Add and publish Helm chart

.github/workflows/release.yml

@@ -0,0 +1,30 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4.1.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -1,4 +1,2 @@
 # Environment file containing sensitive data
 .env
-kubernetes-manifests/secrets/*
-!kubernetes-manifests/secrets/boreholes.template.yaml

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 GeoWerkstatt GmbH
+Copyright (c) 2024 GeoWerkstatt GmbH
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

charts/README.md

@@ -0,0 +1,21 @@
+# Kubernetes Deployment
+
+The application gets deployed to a Kubernetes cluster using Helm. Deployments, services, configmaps, secrets and ingress routes are pre-defined in the Helm chart and can be customized using the `values.yaml` file.
+
+## Validating the Chart
+
+Validate with
+
+```bash
+helm lint .\swissgeol-boreholes
+```
+
+or pretend to install the chart to the cluster and if there is some issue it will show the error.
+
+```bash
+helm install --dry-run swissgeol-boreholes .\swissgeol-boreholes
+```
+
+## Installing the Chart
+
+For detailed instructions on how to install and configure the Helm chart, refer to the corresponding [documentation](./swissgeol-boreholes/README.md).

charts/swissgeol-boreholes/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: swissgeol-boreholes
+description: Borehole Data Management System
+type: application
+version: 0.2.1
+icon: https://raw.githubusercontent.com/geoadmin/suite-bdms/main/src/client/public/favicon.ico
+appVersion: "v2.0.506"
+home: https://www.swissgeol.ch/en
+maintainers:
+  - name: GeoWerkstatt GmbH
+    email: support@geowerkstatt.ch
+    url: https://www.geowerkstatt.ch/
+keywords:
+  - boreholes
+  - swissgeol
+  - geoadmin
+  - bdms
+sources:
+  - https://github.com/geoadmin/suite-bdms
+  - https://github.com/geoadmin/config-bdms

charts/swissgeol-boreholes/README.md

@@ -0,0 +1,81 @@
+![Helm Chart](https://img.shields.io/badge/helm%20chart-swissgeol--boreholes-blue)
+
+# Helm package for swissgeol-boreholes
+
+_swissgeol-boreholes_ is a web application which allows to easily manage structured data about boreholes. The source code is available at [geoadmin/suite-bdms](https://github.com/geoadmin/suite-bdms).
+
+## TL;DR
+
+```bash
+# Add the swissgeol-boreholes Helm repository
+helm repo add swissgeol-boreholes https://geoadmin.github.io/config-bdms/
+
+# Update the Helm repositories
+helm repo update
+
+# Install the swissgeol-boreholes Helm chart
+helm install swissgeol-boreholes geoadmin/swissgeol-boreholes \
+  --namespace 'swissgeol-boreholes' \
+  --create-namespace
+```
+
+## Introduction
+
+This chart bootstraps the [swissgeol-boreholes](https://github.com/geoadmin/suite-bdms) web application as also the required services and deployments in a Kubernetes cluster using the Helm package manager.
+
+## Prerequisites
+
+- Kubernetes 1.23+
+- Helm 3.8.0+
+
+## Installing the Chart
+
+To install the chart with the release name `swissgeol-boreholes`:
+
+```bash
+helm install swissgeol-boreholes geoadmin/swissgeol-boreholes
+```
+
+## Configuring the Chart
+
+The following table lists the configurable parameters of the swissgeol-boreholes chart and their default values.
+
+| Parameter | Description | Default |
+| --- | --- | --- |
+| `replicaCount` | Number of replicas | `1` |
+| `app.domain` | Base domain name | `boreholes.swissgeol.ch` |
+| `app.version` | Docker image tag | `latest` |
+| `auth.authority` | Issuer URL | `""` |
+| `auth.audience` | Client id | `""` |
+| `database.host` | Database host | `""` |
+| `database.name` | Database name | `""` |
+| `database.username` | Database username | `""` |
+| `database.password` | Database password | `""` |
+| `s3.endpoint` | S3 endpoint | `""` |
+| `s3.bucket` | S3 bucket name | `""` |
+| `s3.accessKey` | S3 access key | `""` |
+| `s3.secretKey` | S3 secret key | `""` |
+
+Specify each parameter using the `--set key=value` argument to `helm install`. For example,
+
+```bash
+helm install swissgeol-boreholes geoadmin/swissgeol-boreholes \
+  --namespace 'swissgeol-boreholes' \
+  --create-namespace \
+  --set app.domain="dev-boreholes.swissgeol.ch" \
+  --set app.version="edge"
+```
+
+For a full list of values, you can check the `values.yaml` file or use the `helm show values geoadmin/swissgeol-boreholes` command. Refer to the corresponding Helm [documentation](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing) for more information on how to override settings in a YAML formated file.
+
+## Additional commands
+
+Refer to the [Helm documentation](https://helm.sh/docs/helm/helm/) for more information on how to install, upgrade, or delete a Helm chart.
+
+## Automated updates using Keel (optional)
+
+This chart is configured to work with [Keel](https://keel.sh/), a tool that scans Kubernetes and Helm releases for outdated images and performs automated updates according the specified `app.version` setting. To enable Keel, you need to deploy it in your cluster using kubectl or Helm. Refer to the [Keel documentation](https://keel.sh/docs/#introduction) for more information on how to do that.
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

charts/swissgeol-boreholes/templates/api-legacy.yaml

@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-api-legacy
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    keel.sh/policy: force
+    keel.sh/match-tag: 'true'
+    keel.sh/trigger: poll
+spec:
+  replicas: {{ .Values.replicaCount}}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-api-legacy
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-api-legacy
+    spec:
+      containers:
+        - name: {{ .Release.Name }}-api-legacy
+          image: ghcr.io/geoadmin/suite-bdms-api-legacy:{{ .Values.app.version | default "latest" }}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+          env:
+            - name: DB_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: databaseHost
+            - name: DB_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: databasePort
+                  optional: true
+            - name: DB_DATABASE
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: databaseName
+            - name: DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-secrets
+                  key: databaseUsername
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-secrets
+                  key: databasePassword
+            - name: TZ
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: timezone
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-api-legacy
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: {{ .Release.Name }}-api-legacy
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 8888

charts/swissgeol-boreholes/templates/api.yaml

@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-api
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    keel.sh/policy: force
+    keel.sh/match-tag: 'true'
+    keel.sh/trigger: poll
+spec:
+  replicas: {{ .Values.replicaCount}}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-api
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-api
+    spec:
+      containers:
+      - name: {{ .Release.Name }}-api
+        image: ghcr.io/geoadmin/suite-bdms-api:{{ .Values.app.version | default "latest" }}
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+        env:
+        - name: S3__ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name }}-secrets
+              key: s3AccessKey
+              optional: true
+        - name: S3__SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name }}-secrets
+              key: s3SecretKey
+              optional: true
+        - name: S3__BUCKET_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: s3bucket
+        - name: S3__ENDPOINT
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: s3Endpoint
+        - name: S3__SECURE
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: s3Secure
+              optional: true
+        - name: CONNECTIONSTRINGS__BdmsContext
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name }}-secrets
+              key: databaseConnectionString
+        - name: TZ
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: timezone
+        - name: ReverseProxy__Clusters__pythonApi__Destinations__legacyApi__Address
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: legacyApiAddress
+        - name: Auth__Authority
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: authAuthority
+        - name: Auth__Audience
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: authAudience
+        - name: Auth__Scopes
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: authScopes
+        - name: Auth__GroupClaimType
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: authGroupClaimType
+        - name: Auth__AuthorizedGroupName
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-config
+              key: authAuthorizedGroupName
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-api
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: {{ .Release.Name }}-api
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

charts/swissgeol-boreholes/templates/client.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-client
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    keel.sh/policy: force
+    keel.sh/match-tag: 'true'
+    keel.sh/trigger: poll
+spec:
+  replicas: {{ .Values.replicaCount}}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-client
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-client
+    spec:
+      containers:
+        - name: {{ .Release.Name }}-client
+          image: ghcr.io/geoadmin/suite-bdms-client:{{ .Values.app.version | default "latest" }}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3000
+          env:
+            - name: TZ
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: timezone
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-client
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: {{ .Release.Name }}-client
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 3000
+