authentik chart rework (#230)

Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>

ct.yaml → .github/configs/ct-install.yaml

@@ -1,7 +1,13 @@
+---
+remote: origin
 target-branch: main
+chart-dirs:
+  - charts
 chart-repos:
-  - bitnami=https://charts.bitnami.com/bitnami
   - authentik=https://charts.goauthentik.io
 helm-extra-args: --timeout 180s
 check-version-increment: false
 validate-maintainers: false
+validate-yaml: true
+exclude-deprecated: true
+excluded-charts: []

.github/configs/ct-lint.yaml

@@ -0,0 +1,11 @@
+---
+remote: origin
+target-branch: main
+chart-dirs:
+  - charts
+chart-repos:
+  - authentik=https://charts.goauthentik.io
+check-version-increment: false
+validate-maintainers: false
+exclude-deprecated: true
+excluded-charts: []

.github/configs/lintconf.yaml

@@ -0,0 +1,42 @@
+---
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    require-starting-space: true
+    min-spaces-from-content: 1
+  document-end: disable
+  document-start: disable # No --- to start a file
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: consistent
+    indent-sequences: whatever # - list indentation will handle both indentation and without
+    check-multi-line-strings: false
+  key-duplicates: enable
+  line-length: disable # Lines can be any length
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    level: warning

.github/workflows/lint-test.yaml

@@ -1,3 +1,4 @@
+---
 name: "Lint and Test Chart"
 
 on:
@@ -7,36 +8,71 @@ on:
   pull_request:
 
 jobs:
+  linter-artifacthub:
+    runs-on: ubuntu-latest
+    container:
+      image: public.ecr.aws/artifacthub/ah:v1.14.0
+      options: --user 1001
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run ah lint
+        working-directory: ./charts
+        run: ah lint
+
   lint-and-test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          fetch-depth: "0"
+          fetch-depth: 0
+
       - name: Set up Helm
-        uses: azure/setup-helm@v3.5
-      - uses: actions/setup-python@v5
+        uses: azure/setup-helm@v3
+
+      - name: Set up python
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.9.2
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
-      - name: Run chart-testing (list-changed)
+          python-version: "3.9"
+
+      - name: Setup Chart Linting
+        id: lint
+        uses: helm/chart-testing-action@v2
+
+      - name: List changed charts
         id: list-changed
         run: |
-          changed=$(ct list-changed  --config ct.yaml)
+          changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
+          charts=$(echo "$changed" | tr '\n' ' ' | xargs)
           if [[ -n "$changed" ]]; then
             echo "changed=true" >> $GITHUB_OUTPUT
+            echo "changed_charts=$charts" >> $GITHUB_OUTPUT
           fi
+
       - name: Run chart-testing (lint)
-        run: ct lint --config ct.yaml
+        run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
+
+      - name: Run docs-testing (helm-docs)
+        id: helm-docs
+        run: |
+          ./scripts/helm-docs.sh
+          if [[ $(git diff --stat) != '' ]]; then
+            echo -e '\033[0;31mDocumentation outdated!\033[0m ❌'
+            git diff --color
+            exit 1
+          else
+            echo -e '\033[0;32mDocumentation up to date\033[0m ✔'
+          fi
+
       - name: Create kind cluster
         uses: helm/kind-action@v1.9.0
         if: steps.list-changed.outputs.changed == 'true'
+
       - name: Run chart-testing (install)
-        if: steps.list-changed.outputs.changed == 'true'
         run: |
           namespace=authentik-$(uuidgen)
           kubectl create ns $namespace
           kubectl apply -n $namespace -f charts/authentik/ci/manifests/
-          ct install --namespace=$namespace --config ct.yaml
+          ct install --namespace=$namespace --config ./.github/configs/ct-install.yaml
+        if: steps.list-changed.outputs.changed == 'true'

charts/authentik-remote-cluster/README.md

@@ -14,25 +14,25 @@ RBAC required for a remote cluster to be connected to authentik.
 
 ## Maintainers
 
-| Name           | Email                  | Url                      |
-| -------------- | ---------------------- | ------------------------ |
+| Name | Email | Url |
+| ---- | ------ | --- |
 | authentik Team | <hello@goauthentik.io> | <https://goauthentik.io> |
 
 ## Source Code
 
--   <https://goauthentik.io/docs/>
--   <https://github.com/goauthentik/authentik>
+* <https://goauthentik.io/docs/>
+* <https://github.com/goauthentik/authentik>
 
 ## Values
 
-| Key                          | Type   | Default | Description                                                                                       |
-| ---------------------------- | ------ | ------- | ------------------------------------------------------------------------------------------------- |
-| annotations                  | object | `{}`    | Annotations to apply to all resources                                                             |
-| clusterRole.enabled          | bool   | `true`  | Create a clusterole in addition to a namespaced role.                                             |
-| fullnameOverride             | string | `""`    | String to fully override `"authentik.fullname"`. Prefer using global.fullnameOverride if possible |
-| global.additionalLabels      | object | `{}`    | Common labels for all resources.                                                                  |
-| global.fullnameOverride      | string | `""`    | String to fully override `"authentik.fullname"`                                                   |
-| global.nameOverride          | string | `""`    | Provide a name in place of `authentik`                                                            |
-| kubeVersionOverride          | string | `""`    | Override the Kubernetes version, which is used to evaluate certain manifests                      |
-| nameOverride                 | string | `""`    | Provide a name in place of `authentik`. Prefer using global.nameOverride if possible              |
-| serviceAccountSecret.enabled | bool   | `true`  | Create a secret with the service account credentials                                              |
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| annotations | object | `{}` | Annotations to apply to all resources |
+| clusterRole.enabled | bool | `true` | Create a clusterole in addition to a namespaced role. |
+| fullnameOverride | string | `""` | String to fully override `"authentik.fullname"`. Prefer using global.fullnameOverride if possible |
+| global.additionalLabels | object | `{}` | Common labels for all resources. |
+| global.fullnameOverride | string | `""` | String to fully override `"authentik.fullname"` |
+| global.nameOverride | string | `""` | Provide a name in place of `authentik` |
+| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
+| nameOverride | string | `""` | Provide a name in place of `authentik`. Prefer using global.nameOverride if possible |
+| serviceAccountSecret.enabled | bool | `true` | Create a secret with the service account credentials |

charts/authentik/Chart.yaml

@@ -1,6 +1,7 @@
+---
 apiVersion: v2
-version: 2023.10.7
-appVersion: 2023.10.7
+version: 2024.2.0-rc1
+appVersion: 2024.2.0-rc1
 name: authentik
 description: authentik is an open-source Identity Provider focused on flexibility and versatility
 type: application
@@ -29,22 +30,22 @@ maintainers:
     url: https://goauthentik.io
 dependencies:
   - name: postgresql
-    version: 10.16.2
-    repository: https://charts.goauthentik.io
+    version: 12.12.10
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - name: redis
-    version: 15.7.6
-    repository: https://charts.goauthentik.io
+    version: 18.6.1
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: redis.enabled
   - name: authentik-remote-cluster
     repository: https://charts.goauthentik.io
-    version: 1.2.2
+    version: 2.0.0
     condition: serviceAccount.create
     alias: serviceAccount
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: upgrade to authentik 2023.10.7
+      description: upgrade to authentik 2024.2.0-rc1
   artifacthub.io/license: GPL
   artifacthub.io/links: |
     - name: GitHub
@@ -57,16 +58,16 @@ annotations:
       url: https://goauthentik.io
   artifacthub.io/images: |
     - name: authentik
-      image: ghcr.io/goauthentik/server:2023.10.7
+      image: ghcr.io/goauthentik/server:2024.2.0-rc1
       whitelisted: true
     - name: authentik-outpost-proxy
-      image: ghcr.io/goauthentik/proxy:2023.10.7
+      image: ghcr.io/goauthentik/proxy:2024.2.0-rc1
       whitelisted: true
     - name: authentik-outpost-ldap
-      image: ghcr.io/goauthentik/ldap:2023.10.7
+      image: ghcr.io/goauthentik/ldap:2024.2.0-rc1
       whitelisted: true
     - name: authentik-outpost-radius
-      image: ghcr.io/goauthentik/radius:2023.10.7
+      image: ghcr.io/goauthentik/radius:2024.2.0-rc1
       whitelisted: true
   artifacthub.io/screenshots: |
     - title: User interface