feat: enable project mode (#431)

* feat: enable project mode

Signed-off-by: Engin Diri <engin.diri@ediri.de>

* feat: enable project mode

Signed-off-by: Engin Diri <engin.diri@ediri.de>

* feat: enable project mode

Signed-off-by: Engin Diri <engin.diri@ediri.de>

* feat: enable project mode

Signed-off-by: Engin Diri <engin.diri@ediri.de>

* feat: enable project mode

Signed-off-by: Engin Diri <engin.diri@ediri.de>

* feat: enable project mode

Signed-off-by: Engin Diri <engin.diri@ediri.de>

---------

Signed-off-by: Engin Diri <engin.diri@ediri.de>

Author: dirien

.github/workflows/lint-and-test.yml

@@ -60,7 +60,7 @@ jobs:
 
       - name: Run Artifact Hub lint
         run: |
-          curl -s https://api.github.com/repos/artifacthub/hub/releases/latest | grep -E 'browser_download_url' | grep linux_amd64.tar.gz\" | grep -Eo 'https://[^\"]*' | xargs wget -O - | tar -xz
+          curl -s https://api.github.com/repos/artifacthub/hub/releases/latest | grep -E 'browser_download_url.*linux_amd64\.tar\.gz' | grep -Eo 'https://[^"]*' | xargs wget -O - | tar -xz
           ./ah lint -p charts/node-red || exit 1
           rm -f ./ah
 

.trivyignore

@@ -0,0 +1,2 @@
+# readOnlyRootFilesystem: false  # Node-RED needs write access for project mode and normal operation
+AVD-KSV-0014

charts/node-red/Chart.yaml

@@ -9,7 +9,7 @@ icon: https://nodered.org/about/resources/media/node-red-icon-2.png
 
 type: application
 
-version: 0.34.2
+version: 0.35.0
 appVersion: 4.0.9
 
 keywords:

charts/node-red/templates/deployment.yaml

@@ -115,14 +115,18 @@ spec:
           {{- end }}
           image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if or .Values.metrics.enabled .Values.env }}
+          {{- if or .Values.metrics.enabled .Values.projectMode.enabled .Values.env }}
           env:
           {{- if .Values.metrics.enabled}}
           - name: PROMETHEUS_COLLECT_DEFAULT_METRICS
             value: "true"
           - name: PROMETHEUS_METRICS_PATH
             value: {{ .Values.metrics.path | default "/metrics" }}
           {{- end }}
+          {{- if .Values.projectMode.enabled }}
+          - name: NODE_RED_ENABLE_PROJECTS
+            value: "true"
+          {{- end }}
           {{- with .Values.env }}
           {{- tpl (toYaml .) $ | nindent 10 }}
           {{- end }}

charts/node-red/values.yaml

@@ -51,6 +51,13 @@ env: []
   # env:
   # - name: "NODE_RED_ENABLE_SAFE_MODE"
   #   value: ""
+
+# -- Enable Node-RED project mode for Git integration and project management
+# Note: Project mode requires write access to the /data directory and may need
+# additional security context adjustments depending on your cluster's security policies
+projectMode:
+  enabled: false
+
 envFrom: []
   # Possible values:
   # - secretRef:
@@ -86,9 +93,9 @@ securityContext:
   privileged: false
   runAsNonRoot: true
   allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-  runAsGroup: 10003
-  runAsUser: 10003
+  readOnlyRootFilesystem: false  # Node-RED needs write access for project mode and normal operation
+  runAsGroup: 1000               # Match Node-RED's expected group
+  runAsUser: 1000                # Match Node-RED's expected user
   seccompProfile:
     type: RuntimeDefault
   capabilities: