Merge branch 'main' into dependabot/github_actions/super-linter/super-linter-8

Author: butler54

.github/workflows/conventional-pr.yml

@@ -0,0 +1,26 @@
+name: "Lint PR title"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+    branches:
+      - 'main'
+      - 'develop'
+jobs:
+  lint:
+    if: ${{ github.head_ref != 'develop' }}
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: npm install @commitlint/cli @commitlint/config-conventional
+
+    - name: Validate PR title
+      run: |
+        PR_TITLE=$(jq -r '.pull_request.title' "$GITHUB_EVENT_PATH")
+        echo "$PR_TITLE" | npx commitlint --config commitlint.config.js

.github/workflows/helm-lint.yml

@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup helm
         uses: azure/setup-helm@v4

.github/workflows/helm-unittest.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Run make helmlint
         run: |

.github/workflows/superlinter.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0

.gitignore

@@ -43,3 +43,4 @@ tags
 # End of https://www.toptal.com/developers/gitignore/api/helm,vim,linux
 
 .vscode/
+node_modules/

.prettierrc

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "semi": false
+}

.releaserc.yaml

@@ -0,0 +1,12 @@
+branches:
+  - main
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - - "@semantic-release/exec"
+    - prepareCmd: "sed -i.bak 's/^version:.*/version: ${nextRelease.version}/' Chart.yaml && rm -f Chart.yaml.bak"
+  - "@semantic-release/github"
+  - - "@semantic-release/git"
+    - assets:
+        - Chart.yaml
+      message: "chore(release): ${nextRelease.version} [skip ci]"

Chart.yaml

@@ -1,6 +1,10 @@
 apiVersion: v2
-description: A Helm chart to serve as the Validated Patterns Template
+description: A Helm chart to provide an opinionated deployment of Trustee in a validated pattern
 keywords:
 - pattern
-name: vp-template
-version: 0.0.1
+- trustee
+- confidential-computing
+- confidential-containers
+name: trustee
+# DO NOT EDIT VERSION HERE, IT IS AUTO-GENERATED BY SEMANTIC-RELEASE
+version: 0.0.4

README.md

@@ -1,12 +1,35 @@
-# vp-template
+# trustee
 
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square)
+![Version: 0.0.4](https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square)
 
-A Helm chart to serve as the Validated Patterns Template
+A Helm chart to provide an opinionated deployment of Trustee in a validated pattern
 
-This chart is used to serve as the template for Validated Patterns Charts
+This chart is intended for use with the [coco-pattern](https://github.com/validatedpatterns/coco-pattern) and other validated patterns.
+
+It is part of three charts that are intended to be used together:
+1. [trustee](https://github.com/validatedpatterns/trustee-chart) indended to deploy the Key Broker Service (KBS) and related infrastructure (this chart))
+    1. This should be deployed on an ACM hub cluster
+2. [sandboxed-containers](https://github.com/validatedpatterns/sandboxed-containers-chart) intended to be deployed on an ACM spoke cluster where there is access to confidential hardware
+3. [sandboxed-policies](https://github.com/validatedpatterns/sandboxed-policies-chart)  intended to be deployed on an ACM hub cluster which pushes polices to the spoke cluster.
+
+In order to use this chart, you will need to:
+1. Have a security policy created and available. This is a container security policy that will be used to verify the inside a kata vm.
+    1. See here for more information: https://docs.redhat.com/en/documentation/openshift_sandboxed_containers/1.10/html/deploying_red_hat_build_of_trustee/deploying-trustee_azure-trustee#creating-image-verification-policy_azure-trustee
+2. Have a public key created and available. This is a public key that will be used to authenticate the KBS management API.
+3. Have a list of secret resources to be added to the KBS as a list of name, key pairs where key is the path to the secret in the secret store. These will be used to authenticate the KBS management API.
 
 ### Notable changes
 
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| global.secretStore.backend | string | `""` |  |
+| kbs.publicKey | string | `"secret/data/hub/kbsPublicKey"` |  |
+| kbs.secretResources | list | `[]` |  |
+| kbs.securityPolicy | string | `"secret/data/hub/securityPolicyConfig"` |  |
+| secretStore.kind | string | `""` |  |
+| secretStore.name | string | `""` |  |
+
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

README.md.gotmpl

@@ -5,7 +5,20 @@
 
 {{ template "chart.description" . }}
 
-This chart is used to serve as the template for Validated Patterns Charts
+This chart is intended for use with the [coco-pattern](https://github.com/validatedpatterns/coco-pattern) and other validated patterns.
+
+It is part of three charts that are intended to be used together:
+1. [trustee](https://github.com/validatedpatterns/trustee-chart) indended to deploy the Key Broker Service (KBS) and related infrastructure (this chart))
+    1. This should be deployed on an ACM hub cluster
+2. [sandboxed-containers](https://github.com/validatedpatterns/sandboxed-containers-chart) intended to be deployed on an ACM spoke cluster where there is access to confidential hardware
+3. [sandboxed-policies](https://github.com/validatedpatterns/sandboxed-policies-chart)  intended to be deployed on an ACM hub cluster which pushes polices to the spoke cluster.
+
+In order to use this chart, you will need to:
+1. Have a security policy created and available. This is a container security policy that will be used to verify the inside a kata vm.
+    1. See here for more information: https://docs.redhat.com/en/documentation/openshift_sandboxed_containers/1.10/html/deploying_red_hat_build_of_trustee/deploying-trustee_azure-trustee#creating-image-verification-policy_azure-trustee
+2. Have a public key created and available. This is a public key that will be used to authenticate the KBS management API.
+3. Have a list of secret resources to be added to the KBS as a list of name, key pairs where key is the path to the secret in the secret store. These will be used to authenticate the KBS management API.
+
 
 ### Notable changes