add github action to publish helm chart and README around usage of helm chart

batpad · batpad · commit e974db27101d · 2025-03-27T15:46:53.000+05:30
diff --git a/.github/workflows/publish-helm.yaml b/.github/workflows/publish-helm.yaml
@@ -0,0 +1,44 @@
+name: Publish Helm Chart
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'helm/**'
+      - '.github/workflows/publish-helm.yaml'
+  release:
+    types: [created]
+
+jobs:
+  publish-helm:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.1
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Package Helm Chart
+        run: |
+          helm package helm/
+
+      - name: Push Helm Chart
+        run: |
+          helm push *.tgz oci://ghcr.io/${{ github.repository }}/charts 
diff --git a/helm/README.md b/helm/README.md
@@ -0,0 +1,117 @@
+# STAC Auth Proxy Helm Chart
+
+This Helm chart deploys the STAC Auth Proxy, which provides authentication and authorization for STAC APIs.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.2.0+
+- An OIDC provider (e.g., Auth0, Cognito, Keycloak)
+- A STAC API endpoint
+
+## Installation
+
+### Add the Helm Repository
+
+```bash
+helm registry login ghcr.io
+helm pull oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy --version 0.1.0
+```
+
+### Install the Chart
+
+Basic installation with minimal configuration:
+
+```bash
+helm install stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy \
+  --set config.upstreamUrl=https://your-stac-api.com/stac \
+  --set config.oidc.discoveryUrl=https://your-auth-server/.well-known/openid-configuration \
+  --set ingress.host=stac-proxy.your-domain.com
+```
+
+### Using a Values File
+
+Create a `values.yaml` file:
+
+```yaml
+config:
+  upstreamUrl: "https://your-stac-api.com/stac"
+  oidc:
+    discoveryUrl: "https://your-auth-server/.well-known/openid-configuration"
+    discoveryInternalUrl: "http://auth-server-internal/.well-known/openid-configuration"
+  defaultPublic: false
+  healthzPrefix: "/healthz"
+
+ingress:
+  enabled: true
+  host: "stac-proxy.your-domain.com"
+  tls:
+    enabled: true
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 200m
+    memory: 256Mi
+```
+
+Install using the values file:
+
+```bash
+helm install stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy -f values.yaml
+```
+
+## Configuration
+
+### Required Values
+
+| Parameter | Description |
+|-----------|-------------|
+| `config.upstreamUrl` | URL of the STAC API to proxy |
+| `config.oidc.discoveryUrl` | OpenID Connect discovery document URL |
+
+### Optional Values
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `config.waitForUpstream` | Wait for upstream API to become available | `true` |
+| `config.healthzPrefix` | Path prefix for health check endpoints | `/healthz` |
+| `config.defaultPublic` | Default access policy for endpoints | `false` |
+| `config.oidc.discoveryInternalUrl` | Internal network OIDC discovery URL | `""` |
+| `ingress.enabled` | Enable ingress | `true` |
+| `ingress.className` | Ingress class name | `nginx` |
+| `ingress.host` | Hostname for the ingress | `""` |
+| `ingress.tls.enabled` | Enable TLS for ingress | `true` |
+| `replicaCount` | Number of replicas | `1` |
+
+For a complete list of values, see the [values.yaml](./values.yaml) file.
+
+## Upgrading
+
+To upgrade the release:
+
+```bash
+helm upgrade stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy -f values.yaml
+```
+
+## Uninstalling
+
+To uninstall/delete the deployment:
+
+```bash
+helm uninstall stac-auth-proxy
+```
+
+## Development
+
+To test the chart locally:
+
+```bash
+helm install stac-auth-proxy ./helm --dry-run --debug
+```
+
+## Support
+
+For support, please open an issue in the [STAC Auth Proxy repository](https://github.com/developmentseed/stac-auth-proxy/issues). 
