Initial commit

Author: orf

.editorconfig

@@ -0,0 +1,11 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.yaml]
+indent_style = space
+indent_size = 2

.github/workflows/pre-commit.yml

@@ -0,0 +1,30 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    env:
+      HELM_CACHE_HOME: "/tmp/helm-cache/"
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v3
+
+      - name: Restore helm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.HELM_CACHE_HOME }}
+          key: ${{ runner.os }}-helm
+
+      - name: Install helm
+        uses: azure/[email protected]
+      - name: Install helm plugins
+        run: |
+          helm plugin install https://github.com/helm-unittest/helm-unittest.git
+
+      - name: Run pre-commit
+        uses: pre-commit/[email protected]

.gitignore

@@ -0,0 +1 @@
+.idea/

.pre-commit-config.yaml

@@ -0,0 +1,26 @@
+---
+repos:
+- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
+  rev: 0.2.3    # or other specific tag
+  hooks:
+  - id: yamlfmt
+    files: .*.(yaml|yml)
+    exclude: templates/
+    args: [--mapping, '2', --sequence, '2', --offset, '0']
+- repo: local
+  hooks:
+  - entry: ./scripts/bundle_schemas.sh
+    id: schema-bundle
+    language: node
+    name: schema-bundle
+    pass_filenames: false
+  - entry: ./scripts/test.sh
+    id: helm-unittest
+    language: script
+    name: helm-unittest
+    pass_filenames: false
+  - entry: ./scripts/lint.sh
+    id: helm-lint
+    language: script
+    name: helm-lint
+    pass_filenames: false

.tool-versions

@@ -0,0 +1,2 @@
+nodejs 22.11.0
+helm 3.16.3

README.md

@@ -0,0 +1,9 @@
+# GitGuardian NHI Helm Charts
+
+## Development
+
+Install the [helm unittest plugin](https://github.com/helm-unittest/helm-unittest)
+
+```shell
+$ helm plugin install https://github.com/helm-unittest/helm-unittest.git
+```

charts/inventory-agent/.helmignore

@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+tests/
+test_values.yaml

charts/inventory-agent/Chart.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: v2
+name: inventory-agent
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: 1.16.0

charts/inventory-agent/templates/NOTES.txt

@@ -0,0 +1,11 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+The agent will run with the following schedule: {{ .Values.inventory.schedule }}
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}
+

charts/inventory-agent/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "inventory-agent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "inventory-agent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "inventory-agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "inventory-agent.labels" -}}
+helm.sh/chart: {{ include "inventory-agent.chart" . }}
+{{ include "inventory-agent.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "inventory-agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "inventory-agent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "inventory-agent.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "inventory-agent.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/inventory-agent/templates/configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "inventory-agent.fullname" . }}
+  labels:
+    {{- include "inventory-agent.labels" . | nindent 4 }}
+data:
+  config.yml: {{ toYaml .Values.inventory.config|quote }}

charts/inventory-agent/templates/cronjob.yaml

@@ -0,0 +1,55 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "inventory-agent.fullname" . }}
+  labels:
+    {{- include "inventory-agent.labels" . | nindent 4 }}
+spec:
+  schedule: {{ toJson .Values.inventory.schedule  }}
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          {{- with .Values.podAnnotations }}
+          annotations: {{- toJson . }}
+          {{- end }}
+          labels:
+            {{- include "inventory-agent.labels" . | nindent 12 }}
+            {{- with .Values.podLabels }}
+            {{ toYaml . | nindent 12 }}
+            {{- end }}
+        spec:
+          containers:
+            - name: {{ .Chart.Name }}
+              securityContext: {{ toJson .Values.securityContext }}
+              image: "{{ .Values.image.repository }}:{{ .Values.inventory.version }}"
+              imagePullPolicy: {{ .Values.image.pullPolicy }}
+              resources: {{ toJson .Values.resources }}
+              env:
+                - name: INVENTORY_CONFIG_PATH
+                  value: /etc/inventory/config.yml
+              volumeMounts:
+                - name: config
+                  mountPath: /etc/inventory
+          {{- with .Values.imagePullSecrets }}
+          imagePullSecrets: {{ toJson . }}
+          {{- end }}
+          serviceAccountName: {{ include "inventory-agent.serviceAccountName" . }}
+          securityContext: {{ toJson .Values.podSecurityContext }}
+          {{- with .Values.nodeSelector }}
+          nodeSelector: {{ toJson . }}
+          {{- end }}
+          {{- with .Values.affinity }}
+          affinity: {{ toJson . }}
+          {{- end }}
+          {{- with .Values.tolerations }}
+          tolerations: {{ toJson . }}
+          {{- end }}
+          restartPolicy: {{ .Values.restartPolicy }}
+
+          volumes:
+            - name: config
+              configMap:
+                # Provide the name of the ConfigMap containing the files you want
+                # to add to the container
+                name: {{ include "inventory-agent.fullname" . }}

charts/inventory-agent/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "inventory-agent.serviceAccountName" . }}
+  labels:
+    {{- include "inventory-agent.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}

charts/inventory-agent/test_values.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=values.schema.json
+
+inventory:
+  config:
+    sources: {}
+
+imagePullSecrets:
+- name: ghcr

charts/inventory-agent/tests/configmap_test.yaml

@@ -0,0 +1,25 @@
+---
+# Test docs: https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md
+suite: test configmap
+values:
+- ../test_values.yaml
+templates:
+- configmap.yaml
+tests:
+- it: should work
+  set:
+    inventory.config.sources:
+      kube:
+        type: k8s
+  asserts:
+  - isKind:
+      of: ConfigMap
+  - matchRegex:
+      path: metadata.name
+      pattern: -inventory-agent$
+  - equal:
+      path: data["config.yml"]
+      value: |-
+        sources:
+          kube:
+            type: k8s