helm charts for k8s deployment (#59)

Author: firefart

.dockerignore

@@ -30,4 +30,5 @@ docker-compose.override.yml
 docker-compose.dev.yml
 .dockerignore
 .gitignore
-*.patch
+*.patch
+TODO

.github/workflows/docker.yml

@@ -4,14 +4,28 @@ on:
   push:
     branches:
       - main
+    paths:
+      - Dockerfile
+      - .github/workflows/docker.yml
+      - cron_entrypoint.sh
+  # only build without pushing on PRs
   pull_request:
+    paths:
+      - Dockerfile
+      - .github/workflows/docker.yml
+      - cron_entrypoint.sh
   workflow_dispatch:
   schedule:
     - cron: "0 0 * * *"
 
 permissions:
   contents: read
 
+# only allow one build at a time per branch
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
   DO_PUSH: ${{ github.ref == 'refs/heads/main' }} # do not push on PRs
 
@@ -20,6 +34,17 @@ jobs:
     timeout-minutes: 80
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        versions:
+          - rt: "5.0.8"
+            rtir: "5.0.8"
+          - rt: "6.0.0"
+            rtir: "5.0.8"
+          - rt: "6.0.1"
+            rtir: "6.0.1"
+            latest: "true"
+
     steps:
       - name: checkout sources
         uses: actions/checkout@v5
@@ -33,26 +58,22 @@ jobs:
         with:
           install: true
 
-      - name: Docker rt5 meta
-        id: metart5
-        uses: docker/metadata-action@v5
-        with:
-          images: firefart/requesttracker
-          tags: |
-            type=raw,value=5
-            type=raw,value=5.0.8
-            type=schedule,pattern={{date 'YYYYMMDD'}},prefix=nightly-5-
-
-      - name: Docker rt6 meta
-        id: metart6
+      - name: Docker meta
+        id: meta
         uses: docker/metadata-action@v5
         with:
           images: firefart/requesttracker
+          flavor: |
+            # disable setting the latest tag by default
+            latest=false
           tags: |
-            type=raw,value=latest
-            type=raw,value=6
-            type=raw,value=6.0.0
-            type=schedule,pattern={{date 'YYYYMMDD'}},prefix=nightly-
+            # Enable latest tag if set
+            type=raw,value=latest,enable=${{ matrix.versions.latest == 'true' }}
+            # Create a tag for the major version
+            type=semver,pattern={{major}},value=${{ matrix.versions.rt }}
+            # Create a tag for the full version
+            type=raw,value=${{ matrix.versions.rt }}
+            type=schedule,pattern={{date 'YYYYMMDD'}},prefix=nightly-${{ matrix.versions.major }}-
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3.5.0
@@ -61,22 +82,16 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build and push RT5
+      - name: Build and push
         uses: docker/build-push-action@v6
         with:
           build-args: |
-            RT_VERSION=5.0.8
-          context: .
-          file: Dockerfile
-          push: ${{ env.DO_PUSH }}
-          tags: ${{ steps.metart5.outputs.tags }}
-          labels: ${{ steps.metart5.outputs.labels }}
-
-      - name: Build and push RT6
-        uses: docker/build-push-action@v6
-        with:
+            RT_VERSION=${{ matrix.versions.rt }}
+            RTIR_VERSION=${{ matrix.versions.rtir }}
           context: .
           file: Dockerfile
+          sbom: true
+          provenance: mode=max
           push: ${{ env.DO_PUSH }}
-          tags: ${{ steps.metart6.outputs.tags }}
-          labels: ${{ steps.metart6.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/hadolint.yml

@@ -0,0 +1,23 @@
+name: hadolint
+on:
+  push:
+    paths:
+      - "**/Dockerfile"
+  pull_request:
+  workflow_dispatch:
+permissions:
+  contents: read
+jobs:
+  hadolint:
+    name: hadolint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          # DL3007: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag
+          # DL3018: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
+          # DL3008: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+          # DL3003: Use WORKDIR to switch to a directory
+          ignore: DL3007,DL3008,DL3018,DL3003

.github/workflows/kubelint.yml

@@ -0,0 +1,22 @@
+name: kubelint
+on:
+  push:
+    paths:
+      - "helm/**.yml"
+      - "helm/**.yaml"
+  pull_request:
+  workflow_dispatch:
+permissions:
+  contents: read
+jobs:
+  kubelint:
+    name: kubelint
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+
+      - name: Scan repo with kube-linter
+        uses: stackrox/kube-linter-action@v1.0.7
+        with:
+          directory: helm

.github/workflows/yamllint.yml

@@ -0,0 +1,21 @@
+name: yamllint
+on:
+  push:
+    paths:
+      - "**.yml"
+      - "**.yaml"
+  pull_request:
+  workflow_dispatch:
+permissions:
+  contents: read
+jobs:
+  yamllint:
+    name: yamllint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: karancode/yamllint-github-action@master
+        with:
+          # fail on warnings and errors
+          yamllint_strict: true
+          yamllint_config_filepath: ".yamllint.yml"

.gitignore

@@ -1,10 +1,11 @@
 *.sh
 !dev.sh
+!dev-helm.sh
 !prod.sh
+!k8s-jobs/install-ingress.sh
 RT_SiteConfig.pm
 *.pem
 *.key
-TODO
 !dev.sh
 !prod.sh
 !logs_prod.sh
@@ -28,4 +29,6 @@ shredder/*.sql
 *.pgpass
 *.json
 docker-compose.override.yml
-*.patch
+*.patch
+# Added by goreleaser init:
+dist/

.goreleaser.yaml

@@ -0,0 +1,46 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+
+archives:
+  - formats: [tar.gz]
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        formats: [zip]
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"

.kube-linter.yml

@@ -0,0 +1,3 @@
+checks:
+  exclude:
+    - latest-tag

.prettierignore

@@ -0,0 +1,2 @@
+README.md
+helm

.yamllint.yml

@@ -0,0 +1,12 @@
+---
+extends: default
+
+ignore:
+  - helm/
+
+rules:
+  truthy: disable
+  line-length: disable
+  document-start: disable
+  comments:
+    min-spaces-from-content: 1