From e97b619da80319b2d7bfc5764cf08b0d677a9ca4 Mon Sep 17 00:00:00 2001
From: Oscar Hemelaar <oscar.hemelaar@qonfucius.team>
Date: Wed, 29 Jan 2025 15:48:20 +0100
Subject: [PATCH 1/3] feat: allow configuring env and conf using existing
 secret

useful for when the secret is created out of band using a vault api for
example
---
 charts/umap/templates/deployment.yaml    | 8 ++++++++
 charts/umap/templates/secret-config.yaml | 4 +++-
 charts/umap/templates/secret-env.yaml    | 4 +++-
 charts/umap/values.yaml                  | 7 +++++++
 4 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/charts/umap/templates/deployment.yaml b/charts/umap/templates/deployment.yaml
index 47af4caa..007e9e02 100644
--- a/charts/umap/templates/deployment.yaml
+++ b/charts/umap/templates/deployment.yaml
@@ -66,7 +66,11 @@ spec:
           {{- end }}
           envFrom:
           - secretRef:
+              {{- if .Values.umap.envFromSecret }}
+              name: {{ .Values.umap.envFromSecret }}
+              {{- else }}
               name: {{ include "umap.fullname" . }}-env
+              {{- end }}
           volumeMounts:
             - name: config
               mountPath: /etc/umap/
@@ -80,7 +84,11 @@ spec:
       volumes:
         - name: config
           secret:
+            {{- if .Values.umap.configFromSecret }}
+            secretName: {{ .Values.umap.configFromSecret }}
+            {{- else }}
             secretName: {{ include "umap.fullname" . }}-config
+            {{- end }}
         - name: statics
           emptyDir: {}
       {{- if .Values.persistence.enabled }}
diff --git a/charts/umap/templates/secret-config.yaml b/charts/umap/templates/secret-config.yaml
index fa6f8359..17adc209 100644
--- a/charts/umap/templates/secret-config.yaml
+++ b/charts/umap/templates/secret-config.yaml
@@ -1,3 +1,4 @@
+{{ if not .Values.umap.configFromSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,4 +7,5 @@ metadata:
     {{- include "umap.labels" . | nindent 4 }}
 type: Opaque
 data:
-  umap.conf: {{ .Values.umap.config | b64enc }}
\ No newline at end of file
+  umap.conf: {{ .Values.umap.config | b64enc }}
+{{- end }}
diff --git a/charts/umap/templates/secret-env.yaml b/charts/umap/templates/secret-env.yaml
index 4e718d0f..c21f2b99 100644
--- a/charts/umap/templates/secret-env.yaml
+++ b/charts/umap/templates/secret-env.yaml
@@ -1,3 +1,4 @@
+{{ if not .Values.umap.envFromSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -8,4 +9,5 @@ type: Opaque
 data:
 {{- range $key, $value := .Values.umap.environment }}
   {{ $key }}: "{{ $value | b64enc }}"
-{{- end }}
\ No newline at end of file
+{{- end }}
+{{- end }}
diff --git a/charts/umap/values.yaml b/charts/umap/values.yaml
index de72d63b..4515f63a 100644
--- a/charts/umap/values.yaml
+++ b/charts/umap/values.yaml
@@ -77,11 +77,18 @@ umap:
     SECRET_KEY: CHANGE_ME
     STATIC_ROOT: /srv/umap/static
     MEDIA_ROOT: /srv/umap/uploads
+  # Configure environment variables using an existing secret in the same namespace.
+  # In this case the values above are not used
+  envFromSecret: null
+
   # You can also provide umap.conf content here:
   config: |
     from umap.settings.base import *
 
     # See: https://github.com/umap-project/umap/blob/master/umap/settings/local.py.sample
+  # Configure config file using an existing secret in the same namespace.
+  # In this case the values above are not used
+  configFromSecret: null
 
 persistence:
   enabled: true

From 8f3f67588a26e6c8bbaf7a3a35d9376ed3e43725 Mon Sep 17 00:00:00 2001
From: Oscar Hemelaar <oscar.hemelaar@qonfucius.team>
Date: Wed, 29 Jan 2025 16:22:25 +0100
Subject: [PATCH 2/3] chore: deploy charts to repository under github pages

---
 .github/workflows/release-helm.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/release-helm.yml

diff --git a/.github/workflows/release-helm.yml b/.github/workflows/release-helm.yml
new file mode 100644
index 00000000..3b224c08
--- /dev/null
+++ b/.github/workflows/release-helm.yml
@@ -0,0 +1,26 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Publish Helm charts
+        uses: stefanprodan/helm-gh-pages@v1.7.0
+        with:
+          charts_dir: charts
+          linting: off
+          token: ${{ secrets.GITHUB_TOKEN }}

From 1c3cf9a7c5a74b79fef690e0780f8a61e70cb245 Mon Sep 17 00:00:00 2001
From: David Larlet <3556+davidbgk@users.noreply.github.com>
Date: Mon, 14 Apr 2025 11:31:06 -0400
Subject: [PATCH 3/3] chore: switch helm chart job to master branch

---
 .github/workflows/release-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-helm.yml b/.github/workflows/release-helm.yml
index 3b224c08..11b70655 100644
--- a/.github/workflows/release-helm.yml
+++ b/.github/workflows/release-helm.yml
@@ -3,7 +3,7 @@ name: Release Charts
 on:
   push:
     branches:
-      - main
+      - master
 
 jobs:
   release: