Initial attempt at helm chart

.github/actions/setup-helm-repos/action.yml

@@ -0,0 +1,12 @@
+name: 'Setup Helm Repositories'
+description: 'Add required Helm repositories for STAC FastAPI'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Add Helm repositories
+      shell: bash
+      run: |
+        helm repo add elasticsearch https://helm.elastic.co
+        helm repo add opensearch https://opensearch-project.github.io/helm-charts/
+        helm repo update

.github/ct-lint.yaml

@@ -0,0 +1,43 @@
+# Chart Testing Lint Configuration
+# Additional linting rules for chart-testing
+
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  document-end: disable
+  document-start: disable
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 1
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: 2
+    indent-sequences: true
+  key-duplicates: enable
+  line-length:
+    max: 120
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: false

.github/ct.yaml

@@ -0,0 +1,33 @@
+# Chart Testing Configuration
+# This configuration is used by the chart-testing (ct) tool
+
+# Chart directories relative to repository root
+chart-dirs:
+  - helm-chart
+
+# Target branch for pull request testing
+target-branch: main
+
+# Chart repositories to add
+chart-repos:
+  - elasticsearch=https://helm.elastic.co
+  - opensearch=https://opensearch-project.github.io/helm-charts/
+
+# Helm version to use
+helm-version: v3.13.0
+
+# Additional configurations
+validate-chart-schema: true
+validate-maintainers: false
+check-version-increment: true
+process-skipped-charts: false
+
+# Test configuration
+upgrade: false
+skip-missing-values: true
+
+# Linting configuration
+lint-conf: .github/ct-lint.yaml
+
+# Additional Helm lint settings
+helm-lint-extra-args: --set app.image.tag=latest

.github/workflows/helm-chart-test.yml

@@ -0,0 +1,202 @@
+name: Helm Chart Tests
+
+on:
+  push:
+    branches: [ main, develop, feat/* ]
+    paths:
+      - 'helm-chart/**'
+      - '.github/workflows/helm-chart-test.yml'
+  pull_request:
+    branches: [ main, develop ]
+    paths:
+      - 'helm-chart/**'
+      - '.github/workflows/helm-chart-test.yml'
+
+env:
+  HELM_VERSION: v3.13.0
+  KUBECTL_VERSION: v1.28.0
+  KIND_VERSION: v0.20.0
+
+jobs:
+  lint:
+    name: Lint Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Lint Helm chart
+        run: |
+          cd helm-chart/stac-fastapi
+          helm dependency update
+          helm lint .
+
+  test-matrix:
+    name: Test Chart
+    runs-on: ubuntu-latest
+    needs: lint
+    strategy:
+      matrix:
+        backend: [elasticsearch, opensearch]
+        kubernetes-version: [v1.27.3, v1.28.0]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: ${{ env.KUBECTL_VERSION }}
+
+      - name: Set up Kind
+        uses: helm/[email protected]
+        with:
+          version: ${{ env.KIND_VERSION }}
+          node_image: kindest/node:${{ matrix.kubernetes-version }}
+          cluster_name: stac-fastapi-test
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run matrix tests
+        env:
+          BACKEND: ${{ matrix.backend }}
+          MATRIX_MODE: true
+        run: |
+          chmod +x ./helm-chart/test-chart.sh
+          ./helm-chart/test-chart.sh -m -b ${{ matrix.backend }} ci
+
+      - name: Upload test reports
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-report-${{ matrix.backend }}-k8s-${{ matrix.kubernetes-version }}
+          path: test-report-*.json
+
+  integration-test:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    needs: test-matrix
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: ${{ env.KUBECTL_VERSION }}
+
+      - name: Set up Kind
+        uses: helm/[email protected]
+        with:
+          version: ${{ env.KIND_VERSION }}
+          cluster_name: stac-fastapi-integration
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run full integration tests
+        run: |
+          chmod +x ./helm-chart/test-chart.sh
+          ./helm-chart/test-chart.sh test-all
+
+      - name: Test upgrade scenarios
+        run: |
+          # Test elasticsearch to opensearch migration scenario
+          ./helm-chart/test-chart.sh -b elasticsearch install
+          ./helm-chart/test-chart.sh validate
+          ./helm-chart/test-chart.sh cleanup
+
+          # Test opensearch deployment
+          ./helm-chart/test-chart.sh -b opensearch install  
+          ./helm-chart/test-chart.sh validate
+          ./helm-chart/test-chart.sh cleanup
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run Checkov security scan
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: helm-chart/
+          framework: kubernetes
+          output_format: sarif
+          output_file_path: reports/results.sarif
+
+      - name: Upload Checkov results
+        if: always()
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: reports/results.sarif
+
+  chart-testing:
+    name: Chart Testing (ct)
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run chart-testing (list)
+        run: ct list --config .github/ct.yaml
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config .github/ct.yaml
+
+      - name: Set up Kind cluster
+        uses: helm/[email protected]
+        with:
+          version: ${{ env.KIND_VERSION }}
+
+      - name: Run chart-testing (install)
+        run: ct install --config .github/ct.yaml

.gitignore

@@ -141,3 +141,14 @@ venv
 /docs/src/api/*
 
 .DS_Store
+
+# Helm
+*.tgz
+charts/*/charts/
+charts/*/requirements.lock
+charts/*/Chart.lock
+helm-chart/stac-fastapi/charts/
+helm-chart/stac-fastapi/Chart.lock
+helm-chart/stac-fastapi/*.tgz
+helm-chart/test-results/
+helm-chart/tmp/

.pre-commit-config.yaml

@@ -41,4 +41,20 @@ repos:
           #args: [
         # Don't require docstrings for tests
         #'--match=(?!test|alembic|scripts).*\.py',
-        #]
+        #]
+  - repo: local
+    hooks:
+      - id: helm-chart-lint
+        name: Helm chart lint
+        language: docker_image
+        entry: quay.io/helmpack/chart-testing:v3.7.1
+        args:
+          - bash
+          - -c
+          - >-
+            export HELM_CONFIG_HOME=/tmp/helm &&
+            export HELM_DATA_HOME=/tmp/helm &&
+            export HELM_CACHE_HOME=/tmp/helm &&
+            ct lint --config /src/.github/ct.yaml
+        pass_filenames: false
+        files: ^helm-chart/

CHANGELOG.md

@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Introduced SFEOS Tools (`sfeos_tools/`) - An installable Click-based CLI package for managing SFEOS deployments. Initial command `add-bbox-shape` adds the `bbox_shape` field to existing collections for spatial search compatibility. Install with `pip install sfeos-tools[elasticsearch]` or `pip install sfeos-tools[opensearch]`. [#481](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/481)
 - CloudFerro logo to sponsors and supporters list [#485](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/485)
 - Latest news section to README [#485](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/485)
+- Added Helm chart for ES or OS in-cluster deployment [#455](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/455)
 
 ### Changed
 

helm-chart/stac-fastapi/Chart.yaml

@@ -0,0 +1,32 @@
+apiVersion: v2
+name: stac-fastapi
+description: A Helm chart for STAC FastAPI with Elasticsearch and OpenSearch backends
+type: application
+version: 0.1.0
+appVersion: "6.3.0"
+
+keywords:
+  - stac
+  - fastapi
+  - elasticsearch
+  - opensearch
+  - geospatial
+  - api
+
+home: https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch
+sources:
+  - https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch
+
+maintainers:
+  - name: STAC Utils
+    url: https://github.com/stac-utils
+
+dependencies:
+  - name: elasticsearch
+    version: 8.5.1
+    repository: https://helm.elastic.co
+    condition: elasticsearch.enabled
+  - name: opensearch
+    version: 3.2.1
+    repository: https://opensearch-project.github.io/helm-charts/
+    condition: opensearch.enabled