Setup repo and add linux-edr-sensor chart (#1)

* [LE-871] Initial commit Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Add linux-edr-sensor chart Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Add subscription_plan to config template Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Remove pvc. Hard-code securityContext in template. Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Remove circleci config. Using github workflows. Remove security policy page. Make helm-docs version consistent. Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Update chart README Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Improve documentation based on feedback Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Remove system requirements and point to help page Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Fix typo in repo readme Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Remove outdated information from README tempalte Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Update documentation and replace appVersion Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] More updates based on feedback Signed-off-by: Thomas Jordan <[email protected]> * [LE-871] Update main readme w/ license info Signed-off-by: Thomas Jordan <[email protected]> --------- Signed-off-by: Thomas Jordan <[email protected]>
redcanaryco · Aug 21, 2023 · b36f5fb · b36f5fb
1 parent 7cad7bd
commit b36f5fb
Show file tree

Hide file tree

Showing 18 changed files with 828 additions and 15 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,26 @@
+# Description
+
+Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
+Fixes # (issue)
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+# Checklist:
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml
@@ -0,0 +1,37 @@
+name: Validate READMEs were updated with helm-docs
+
+on: pull_request
+
+jobs:
+  validate-readmes:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install helm-docs
+        run: |
+          wget https://github.com/norwoodj/helm-docs/releases/download/v1.11.0/helm-docs_1.11.0_Linux_x86_64.tar.gz
+          tar -xzvf helm-docs_1.11.0_Linux_x86_64.tar.gz
+          rm helm-docs_1.11.0_Linux_x86_64.tar.gz
+          chmod +x helm-docs
+          mv helm-docs /usr/local/bin/
+
+      - name: Check for necessary README updates
+        id: check
+        run: |
+          helm-docs charts
+          # somehow, the first "git diff" finds the README files deleted, but subsequent calls get it right
+          git diff --raw &>/dev/null
+          git diff-index --exit-code HEAD -- charts/
+
+      - name: Print Failure Message
+        if: ${{ failure() && steps.check.conclusion == 'failure' }}
+        run: |
+          echo "You forgot to update a README using 'helm-docs' before committing!"
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -0,0 +1,49 @@
+name: Lint and Test Charts
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.1
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --validate-maintainers=false
+
+      - name: Create kind cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (install)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,32 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,64 @@
+# Contributing
+
+Please submit contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.
+
+## Sign off Your Work
+
+The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project.
+Here is the full text of the [DCO](http://developercertificate.org/).
+Contributors must sign-off that they adhere to these requirements by adding a `Signed-off-by` line to commit messages.
+
+```text
+This is my commit message
+
+Signed-off-by: John Doe <[email protected]>
+```
+
+`git commit` has a `-s` option to add the "Signed-off-by" line to your commits:
+
+```text
+-s, --signoff
+    Add Signed-off-by line by the committer at the end of the commit log
+    message. The meaning of a signoff depends on the project, but it typically
+    certifies that committer has the rights to submit this work under the same
+    license and agrees to a Developer Certificate of Origin (see
+    http://developercertificate.org/ for more information).
+```
+
+## How to Contribute
+
+1. Fork this repository
+1. Develop and test your changes
+1. Sign off your commits
+1. Submit a pull request
+
+***NOTE***: Pull requests should include changes to no more than one chart. Please submit separate PRs if changing multiple charts.
+
+### Technical Requirements
+
+* Follow [Helm Chart Best Practices](https://helm.sh/docs/topics/chart_best_practices/)
+* Must pass CI jobs for linting and installing changed charts with the [chart-testing](https://github.com/helm/chart-testing) tool
+* Any change to a chart requires a version bump following [semver](https://semver.org/) principles. See [Immutability](#immutability) and [Versioning](#versioning) below
+
+Once changes have been merged, a job will run to package and release the changed charts.
+
+### Immutability
+
+Chart releases must maintain immutability. Any alteration to a chart, even if it involves only documentation changes, necessitates a version bump for the chart.
+
+### Versioning
+
+Clear versioning helps users understand the nature of changes and make informed decisions about updating their deployments. Following [semver](https://semver.org/) simplifies the release process and enhances collaboration among users and maintainers.
+
+Charts should be introduced at `0.1.0` and all changes must be documented in the chart's CHANGELOG.md file. Any breaking (backwards incompatible) changes to a chart must:
+
+1. Bump the MAJOR version
+2. Within the README.md.gotmpl, create a section titled "Upgrade Instructions." Outline the specific manual procedures required for transitioning to the designated MAJOR version.
+
+### Generate README
+
+The readme of each chart can be re-generated with the following command (run inside the chart directory):
+
+```shell
+docker run --rm --volume "$(pwd):/helm-docs" -u "$(id -u)" jnorwood/helm-docs:v1.11.0
+```
diff --git a/README.md b/README.md
@@ -1 +1,23 @@
-# helm-charts
+# Red Canary Kubernetes Helm Charts
+
+![GitHub Action Status](https://github.com/redcanaryco/helm-charts/actions/workflows/release.yaml/badge.svg?branch=main) ![GitHub Action Status](https://github.com/redcanaryco/helm-charts/actions/workflows/lint-test.yaml/badge.svg?branch=main)
+
+## Usage
+
+[Helm](https://helm.sh) must be installed to use the charts.
+Please refer to Helm's [documentation](https://helm.sh/docs/) to get started.
+
+Once Helm is set up properly, add the repository as follows:
+
+```console
+helm repo add redcanary https://redcanaryco.github.io/helm-charts
+```
+
+You can then run `helm search repo redcanary` to see the charts.
+
+## Contributing
+You're welcome to contribute to our projects! Please refer to our [contribution guidelines](https://github.com/redcanaryco/helm-charts/blob/main/CONTRIBUTING.md) for details.
+
+## License
+
+[BSD-3-Clause License](https://github.com/redcanaryco/helm-charts/blob/main/LICENSE).
diff --git a/charts/linux-edr-sensor/.helmignore b/charts/linux-edr-sensor/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# Files used for CI/testing
+ci/
diff --git a/charts/linux-edr-sensor/CHANGELOG.md b/charts/linux-edr-sensor/CHANGELOG.md
@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2023-08-03
+
+### Added
+
+- Initial release of the linux-edr-sensor helm chart
diff --git a/charts/linux-edr-sensor/Chart.yaml b/charts/linux-edr-sensor/Chart.yaml
@@ -0,0 +1,27 @@
+apiVersion: v2
+name: linux-edr-sensor
+description: A Helm chart for deploying the Red Canary Linux EDR Sensor to Kubernetes
+
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the sensor being deployed by the chart.
+appVersion: "1.5.3-20309"
+
+keywords:
+  - redcanary
+  - linux
+  - edr
+  - sensor
+
+home: https://github.com/redcanaryco/helm-charts/tree/main/charts/linux-edr-sensor
+
+maintainers:
+  - name: Thomas Jordan
+    email: [email protected]
+
+icon: https://redcanary.com/wp-content/themes/redcanary/assets/img/apple-icon-152x152.png