diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..58d3674
--- /dev/null
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+ and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+ community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+ any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+ without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+info@lablabs.io.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
new file mode 100644
index 0000000..f12ed8e
--- /dev/null
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,30 @@
+# Contributing
+
+When contributing to this repository, please first create an issue and link the PR with it.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Document your changes in the chart's README.md.gotmpl. The README.md will be generated from it by the pre-commit hook in the next step.
+2. Run pre-commit hooks `pre-commit run -a`.
+3. Once all outstanding comments and checklist items have been addressed, your contribution will be merged! Merged PRs will be included in the next release.
+
+## Checklists for contributions
+
+- [ ] Add [semantics prefix](#semantic-pull-requests) to your PR or Commits.
+- [ ] CI tests are passing
+- [ ] README.md has been updated after any changes. The variables and outputs in the README.md has been generated (using the `helm-docs` pre-commit hook)
+- [ ] Run pre-commit hooks `pre-commit run -a`
+
+## Semantic Pull Requests
+
+Pull Requests or Commits must follow conventional specs below:
+
+- `ci:` Changes to our CI configuration files and scripts (example scopes: GitHub Actions)
+- `docs:` Documentation only changes
+- `feat:` A new feature
+- `fix:` A bug fix
+- `refactor:` A code change that neither fixes a bug nor adds a feature
+- `style:` Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
+- `test:` Adding missing tests or correcting existing tests
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 0000000..52356a6
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,111 @@
+---
+name: Bug report
+description: File a bug report
+title: "bug: "
+labels: bug
+
+body:
+- type: markdown
+ attributes:
+ value: >
+ **Thank you for reporting a bug!**
+
+ Verify first that your issue is not [already reported on
+ GitHub][issue search].
+
+ Also test if the latest release is affected too.
+
+- type: textarea
+ attributes:
+ label: Summary
+ description: Explain the problem briefly below.
+ placeholder: >-
+ When I try to do X with the Helm chart from the main branch on GitHub,
+ Y breaks in a way Z under the env E. Here are all the details I know
+ about this problem...
+ validations:
+ required: true
+
+- type: dropdown
+ attributes:
+ label: Issue Type
+ description: Issue type
+ options:
+ - Bug Report
+ validations:
+ required: true
+
+- type: input
+ attributes:
+ label: Chart version
+ description: Input the chart version
+ placeholder: v0.1.0
+ validations:
+ required: true
+
+- type: textarea
+ attributes:
+ label: Helm version
+ description: Paste the output of `helm version`
+ render: console
+ placeholder: |
+ $ helm version
+ version.BuildInfo{Version:"v3.10.2", GitCommit:"50f003e5ee8704ec937a756c646870227d7c8b58", GitTreeState:"clean", GoVersion:"go1.18.8"}
+ validations:
+ required: true
+
+- type: textarea
+ attributes:
+ label: Kubectl version
+ description: Paste the output of `kubectl version`
+ render: console
+ placeholder: |
+ $ kubectl version
+ ...
+ validations:
+ required: true
+
+- type: textarea
+ attributes:
+ label: Steps to reproduce
+ description: Enter details about how to reproduce the bug.
+ placeholder: |
+ 1. In this environment...
+ 2. With this config...
+ 3. Run '...'
+ 4. See error...
+ validations:
+ required: true
+
+- type: textarea
+ attributes:
+ label: Expected Results
+ description: Describe what you expected to happen.
+ placeholder: I expected X to happen because I assumed Y.
+ validations:
+ required: true
+
+- type: textarea
+ attributes:
+ label: Actual Results
+ description: |
+ Describe what actually happened.
+ Paste verbatim command output or any other details.
+ render: console
+ placeholder: Helm command output...
+ validations:
+ required: true
+
+- type: textarea
+ attributes:
+ label: Custom values or parameters?
+ description: Add any parameter used via `--set` or as a `values.yaml` customization.
+ validations:
+ required: false
+
+- type: textarea
+ attributes:
+ label: Additional information
+ description: Tell us anything else you think we should know.
+ validations:
+ required: false
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..0086358
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: true
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
new file mode 100644
index 0000000..3b99f50
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,39 @@
+---
+name: Feature request
+description: Suggest an idea for this project
+title: "feature: "
+labels: enhancement
+
+body:
+- type: markdown
+ attributes:
+ value: >
+ **Thank you for wanting to suggest a feature!**
+
+ Please verify first that your idea is not [already requested on
+ GitHub][issue search].
+
+- type: textarea
+ attributes:
+ label: Summary
+ description: >
+ Describe the new feature/improvement you would like briefly below.
+
+ What's the problem this feature will solve?
+ What are you trying to do, that you are unable to achieve?
+
+ placeholder: >-
+ The new feature will improve...
+ validations:
+ required: true
+
+- type: dropdown
+ attributes:
+ label: Issue Type
+ description: >
+ Please select the single available option in the drop-down.
+
+ options:
+ - Feature Idea
+ validations:
+ required: true
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..f862b60
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,21 @@
+# Description
+
+
+
+## Type of change
+
+- [ ] A bug fix (PR prefix `fix`)
+- [ ] A new feature (PR prefix `feat`)
+- [ ] A code change that neither fixes a bug nor adds a feature (PR prefix `refactor`)
+- [ ] Adding missing tests or correcting existing tests (PR prefix `test`)
+- [ ] Changes that do not affect the meaning of the code like white-spaces, formatting, missing semi-colons, etc. (PR prefix `style`)
+- [ ] Changes to our CI configuration files and scripts (PR prefix `ci`)
+- [ ] Documentation only changes (PR prefix `docs`)
+
+## How Has This Been Tested?
+
+
diff --git a/.github/workflows/cache-warmup.yaml b/.github/workflows/cache-warmup.yaml
new file mode 100644
index 0000000..7607786
--- /dev/null
+++ b/.github/workflows/cache-warmup.yaml
@@ -0,0 +1,40 @@
+name: Cache Warmup
+
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - main # caches from the main branch are shared with all other branches and pull requests
+
+permissions:
+ contents: read
+
+env:
+ # renovate: datasource=github-releases depName=jdx/mise
+ MISE_VERSION: 2026.5.12
+
+jobs:
+ pre-commit:
+ runs-on: ubuntu-24.04
+ steps:
+ - name: Checkout
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: false
+
+ - name: Setup Mise
+ uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
+ with:
+ version: ${{ env.MISE_VERSION }}
+
+ - name: Cache pre-commit
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+ with:
+ path: ~/.cache/pre-commit
+ key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-warmup
+ restore-keys: ${{ runner.os }}-pre-commit-
+
+ - name: Run pre-commit
+ run: pre-commit install --install-hooks
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota
diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml
new file mode 100644
index 0000000..c379abb
--- /dev/null
+++ b/.github/workflows/cleanup.yaml
@@ -0,0 +1,38 @@
+name: Cleanup
+
+on:
+ workflow_dispatch:
+ pull_request:
+ types: [closed]
+
+permissions:
+ contents: read
+
+jobs:
+ metadata-collector:
+ uses: ./.github/workflows/metadata-collector.yaml
+
+ packages:
+ runs-on: ubuntu-24.04
+ permissions:
+ contents: read
+ packages: write
+ needs: metadata-collector
+ strategy:
+ fail-fast: false
+ matrix:
+ chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }}
+ steps:
+ - name: GitHub Slug Action
+ uses: rlespinasse/github-slug-action@e6f261660910b273384c5c42b17a0217881b217a # v5.6.0
+
+ - name: Cleanup Helm chart
+ run: |
+ gh api \
+ --method DELETE \
+ -H "Accept: application/vnd.github+json" \
+ -H "X-GitHub-Api-Version: 2022-11-28" \
+ /orgs/${{ github.repository_owner }}/packages/container/${PACKAGE_NAME} || true
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ PACKAGE_NAME: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}%2F${{ env.GITHUB_EVENT_REF_SLUG_URL || env.GITHUB_HEAD_REF_SLUG_URL }}%2F${{ matrix.chart }}
diff --git a/.github/workflows/metadata-collector.yaml b/.github/workflows/metadata-collector.yaml
new file mode 100644
index 0000000..0b85ff1
--- /dev/null
+++ b/.github/workflows/metadata-collector.yaml
@@ -0,0 +1,42 @@
+name: Metadata collector
+
+on:
+ workflow_call:
+ outputs:
+ charts:
+ description: "List of changed charts within the repository"
+ value: ${{ jobs.chart-list.outputs.charts }}
+
+permissions:
+ contents: read
+
+jobs:
+ chart-list:
+ runs-on: ubuntu-24.04
+ outputs:
+ charts: ${{ steps.changed-charts.outputs.all_changed_files || steps.changed-charts-tag.outputs.all_changed_files }}
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # pragma: allowlist secret
+ with:
+ persist-credentials: true # needed for private repositories
+
+ - name: Get changed charts without tag
+ uses: step-security/changed-files@2e07db73e5ccdb319b9a6c7766bd46d39d304bad # v47.0.5
+ id: changed-charts
+ if: github.ref_type != 'tag'
+ with:
+ dir_names: true
+ dir_names_max_depth: 1
+ path: charts
+ matrix: true
+
+ - name: Get changed chart using tag
+ if: github.ref_type == 'tag'
+ id: changed-charts-tag
+ run: |
+ # Extract tag name which triggered this workflow: refs/tags/my-chart-1.2.3 -> my-chart-1.2.3
+ TAG_REF="${GITHUB_REF#refs/tags/}"
+ # Extract chart name from tag name by removing the version part: my-chart-1.2.3 -> my-chart
+ CHART_NAME="${TAG_REF%%-[0-9]*}"
+ echo "all_changed_files=[\"${CHART_NAME}\"]" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
new file mode 100644
index 0000000..e223064
--- /dev/null
+++ b/.github/workflows/pull-request.yaml
@@ -0,0 +1,183 @@
+name: Pull Request
+
+on:
+ workflow_dispatch:
+ pull_request:
+ branches:
+ - main
+ paths:
+ - charts/**
+
+permissions:
+ contents: read
+
+concurrency:
+ group: pull-request-${GITHUB_REF}
+ cancel-in-progress: false
+
+env:
+ # renovate: datasource=github-releases depName=jdx/mise
+ MISE_VERSION: 2026.5.12
+ # renovate: datasource=github-releases depName=helm/helm
+ HELM_VERSION: v3.21.0
+ # renovate: datasource=github-tags depName=python/cpython
+ PYTHON_VERSION: v3.14.5
+ # renovate: datasource=github-releases depName=helm/chart-testing-action
+ CHART_TESTING_VERSION: v3.13.0
+ # renovate: datasource=github-releases depName=adrienverge/yamllint
+ CHART_TESTING_YAMLLINT_VERSION: v1.38.0
+ # renovate: datasource=github-releases depName=23andMe/Yamale
+ CHART_TESTING_YAMALE_VERSION: 6.1.0
+
+jobs:
+ metadata-collector:
+ uses: ./.github/workflows/metadata-collector.yaml
+
+ version-check:
+ uses: ./.github/workflows/version-check.yaml
+
+ pre-commit:
+ runs-on: ubuntu-24.04
+ steps:
+ - name: Checkout
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: false
+
+ - name: Setup Mise
+ uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
+ with:
+ version: ${{ env.MISE_VERSION }}
+
+ - name: Cache pre-commit
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+ with:
+ path: ~/.cache/pre-commit
+ key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+ restore-keys: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-
+
+ - name: Run pre-commit
+ run: pre-commit run --show-diff-on-failure --color=always --all-files
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for GH API calls quota
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for zizmor
+
+ artifacthub-lint:
+ runs-on: ubuntu-24.04
+ container:
+ image: docker.io/artifacthub/ah:v1.22.0 # referencing version via env variable not supported in GHA
+ options: --user=root
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: false
+
+ - name: Run Artifact Hub lint
+ working-directory: ./charts/
+ run: ah lint
+
+ chart-testing:
+ runs-on: ubuntu-24.04
+ needs: [pre-commit, artifacthub-lint, metadata-collector, version-check]
+ strategy:
+ fail-fast: false
+ matrix:
+ chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: false
+
+ - name: Set up Helm
+ uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+ with:
+ version: ${{ env.HELM_VERSION }}
+
+ - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+ with:
+ python-version: ${{ env.PYTHON_VERSION }}
+
+ - name: Set up chart-testing
+ uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0
+ with:
+ version: ${{ env.CHART_TESTING_VERSION }}
+ yamllint_version: ${{ env.CHART_TESTING_YAMLLINT_VERSION }}
+ yamale_version: ${{ env.CHART_TESTING_YAMALE_VERSION }}
+
+ - name: Build Helm dependencies
+ # Build Helm chart dependencies locally to support both chart-testing lint and install operations.
+ # This allows using the --skip-helm-dependencies flag with chart-testing commands, eliminating the need for separate repository configurations during testing.
+ run: scripts/helm-dependency-build.sh $CHART_NAME
+ env:
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Run chart-testing (lint)
+ # zizmor:ignore-template-injection
+ run: ct lint --target-branch main --validate-maintainers=false --check-version-increment=false --lint-conf .yamllint.yaml --charts charts/${CHART_NAME}
+ env:
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Determine chart type
+ id: chart-type
+ run: echo "type=$(yq -r '.type' charts/${CHART_NAME}/Chart.yaml)" >> $GITHUB_OUTPUT
+ env:
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Create kind cluster
+ if: ${{ steps.chart-type.outputs.type == 'application' }} # Only run installation tests for application charts, skip library charts
+ uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
+
+ # FIXME config: Place custom steps to install CRDs or other dependencies here
+
+ - name: Run chart-testing (install)
+ if: ${{ steps.chart-type.outputs.type == 'application' }} # Only run installation tests for application charts, skip library charts
+ # zizmor:ignore-template-injection
+ run: ct install --target-branch main --charts charts/${CHART_NAME}
+ env:
+ CHART_NAME: ${{ matrix.chart }}
+
+ release:
+ runs-on: ubuntu-24.04
+ permissions:
+ contents: read
+ packages: write
+ needs: [chart-testing, metadata-collector, version-check]
+ strategy:
+ fail-fast: false
+ matrix:
+ chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: false
+
+ - name: Set up Helm
+ uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+ with:
+ version: ${{ env.HELM_VERSION }}
+
+ - name: GitHub Slug Action
+ uses: rlespinasse/github-slug-action@e6f261660910b273384c5c42b17a0217881b217a # v5.6.0
+
+ - name: Build Helm dependencies
+ # Build Helm chart dependencies locally to support both chart-testing lint and install operations.
+ # This allows using the --skip-helm-dependencies flag with chart-testing commands, eliminating the need for separate repository configurations during testing.
+ run: scripts/helm-dependency-build.sh $CHART_NAME
+ env:
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Publish Helm chart
+ # FIXME config: Add dependency repositories
+ run: |
+ echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${GITHUB_ACTOR} --password-stdin
+
+ helm package charts/${CHART_NAME}
+ helm push "$(realpath ${CHART_NAME}-*.tgz)" oci://ghcr.io/${REPOSITORY_NAME}
+
+ helm registry logout ghcr.io
+ env:
+ REPOSITORY_NAME: ${{ github.repository }}/${{ env.GITHUB_EVENT_REF_SLUG || env.GITHUB_HEAD_REF_SLUG }}
+ CHART_NAME: ${{ matrix.chart }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 551b75a..d97d5e9 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,26 +1,76 @@
-name: Release Charts
+name: Release
on:
+ workflow_dispatch:
push:
- branches:
- - main
+ tags:
+ - '*'
+
+permissions:
+ contents: read
+
+env:
+ # renovate: datasource=github-releases depName=helm/helm
+ HELM_VERSION: v3.21.0
jobs:
- release:
- runs-on: ubuntu-latest
+ metadata-collector:
+ uses: ./.github/workflows/metadata-collector.yaml
+
+ version-check:
+ uses: ./.github/workflows/version-check.yaml
+
+ chart:
+ runs-on: ubuntu-24.04
+ permissions:
+ contents: read
+ packages: write
+ needs: [metadata-collector, version-check]
+ strategy:
+ fail-fast: false
+ matrix:
+ chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }}
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
- fetch-depth: 0
+ persist-credentials: false
- - name: Configure Git
+ - name: Set up Helm
+ uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+ with:
+ version: ${{ env.HELM_VERSION }}
+
+ - name: Set up ORAS
+ uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0
+
+ - name: Build Helm dependencies
+ run: scripts/helm-dependency-build.sh $CHART_NAME
+ env:
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Publish Helm chart
run: |
- git config user.name "$GITHUB_ACTOR"
- git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+ echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${GITHUB_ACTOR} --password-stdin
+
+ helm package charts/${CHART_NAME}
+ helm push "$(realpath ${CHART_NAME}-*.tgz)" oci://ghcr.io/${REPOSITORY_NAME}
+
+ helm registry logout ghcr.io
+ env:
+ REPOSITORY_NAME: ${{ github.repository }}
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Update ArtifactHUB repo
+ if: ${{ hashFiles(format('charts/{0}/artifacthub-repo.yml', matrix.chart)) != '' }}
+ run: |
+ echo "${{ secrets.GITHUB_TOKEN }}" | oras login ghcr.io --username ${GITHUB_ACTOR} --password-stdin
+
+ oras push ghcr.io/${REPOSITORY_NAME}/${CHART_NAME}:artifacthub.io \
+ --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
+ charts/${CHART_NAME}/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
- - name: Run chart-releaser
- uses: helm/chart-releaser-action@v1.6.0
+ oras logout ghcr.io
env:
- CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- CR_SKIP_EXISTING: true
+ REPOSITORY_NAME: ${{ github.repository }}
+ CHART_NAME: ${{ matrix.chart }}
diff --git a/.github/workflows/version-check.yaml b/.github/workflows/version-check.yaml
new file mode 100644
index 0000000..3ed0d1e
--- /dev/null
+++ b/.github/workflows/version-check.yaml
@@ -0,0 +1,60 @@
+name: Version check
+
+on:
+ workflow_call:
+
+permissions:
+ contents: read
+
+jobs:
+ metadata-collector:
+ uses: ./.github/workflows/metadata-collector.yaml
+
+ version-check:
+ runs-on: ubuntu-24.04
+ needs: [metadata-collector]
+ strategy:
+ fail-fast: false
+ matrix:
+ chart: ${{ fromJSON(needs.metadata-collector.outputs.charts) }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: true # needed for private repositories
+
+ - name: Set up ORAS
+ uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0
+
+ - name: Check if chart version exists
+ run: |
+ CHART_VERSION=$(yq -r '.version' charts/${CHART_NAME}/Chart.yaml)
+ echo "${{ secrets.GITHUB_TOKEN }}" | oras login ghcr.io --username ${GITHUB_ACTOR} --password-stdin
+
+ if oras manifest fetch ghcr.io/${REPOSITORY_NAME}/${CHART_NAME}:${CHART_VERSION} >/dev/null 2>&1; then
+ echo "Error: Chart '${CHART_NAME}' version '${CHART_VERSION}' already exists in the registry. Increment the version in Chart.yaml and push again."
+ oras logout ghcr.io
+ exit 1
+ else
+ oras logout ghcr.io
+ fi
+ env:
+ REPOSITORY_NAME: ${{ github.repository }}
+ CHART_NAME: ${{ matrix.chart }}
+
+ - name: Check if tag matches the chart name and version
+ if: startsWith(github.ref, 'refs/tags/')
+ run: |
+ CHART_VERSION=$(yq -r '.version' charts/${CHART_NAME}/Chart.yaml)
+ TAG_REF="${GITHUB_REF#refs/tags/}"
+ EXPECTED_TAG="${CHART_NAME}-${CHART_VERSION}"
+
+ if [ "$TAG_REF" != "$EXPECTED_TAG" ]; then
+ echo "Error: Pushed tag ($TAG_REF) does not match expected format."
+ echo "Expected: $EXPECTED_TAG Received: $TAG_REF"
+ exit 1
+ else
+ echo "Pushed tag ($TAG_REF) matches expected format: $EXPECTED_TAG"
+ fi
+ env:
+ CHART_NAME: ${{ matrix.chart }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..aa1ec1e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.tgz
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..2f73981
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,45 @@
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ # renovate: datasource=github-tags depName=pre-commit/pre-commit-hooks
+ rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # v6.0.0 # pragma: allowlist secret
+ hooks:
+ - id: trailing-whitespace
+ args: ["--markdown-linebreak-ext=md"]
+ - id: check-merge-conflict
+ - id: end-of-file-fixer
+
+ - repo: local
+ hooks:
+ - id: helm-dependency-build
+ name: run helm dependency build
+ entry: scripts/helm-dependency-build.sh
+ language: script
+ pass_filenames: false
+
+ - repo: https://github.com/gruntwork-io/pre-commit
+ # renovate: datasource=github-releases depName=gruntwork-io/pre-commit
+ rev: 40f924cd642f5dc98d12bd97b07f3752223553da # v0.1.30 # pragma: allowlist secret
+ hooks:
+ - id: helmlint
+
+ - repo: https://github.com/norwoodj/helm-docs
+ # renovate: datasource=github-releases depName=norwoodj/helm-docs
+ rev: 37d3055fece566105cf8cff7c17b7b2355a01677 # v1.14.2 # pragma: allowlist secret
+ hooks:
+ - id: helm-docs
+ args:
+ # Make the tool search for charts only under the `charts` directory
+ - --chart-search-root=charts
+
+ - repo: https://github.com/Yelp/detect-secrets
+ # renovate: datasource=github-releases depName=Yelp/detect-secrets
+ rev: 01886c8a910c64595c47f186ca1ffc0b77fa5458 # v1.5.0 # pragma: allowlist secret
+ hooks:
+ - id: detect-secrets
+ args: ["--baseline", ".secrets.baseline"]
+
+ - repo: https://github.com/zizmorcore/zizmor-pre-commit
+ # renovate: datasource=github-releases depName=zizmorcore/zizmor-pre-commit
+ rev: 9257c6050c0261b8c57e712f632dc4a8010109a9 # v1.25.2 # pragma: allowlist secret
+ hooks:
+ - id: zizmor
diff --git a/.secrets.baseline b/.secrets.baseline
new file mode 100644
index 0000000..45f65d3
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,131 @@
+{
+ "version": "1.5.0",
+ "plugins_used": [
+ {
+ "name": "ArtifactoryDetector"
+ },
+ {
+ "name": "AWSKeyDetector"
+ },
+ {
+ "name": "AzureStorageKeyDetector"
+ },
+ {
+ "name": "Base64HighEntropyString",
+ "limit": 4.5
+ },
+ {
+ "name": "BasicAuthDetector"
+ },
+ {
+ "name": "CloudantDetector"
+ },
+ {
+ "name": "DiscordBotTokenDetector"
+ },
+ {
+ "name": "GitHubTokenDetector"
+ },
+ {
+ "name": "GitLabTokenDetector"
+ },
+ {
+ "name": "HexHighEntropyString",
+ "limit": 3.0
+ },
+ {
+ "name": "IbmCloudIamDetector"
+ },
+ {
+ "name": "IbmCosHmacDetector"
+ },
+ {
+ "name": "IPPublicDetector"
+ },
+ {
+ "name": "JwtTokenDetector"
+ },
+ {
+ "name": "KeywordDetector",
+ "keyword_exclude": ""
+ },
+ {
+ "name": "MailchimpDetector"
+ },
+ {
+ "name": "NpmDetector"
+ },
+ {
+ "name": "OpenAIDetector"
+ },
+ {
+ "name": "PrivateKeyDetector"
+ },
+ {
+ "name": "PypiTokenDetector"
+ },
+ {
+ "name": "SendGridDetector"
+ },
+ {
+ "name": "SlackDetector"
+ },
+ {
+ "name": "SoftlayerDetector"
+ },
+ {
+ "name": "SquareOAuthDetector"
+ },
+ {
+ "name": "StripeDetector"
+ },
+ {
+ "name": "TelegramBotTokenDetector"
+ },
+ {
+ "name": "TwilioKeyDetector"
+ }
+ ],
+ "filters_used": [
+ {
+ "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+ },
+ {
+ "path": "detect_secrets.filters.common.is_baseline_file",
+ "filename": ".secrets.baseline"
+ },
+ {
+ "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+ "min_level": 2
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_lock_file"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_sequential_string"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_swagger_file"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_templated_secret"
+ }
+ ],
+ "results": {},
+ "generated_at": "2025-03-28T07:59:49Z"
+}
diff --git a/.templatesyncignore b/.templatesyncignore
new file mode 100644
index 0000000..391c043
--- /dev/null
+++ b/.templatesyncignore
@@ -0,0 +1,5 @@
+charts
+README.md
+.secrets.baseline
+.github/workflows/renovate.yaml
+renovate.json
diff --git a/.templatesyncignore.local b/.templatesyncignore.local
new file mode 100644
index 0000000..46b6dbe
--- /dev/null
+++ b/.templatesyncignore.local
@@ -0,0 +1 @@
+# This file prevents overriding files that are specific to individual templated addons.
diff --git a/.tool-versions b/.tool-versions
new file mode 100644
index 0000000..3c16909
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1,4 @@
+python 3.14.5
+pre-commit 4.6.0
+helm 3.21.0
+helm-docs 1.14.2
diff --git a/.yamllint.yaml b/.yamllint.yaml
new file mode 100644
index 0000000..4004b71
--- /dev/null
+++ b/.yamllint.yaml
@@ -0,0 +1,5 @@
+---
+extends: relaxed
+rules:
+ line-length:
+ max: 120
diff --git a/LICENSE b/LICENSE
index 393b7a3..9e712fa 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,3 @@
-
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
@@ -187,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright The Helm Authors.
+ Copyright [2022] [Labyrinth Labs]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/README.md b/README.md
index 9f9bfbb..ffa33cc 100644
--- a/README.md
+++ b/README.md
@@ -1,127 +1,41 @@
-# Docker Registry Helm Chart
+[
](https://lablabs.io/)
-This directory contains a Kubernetes chart to deploy a private Docker Registry.
+**About us:**
+[Labyrinth Labs](https://lablabs.io/) is a one-stop-shop for **DevOps, Cloud & Kubernetes**! We specialize in creating **powerful**, **scalable** and **cloud-native platforms** tailored to elevate your business.
-## Prerequisites Details
+[As a team of experienced DevOps engineers](https://lablabs.io/about/), we know how to help our customers start their journey in the cloud, address the issues they have in their current setups and provide a **strategic solution to transform their infrastructure**.
-* PV support on underlying infrastructure (if persistence is required)
+----
-## Chart Details
+# Docker Registry Helm chart
-This chart will do the following:
+Check out [README.md](charts/docker-registry/README.md) for more details about the chart.
-* Implement a Docker registry deployment
+## Contributing and reporting issues
-## Installing the Chart
+Feel free to create an issue in this repository if you have questions, suggestions or feature requests.
-First, add the repo:
+## License
-```console
-helm repo add twuni https://helm.twun.io
-```
-
-To install the chart, use the following:
-
-```console
-helm install twuni/docker-registry
-```
-
-## Configuration
+[](https://opensource.org/licenses/Apache-2.0)
-The following table lists the configurable parameters of the docker-registry chart and
-their default values.
+See [LICENSE](LICENSE) for full details.
-| Parameter | Description | Default |
-|:----------------------------|:-------------------------------------------------------------------------------------------|:----------------|
-| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
-| `image.repository` | Container image to use | `registry` |
-| `image.tag` | Container image tag to deploy | `2.7.1` |
-| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
-| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` |
-| `persistence.enabled` | Whether to use a PVC for the Docker storage | `false` |
-| `persistence.deleteEnabled` | Enable the deletion of image blobs and manifests by digest | `nil` |
-| `persistence.size` | Amount of space to claim for PVC | `10Gi` |
-| `persistence.storageClass` | Storage Class to use for PVC | `-` |
-| `persistence.existingClaim` | Name of an existing PVC to use for config | `nil` |
-| `serviceAccount.create` | Create ServiceAccount | `false` |
-| `serviceAccount.name` | ServiceAccount name | `nil` |
-| `serviceAccount.annotations` | Annotations to add to the ServiceAccount | `{}` |
-| `service.port` | TCP port on which the service is exposed | `5000` |
-| `service.type` | service type | `ClusterIP` |
-| `service.clusterIP` | if `service.type` is `ClusterIP` and this is non-empty, sets the cluster IP of the service | `nil` |
-| `service.nodePort` | if `service.type` is `NodePort` and this is non-empty, sets the node port of the service | `nil` |
-| `service.loadBalancerIP` | if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerIP of the service | `nil` |
-| `service.loadBalancerSourceRanges`| if `service.type` is `LoadBalancer` and this is non-empty, sets the loadBalancerSourceRanges of the service | `nil` |
-| `service.sessionAffinity` | service session affinity | `nil` |
-| `service.sessionAffinityConfig` | service session affinity config | `nil` |
-| `replicaCount` | k8s replicas | `1` |
-| `updateStrategy` | update strategy for deployment | `{}` |
-| `podAnnotations` | Annotations for pod | `{}` |
-| `podLabels` | Labels for pod | `{}` |
-| `podDisruptionBudget` | Pod disruption budget | `{}` |
-| `resources.limits.cpu` | Container requested CPU | `nil` |
-| `resources.limits.memory` | Container requested memory | `nil` |
-| `autoscaling.enabled` | Enable autoscaling using HorizontalPodAutoscaler | `false` |
-| `autoscaling.minReplicas` | Minimal number of replicas | `1` |
-| `autoscaling.maxReplicas` | Maximal number of replicas | `2` |
-| `autoscaling.targetCPUUtilizationPercentage` | Target average utilization of CPU on Pods | `60` |
-| `autoscaling.targetMemoryUtilizationPercentage` | (Kubernetes ≥1.23) Target average utilization of Memory on Pods | `60` |
-| `autoscaling.behavior` | (Kubernetes ≥1.23) Configurable scaling behavior | `{}` |
-| `priorityClassName` | priorityClassName | `""` |
-| `storage` | Storage system to use | `filesystem` |
-| `tlsSecretName` | Name of secret for TLS certs | `nil` |
-| `secrets.htpasswd` | Htpasswd authentication | `nil` |
-| `secrets.s3.accessKey` | Access Key for S3 configuration | `nil` |
-| `secrets.s3.secretKey` | Secret Key for S3 configuration | `nil` |
-| `secrets.s3.secretRef` | The ref for an external secret containing the accessKey and secretKey keys | `""` |
-| `secrets.swift.username` | Username for Swift configuration | `nil` |
-| `secrets.swift.password` | Password for Swift configuration | `nil` |
-| `secrets.haSharedSecret` | Shared secret for Registry | `nil` |
-| `configData` | Configuration hash for docker | `nil` |
-| `s3.region` | S3 region | `nil` |
-| `s3.regionEndpoint` | S3 region endpoint | `nil` |
-| `s3.bucket` | S3 bucket name | `nil` |
-| `s3.rootdirectory` | S3 prefix that is applied to allow you to segment data | `nil` |
-| `s3.encrypt` | Store images in encrypted format | `nil` |
-| `s3.secure` | Use HTTPS | `nil` |
-| `swift.authurl` | Swift authurl | `nil` |
-| `swift.container` | Swift container | `nil` |
-| `proxy.enabled` | If true, registry will function as a proxy/mirror | `false` |
-| `proxy.remoteurl` | Remote registry URL to proxy requests to | `https://registry-1.docker.io` |
-| `proxy.username` | Remote registry login username | `nil` |
-| `proxy.password` | Remote registry login password | `nil` |
-| `proxy.secretRef` | The ref for an external secret containing the proxyUsername and proxyPassword keys | `""` |
-| `namespace` | specify a namespace to install the chart to - defaults to `.Release.Namespace` | `{{ .Release.Namespace }}` |
-| `nodeSelector` | node labels for pod assignment | `{}` |
-| `affinity` | affinity settings | `{}` |
-| `tolerations` | pod tolerations | `[]` |
-| `topologySpreadConstraints` | topology spread constraints for pod scheduling | `[]` |
-| `ingress.enabled` | If true, Ingress will be created | `false` |
-| `ingress.annotations` | Ingress annotations | `{}` |
-| `ingress.labels` | Ingress labels | `{}` |
-| `ingress.path` | Ingress service path | `/` |
-| `ingress.hosts` | Ingress hostnames | `[]` |
-| `ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
-| `ingress.className` | Ingress controller class name | `nginx` |
-| `metrics.enabled` | Enable metrics on Service | `false` |
-| `metrics.port` | TCP port on which the service metrics is exposed | `5001` |
-| `metrics.serviceMonitor.annotations` | Prometheus Operator ServiceMonitor annotations | `{}` |
-| `metrics.serviceMonitor.enable` | If true, Prometheus Operator ServiceMonitor will be created | `false` |
-| `metrics.serviceMonitor.labels` | Prometheus Operator ServiceMonitor labels | `{}` |
-| `metrics.prometheusRule.annotations` | Prometheus Operator PrometheusRule annotations | `{}` |
-| `metrics.prometheusRule.enable` | If true, Prometheus Operator prometheusRule will be created | `false` |
-| `metrics.prometheusRule.labels` | Prometheus Operator prometheusRule labels | `{}` |
-| `metrics.prometheusRule.rules` | PrometheusRule defining alerting rules for a Prometheus instance | `{}` |
-| `extraVolumeMounts` | Additional volumeMounts to the registry container | `[]` |
-| `extraVolumes` | Additional volumes to the pod | `[]` |
-| `extraEnvVars` | Additional environment variables to the pod | `[]` |
-| `initContainers` | Init containers to be created in the pod | `[]` |
-| `garbageCollect.enabled` | If true, will deploy garbage-collector cronjob | `false` |
-| `garbageCollect.deleteUntagged` | If true, garbage-collector will delete manifests that are not currently referenced via tag | `true` | |
-| `garbageCollect.schedule` | CronTab schedule, please use standard crontab format | `0 1 * * *` | |
+```plan
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
-Specify each parameter using the `--set key=value[,key=value]` argument to
-`helm install`.
+
-To generate htpasswd file, run this docker command:
-`docker run --entrypoint htpasswd registry:2 -Bbn user password > ./htpasswd`.
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under
+```
diff --git a/charts/docker-registry/Chart.yaml b/charts/docker-registry/Chart.yaml
index b0e582a..e6c6e2e 100644
--- a/charts/docker-registry/Chart.yaml
+++ b/charts/docker-registry/Chart.yaml
@@ -1,13 +1,12 @@
apiVersion: v1
description: A Helm chart for Docker Registry
name: docker-registry
-version: 2.2.3
+version: 3.0.0
appVersion: 2.8.1
home: https://hub.docker.com/_/registry/
-icon: https://helm.twun.io/docker-registry.png
maintainers:
-- email: devin@canterberry.cc
- name: Devin Canterberry
- url: https://canterberry.cc/
+ - name: Labyrinth Labs
+ email: contact@lablabs.io
+ url: https://lablabs.io
sources:
-- https://github.com/docker/distribution-library-image
+ - https://github.com/docker/distribution-library-image
diff --git a/charts/docker-registry/README.md b/charts/docker-registry/README.md
new file mode 100644
index 0000000..c374ed5
--- /dev/null
+++ b/charts/docker-registry/README.md
@@ -0,0 +1,99 @@
+# docker-registry
+
+ 
+
+A Helm chart for Docker Registry
+
+**Homepage:**
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Labyrinth Labs | | |
+
+## Source Code
+
+*
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| autoscaling.behavior | object | `{}` | |
+| autoscaling.enabled | bool | `false` | |
+| autoscaling.maxReplicas | int | `2` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `60` | |
+| autoscaling.targetMemoryUtilizationPercentage | int | `60` | |
+| configData.health.storagedriver.enabled | bool | `true` | |
+| configData.health.storagedriver.interval | string | `"10s"` | |
+| configData.health.storagedriver.threshold | int | `3` | |
+| configData.http.addr | string | `":5000"` | |
+| configData.http.debug.addr | string | `":5001"` | |
+| configData.http.debug.prometheus.enabled | bool | `false` | |
+| configData.http.debug.prometheus.path | string | `"/metrics"` | |
+| configData.http.headers.X-Content-Type-Options[0] | string | `"nosniff"` | |
+| configData.log.fields.service | string | `"registry"` | |
+| configData.storage.cache.blobdescriptor | string | `"inmemory"` | |
+| configData.version | float | `0.1` | |
+| configPath | string | `"/etc/docker/registry"` | |
+| extraEnvVars | list | `[]` | |
+| extraVolumeMounts | list | `[]` | |
+| extraVolumes | list | `[]` | |
+| garbageCollect.deleteUntagged | bool | `true` | |
+| garbageCollect.enabled | bool | `false` | |
+| garbageCollect.schedule | string | `"0 1 * * *"` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"registry"` | |
+| image.tag | string | `"2.8.1"` | |
+| ingress.annotations | object | `{}` | |
+| ingress.className | string | `"nginx"` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0] | string | `"chart-example.local"` | |
+| ingress.labels | object | `{}` | |
+| ingress.path | string | `"/"` | |
+| ingress.tls | string | `nil` | |
+| initContainers | list | `[]` | |
+| metrics.enabled | bool | `false` | |
+| metrics.port | int | `5001` | |
+| metrics.prometheusRule.enabled | bool | `false` | |
+| metrics.prometheusRule.labels | object | `{}` | |
+| metrics.prometheusRule.rules | object | `{}` | |
+| metrics.serviceMonitor.enabled | bool | `false` | |
+| metrics.serviceMonitor.labels | object | `{}` | |
+| nodeSelector | object | `{}` | |
+| persistence.accessMode | string | `"ReadWriteOnce"` | |
+| persistence.enabled | bool | `false` | |
+| persistence.size | string | `"10Gi"` | |
+| podAnnotations | object | `{}` | |
+| podDisruptionBudget | object | `{}` | |
+| podLabels | object | `{}` | |
+| priorityClassName | string | `""` | |
+| proxy.enabled | bool | `false` | |
+| proxy.password | string | `""` | |
+| proxy.remoteurl | string | `"https://registry-1.docker.io"` | |
+| proxy.secretRef | string | `""` | |
+| proxy.username | string | `""` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| secrets.haSharedSecret | string | `""` | |
+| secrets.htpasswd | string | `""` | |
+| securityContext.enabled | bool | `true` | |
+| securityContext.fsGroup | int | `1000` | |
+| securityContext.runAsUser | int | `1000` | |
+| service.annotations | object | `{}` | |
+| service.name | string | `"registry"` | |
+| service.port | int | `5000` | |
+| service.type | string | `"ClusterIP"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `false` | |
+| serviceAccount.name | string | `""` | |
+| storage | string | `"filesystem"` | |
+| tolerations | list | `[]` | |
+| topologySpreadConstraints | list | `[]` | |
+| updateStrategy | object | `{}` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/docker-registry/templates/secret.yaml b/charts/docker-registry/templates/secret.yaml
index 6265dc8..5cc37cb 100644
--- a/charts/docker-registry/templates/secret.yaml
+++ b/charts/docker-registry/templates/secret.yaml
@@ -18,7 +18,7 @@ data:
{{- else }}
haSharedSecret: {{ randAlphaNum 16 | b64enc | quote }}
{{- end }}
-
+
{{- if eq .Values.storage "azure" }}
{{- if and .Values.secrets.azure.accountName .Values.secrets.azure.accountKey .Values.secrets.azure.container }}
azureAccountName: {{ .Values.secrets.azure.accountName | b64enc | quote }}
diff --git a/scripts/helm-dependency-build.sh b/scripts/helm-dependency-build.sh
new file mode 100755
index 0000000..629e4a2
--- /dev/null
+++ b/scripts/helm-dependency-build.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+process_chart() {
+ dir="$1"
+ if yq -e '.dependencies[] | select(.repository | match("https://"))' "$dir/Chart.yaml"; then
+ yq -r '.repositories[] | "helm repo add \(.name) \(.url)"' $dir/helm-repositories.yaml | sh
+ helm dependency build "$dir" --repository-config "$dir/helm-repositories.yaml"
+ else
+ helm dependency build "$dir" --skip-refresh
+ fi
+}
+
+if [ $# -eq 1 ]; then
+ process_chart "charts/$1"
+else
+ for dir in charts/*; do
+ process_chart "$dir"
+ done
+fi