[Merged by Bors] - Helm chart

.dockerignore

@@ -0,0 +1,9 @@
+debug/
+target/
+**/*.rs.bk
+
+.idea/
+*.iws
+
+# We do NOT want to ignore .git because we use the `built` crate to gather the current git commit hash at built time
+# This means we need the .git directory in our Docker image, it will be thrown away and won't be included in the final image

.github/dependabot.yml

@@ -0,0 +1,30 @@
+# =============
+# This file is automatically generated from the templates in stackabletech/operator-templating
+# DON'T MANUALLY EDIT THIS FILE
+# =============
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "type/dependencies"
+    reviewers:
+      - "stackabletech/developers"
+
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "type/dependencies"
+    reviewers:
+      - "stackabletech/rust-developers"
+    ignore:
+      # We never want to be notified about a kube-rs update.
+      # It often contains breaking changes so it has to be updated manually anyway
+      # and it needs to be updated together with kube-runtime, kube-derive etc.
+      - dependency-name: "kube*"
+      - dependency-name: "k8s-openapi"

.github/pull_request_template.md

@@ -0,0 +1,14 @@
+## Description
+
+*Please add a description here. This will become the commit message of the merge request later.*
+
+<!-- Commit message above. Everything below is not added to the message. Do not change this line! -->
+
+## Review Checklist
+- [ ] Code contains useful comments
+- [ ] (Integration-)Test cases added (or not applicable)
+- [ ] Documentation added (or not applicable)
+- [ ] Changelog updated (or not applicable)
+- [ ] Cargo.toml only contains references to git tags (not specific commits or branches)
+
+Once the review is done, comment `bors r+` (or `bors merge`) to merge. [Further information](https://bors.tech/documentation/getting-started/#reviewing-pull-requests)

.github/workflows/daily_security.yml

@@ -2,11 +2,12 @@
 # This file is automatically generated from the templates in stackabletech/operator-templating
 # DON'T MANUALLY EDIT THIS FILE
 # =============
+---
 name: Security audit
 
 on:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: '15 4 * * *'
   workflow_dispatch:
 
 jobs:

.github/workflows/helm_tests.yml

@@ -0,0 +1,53 @@
+name: Lint and Test Helm Charts
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+env:
+  CT_CONFIG: deploy/helm/ct.yaml
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2.4.0
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.7.2
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Compile chart
+        run: make compile-chart
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.2.0
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config "${CT_CONFIG}"
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config "${CT_CONFIG}")
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.2.0
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        run: ct install --config "${CT_CONFIG}"
+        if: steps.list-changed.outputs.changed == 'true'

.github/workflows/pr_generate_manifests.yml

@@ -0,0 +1,39 @@
+# =============
+# This file is automatically generated from the templates in stackabletech/operator-templating
+# DON'T MANUALLY EDIT THIS FILE
+# =============
+name: Update Manifest files
+
+on:
+  pull_request:
+
+jobs:
+  manifests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.STACKY_MC_STACKFACE_TOKEN }}
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.6.2
+      - name: update manifests
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: make generate-manifests
+      - name: Add & Commit
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        uses: EndBug/add-and-commit@v7
+        with:
+          default_author: user_info
+          author_name: Stacky McStackface
+          author_email: stackable-bot@users.noreply.github.com
+          pathspec_error_handling: exitImmediately
+          pull: NO-PULL
+          add: 'deploy'
+          message: 'Github Actions: Generated k8s manifest files'

.github/workflows/publish_main_artifacts.yml

@@ -0,0 +1,60 @@
+# =============
+# This file is automatically generated from the templates in stackabletech/operator-templating
+# DON'T MANUALLY EDIT THIS FILE
+# =============
+---
+name: Publish nightly artifacts from main branch
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '30 4 * * *'
+  workflow_dispatch:
+
+env:
+  PRODUCT_NAME: secret-operator
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: '0'
+  CARGO_PROFILE_DEV_DEBUG: '0'
+  RUSTFLAGS: "-D warnings"
+  REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev
+
+jobs:
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.6.2
+
+      - name: Build Docker image
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: make docker
+
+      - name: Compile chart
+        run: make compile-chart
+
+      - name: Package Chart
+        run: mkdir -p target/helm && helm package --destination target/helm deploy/helm/secret-operator
+
+      - name: Publish Chart
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: >-
+          /usr/bin/curl
+          --fail
+          -u 'github:${{ secrets.NEXUS_PASSWORD }}'
+          --upload-file "./$(find  target/helm/ -name '*.tgz')"
+          "${{ env.REPO_HELM_URL }}/"

.github/workflows/publish_pr_artifacts.yml

@@ -0,0 +1,63 @@
+# =============
+# This file is automatically generated from the templates in stackabletech/operator-templating
+# DON'T MANUALLY EDIT THIS FILE
+# =============
+---
+name: Publish pull-request artifacts
+
+on:
+  pull_request:
+
+env:
+  PRODUCT_NAME: secret-operator
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: '0'
+  CARGO_PROFILE_DEV_DEBUG: '0'
+  RUSTFLAGS: "-D warnings"
+  REPO_HELM_URL: https://repo.stackable.tech/repository/helm-test
+
+jobs:
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.6.2
+
+      - name: Set up Python and update cargo version.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - run: pip install -r ./python/requirements.txt
+      - run: python ./python/cargo_version.py -m pr${{ github.event.number }}
+
+      - name: Build Docker image
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: make docker
+
+      - name: Compile chart
+        run: make compile-chart
+
+      - name: Package Chart
+        run: mkdir -p target/helm && helm package --destination target/helm deploy/helm/secret-operator
+
+      - name: Publish Chart
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: >-
+          /usr/bin/curl
+          --fail
+          -u 'github:${{ secrets.NEXUS_PASSWORD }}'
+          --upload-file "./$(find  target/helm/ -name '*.tgz')"
+          "${{ env.REPO_HELM_URL }}/"

.github/workflows/publish_release_artifacts.yml

@@ -0,0 +1,57 @@
+# =============
+# This file is automatically generated from the templates in stackabletech/operator-templating
+# DON'T MANUALLY EDIT THIS FILE
+# =============
+---
+name: Publish release artifacts
+
+on:
+  push:
+    tags:
+      - "*"
+
+env:
+  PRODUCT_NAME: secret-operator
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: '0'
+  CARGO_PROFILE_DEV_DEBUG: '0'
+  RUSTFLAGS: "-D warnings"
+  REPO_HELM_URL: https://repo.stackable.tech/repository/helm-stable
+
+jobs:
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.6.2
+
+      - name: Build Docker image
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: make docker-release
+
+      - name: Compile chart
+        run: make compile-chart
+
+      - name: Package Chart
+        run: mkdir -p target/helm && helm package --destination target/helm deploy/helm/secret-operator
+
+      - name: Publish Chart
+        env:
+          NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+        if: env.NEXUS_PASSWORD != null
+        run: >-
+          /usr/bin/curl
+          --fail
+          -u 'github:${{ secrets.NEXUS_PASSWORD }}'
+          --upload-file "./$(find  target/helm/ -name '*.tgz')"
+          "${{ env.REPO_HELM_URL }}/"