feat: initial commit

.envrc

@@ -0,0 +1,2 @@
+nix_direnv_watch_file "./nix/env.nix" "./nix/fmt.nix" "./nix/packages.nix" "./nix/shells.nix" "./nix/pre-commit.nix" "./flake.nix" "./parse.nix"
+use flake

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/deployment.yaml

@@ -0,0 +1,31 @@
+name: CI-CD
+
+on:
+  push:
+
+jobs:
+  precommit:
+    name: Pre-commit Check
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Run pre-commit
+        run: nix develop .#ci -c ./scripts/ci/pre-commit.sh
+
+  release:
+    name: Semantic Release
+    needs:
+      - precommit
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: rlespinasse/github-slug-action@v3.x
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: nix develop .#releaser -c scripts/ci/release.sh

.gitignore

@@ -0,0 +1,8 @@
+.direnv
+.task
+.pre-commit-config.yaml
+.idea
+.env
+dist
+debug.yaml
+.DS_Store

.gitlint

@@ -0,0 +1,6 @@
+[general]
+contrib=CT1
+ignore=B6
+
+[contrib-title-conventional-commits]
+types = action,chore,config,docs,feat,fix,release,upstream

Changelog.md

@@ -0,0 +1,25 @@
+## [1.1.0](https://github.com/AtomiCloud/sulfoxide.chlorine/compare/v1.0.1...v1.1.0) (2023-09-30)
+
+
+### 🚀 New Features
+
+* values.yaml example ([323720f](https://github.com/AtomiCloud/sulfoxide.chlorine/commit/323720fc32f4f05d58cafe3ecaa12a7a7ec4dfdd))
+
+
+### 🐛 Bug Fixes
+
+* migrate to sulfoxide-chlorine for Chart.yaml and Taskfile.yaml ([9b3eda1](https://github.com/AtomiCloud/sulfoxide.chlorine/commit/9b3eda1524b02ae9ff2a82fcc227bb8d2f6e4b9c))
+
+## [1.0.1](https://github.com/AtomiCloud/sulfoxide.chlorine/compare/v1.0.0...v1.0.1) (2023-09-27)
+
+
+### 🐛 Bug Fixes
+
+* incorrect k3d configuration ([f5ecdab](https://github.com/AtomiCloud/sulfoxide.chlorine/commit/f5ecdab1de6097ee04e32afe9337feb2bd2d6821))
+
+## 1.0.0 (2023-09-27)
+
+
+### 🚀 New Features
+
+* initial commit ([4bd320e](https://github.com/AtomiCloud/sulfoxide.chlorine/commit/4bd320e576c1afee2e23ab0ff6409d906ec1defd))

README.MD

@@ -0,0 +1,17 @@
+# Sulfoxide Coblat
+
+Helm Chart to install External Secrets, our secret operator, and SecretStore to AtomiCloud's Kubernetes Cluster
+
+## Prerequisites
+- nix
+- direnv
+- docker
+
+## Helm Docs
+
+You can view the helm documentation generated at [helm-docs](./chart/README.md)
+## Contributing
+
+Please contact contributors and read the [developer docs](./docs/developer/CommitConventions.md) for information on contributing to this project.
+
+- [ernest@atomi.cloud](mailto:ernest@atomi.cloud)

Taskfile.yml

@@ -0,0 +1,40 @@
+version: "3"
+
+env:
+  RELEASE_NAME: sulfoxide-cobalt
+
+includes:
+  util: tasks/Taskfile.util.yaml
+  pichu:opal:
+    taskfile: tasks/Taskfile.cluster.yaml
+    vars:
+      LANDSCAPE: pichu
+      CLUSTER: opal
+
+tasks:
+  # Utility
+  start:cluster:
+    desc: Starts the playground cluster to test helm charts
+    cmds:
+      - ./scripts/local/create-k3d-cluster.sh
+
+  stop:cluster:
+    desc: Destroys the playground cluster to test helm charts
+    cmds:
+      - ./scripts/local/delete-k3d-cluster.sh
+
+  # Helm Operations
+  update:
+    desc: Update Helm dependencies
+    dir: chart
+    cmds:
+      - helm dependency update
+
+  latest:
+    desc: Get the latest version of External Secrets Operator
+    cmds:
+      - task: util:latest
+        vars:
+          REPO_NAME: external-secrets
+          REPO_URL: https://charts.external-secrets.io
+          CHART_NAME: external-secrets

atomi_release.yaml

@@ -0,0 +1,142 @@
+gitlint: .gitlint
+
+conventionMarkdown:
+  path: docs/developer/CommitConventions.md
+  template: |
+    ---
+    id: commit-conventions
+    title: Commit Conventions
+    ---
+    var___convention_docs___
+keywords:
+  - BREAKING CHANGE
+  - BREAKING CHANGES
+  - BREAKING
+
+branches:
+  - main
+
+specialScopes:
+  no-release:
+    desc: Prevent release from happening
+    release: false
+
+plugins:
+  - module: "@semantic-release/changelog"
+    config:
+      changelogFile: Changelog.md
+  - module: "@semantic-release/exec"
+    config:
+      prepareCmd: ./scripts/ci/publish.sh ${nextRelease.version}
+  - module: "@semantic-release/git"
+    config:
+      message: "release: ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      assets:
+        - chart/**/*.*
+        - Changelog.md
+        - docs/developer/CommitConventions.md
+  - module: "semantic-release-major-tag"
+    config:
+      customTags:
+        - "v${major}"
+        - "v${major}.${minor}"
+  - module: "@semantic-release/github"
+
+# Helm
+types:
+  - type: upstream
+    desc: "Changes from dependencies upstream"
+    section: 📦 Upstreams Changes
+    scopes:
+      default:
+        desc: Generic update from upstream dependencies
+        release: "minor"
+    vae:
+      verb: update upstream
+      application: <scope>, <title>
+      example: "upstream(mysql): from v5.7 to v8.0"
+
+  - type: config
+    desc: "Changes to configuration files and scripts"
+    scopes:
+      default:
+        desc: Updates the configuration of the repository, not related to the other scopes
+        release: false
+      lint:
+        desc: Add, update or remove linters
+        release: false
+      fmt:
+        desc: Add, updatge or remove formatters
+        release: false
+      build:
+        desc: Add, update or change build pipelines and generators
+        release: false
+      nix:
+        desc: Add, update or change nix shell
+        release: false
+      env:
+        desc: Add, update or change environment
+        release: false
+      ignore:
+        desc: Add, update or change ignore configurations
+        release: false
+      ci:
+        desc: Add, update or change CI configuration files
+        release: false
+    vae:
+      verb: configure
+      application: <scope> to <title>
+      example: "config(ci): setup nix before executing"
+
+  - type: release
+    desc: Initiate a release (machine initiated)
+    scopes:
+      default:
+        desc: Machine initiated release
+        release: false
+
+  - type: docs
+    section: 📝 Documentation Updates
+    desc: Documentation only changes
+    scopes:
+      default:
+        desc: Update generic documentation file
+        release: false
+    vae:
+      verb: add
+      application: <scope> documention <title>
+      example: "docs(developer): on how to install dependency packages"
+  - type: feat
+    section: 🚀 New Features
+    desc: A new feature
+    vae:
+      verb: add
+      application: <scope> <title>
+      example: "feat(rapid): new withdraw api"
+    scopes:
+      default:
+        desc: Release a new features
+        release: minor
+  - type: action
+    desc: Imperative action, mainly changing the values files
+    scopes:
+      default:
+        desc: Imperative action, mainly changing the values files
+        release: false
+  - type: fix
+    section: 🐛 Bug Fixes
+    desc: A bug fix
+    vae:
+      verb: fix
+      application: <title>
+      example: "fix(rapid): deposit api for rapid"
+    scopes:
+      default:
+        desc: Generic fixes
+        release: patch
+  - type: chore
+    desc: Menial Tasks
+    scopes:
+      default:
+        desc: Menial Tasks
+        release: false

chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: external-secrets
+  repository: https://charts.external-secrets.io
+  version: 0.9.5
+digest: sha256:024c10e7d3d1b0dd9adc23bebf6b3cf12aca8b1d4d2a9b881a292c6f80bf4e54
+generated: "2023-09-30T19:26:31.766839+08:00"

chart/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+name: sulfoxide-cobalt
+description: Helm Chart to install External Secrets, our secret operator, and SecretStore to AtomiCloud's Kubernetes Cluster
+type: application
+version: 1.1.0
+appVersion: "v0.9.5"
+dependencies:
+  - name: external-secrets
+    version: v0.9.5
+    repository: https://charts.external-secrets.io

chart/README.md

@@ -0,0 +1,28 @@
+# sulfoxide-cobalt
+
+![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.5](https://img.shields.io/badge/AppVersion-v0.9.5-informational?style=flat-square)
+
+Helm Chart to install External Secrets, our secret operator, and SecretStore to AtomiCloud's Kubernetes Cluster
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.external-secrets.io | external-secrets | v0.9.5 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| external-secrets | object | `{"certController":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"cert-controller"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}},"installCRDs":true,"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"operator"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"serviceMonitor":{"enabled":true},"webhook":{"podAnnotations":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podLabels":{"<<":{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"},"atomi.cloud/module":"webhook"},"podSecurityContext":{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"resources":{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"50m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}}}` | External Secrets Configuration. See [External Secrets Operator Documentation](https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets) |
+| podSecurityContext | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for PodSecurityContext |
+| rootToken | object | `{"key":"DOPPLER_TOKEN","value":""}` | The Root Doppler Token for deploying SecretStore |
+| rootToken.key | string | `"DOPPLER_TOKEN"` | The Kubernetes Secret Key holding the Root Doppler Token |
+| rootToken.value | string | `""` | The Root Doppler Token Value for deploying SecretStore. This value is sensitive |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for SecurityContext |
+| serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"chlorine"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
+| storeName | string | `"doppler"` | The name of the doppler ClusterSecretStore that is going to be deployed |
+| tags | object | `{"atomi.cloud/layer":"1","atomi.cloud/platform":"sulfoxide","atomi.cloud/service":"chlorine"}` | Kubernetes labels and annotations, following Service Tree |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.1](https://github.com/norwoodj/helm-docs/releases/v1.11.1)

chart/templates/NOTES.txt

@@ -0,0 +1 @@
+Install AtomiCloud's Secret Operator