing
+on:
+  pull_request:
+    branches:
+      - 'codefresh-main'
+
+permissions:
+  contents: read
+
+jobs:
+  chart-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        with:
+          version: v3.10.1 # Also update in publish.yaml
+
+      - name: Set up python
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+        with:
+          python-version: 3.9
+
+      - name: Setup Chart Linting
+        id: lint
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        with:
+          # Note: Also update in scripts/lint.sh
+          version: v3.10.0
+
+      - name: Run chart-testing (lint)
+        run: ct lint --debug --config ./.github/configs/ct-lint.yaml --target-branch ${{ github.base_ref }} --lint-conf ./.github/configs/lintconf.yaml
+
+      - name: Run docs-testing (helm-docs)
+        id: helm-docs
+        run: |
+          ./script/helm-docs.sh
+          if [[ $(git diff --stat) != '' ]]; then
+            echo -e '\033[0;31mDocumentation outdated!\033[0m ❌'
+            git diff --color
+            exit 1
+          else
+            echo -e '\033[0;32mDocumentation up to date\033[0m ✔'
+          fi
+
+      - name: Create kind cluster
+        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+        with:
+          config: .github/configs/kind-config.yaml
+
+      - name: Run chart-testing (install)
+        run: ct install --config ./.github/configs/ct-install.yaml --target-branch ${{ github.base_ref }}

.github/workflows/publish.yml

@@ -0,0 +1,81 @@
+## Reference: https://github.com/helm/chart-releaser-action
+name: Chart Publish
+on:
+  push:
+    branches:
+      - codefresh-main
+    paths:
+      - "script/helm/garage/**"
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    permissions:
+      contents: write  # for helm/chart-releaser-action to push chart release and create a release
+      packages: write  # to push OCI chart package to GitHub Registry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        with:
+          fetch-depth: 0
+
+      - name: Install Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        with:
+          version: v3.10.1 # Also update in lint-and-test.yaml
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Package chart
+        run: |
+          rm -rf .cr-release-packages
+          mkdir .cr-release-packages
+          helm package script/helm/garage -u -d .cr-release-packages/
+
+      # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key
+      # in ASCII-armored format. To export a (new) key, run this command:
+      # `gpg --armor --export-secret-key <my key>`
+      - name: Prepare PGP key
+        run: |
+          IFS=""
+          echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg
+          echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt
+
+          # Tell chart-releaser-action where to find the key and its passphrase
+          echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
+          echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
+        env:
+          PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}"
+          PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 - currently there is a bug on 1.6.0 version, can upgrade back when it'll be solved - https://github.com/helm/chart-releaser-action/issues/171
+        with:
+          config: "./.github/configs/cr.yaml"
+          skip_packaging: true
+          charts_dir: script/helm
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Login to GHCR
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push chart to GHCR
+        run: |
+          shopt -s nullglob
+          for pkg in .cr-release-packages/*.tgz; do
+            if [ -z "${pkg:-}" ]; then
+              break
+            fi
+            helm push "${pkg}" oci://ghcr.io/${{ github.repository }}
+          done

.gitignore

@@ -3,4 +3,5 @@
 /pki
 **/*.rs.bk
 *.swp
-/.direnv
+/.direnv
+values-dev.yaml

script/helm-docs.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+## Reference: https://github.com/norwoodj/helm-docs
+set -eux
+CHART_DIR="$(cd "$(dirname "$0")/helm/garage" && pwd)"
+echo "$CHART_DIR"
+
+echo "Running Helm-Docs"
+docker run \
+    -v "$CHART_DIR:/helm-docs" \
+    -u $(id -u) \
+    --rm \
+    jnorwood/helm-docs:v1.9.1

script/helm-lint.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing.
+# Reference: https://github.com/helm/chart-testing
+set -eux
+
+SRCROOT="$(cd "$(dirname "$0")/.." && pwd)"
+echo $SRCROOT
+echo -e "\n-- Linting all Helm Charts --\n"
+docker run \
+     -v "$SRCROOT:/workdir" \
+     --entrypoint /bin/sh \
+     quay.io/helmpack/chart-testing:v3.10.0 \
+     -c cd /workdir \
+     ct lint \
+     --config .github/configs/ct-lint.yaml \
+     --lint-conf .github/configs/lintconf.yaml \
+     --debug

script/helm/garage/Chart.yaml

@@ -1,7 +1,9 @@
 apiVersion: v2
 name: garage
 description: S3-compatible object store for small self-hosted geo-distributed deployments
-
+maintainers:
+  - name: garagehq.deuxfleurs.fr
+  - name: codefresh.io
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -15,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.5.0-cf.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v1.0.0"
+appVersion: "v0.9.4"

script/helm/garage/README.md

@@ -0,0 +1,101 @@
+# garage
+
+![Version: 0.5.0-cf.1](https://img.shields.io/badge/Version-0.5.0--cf.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.4](https://img.shields.io/badge/AppVersion-v0.9.4-informational?style=flat-square)
+
+S3-compatible object store for small self-hosted geo-distributed deployments
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| garagehq.deuxfleurs.fr |  |  |
+| codefresh.io |  |  |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| argoWorkflowsConfigHook | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/garage-argo-workflows-config-hook","tag":"2024.05.18-5def96f"}}` | Config hook for argo workflows |
+| deployment.kind | string | `"StatefulSet"` |  |
+| deployment.replicaCount | int | `3` |  |
+| fullnameOverride | string | `""` |  |
+| garage."garage.toml" | string | `"metadata_dir = \"/mnt/meta\"\ndata_dir = \"/mnt/data\"\n\ndb_engine = \"{{ .Values.garage.dbEngine }}\"\n\nblock_size = {{ .Values.garage.blockSize }}\n\nreplication_mode = \"{{ .Values.garage.replicationMode }}\"\n\ncompression_level = {{ .Values.garage.compressionLevel }}\n\nrpc_bind_addr = \"{{ .Values.garage.rpcBindAddr }}\"\n# rpc_secret will be populated by the init container from a k8s secret object\nrpc_secret = \"__RPC_SECRET_REPLACE__\"\n\nbootstrap_peers = {{ .Values.garage.bootstrapPeers }}\n\n[kubernetes_discovery]\nnamespace = \"{{ .Release.Namespace }}\"\nservice_name = \"{{ include \"garage.fullname\" . }}\"\nskip_crd = {{ .Values.garage.kubernetesSkipCrd }}\n\n[s3_api]\ns3_region = \"{{ .Values.garage.s3.api.region }}\"\napi_bind_addr = \"[::]:3900\"\nroot_domain = \"{{ .Values.garage.s3.api.rootDomain }}\"\n\n[s3_web]\nbind_addr = \"[::]:3902\"\nroot_domain = \"{{ .Values.garage.s3.web.rootDomain }}\"\nindex = \"{{ .Values.garage.s3.web.index }}\"\n\n[admin]\napi_bind_addr = \"[::]:3903\"\n{{- if .Values.monitoring.tracing.sink }}\ntrace_sink = \"{{ .Values.monitoring.tracing.sink }}\"\n{{- end }}"` |  |
+| garage.blockSize | string | `"1048576"` |  |
+| garage.bootstrapPeers | list | `[]` |  |
+| garage.compressionLevel | string | `"1"` |  |
+| garage.dbEngine | string | `"lmdb"` |  |
+| garage.kubernetesSkipCrd | bool | `false` |  |
+| garage.replicationMode | string | `"3"` |  |
+| garage.rpcBindAddr | string | `"[::]:3901"` |  |
+| garage.rpcSecret | string | `""` |  |
+| garage.s3.api.region | string | `"garage"` |  |
+| garage.s3.api.rootDomain | string | `".s3.garage.tld"` |  |
+| garage.s3.web.index | string | `"index.html"` |  |
+| garage.s3.web.rootDomain | string | `".web.garage.tld"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"dxflrs/garage"` |  |
+| image.tag | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.s3.api.annotations | object | `{}` |  |
+| ingress.s3.api.enabled | bool | `false` |  |
+| ingress.s3.api.hosts[0].host | string | `"s3.garage.tld"` |  |
+| ingress.s3.api.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.s3.api.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.s3.api.hosts[1].host | string | `"*.s3.garage.tld"` |  |
+| ingress.s3.api.hosts[1].paths[0].path | string | `"/"` |  |
+| ingress.s3.api.hosts[1].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.s3.api.labels | object | `{}` |  |
+| ingress.s3.api.tls | list | `[]` |  |
+| ingress.s3.web.annotations | object | `{}` |  |
+| ingress.s3.web.enabled | bool | `false` |  |
+| ingress.s3.web.hosts[0].host | string | `"*.web.garage.tld"` |  |
+| ingress.s3.web.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.s3.web.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.s3.web.hosts[1].host | string | `"mywebpage.example.com"` |  |
+| ingress.s3.web.hosts[1].paths[0].path | string | `"/"` |  |
+| ingress.s3.web.hosts[1].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.s3.web.labels | object | `{}` |  |
+| ingress.s3.web.tls | list | `[]` |  |
+| initImage.pullPolicy | string | `"IfNotPresent"` |  |
+| initImage.repository | string | `"busybox"` |  |
+| initImage.tag | string | `"stable"` |  |
+| monitoring.metrics.enabled | bool | `false` |  |
+| monitoring.metrics.serviceMonitor.enabled | bool | `false` |  |
+| monitoring.metrics.serviceMonitor.interval | string | `"15s"` |  |
+| monitoring.metrics.serviceMonitor.labels | object | `{}` |  |
+| monitoring.metrics.serviceMonitor.path | string | `"/metrics"` |  |
+| monitoring.metrics.serviceMonitor.relabelings | list | `[]` |  |
+| monitoring.metrics.serviceMonitor.scheme | string | `"http"` |  |
+| monitoring.metrics.serviceMonitor.scrapeTimeout | string | `"10s"` |  |
+| monitoring.metrics.serviceMonitor.tlsConfig | object | `{}` |  |
+| monitoring.tracing.sink | string | `""` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistence.data.hostPath | string | `"/var/lib/garage/data"` |  |
+| persistence.data.size | string | `"100Mi"` |  |
+| persistence.data.storageClass | string | `""` |  |
+| persistence.enabled | bool | `true` |  |
+| persistence.meta.hostPath | string | `"/var/lib/garage/meta"` |  |
+| persistence.meta.size | string | `"100Mi"` |  |
+| persistence.meta.storageClass | string | `""` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `1000` |  |
+| podSecurityContext.runAsGroup | int | `1000` |  |
+| podSecurityContext.runAsNonRoot | bool | `true` |  |
+| podSecurityContext.runAsUser | int | `1000` |  |
+| resources | object | `{}` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| service.s3.admin.port | int | `3903` |  |
+| service.s3.api.port | int | `3900` |  |
+| service.s3.web.port | int | `3902` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tests.awsCliImage | string | `"amazon/aws-cli:2.13.2"` |  |
+| tolerations | list | `[]` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1)