Initial attempt at helm chart

Author: whatnick

.github/ct-config.yaml

@@ -0,0 +1,11 @@
+# Configuration for chart-testing
+chart-dirs:
+  - helm-chart
+
+chart-repos:
+  - elastic=https://helm.elastic.co
+  - opensearch=https://opensearch-project.github.io/helm-charts/
+
+helm-extra-args: --timeout 10m
+
+validate-maintainers: false

.github/workflows/helm-chart.yml

@@ -0,0 +1,292 @@
+name: Helm Chart CI
+
+on:
+  push:
+    paths:
+      - 'helm-chart/**'
+      - '.github/workflows/helm-chart.yml'
+  pull_request:
+    paths:
+      - 'helm-chart/**'
+      - '.github/workflows/helm-chart.yml'
+
+env:
+  HELM_VERSION: v3.13.0
+  KUBECTL_VERSION: v1.28.0
+
+jobs:
+  lint-and-test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        backend: [elasticsearch, opensearch]
+    
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up Helm
+      uses: azure/setup-helm@v3
+      with:
+        version: ${{ env.HELM_VERSION }}
+
+    - name: Set up kubectl
+      uses: azure/setup-kubectl@v3
+      with:
+        version: ${{ env.KUBECTL_VERSION }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.11'
+
+    - name: Set up chart-testing
+      uses: helm/[email protected]
+
+    - name: Add Helm repositories
+      run: |
+        helm repo add elastic https://helm.elastic.co
+        helm repo add opensearch https://opensearch-project.github.io/helm-charts/
+        helm repo update
+
+    - name: Lint Helm chart
+      run: |
+        cd helm-chart/stac-fastapi
+        helm dependency update
+        helm lint .
+        
+    - name: Template Helm chart
+      run: |
+        cd helm-chart/stac-fastapi
+        helm template test-release . \
+          --set backend=${{ matrix.backend }} \
+          --set ${{ matrix.backend }}.enabled=true \
+          --set app.image.tag=latest \
+          --output-dir /tmp/helm-test-${{ matrix.backend }}
+
+    - name: Validate templated manifests
+      run: |
+        # Check that all required resources are created
+        ls -la /tmp/helm-test-${{ matrix.backend }}/stac-fastapi/templates/
+        
+        # Validate YAML syntax
+        find /tmp/helm-test-${{ matrix.backend }} -name "*.yaml" -exec kubectl apply --dry-run=client -f {} \;
+
+    - name: Run chart-testing (lint)
+      run: |
+        ct lint --config .github/ct-config.yaml --charts helm-chart/stac-fastapi
+
+  integration-test:
+    runs-on: ubuntu-latest
+    needs: lint-and-test
+    strategy:
+      matrix:
+        backend: [elasticsearch, opensearch]
+        k8s-version: ['1.26.6', '1.27.3', '1.28.0']
+    
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up Helm
+      uses: azure/setup-helm@v3
+      with:
+        version: ${{ env.HELM_VERSION }}
+
+    - name: Set up kubectl
+      uses: azure/setup-kubectl@v3
+      with:
+        version: ${{ env.KUBECTL_VERSION }}
+
+    - name: Create kind cluster
+      uses: helm/[email protected]
+      with:
+        node_image: kindest/node:v${{ matrix.k8s-version }}
+        cluster_name: kind
+        config: |
+          kind: Cluster
+          apiVersion: kind.x-k8s.io/v1alpha4
+          nodes:
+          - role: control-plane
+            kubeadmConfigPatches:
+            - |
+              kind: InitConfiguration
+              nodeRegistration:
+                kubeletExtraArgs:
+                  node-labels: "ingress-ready=true"
+            extraPortMappings:
+            - containerPort: 80
+              hostPort: 80
+              protocol: TCP
+            - containerPort: 443
+              hostPort: 443
+              protocol: TCP
+
+    - name: Add Helm repositories
+      run: |
+        helm repo add elastic https://helm.elastic.co
+        helm repo add opensearch https://opensearch-project.github.io/helm-charts/
+        helm repo update
+
+    - name: Install STAC FastAPI chart
+      run: |
+        cd helm-chart/stac-fastapi
+        helm dependency update
+        
+        # Install with specific backend
+        helm install stac-fastapi-test . \
+          --namespace stac-fastapi \
+          --create-namespace \
+          --set backend=${{ matrix.backend }} \
+          --set ${{ matrix.backend }}.enabled=true \
+          --set app.image.tag=latest \
+          --set app.service.type=ClusterIP \
+          --wait \
+          --timeout=10m
+
+    - name: Wait for deployment
+      run: |
+        kubectl wait --for=condition=ready pod \
+          -l "app.kubernetes.io/name=stac-fastapi" \
+          -n stac-fastapi \
+          --timeout=300s
+
+    - name: Check deployment status
+      run: |
+        kubectl get all -n stac-fastapi
+        helm status stac-fastapi-test -n stac-fastapi
+
+    - name: Test API endpoints
+      run: |
+        # Port forward to the service
+        kubectl port-forward -n stac-fastapi service/stac-fastapi-test 8080:80 &
+        sleep 10
+        
+        # Test root endpoint
+        curl -f http://localhost:8080/ || exit 1
+        
+        # Test collections endpoint
+        curl -f http://localhost:8080/collections || exit 1
+        
+        # Test search endpoint
+        curl -f -X POST http://localhost:8080/search \
+          -H "Content-Type: application/json" \
+          -d '{}' || exit 1
+        
+        echo "All API endpoints are working!"
+
+    - name: Test database connectivity
+      run: |
+        # Check if database is responding
+        DB_SERVICE=$(kubectl get svc -n stac-fastapi -l "app=stac-fastapi-test-${{ matrix.backend }}-master" -o jsonpath="{.items[0].metadata.name}" || echo "")
+        
+        if [[ -n "$DB_SERVICE" ]]; then
+          kubectl port-forward -n stac-fastapi service/$DB_SERVICE 9200:9200 &
+          sleep 5
+          curl -f http://localhost:9200/_health || echo "Database health check failed"
+        else
+          echo "Database service not found or using external database"
+        fi
+
+    - name: Load test data
+      run: |
+        # Port forward to the API service
+        kubectl port-forward -n stac-fastapi service/stac-fastapi-test 8080:80 &
+        sleep 5
+        
+        # Create test collection
+        curl -X POST http://localhost:8080/collections \
+          -H "Content-Type: application/json" \
+          -d '{
+            "id": "test-collection",
+            "title": "Test Collection",
+            "description": "A test collection",
+            "extent": {
+              "spatial": {"bbox": [[-180, -90, 180, 90]]},
+              "temporal": {"interval": [["2020-01-01T00:00:00Z", "2024-12-31T23:59:59Z"]]}
+            },
+            "license": "public-domain"
+          }' || echo "Collection creation failed"
+        
+        # Create test item
+        curl -X POST http://localhost:8080/collections/test-collection/items \
+          -H "Content-Type: application/json" \
+          -d '{
+            "id": "test-item",
+            "type": "Feature",
+            "stac_version": "1.0.0",
+            "collection": "test-collection",
+            "geometry": {
+              "type": "Polygon",
+              "coordinates": [[[-1, -1], [1, -1], [1, 1], [-1, 1], [-1, -1]]]
+            },
+            "bbox": [-1, -1, 1, 1],
+            "properties": {"datetime": "2023-06-15T12:00:00Z"},
+            "assets": {
+              "thumbnail": {
+                "href": "https://example.com/thumbnail.jpg",
+                "type": "image/jpeg"
+              }
+            }
+          }' || echo "Item creation failed"
+        
+        # Test search
+        sleep 5  # Allow time for indexing
+        RESULT=$(curl -s -X POST http://localhost:8080/search \
+          -H "Content-Type: application/json" \
+          -d '{"collections": ["test-collection"]}')
+        
+        echo "Search result: $RESULT"
+
+    - name: Cleanup
+      if: always()
+      run: |
+        helm uninstall stac-fastapi-test -n stac-fastapi || true
+        kubectl delete namespace stac-fastapi || true
+
+  security-scan:
+    runs-on: ubuntu-latest
+    needs: lint-and-test
+    
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Set up Helm
+      uses: azure/setup-helm@v3
+      with:
+        version: ${{ env.HELM_VERSION }}
+
+    - name: Add Helm repositories
+      run: |
+        helm repo add elastic https://helm.elastic.co
+        helm repo add opensearch https://opensearch-project.github.io/helm-charts/
+        helm repo update
+
+    - name: Template chart for security scan
+      run: |
+        cd helm-chart/stac-fastapi
+        helm dependency update
+        helm template security-scan . \
+          --set backend=elasticsearch \
+          --set elasticsearch.enabled=true \
+          --output-dir /tmp/security-scan
+
+    - name: Run Checkov security scan
+      uses: bridgecrewio/checkov-action@master
+      with:
+        directory: /tmp/security-scan
+        framework: kubernetes
+        soft_fail: true
+        output_format: sarif
+        output_file_path: checkov-results.sarif
+
+    - name: Upload Checkov results
+      uses: github/codeql-action/upload-sarif@v2
+      if: always()
+      with:
+        sarif_file: checkov-results.sarif