feat: add helm chart (#41)

Signed-off-by: Andres Vallecilla <andresfelipe083195@hotmail.com>
Signed-off-by: Gabriel Mata <gabrielmatau@gmail.com>
Co-authored-by: Gabriel Mata <gabrielmatau@gmail.com>

Author: lotharking

.github/workflows/continuous-integration.yml

@@ -41,6 +41,9 @@ jobs:
       - name: Checkout credo-ts-indy-vdr-proxy
         uses: actions/checkout@v2
 
+      - name: Setup Helm
+        uses: azure/setup-helm@v3
+
       - name: Setup NodeJS
         uses: ./.github/actions/setup-node
         with:
@@ -58,6 +61,9 @@ jobs:
       - name: Compile
         run: yarn check-types
 
+      - name: Validate Helm chart
+        run: helm lint ./charts
+
   tests:
     runs-on: ubuntu-latest
     name: Tests
@@ -107,6 +113,10 @@ jobs:
       fail-fast: false
       matrix:
         package: ${{fromJson(needs.package-finder.outputs.packages)}}
+    env:
+      DH_USERNAME: ${{ secrets.DOCKER_HUB_LOGIN }}
+      DH_TOKEN: ${{ secrets.DOCKER_HUB_PWD }}
+      IMAGE_NAME: "indy-vdr-proxy"
     steps:
       - uses: google-github-actions/release-please-action@v2
         id: release-please
@@ -137,14 +147,26 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
         if: ${{ steps.release-please.outputs.release_created }}
+      - name: Setup Helm
+        if: ${{ steps.release-please.outputs.release_created }}
+        uses: azure/setup-helm@v3
 
       - name: Build and publish Docker image
-        env:
-          DH_USERNAME: ${{ secrets.DOCKER_HUB_LOGIN }}
-          DH_TOKEN: ${{ secrets.DOCKER_HUB_PWD }}
-          IMAGE_NAME: "indy-vdr-proxy"
         run: |
           echo "$DH_TOKEN" | docker login -u "$DH_USERNAME" --password-stdin
-          docker build -f ./packages/{{ matrix.package }}/Dockerfile -t $DH_USERNAME/$IMAGE_NAME:dev ./packages/{{ matrix.package }}
-          docker push $DH_USERNAME/$IMAGE_NAME:dev
+          docker build -t $DH_USERNAME/$IMAGE_NAME:v$RELEASE_VERSION ./packages/{{ matrix.package }}
+          docker push $DH_USERNAME/$IMAGE_NAME:v$RELEASE_VERSION
         if: ${{ (steps.release-please.outputs.release_created == 'true') && (matrix.package == 'server') }}
+
+      - name: Log in to Docker Hub Helm Registry
+        run: |
+          echo "$DH_TOKEN" | helm registry login -u "$DH_USERNAME" --password-stdin docker.io
+
+      - name: Push Helm chart to Docker Hub OCI repo
+        env:
+          RELEASE_VERSION: ${{ steps.release-please.outputs.release_version }}
+        run: |
+          sed -i "s/^version:.*/version: $RELEASE_VERSION/" ./charts/Chart.yaml
+          helm dependency update ./charts
+          helm package ./charts -d ./charts
+          helm push ./charts/$IMAGE_NAME-$RELEASE_VERSION.tgz oci://docker.io/$DH_USERNAME

.prettierignore

@@ -4,4 +4,5 @@ build
 .idea
 coverage
 CHANGELOG.md
-routes
+routes
+charts

charts/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: indy-vdr-proxy-chart
+description: Helm chart for deploying indy-vdr-proxy
+type: application
+version: 0.0.4

charts/README.md

@@ -0,0 +1,171 @@
+# indy-vdr-proxy-server-chart
+
+## 🛍️ Overview
+
+This Helm chart deploys the `indy-vdr-proxy` application and its optional companion service `app-check-proxy`. It includes:
+
+- **StatefulSet**: Main application container with optional app-check-proxy sidecar.
+- **Service**: Exposes HTTP and optionally App Check endpoints.
+- **Ingress**: Routes external traffic based on configuration.
+- **ConfigMap**: Defines runtime configurations such as `app.config.json` and (optionally) `ENDPOINT_URLS`.
+
+---
+
+## 📁 Chart Structure
+
+```
+indy-vdr-proxy-server-chart/
+├── Chart.yaml
+├── values.yaml
+└── templates/
+    ├── _helpers.tpl
+    ├── deployment.yaml
+```
+
+- `Chart.yaml`: Chart metadata.
+- `values.yaml`: Centralized configuration file (all logic controlled from here).
+- `templates/`: All Kubernetes manifests, conditionally rendered using Helm logic.
+
+---
+
+## 🚀 Installation
+
+### 1. Lint the Chart
+
+```bash
+helm lint ./deployments/indy-vdr-proxy-server
+```
+
+### 2. Render Templates (preview output)
+
+```bash
+helm template indy-vdr ./deployments/indy-vdr-proxy-server --namespace <your-namespace>
+```
+
+### 3. Dry-Run Installation
+
+```bash
+helm install --dry-run --debug indy-vdr ./deployments/indy-vdr-proxy-server --namespace <your-namespace>
+```
+
+### 4. Install the Chart
+
+```bash
+helm install indy-vdr ./deployments/indy-vdr-proxy-server --namespace <your-namespace>
+```
+
+> If the namespace doesn't exist, create it manually or configure `createNamespace` in your Helm pipeline logic.
+
+---
+
+## ⚙️ Configuration
+
+All configuration is centralized in `values.yaml`.
+
+### 🌐 Global
+
+```yaml
+global:
+  domain: dev.2060.io
+```
+
+### 📦 Application
+
+```yaml
+app:
+  name: indy-vdr-proxy
+```
+
+### 🏗️ StatefulSet
+
+- Fully configurable image, resources, replicas.
+- Includes support for optional `app-check-proxy` sidecar.
+
+```yaml
+statefulset:
+  replicas: 1
+  containerName: indy-vdr-proxy-container
+  image:
+    repository: io2060/indy-vdr-proxy
+    tag: dev
+    pullPolicy: Always
+  env:
+    INDY_VDR_PROXY_PORT: "3000"
+    INDY_VDR_PROXY_CONFIG_PATH: "/config/vdr-proxy/app.config.json"
+```
+
+### ✅ App Check Proxy (optional sidecar)
+
+```yaml
+appCheckProxy:
+  enabled: true
+  name: app-check-proxy-container
+  image:
+    repository: io2060/app-check-proxy
+    tag: dev
+    pullPolicy: Always
+  env:
+    APP_PORT: "3100"
+    FIREBASE_CFG_FILE: "/config/app-check-proxy/firebase-cfg.json"
+```
+
+If disabled, the following are skipped:
+
+- Sidecar container
+- App Check port in service and ingress
+- `ENDPOINT_URLS` from ConfigMap
+
+### 🧹 ConfigMap
+
+Includes two key files:
+
+- `app.config.json` (always rendered)
+- `ENDPOINT_URLS` (only rendered if `appCheckProxy.enabled: true`)
+
+Uses `tpl` to support inline template logic from `values.yaml`.
+
+```yaml
+configMap:
+  appConfigJson: |
+    {
+      "some": "config"
+    }
+  endpointUrls: |
+    {
+      "verana:gov": "https://verana.gov/endpoint"
+    }
+```
+
+### 🌐 Ingress
+
+```yaml
+ingress:
+  enabled: true
+  name: indy-vdr-proxy
+  className: nginx
+  host: "indyvdrproxy.ca.{{ .Values.global.domain }}"
+  tlsSecretName: "indyvdrproxy.ca.{{ .Values.global.domain }}-cert"
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+```
+
+> The ingress backend port is dynamically selected depending on whether `appCheckProxy` is enabled.
+
+### 📡 Service
+
+Exposes two ports if `appCheckProxy.enabled: true`, otherwise only HTTP.
+
+```yaml
+service:
+  ports:
+    http: 3000
+    appCheck: 3100
+```
+
+---
+
+## 🔄 Uninstalling
+
+```bash
+helm uninstall indy-vdr --namespace <your-namespace>
+```

charts/templates/_helpers.tpl

@@ -0,0 +1,17 @@
+{{- define "indy-vdr-proxy.name" -}}
+{{- .Chart.Name -}}
+{{- end -}}
+
+{{- define "indy-vdr-proxy.fullname" -}}
+{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "indy-vdr-proxy.labels" -}}
+helm.sh/chart: {{ include "indy-vdr-proxy.name" . }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{- define "indy-vdr-proxy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "indy-vdr-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}