64 Commits

Author SHA1 Message Date
7af3560e3e Bump uuid from 1.23.0 to 1.24.0 in the cargo group
Bumps the cargo group with 1 update: [uuid](https://github.com/uuid-rs/uuid).


Updates `uuid` from 1.23.0 to 1.24.0
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.23.0...v1.24.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 1.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-15 23:53:16 +00:00
238640a1e7 Bump the github-actions group with 5 updates (#223)
Bumps the github-actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.1.0` | `4.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.1.0` | `6.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` |


Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](d7f5e7f509...bb05f3f551)

Updates `docker/setup-qemu-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](06116385d9...96fe6ef7f3)

Updates `docker/login-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](650006c6eb...af1e73f918)

Updates `docker/metadata-action` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](80c7e94dd9...dc80280410)

Updates `docker/build-push-action` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](f9f3042f7e...53b7df96c9)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-06 04:34:53 -04:00
4db1c778dc Bump the github-actions group with 2 updates (#221)
Bumps the github-actions group with 2 updates: [actions/cache](https://github.com/actions/cache) and [azure/setup-helm](https://github.com/azure/setup-helm).


Updates `actions/cache` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](27d5ce7f10...55cc834586)

Updates `azure/setup-helm` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](dda3372f75...9bc31f4ebc)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: azure/setup-helm
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 02:40:31 +00:00
27a10cb37c Update to latest versions of postgres-related crates (#218) 2026-06-24 21:55:55 -04:00
223e0e6ad5 Bump actix-web from 4.13.0 to 4.14.0 in the cargo group (#219)
Bumps the cargo group with 1 update: [actix-web](https://github.com/actix/actix-web).


Updates `actix-web` from 4.13.0 to 4.14.0
- [Release notes](https://github.com/actix/actix-web/releases)
- [Changelog](https://github.com/actix/actix-web/blob/main/CHANGES.md)
- [Commits](https://github.com/actix/actix-web/compare/web-v4.13.0...web-v4.14.0)

---
updated-dependencies:
- dependency-name: actix-web
  dependency-version: 4.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 20:20:47 -04:00
4c4d3ad637 Bump actions/checkout from 6.0.3 to 7.0.0 in the github-actions group (#217)
Bumps the github-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](df4cb1c069...9c091bb21b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 08:19:34 -04:00
83e94d1cd4 Bump the github-actions group with 3 updates (#213)
Bumps the github-actions group with 3 updates: [actions-rs/toolchain](https://github.com/actions-rs/toolchain), [actions-rs/cargo](https://github.com/actions-rs/cargo) and [obi1kenobi/cargo-semver-checks-action](https://github.com/obi1kenobi/cargo-semver-checks-action).


Updates `actions-rs/toolchain` from 1.0.6 to 1.0.7
- [Release notes](https://github.com/actions-rs/toolchain/releases)
- [Changelog](https://github.com/actions-rs/toolchain/blob/master/CHANGELOG.md)
- [Commits](b2417cde72...16499b5e05)

Updates `actions-rs/cargo` from 1.0.1 to 1.0.3
- [Release notes](https://github.com/actions-rs/cargo/releases)
- [Changelog](https://github.com/actions-rs/cargo/blob/master/CHANGELOG.md)
- [Commits](ae10961054...844f36862e)

Updates `obi1kenobi/cargo-semver-checks-action` from 2.8 to 2.9
- [Release notes](https://github.com/obi1kenobi/cargo-semver-checks-action/releases)
- [Commits](5b298c9520...6b69fcf40e)

---
updated-dependencies:
- dependency-name: actions-rs/toolchain
  dependency-version: 1.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions-rs/cargo
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: obi1kenobi/cargo-semver-checks-action
  dependency-version: '2.9'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-14 22:48:38 -04:00
95da645ae5 Update and pin GitHub actions (#211)
Using `pinact run --update`

<https://github.com/suzuki-shunsuke/pinact>

Also: dependabot will continue functioning as usual, and it also knows
how to update the version comments.
2026-06-13 14:44:46 -04:00
3f78f2d4c5 Readding ServiceAccount (#212)
* Readding ServiceAccount

* Bumping version
2026-06-10 03:32:09 +00:00
b5eb61a43d Adding health probes, resource requests and fixing container permissions (#210)
* Adding health probes and fixing container permissions

* Bump version

* Cleanup

* No ServiceAccount anymore

* No ServiceAccount anymore

* Update pull secrets

* Fixing yaml issue

* Fixed resource requests and limits

* Bumping version
2026-06-09 23:41:50 +00:00
240af34978 Updating Helm documentation (#209)
* Updating Helm documentation

* No version number
2026-05-29 22:06:53 +00:00
1a4f1d94b6 Fix pod security (#204)
* Fix pod security

* Extra security context

* Use correct security context
2026-05-29 18:06:47 +00:00
6612d0d02b Fix install directory for helm chart (#207)
* Fixing helm publish path

* Fixing install dir for helm chart
2026-05-29 17:46:22 +00:00
d77966351b Fixing helm publish path (#206) 2026-05-29 17:37:12 +00:00
039bd77ec1 Add more specific settings for HTTPRoute (#203)
* Adding Helm chart

* Update maintainer

* Updating filesystem settings to prevent issues

* CREATE_CLIENTS is now true by default

* Add name override options

* Validation for postges

* Fix plain connection string in pod env

* Simplifying secret management

* Fix port quoting

* Init container to run sql file

* Fix port type

* Fix secret management

* Working now

* Fixing Postgres connection issue

* Upgrade postgres init container

* Auto add UUIDs when starting postgres

* feat: Use standard value names for adding HTTPReoute

* fix: Remove merge issues

* chore: bump version
2026-05-29 17:30:07 +00:00
7d772f4b5e Add GitHub Action to test the helm chart before merging (#205)
* Adding Helm chart

* Update maintainer

* Updating filesystem settings to prevent issues

* CREATE_CLIENTS is now true by default

* Add name override options

* Validation for postges

* Fix plain connection string in pod env

* Simplifying secret management

* Fix port quoting

* Init container to run sql file

* Fix port type

* Fix secret management

* Working now

* Fixing Postgres connection issue

* Upgrade postgres init container

* Auto add UUIDs when starting postgres

* Add Github action to publish new Helm charts on push

* Fixing url

* Removing duplicate files

* Adding documentation for helm chart

* Reorganizing

* Adding helm testing
2026-05-29 17:22:28 +00:00
865203fa93 Merge pull request #202 from GothenburgBitFactory/dependabot/cargo/openssl-0.10.80
Bump openssl from 0.10.79 to 0.10.80
2026-05-29 16:40:29 +00:00
0f422af080 Bump openssl from 0.10.79 to 0.10.80
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.79 to 0.10.80.
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.79...openssl-v0.10.80)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.80
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 17:55:41 +00:00
2aab707178 Merge pull request #201 from GothenburgBitFactory/dependabot/github_actions/github-actions-45018e1108 2026-05-18 22:42:19 -06:00
7556092a84 Bump the github-actions group with 3 updates
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [azure/setup-helm](https://github.com/azure/setup-helm) and [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action).


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

Updates `azure/setup-helm` from 4 to 5
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](https://github.com/azure/setup-helm/compare/v4...v5)

Updates `helm/chart-releaser-action` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/helm/chart-releaser-action/releases)
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: azure/setup-helm
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: helm/chart-releaser-action
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-17 23:52:57 +00:00
79118c0366 Forgot to fix the chart path (#200) 2026-05-12 11:44:49 -04:00
5165897200 Helm-chart GitHub action (#199) 2026-05-12 08:00:16 -04:00
d7d9de3bbe Auto add UUIDs when starting postgres 2026-05-11 21:11:11 -04:00
269efce4f1 Upgrade postgres init container 2026-05-11 21:11:11 -04:00
ef98290f37 Fixing Postgres connection issue 2026-05-11 21:11:11 -04:00
79d54cae5d Working now 2026-05-11 21:11:11 -04:00
2f84198600 Fix secret management 2026-05-11 21:11:11 -04:00
c857163d85 Fix port type 2026-05-11 21:11:11 -04:00
27c3f954c9 Init container to run sql file 2026-05-11 21:11:11 -04:00
a8f7281786 Fix port quoting 2026-05-11 21:11:11 -04:00
84c06475c6 Simplifying secret management 2026-05-11 21:11:11 -04:00
c58bb4800d Fix plain connection string in pod env 2026-05-11 21:11:11 -04:00
eee66c5475 Validation for postges 2026-05-11 21:11:11 -04:00
9bddb2f261 Add name override options 2026-05-11 21:11:11 -04:00
911c0cbc57 CREATE_CLIENTS is now true by default 2026-05-11 21:11:11 -04:00
ed3b5553fa Updating filesystem settings to prevent issues 2026-05-11 21:11:11 -04:00
583d7dbe63 Update maintainer 2026-05-11 21:11:11 -04:00
b98c87798c Adding Helm chart 2026-05-11 21:11:11 -04:00
dd1b87dad5 Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/add-to-project](https://github.com/actions/add-to-project) and [docker/build-push-action](https://github.com/docker/build-push-action).


Updates `actions/add-to-project` from 1.0.2 to 2.0.0
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v1.0.2...v2.0.0)

Updates `docker/build-push-action` from 6 to 7
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-11 20:53:32 -04:00
e1bebc7325 Bump openssl from 0.10.78 to 0.10.79
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.78 to 0.10.79.
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.78...openssl-v0.10.79)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-06 23:31:42 -04:00
5356f2baaa Bump actix-http from 3.12.0 to 3.12.1
Bumps [actix-http](https://github.com/actix/actix-web) from 3.12.0 to 3.12.1.
- [Release notes](https://github.com/actix/actix-web/releases)
- [Changelog](https://github.com/actix/actix-web/blob/main/CHANGES.md)
- [Commits](https://github.com/actix/actix-web/compare/http-v3.12.0...http-v3.12.1)

---
updated-dependencies:
- dependency-name: actix-http
  dependency-version: 3.12.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-25 09:26:40 -04:00
389113ce92 Bump openssl from 0.10.73 to 0.10.78
Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.73 to 0.10.78.
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.73...openssl-v0.10.78)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.78
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-25 09:26:21 -04:00
25d8708630 Add an MSRV comment to Dockerfiles 2026-04-18 08:34:21 -04:00
6746e6ed3b Update Rust version
Signed-off-by: Evangelos Lamprou <vagos@lamprou.xyz>
2026-04-17 07:53:03 -04:00
bac5e50448 Fix docker build invocations (#188)
Signed-off-by: Evangelos Lamprou <vagos@lamprou.xyz>
2026-04-17 07:51:27 -04:00
da96579546 Bump rand from 0.9.1 to 0.9.4 (#186)
Bumps [rand](https://github.com/rust-random/rand) from 0.9.1 to 0.9.4.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.4/CHANGELOG.md)
- [Commits](https://github.com/rust-random/rand/compare/rand_core-0.9.1...0.9.4)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 20:12:08 -04:00
4fe70cf030 Bump tokio from 1.51.0 to 1.52.0 in the cargo group (#187)
Bumps the cargo group with 1 update: [tokio](https://github.com/tokio-rs/tokio).


Updates `tokio` from 1.51.0 to 1.52.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.51.0...tokio-1.52.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 20:11:51 -04:00
24674bb0e0 Bump tempfile from 3.23.0 to 3.27.0 in the cargo group (#185)
Bumps the cargo group with 1 update: [tempfile](https://github.com/Stebalien/tempfile).


Updates `tempfile` from 3.23.0 to 3.27.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.23.0...v3.27.0)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-version: 3.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-06 20:41:39 -04:00
8a2092b176 Bump the cargo group across 1 directory with 2 updates (#184)
Bumps the cargo group with 2 updates in the / directory: [uuid](https://github.com/uuid-rs/uuid) and [tokio](https://github.com/tokio-rs/tokio).


Updates `uuid` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.22.0...v1.23.0)

Updates `tokio` from 1.50.0 to 1.51.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.50.0...tokio-1.51.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
- dependency-name: tokio
  dependency-version: 1.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-04 14:49:23 -04:00
c475c01f51 group dependabot updates (#182) 2026-03-12 22:13:48 -04:00
7f07803b5b Bump clap from 4.5.41 to 4.5.60 (#181)
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.41 to 4.5.60.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.41...clap_complete-v4.5.60)

---
updated-dependencies:
- dependency-name: clap
  dependency-version: 4.5.60
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-12 22:01:21 -04:00
409bdd4d2b Bump docker/setup-qemu-action from 3 to 4 (#176)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 20:16:31 -04:00
3b68d5aa3a Bump docker/login-action from 3 to 4 (#177)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 20:16:22 -04:00
832be300ca Bump docker/metadata-action from 5 to 6 (#179)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 20:16:14 -04:00
6c30505fb3 Bump docker/setup-buildx-action from 3 to 4 (#180)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 20:15:59 -04:00
591f38943f Bump tokio from 1.49.0 to 1.50.0 (#174)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.49.0 to 1.50.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.49.0...tokio-1.50.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-08 14:41:11 -04:00
5320b850c4 Bump uuid from 1.21.0 to 1.22.0 (#175)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.21.0...v1.22.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-07 10:09:06 -05:00
c5e78104a2 Bump actix-web from 4.12.0 to 4.13.0 (#173)
Bumps [actix-web](https://github.com/actix/actix-web) from 4.12.0 to 4.13.0.
- [Release notes](https://github.com/actix/actix-web/releases)
- [Changelog](https://github.com/actix/actix-web/blob/main/CHANGES.md)
- [Commits](https://github.com/actix/actix-web/compare/web-v4.12.0...web-v4.13.0)

---
updated-dependencies:
- dependency-name: actix-web
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-18 20:00:57 -05:00
875e39d474 Bump uuid from 1.20.0 to 1.21.0 (#172)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.20.0 to 1.21.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.20.0...v1.21.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 22:21:57 -05:00
3c6a599613 Bump time from 0.3.41 to 0.3.47 (#170)
Bumps [time](https://github.com/time-rs/time) from 0.3.41 to 0.3.47.
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](https://github.com/time-rs/time/compare/v0.3.41...v0.3.47)

---
updated-dependencies:
- dependency-name: time
  dependency-version: 0.3.47
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-07 09:32:40 -05:00
a6a8b7c68d Update MSRV to support newer versions of time (#171) 2026-02-07 09:13:10 -05:00
5bc24d43e3 Bump uuid from 1.19.0 to 1.20.0 (#169)
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.19.0...v1.20.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-04 20:49:12 -05:00
aa5e97a9fd Bump bytes from 1.10.1 to 1.11.1 (#168)
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.10.1 to 1.11.1.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.10.1...v1.11.1)

---
updated-dependencies:
- dependency-name: bytes
  dependency-version: 1.11.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-04 20:47:39 -05:00
3282386849 Bump tokio from 1.48.0 to 1.49.0 (#165)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.48.0...tokio-1.49.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-05 20:59:30 -05:00
32 changed files with 1712 additions and 251 deletions

View File

@ -5,6 +5,9 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "weekly" interval: "weekly"
groups:
github-actions:
patterns: ["*"]
# Enable updates for Rust packages # Enable updates for Rust packages
- package-ecosystem: "cargo" - package-ecosystem: "cargo"
directory: "/" # Location of package manifests directory: "/" # Location of package manifests
@ -16,3 +19,8 @@ updates:
# behind # behind
- dependency-name: "*" - dependency-name: "*"
update-types: ["version-update:semver-patch"] update-types: ["version-update:semver-patch"]
groups:
cargo:
patterns: ["*"]
# leave major changes in their own PRs
update-types: ["minor", "patch"]

View File

@ -12,7 +12,7 @@ jobs:
name: Add issue to project name: Add issue to project
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/add-to-project@v1.0.2 - uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0
with: with:
project-url: https://github.com/orgs/GothenburgBitFactory/projects/4 project-url: https://github.com/orgs/GothenburgBitFactory/projects/4
github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}

View File

@ -13,31 +13,31 @@ jobs:
name: "Check & Clippy" name: "Check & Clippy"
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Cache cargo registry - name: Cache cargo registry
uses: actions/cache@v5 uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with: with:
path: ~/.cargo/registry path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build - name: Cache cargo build
uses: actions/cache@v5 uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with: with:
path: target path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
- uses: actions-rs/toolchain@v1 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with: with:
toolchain: "stable" toolchain: "stable"
override: true override: true
components: clippy components: clippy
- uses: actions-rs/cargo@v1.0.3 - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: check command: check
- uses: actions-rs/clippy-check@v1 - uses: actions-rs/clippy-check@b5b5f21f4797c02da247df37026fcd0a5024aa4d # v1.0.7
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features --no-deps -- -D warnings args: --all-features --no-deps -- -D warnings
@ -48,46 +48,46 @@ jobs:
name: "Rustdoc" name: "Rustdoc"
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Cache cargo registry - name: Cache cargo registry
uses: actions/cache@v5 uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with: with:
path: ~/.cargo/registry path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- uses: actions-rs/toolchain@v1 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with: with:
toolchain: nightly toolchain: nightly
override: true override: true
minimal: true minimal: true
- name: taskchampion-sync-server - name: taskchampion-sync-server
uses: actions-rs/cargo@v1.0.3 uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: rustdoc command: rustdoc
args: -p taskchampion-sync-server --bin taskchampion-sync-server --all-features -- -Z unstable-options --check -Dwarnings args: -p taskchampion-sync-server --bin taskchampion-sync-server --all-features -- -Z unstable-options --check -Dwarnings
- name: taskchampion-sync-server-postgres - name: taskchampion-sync-server-postgres
uses: actions-rs/cargo@v1.0.3 uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: rustdoc command: rustdoc
args: -p taskchampion-sync-server --bin taskchampion-sync-server-postgres --all-features -- -Z unstable-options --check -Dwarnings args: -p taskchampion-sync-server --bin taskchampion-sync-server-postgres --all-features -- -Z unstable-options --check -Dwarnings
- name: taskchampion-sync-server-core - name: taskchampion-sync-server-core
uses: actions-rs/cargo@v1.0.3 uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: rustdoc command: rustdoc
args: -p taskchampion-sync-server-core --all-features -- -Z unstable-options --check -Dwarnings args: -p taskchampion-sync-server-core --all-features -- -Z unstable-options --check -Dwarnings
- name: taskchampion-sync-server-storage-sqlite - name: taskchampion-sync-server-storage-sqlite
uses: actions-rs/cargo@v1.0.3 uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: rustdoc command: rustdoc
args: -p taskchampion-sync-server-storage-sqlite --all-features -- -Z unstable-options --check -Dwarnings args: -p taskchampion-sync-server-storage-sqlite --all-features -- -Z unstable-options --check -Dwarnings
- name: taskchampion-sync-server-storage-postgres - name: taskchampion-sync-server-storage-postgres
uses: actions-rs/cargo@v1.0.3 uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: rustdoc command: rustdoc
args: -p taskchampion-sync-server-storage-postgres --all-features -- -Z unstable-options --check -Dwarnings args: -p taskchampion-sync-server-storage-postgres --all-features -- -Z unstable-options --check -Dwarnings
@ -96,16 +96,16 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: "Formatting" name: "Formatting"
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: actions-rs/toolchain@v1 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with: with:
profile: minimal profile: minimal
components: rustfmt components: rustfmt
toolchain: stable toolchain: stable
override: true override: true
- uses: actions-rs/cargo@v1.0.3 - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with: with:
command: fmt command: fmt
args: --all -- --check args: --all -- --check
@ -114,8 +114,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: "Cargo Semver Checks" name: "Cargo Semver Checks"
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: obi1kenobi/cargo-semver-checks-action@v2 - uses: obi1kenobi/cargo-semver-checks-action@6b69fcf40e9b5fb17adeb57e4b6ecd020649a239 # v2.9
with: with:
# exclude the binary package from semver checks, since it is not published as a crate. # exclude the binary package from semver checks, since it is not published as a crate.
exclude: taskchampion-sync-server exclude: taskchampion-sync-server
@ -125,10 +125,10 @@ jobs:
name: "mdBook Documentation" name: "mdBook Documentation"
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Setup mdBook - name: Setup mdBook
uses: peaceiris/actions-mdbook@v2 uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
with: with:
# if this changes, change it in .github/workflows/publish-docs.yml as well # if this changes, change it in .github/workflows/publish-docs.yml as well
mdbook-version: '0.4.48' mdbook-version: '0.4.48'

View File

@ -10,18 +10,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4.2.0
- name: Login to ghcr.io - name: Login to ghcr.io
uses: docker/login-action@v3 uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta - name: Docker meta
id: meta-sqlite id: meta-sqlite
uses: docker/metadata-action@v5 uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0
with: with:
images: | images: |
ghcr.io/gothenburgbitfactory/taskchampion-sync-server ghcr.io/gothenburgbitfactory/taskchampion-sync-server
@ -31,7 +31,7 @@ jobs:
type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}}.{{minor}}
type=match,pattern=\d.\d.\d,value=latest type=match,pattern=\d.\d.\d,value=latest
- name: Build and push - name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
with: with:
file: "./Dockerfile-sqlite" file: "./Dockerfile-sqlite"
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
@ -42,16 +42,16 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
- name: Login to ghcr.io - name: Login to ghcr.io
uses: docker/login-action@v3 uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta - name: Docker meta
id: meta-postgres id: meta-postgres
uses: docker/metadata-action@v5 uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0
with: with:
images: | images: |
ghcr.io/gothenburgbitfactory/taskchampion-sync-server-postgres ghcr.io/gothenburgbitfactory/taskchampion-sync-server-postgres
@ -61,7 +61,7 @@ jobs:
type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}}.{{minor}}
type=match,pattern=\d.\d.\d,value=latest type=match,pattern=\d.\d.\d,value=latest
- name: Build and push - name: Build and push
uses: docker/build-push-action@v6 uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
with: with:
file: "./Dockerfile-postgres" file: "./Dockerfile-postgres"
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64

169
.github/workflows/helm-test.yml vendored Normal file
View File

@ -0,0 +1,169 @@
name: Helm Chart Tests
on:
push:
branches: [main]
paths:
- 'helm/**'
pull_request:
paths:
- 'helm/**'
jobs:
helm-test:
runs-on: ubuntu-latest
name: "Helm Lint & Template"
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install Helm
uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1
with:
version: latest
- name: Helm lint (default values — expects failure, no backend enabled)
run: |
helm lint helm/taskchampion-sync-server \
--strict 2>&1 || true
- name: Template default values — must fail validation
run: |
if helm template test-release helm/taskchampion-sync-server 2>/dev/null; then
echo "❌ Expected chart to fail validation (no backend enabled) but it succeeded"
exit 1
fi
echo "✓ Correctly rejects chart with no backend enabled"
- name: Template with SQLite values
run: |
helm template test-release helm/taskchampion-sync-server \
-f helm/taskchampion-sync-server/examples/sqlite-values.yaml \
--debug > /tmp/helm-sqlite.yaml
echo "=== Generated resources (SQLite) ==="
grep -E '^# Source:' /tmp/helm-sqlite.yaml
# Verify key resources exist
grep -q 'kind: Deployment' /tmp/helm-sqlite.yaml
grep -q 'kind: Service' /tmp/helm-sqlite.yaml
grep -q 'kind: Ingress' /tmp/helm-sqlite.yaml
# Verify SQLite-specific rendering
grep -q 'emptyDir' /tmp/helm-sqlite.yaml
grep -q 'DATA_DIR' /tmp/helm-sqlite.yaml
# Verify PostgreSQL-specific rendering is absent
if grep -q 'initContainers' /tmp/helm-sqlite.yaml; then
echo "❌ initContainers should not appear in SQLite mode"
exit 1
fi
if grep -q 'CONNECTION' /tmp/helm-sqlite.yaml; then
echo "❌ CONNECTION env var should not appear in SQLite mode"
exit 1
fi
# Verify correct image tag (no -postgres suffix)
grep -q 'image:.*taskchampion-sync-server:0.7.0' /tmp/helm-sqlite.yaml
echo "✓ SQLite template generated successfully"
- name: Template with PostgreSQL values
run: |
helm template test-release helm/taskchampion-sync-server \
-f helm/taskchampion-sync-server/examples/postgres-values.yaml \
--debug > /tmp/helm-postgres.yaml
echo "=== Generated resources (PostgreSQL) ==="
grep -E '^# Source:' /tmp/helm-postgres.yaml
# Verify key resources exist
grep -q 'kind: Deployment' /tmp/helm-postgres.yaml
grep -q 'kind: Service' /tmp/helm-postgres.yaml
grep -q 'kind: Secret' /tmp/helm-postgres.yaml
# Verify PostgreSQL-specific rendering
grep -q 'kind: HTTPRoute' /tmp/helm-postgres.yaml
grep -q 'initContainers' /tmp/helm-postgres.yaml
grep -q 'CONNECTION' /tmp/helm-postgres.yaml
grep -q 'replicas: 3' /tmp/helm-postgres.yaml
# Verify correct image tag (with -postgres suffix)
grep -q 'image:.*taskchampion-sync-server-postgres:0.7.0' /tmp/helm-postgres.yaml
# Verify SQLite-specific rendering is absent
if grep -q 'DATA_DIR' /tmp/helm-postgres.yaml; then
echo "❌ DATA_DIR env var should not appear in PostgreSQL mode"
exit 1
fi
echo "✓ PostgreSQL template generated successfully"
- name: Template with both backends enabled — must fail validation
run: |
if helm template test-release helm/taskchampion-sync-server \
--set sqlite.enabled=true \
--set postgres.enabled=true 2>/dev/null; then
echo "❌ Expected chart to fail validation (both backends enabled) but it succeeded"
exit 1
fi
echo "✓ Correctly rejects chart with both backends enabled"
- name: Template with custom overrides
run: |
helm template test-release helm/taskchampion-sync-server \
--set sqlite.enabled=true \
--set postgres.enabled=false \
--set nameOverride=custom-name \
--set image.tag=latest \
--debug > /tmp/helm-custom.yaml
# Verify custom name override
grep -q 'custom-name' /tmp/helm-custom.yaml
grep -q 'custom-name-pvc' /tmp/helm-custom.yaml
# Verify custom image tag
grep -q 'image:.*taskchampion-sync-server:latest' /tmp/helm-custom.yaml
echo "✓ Custom overrides template generated successfully"
- name: Helm install dry-run (SQLite)
run: |
helm install test-release helm/taskchampion-sync-server \
-f helm/taskchampion-sync-server/examples/sqlite-values.yaml \
--dry-run 2>&1 | head -5
echo "✓ Helm install dry-run (SQLite) succeeded"
helm-kubeconform:
runs-on: ubuntu-latest
name: "Kubeconform Validation"
needs: helm-test
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install Helm
uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1
with:
version: latest
- name: Download kubeconform
run: |
wget -q -O /tmp/kubeconform.tar.gz \
https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz
tar -xzf /tmp/kubeconform.tar.gz -C /usr/local/bin/ kubeconform
kubeconform -v
- name: Validate SQLite output against Kubernetes schemas
run: |
helm template test-release helm/taskchampion-sync-server \
-f helm/taskchampion-sync-server/examples/sqlite-values.yaml > /tmp/helm-sqlite.yaml
kubeconform -strict /tmp/helm-sqlite.yaml
echo "✓ SQLite resources are valid Kubernetes manifests"
- name: Validate PostgreSQL output against Kubernetes schemas
run: |
helm template test-release helm/taskchampion-sync-server \
-f helm/taskchampion-sync-server/examples/postgres-values.yaml > /tmp/helm-postgres.yaml
# Skip kubeconform on HTTPRoute since Gateway API CRDs aren't bundled
kubeconform -strict -ignore-missing-schemas /tmp/helm-postgres.yaml
echo "✓ PostgreSQL resources are valid Kubernetes manifests"

View File

@ -13,10 +13,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Setup mdBook - name: Setup mdBook
uses: peaceiris/actions-mdbook@v2 uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
with: with:
# if this changes, change it in .github/workflows/checks.yml as well # if this changes, change it in .github/workflows/checks.yml as well
mdbook-version: '0.4.48' mdbook-version: '0.4.48'
@ -24,7 +24,8 @@ jobs:
- run: mdbook build docs - run: mdbook build docs
- name: Deploy - name: Deploy
uses: peaceiris/actions-gh-pages@v4 uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4.1.0
with: with:
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs/book publish_dir: ./docs/book
keep_files: true

36
.github/workflows/publish-helm.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: Publish Helm Charts
on:
push:
branches:
- main
paths:
- 'helm/**'
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm
uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1
- name: Run chart-releaser
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
with:
charts_dir: helm
install_dir: helm-chart

View File

@ -15,7 +15,7 @@ jobs:
- "17" - "17"
rust: rust:
# MSRV # MSRV
- "1.85.0" - "1.88.0"
- "stable" - "stable"
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -39,21 +39,21 @@ jobs:
--health-retries 5 --health-retries 5
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Cache cargo registry - name: Cache cargo registry
uses: actions/cache@v5 uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with: with:
path: ~/.cargo/registry path: ~/.cargo/registry
key: ${{ runner.os }}-${{ matrix.rust }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-${{ matrix.rust }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build - name: Cache cargo build
uses: actions/cache@v5 uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with: with:
path: target path: target
key: ${{ runner.os }}-${{ matrix.rust }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-${{ matrix.rust }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
- uses: actions-rs/toolchain@v1 - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with: with:
toolchain: "${{ matrix.rust }}" toolchain: "${{ matrix.rust }}"
override: true override: true

View File

@ -14,7 +14,7 @@ jobs:
permissions: write-all permissions: write-all
name: "Audit Rust Dependencies" name: "Audit Rust Dependencies"
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: rustsec/audit-check@v2.0.0 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}

619
Cargo.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -6,18 +6,18 @@ members = [
"sqlite", "sqlite",
"postgres", "postgres",
] ]
rust-version = "1.85.0" # MSRV rust-version = "1.88.0" # MSRV
[workspace.dependencies] [workspace.dependencies]
async-trait = "0.1.88" async-trait = "0.1.88"
uuid = { version = "^1.19.0", features = ["serde", "v4"] } uuid = { version = "^1.23.0", features = ["serde", "v4"] }
actix-web = "^4.11.0" actix-web = "^4.13.0"
anyhow = "1.0" anyhow = "1.0"
thiserror = "2.0" thiserror = "2.0"
futures = "^0.3.25" futures = "^0.3.25"
serde_json = "^1.0" serde_json = "^1.0"
serde = { version = "^1.0.147", features = ["derive"] } serde = { version = "^1.0.147", features = ["derive"] }
clap = { version = "^4.5.6", features = ["string", "env"] } clap = { version = "^4.5.60", features = ["string", "env"] }
log = "^0.4.17" log = "^0.4.17"
env_logger = "^0.11.7" env_logger = "^0.11.7"
rusqlite = { version = "0.37", features = ["bundled"] } rusqlite = { version = "0.37", features = ["bundled"] }
@ -26,10 +26,10 @@ actix-rt = "2"
tempfile = "3" tempfile = "3"
pretty_assertions = "1" pretty_assertions = "1"
temp-env = "0.3" temp-env = "0.3"
tokio = { version = "1.48", features = ["rt", "macros"] } tokio = { version = "1.52", features = ["rt", "macros"] }
tokio-postgres = { version = "0.7.13", features = ["with-uuid-1"] } tokio-postgres = { version = "0.7.13", features = ["with-uuid-1"] }
bb8 = "0.9.0" bb8 = "0.9.0"
bb8-postgres = { version = "0.9.0", features = ["with-uuid-1"] } bb8-postgres = { version = "0.9.0", features = ["with-uuid-1"] }
openssl = { version = "0.10.73", default-features = false, features = ["vendored"] } openssl = { version = "0.10.80", default-features = false, features = ["vendored"] }
native-tls = { version = "0.2.14", default-features = false, features = ["vendored"] } native-tls = { version = "0.2.14", default-features = false, features = ["vendored"] }
postgres-native-tls = "0.5.1" postgres-native-tls = "0.5.1"

View File

@ -1,6 +1,7 @@
# Versions must be major.minor # Versions must be major.minor
# Default versions are as below # Default versions are as below
ARG RUST_VERSION=1.85 # RUST_VERSION should match the MSRV in Cargo.toml.
ARG RUST_VERSION=1.88
ARG ALPINE_VERSION=3.20 ARG ALPINE_VERSION=3.20
FROM docker.io/rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS builder FROM docker.io/rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS builder

View File

@ -1,6 +1,7 @@
# Versions must be major.minor # Versions must be major.minor
# Default versions are as below # Default versions are as below
ARG RUST_VERSION=1.85 # RUST_VERSION should match the MSRV in Cargo.toml.
ARG RUST_VERSION=1.88
ARG ALPINE_VERSION=3.20 ARG ALPINE_VERSION=3.20
FROM docker.io/rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS builder FROM docker.io/rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS builder

View File

@ -76,7 +76,7 @@ SQLite:
```sh ```sh
docker build \ docker build \
-t taskchampion-sync-server \ -t taskchampion-sync-server \
-f Dockerfile-sqlite -f Dockerfile-sqlite .
``` ```
Postgres: Postgres:
@ -84,7 +84,7 @@ Postgres:
source .env source .env
docker build \ docker build \
-t taskchampion-sync-server-postgres \ -t taskchampion-sync-server-postgres \
-f Dockerfile-postgres -f Dockerfile-postgres .
``` ```
Now to run it, simply exec. Now to run it, simply exec.

View File

@ -2,9 +2,10 @@
- [Introduction](./introduction.md) - [Introduction](./introduction.md)
- [Usage](./usage.md) - [Usage](./usage.md)
- [Docker Compose](./usage/docker-compose.md)
- [Docker Images](./usage/docker-images.md)
- [Binaries](./usage/binaries.md) - [Binaries](./usage/binaries.md)
- [Docker Images](./usage/docker-images.md)
- [Docker Compose](./usage/docker-compose.md)
- [Helm](./usage/helm.md)
- [Integration](./integration.md) - [Integration](./integration.md)
- [Pre-built Images](./integration/pre-built.md) - [Pre-built Images](./integration/pre-built.md)
- [Rust Crates](./integration/crates.md) - [Rust Crates](./integration/crates.md)

131
docs/src/usage/helm.md Normal file
View File

@ -0,0 +1,131 @@
# Helm
A Helm chart is available for deploying taskchampion-sync-server on Kubernetes.
## Adding the Repository
```sh
helm repo add taskchampion https://gothenburgbitfactory.org/taskchampion-sync-server
helm repo update
```
## Installing
```sh
# SQLite backend
helm install taskchampion-sync-server taskchampion/taskchampion-sync-server \
--set sqlite.enabled=true
# PostgreSQL backend
helm install taskchampion-sync-server taskchampion/taskchampion-sync-server \
--set postgres.enabled=true \
--set postgres.host=my-postgres \
--set postgres.db=taskchampion \
--set postgres.username=myuser \
--set postgres.password=mypassword
```
## Storage Backends
Exactly one storage backend must be enabled. The chart fails validation if
neither or both are enabled.
### SQLite
Mounts a volume at `sqlite.dataDir` (default `/var/lib/taskchampion-sync-server/data`).
The volume defaults to `emptyDir` but can be backed by a PVC or
existing PersistentVolumeClaim:
| Value | Description |
|-------|-------------|
| `sqlite.persistence.enabled` | Create a PVC (default: `false`) |
| `sqlite.existingPV` | Use an existing PVC by name |
| `sqlite.emptyDir` | emptyDir volume settings (default fallback) |
### PostgreSQL
Creates a Deployment with optional replicas, an auto-generated or existing
secret for the connection string, and an init container that waits for
PostgreSQL, applies the schema, and optionally seeds client IDs.
**Secret handling** — When `postgres.existingSecret` is empty (default), the
chart creates a secret named `{release-name}-connection` with a `conn` key.
When set, the chart reads the named secret. It accepts either a `conn` key
with a full [LibPQ-style URI](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING-URIS)
or individual fields (`host`, `port`, `username`, `password`, `database`) that
override the corresponding `postgres.*` values.
**Init container** — Enabled by default. Waits for PG readiness, downloads
the schema from `https://raw.githubusercontent.com/GothenburgBitFactory/taskchampion-sync-server/v0.7.0/postgres/schema.sql`,
applies it, and seeds client IDs if `clientIdSecret` is set. Override the
schema URL with `postgres.initContainer.schemaUrl`.
**Replicas** — Replicas only apply with PostgreSQL:
`replicas.enabled=true`, `replicas.count=N`. SQLite is always single-replica.
## Secrets
### Client ID Secret
Optional. Restrict which client IDs the server accepts. Create a Secret with
comma-separated UUIDs (base64-encoded) under a `client-ids` key:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-client-ids
type: Opaque
data:
client-ids: <base64-encoded comma-separated UUIDs>
```
Reference it via `clientIdSecret: "my-client-ids"`. The value is available to
the server as `CLIENT_ID` and to the init container as `CLIENT_IDS`.
## Networking
The chart does not implement TLS. Terminate TLS at the ingress or gateway and
proxy HTTP to port 8080.
### Ingress (NGINX)
```yaml
ingress:
enabled: true
hosts:
- taskchampion.example.com
```
### HTTPRoute (Kubernetes Gateway API)
Use `parentRefs`, `hostnames`, and `rules`:
```yaml
httpRoute:
enabled: true
parentRefs:
- name: my-gateway
hostnames:
- tasks.example.com
rules:
- path:
type: PathPrefix
value: /
backendPort: 8080
```
The deprecated fields `httpRoute.gateway`, `httpRoute.host`,
`httpRoute.path`, and `httpRoute.port` are used as a fallback when the
structured arrays are empty.
### ServiceAccount and RBAC
When `serviceAccount.create` is `true` (default), the chart creates a
ServiceAccount, a Role with `get`/`create`/`update`/`patch` on secrets, and
a RoleBinding. Set `serviceAccount.name` to use an existing SA.
## Reference
See the chart's [values.yaml](https://github.com/GothenburgBitFactory/taskchampion-sync-server/blob/main/helm/taskchampion-sync-server/values.yaml)
for all configurable options.

View File

@ -0,0 +1,5 @@
# Patterns to ignore when building the Helm chart
.git
examples/
.DS_Store
*.tgz

View File

@ -0,0 +1,17 @@
apiVersion: v2
name: taskchampion-sync-server
description: A Helm chart for deploying TaskChampion Sync Server on Kubernetes
type: application
version: 0.2.1
appVersion: "0.7.0"
keywords:
- taskchampion
- taskwarrior
- sync
- task-management
home: https://github.com/GothenburgBitFactory/taskchampion-sync-server
sources:
- https://github.com/GothenburgBitFactory/taskchampion-sync-server
maintainers:
- name: Jansen Fuller
email: jansendfuller@mailfence.com

View File

@ -0,0 +1,138 @@
# TaskChampion Sync Server Helm Chart
Deploy the [TaskChampion Sync Server](https://github.com/GothenburgBitFactory/taskchampion-sync-server) on Kubernetes.
## Prerequisites
- Kubernetes 1.23+
- Helm 3+
## Installing
```console
helm repo add taskchampion https://gothenburgbitfactory.org/taskchampion-sync-server
helm repo update
helm install my-release taskchampion/taskchampion-sync-server --set sqlite.enabled=true
```
## Storage Backends
Exactly one storage backend must be enabled. The chart fails validation if neither or both are enabled.
### SQLite
| Parameter | Default | Description |
|-----------|---------|-------------|
| `sqlite.enabled` | `false` | Enable SQLite backend |
| `sqlite.dataDir` | `/var/lib/taskchampion-sync-server/data` | Data directory path |
| `sqlite.existingPV` | `""` | Use an existing PVC name |
| `sqlite.persistence.enabled` | `false` | Create a PVC |
| `sqlite.persistence.size` | `1Gi` | PVC size |
| `sqlite.persistence.accessMode` | `ReadWriteOnce` | PVC access mode |
| `sqlite.emptyDir` | — | emptyDir volume settings |
### PostgreSQL
| Parameter | Default | Description |
|-----------|---------|-------------|
| `postgres.enabled` | `false` | Enable PostgreSQL backend |
| `postgres.host` | `""` | PostgreSQL host |
| `postgres.port` | `5432` | PostgreSQL port |
| `postgres.db` | `taskchampion` | Database name |
| `postgres.username` | `""` | Database user |
| `postgres.password` | `""` | Database password |
| `postgres.sslMode` | `disable` | SSL mode |
| `postgres.existingSecret` | `""` | Use existing secret by name |
**Secret** — When `existingSecret` is empty (default), a secret named `{release-name}-connection` is created with a `conn` key. When set, the chart reads that secret. It accepts either a `conn` key with a full URI or individual keys (`host`, `port`, `username`, `password`, `database`) that override `postgres.*` values.
**Init container** — Enabled by default. Waits for PG readiness, downloads and applies the schema (from the chart's `appVersion` URL), and seeds client IDs if `clientIdSecret` is set. Override with `postgres.initContainer.schemaUrl`.
**Replicas** — Only apply with PostgreSQL (`replicas.enabled=true`, `replicas.count=N`). SQLite is single-replica.
## Secrets
### Client ID Secret
Restrict which client IDs the server accepts. Create a Secret with comma-separated UUIDs (base64-encoded) under a `client-ids` key:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-client-ids
type: Opaque
data:
client-ids: <base64-encoded comma-separated UUIDs>
```
Reference via `clientIdSecret: "my-client-ids"`.
## Networking
The chart does not implement TLS. Terminate TLS at the ingress or gateway.
### Service
| Parameter | Default | Description |
|-----------|---------|-------------|
| `service.type` | `ClusterIP` | Service type |
| `service.port` | `8080` | Service port |
| `service.targetPort` | `8080` | Container port |
### Ingress (NGINX)
| Parameter | Default | Description |
|-----------|---------|-------------|
| `ingress.enabled` | `false` | Enable NGINX ingress |
| `ingress.className` | `""` | Ingress class name |
| `ingress.annotations` | `{}` | Ingress annotations |
| `ingress.hosts` | `[]` | Host list |
| `ingress.tls` | `[]` | TLS configuration |
### HTTPRoute (Kubernetes Gateway API)
| Parameter | Default | Description |
|-----------|---------|-------------|
| `httpRoute.enabled` | `false` | Enable HTTPRoute |
| `httpRoute.parentRefs` | `[]` | Parent gateway references (primary) |
| `httpRoute.hostnames` | `[]` | Hostnames |
| `httpRoute.rules` | `[]` | Routing rules |
| `httpRoute.gateway` | `""` | (Deprecated) Single gateway name |
| `httpRoute.host` | `""` | (Deprecated) Single hostname |
| `httpRoute.path` | `"/"` | (Deprecated) Single path |
| `httpRoute.port` | `8080` | (Deprecated) Single port |
**Recommended** — use `parentRefs`, `hostnames`, `rules`. The deprecated
single-value fields (`gateway`, `host`, `path`, `port`) are used as a fallback
when the arrays are empty.
## ServiceAccount and RBAC
| Parameter | Default | Description |
|-----------|---------|-------------|
| `serviceAccount.create` | `true` | Create SA, Role, and RoleBinding |
| `serviceAccount.name` | `""` | Use existing SA name |
When created, the chart provisions a ServiceAccount, a Role with
`get`/`create`/`update`/`patch` on secrets, and a RoleBinding.
## Image Configuration
| Parameter | Default | Description |
|-----------|---------|-------------|
| `image.repo` | `ghcr.io/gothenburgbitfactory/taskchampion-sync-server` | Image repository |
| `image.tag` | `"0.7.0"` | Image tag |
| `image.pullPolicy` | `IfNotPresent` | Pull policy |
| `image.pullSecrets` | `[]` | Pull secrets |
PostgreSQL appends `-postgres` to the image repo automatically.
## Environment Variables
Custom env vars are passed via `env`. `DATA_DIR` (SQLite) and `conn`
(PostgreSQL) are set automatically and must not be set manually.
## Full Configuration
See [values.yaml](values.yaml).

View File

@ -0,0 +1,33 @@
sqlite:
enabled: false
postgres:
enabled: true
database: taskchampion
host: postgres-primary
username: taskchampion-user
clientIdSecret: "taskchampion-client-ids"
env:
- name: RUST_LOG
value: debug
- name: LISTEN
value: "0.0.0.0:8080"
- name: CREATE_CLIENTS
value: "false"
replicas:
enabled: true
count: 3
image:
pullSecrets:
- name: my-registry-secret
httpRoute:
enabled: true
gateway: "my-gateway"
host: "taskchampion.example.com"
path: "/"
port: 8080

View File

@ -0,0 +1,25 @@
sqlite:
enabled: true
existingPV: ""
emptyDir:
sizeLimit: 1Gi
persistence:
enabled: false
postgres:
enabled: false
clientIdSecret: "taskchampion-client-ids"
env:
- name: RUST_LOG
value: info
- name: LISTEN
value: "0.0.0.0:8080"
- name: CREATE_CLIENTS
value: "false"
ingress:
enabled: true
hosts:
- taskchampion.example.com

View File

@ -0,0 +1,46 @@
Thank you for installing {{ .Chart.Name }} — version {{ .Chart.Version }} (app: {{ .Chart.AppVersion }}).
## Storage Backend
{{- if eq .Values.sqlite.enabled true }}
**SQLite** — Data is stored at `{{ .Values.sqlite.dataDir }}`.
{{- if .Values.sqlite.persistence.enabled }}
PersistentVolumeClaim: `{{ include "taskchampion-sync-server.fullname" . }}-pvc`
{{- else if .Values.sqlite.existingPV }}
Using existing PVC: `{{ .Values.sqlite.existingPV }}`
{{- else }}
Using an emptyDir volume (ephemeral — data is lost on pod restart).
Set `sqlite.persistence.enabled=true` for persistent storage.
{{- end }}
{{- end }}
{{- if eq .Values.postgres.enabled true }}
**PostgreSQL** — Connection URI stored in Secret `{{ include "taskchampion-sync-server.postgres-secret-name" . }}`.
Host: {{ .Values.postgres.host }}:{{ .Values.postgres.port }}
Database: {{ .Values.postgres.database }}
{{- end }}
## Verify the Deployment
kubectl get pods -l {{ include "taskchampion-sync-server.selectorLabels" . | replace ": " "=" | replace "\n" "," | trimSuffix "," }}
## Check Pod Logs
kubectl logs -l {{ include "taskchampion-sync-server.selectorLabels" . | replace ": " "=" | replace "\n" "," | trimSuffix "," }}
## Test the API
kubectl port-forward svc/{{ include "taskchampion-sync-server.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }}
curl http://localhost:{{ .Values.service.port }}/
## View Connection Secret (PostgreSQL only)
{{- if eq .Values.postgres.enabled true }}
kubectl get secret {{ include "taskchampion-sync-server.postgres-secret-name" . }} -o jsonpath="{.data.connection}" | base64 -d
{{- end }}
## Configuration
For full configuration options, see:
https://github.com/GothenburgBitFactory/taskchampion-sync-server

View File

@ -0,0 +1,100 @@
{{- /*
taskchampion-sync-server helpers
*/ -}}
{{- define "taskchampion-sync-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "taskchampion-sync-server.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "taskchampion-sync-server.labels" -}}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
app.kubernetes.io/name: {{ include "taskchampion-sync-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: server
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- define "taskchampion-sync-server.selectorLabels" -}}
app.kubernetes.io/name: {{ include "taskchampion-sync-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "taskchampion-sync-server.postgres-connection" -}}
{{- $host := .Values.postgres.host -}}
{{- $port := .Values.postgres.port | toString -}}
{{- $username := .Values.postgres.username -}}
{{- $password := .Values.postgres.password -}}
{{- $database := .Values.postgres.database -}}
{{- /* Override individual fields from existingSecret where present */ -}}
{{- if .Values.postgres.existingSecret -}}
{{- $secret := lookup "v1" "Secret" .Release.Namespace .Values.postgres.existingSecret -}}
{{- if $secret -}}
{{- if index $secret.data "host" -}}
{{- $host = index $secret.data "host" | b64dec -}}
{{- end -}}
{{- if index $secret.data "port" -}}
{{- $port = index $secret.data "port" | b64dec -}}
{{- end -}}
{{- if index $secret.data "username" -}}
{{- $username = index $secret.data "username" | b64dec -}}
{{- end -}}
{{- if index $secret.data "password" -}}
{{- $password = index $secret.data "password" | b64dec -}}
{{- end -}}
{{- if index $secret.data "database" -}}
{{- $database = index $secret.data "database" | b64dec -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Build URI */ -}}
{{- $uri := "postgresql://" -}}
{{- if ne $username "" -}}
{{- $uri = printf "%s%s" $uri $username -}}
{{- if ne $password "" -}}
{{- $uri = printf "%s:%s" $uri $password -}}
{{- end -}}
{{- $uri = printf "%s@" $uri -}}
{{- end -}}
{{- $uri = printf "%s%s" $uri $host -}}
{{- if ne $port "5432" -}}
{{- $uri = printf "%s:%s" $uri $port -}}
{{- end -}}
{{- $uri = printf "%s/%s" $uri $database -}}
{{- if .Values.postgres.sslMode -}}
{{- $uri = printf "%s?sslmode=%s" $uri .Values.postgres.sslMode -}}
{{- end -}}
{{- $uri -}}
{{- end -}}
{{- define "taskchampion-sync-server.schema-url" -}}
{{- if .Values.postgres.initContainer.schemaUrl -}}
{{- .Values.postgres.initContainer.schemaUrl -}}
{{- else -}}
{{- printf "https://raw.githubusercontent.com/GothenburgBitFactory/taskchampion-sync-server/v%s/postgres/schema.sql" .Chart.AppVersion -}}
{{- end -}}
{{- end -}}
{{- define "taskchampion-sync-server.postgres-secret-name" -}}
{{- printf "%s-connection" .Release.Name -}}
{{- end -}}
{{- define "taskchampion-sync-server.serviceAccountName" -}}
{{- default (include "taskchampion-sync-server.fullname" .) .Values.serviceAccount.name -}}
{{- end -}}

View File

@ -0,0 +1,176 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "taskchampion-sync-server.fullname" . }}
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
spec:
{{- if and (eq .Values.postgres.enabled true) .Values.replicas.enabled }}
replicas: {{ .Values.replicas.count }}
{{- else }}
replicas: 1
{{- end }}
selector:
matchLabels:
{{- include "taskchampion-sync-server.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taskchampion-sync-server.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.image.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ include "taskchampion-sync-server.serviceAccountName" . }}
{{- end }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
{{- if and .Values.postgres.enabled .Values.postgres.initContainer.enabled }}
initContainers:
- name: postgres-init
image: "{{ .Values.postgres.initContainer.image }}"
imagePullPolicy: {{ .Values.postgres.initContainer.imagePullPolicy }}
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 999
env:
- name: PGURI
valueFrom:
secretKeyRef:
name: {{ include "taskchampion-sync-server.postgres-secret-name" . }}
key: connection
- name: SCHEMA_URL
value: {{ include "taskchampion-sync-server.schema-url" . | quote }}
{{- if .Values.clientIdSecret }}
- name: CLIENT_IDS
valueFrom:
secretKeyRef:
name: {{ .Values.clientIdSecret }}
key: client-ids
{{- end }}
command:
- sh
- -c
- |
set -e
until pg_isready -d "$PGURI"; do
echo 'Waiting for PostgreSQL...'
sleep 2
done
echo "Downloading schema from ${SCHEMA_URL}..."
wget -qO /tmp/schema.sql "$SCHEMA_URL" || {
echo 'Failed to download schema - continuing with main container'
exit 0
}
psql "$PGURI" -f /tmp/schema.sql || {
echo 'Schema execution failed (SQL error) - continuing with main container'
exit 0
}
echo 'Schema executed successfully'
if [ -n "$CLIENT_IDS" ]; then
echo "Inserting client IDs..."
IFS=','
for client_id in $CLIENT_IDS; do
client_id=$(echo "$client_id" | tr -d ' ')
[ -z "$client_id" ] && continue
psql "$PGURI" -c "INSERT INTO clients (client_id) VALUES ('$client_id') ON CONFLICT (client_id) DO NOTHING;" || {
echo "Failed to insert client $client_id - continuing"
}
done
unset IFS
echo "Client ID insertion complete"
fi
{{- end }}
containers:
- name: taskchampion-sync-server
{{- if eq .Values.postgres.enabled true }}
image: "{{ .Values.image.repository }}-postgres:{{ .Values.image.tag }}"
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1092
readOnlyRootFilesystem: true
{{- if eq .Values.postgres.enabled true }}
command:
- /bin/taskchampion-sync-server-postgres
{{- else }}
command:
- /bin/taskchampion-sync-server
{{- end }}
env:
{{- toYaml .Values.env | nindent 12 }}
{{- if .Values.clientIdSecret }}
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.clientIdSecret }}
key: client-ids
{{- end }}
{{- if eq .Values.sqlite.enabled true }}
- name: DATA_DIR
value: {{ .Values.sqlite.dataDir }}
{{- end }}
{{- if eq .Values.postgres.enabled true }}
- name: CONNECTION
valueFrom:
secretKeyRef:
name: {{ include "taskchampion-sync-server.postgres-secret-name" . }}
key: connection
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 5
periodSeconds: 10
{{- if eq .Values.postgres.enabled true }}
resources:
{{- toYaml .Values.postgres.resources | nindent 12 }}
{{- else }}
resources:
{{- toYaml .Values.sqlite.resources | nindent 12 }}
{{- end }}
{{- if eq .Values.sqlite.enabled true }}
volumeMounts:
- name: data
mountPath: {{ .Values.sqlite.dataDir }}
{{- end }}
{{- if eq .Values.sqlite.enabled true }}
volumes:
{{- if .Values.sqlite.existingPV }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.sqlite.existingPV }}
{{- else if .Values.sqlite.persistence.enabled }}
- name: data
persistentVolumeClaim:
claimName: {{ include "taskchampion-sync-server.fullname" . }}-pvc
{{- else }}
- name: data
emptyDir:
{{- if .Values.sqlite.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.sqlite.emptyDir.sizeLimit }}
{{- end }}
{{- if .Values.sqlite.emptyDir.medium }}
medium: {{ .Values.sqlite.emptyDir.medium }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,57 @@
{{- if .Values.httpRoute.enabled }}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ include "taskchampion-sync-server.fullname" . }}
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
{{- with .Values.httpRoute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- if .Values.httpRoute.parentRefs }}
{{- range .Values.httpRoute.parentRefs }}
- name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
{{- if .sectionName }}
sectionName: {{ .sectionName }}
{{- end }}
{{- end }}
{{- else if .Values.httpRoute.gateway }}
- name: {{ .Values.httpRoute.gateway }}
{{- end }}
{{- $hostnames := .Values.httpRoute.hostnames }}
{{- if and (not $hostnames) .Values.httpRoute.host }}
{{- $hostnames = list .Values.httpRoute.host }}
{{- end }}
{{- if $hostnames }}
hostnames:
{{- range $hostnames }}
- {{ . | quote }}
{{- end }}
{{- end }}
rules:
{{- if .Values.httpRoute.rules }}
{{- range .Values.httpRoute.rules }}
- matches:
- path:
type: {{ .path.type | default "PathPrefix" }}
value: {{ .path.value | default "/" }}
backendRefs:
- name: {{ include "taskchampion-sync-server.fullname" $ }}
port: {{ .backendPort | default 8080 }}
{{- end }}
{{- else }}
- matches:
- path:
type: PathPrefix
value: {{ .Values.httpRoute.path | default "/" }}
backendRefs:
- name: {{ include "taskchampion-sync-server.fullname" . }}
port: {{ .Values.httpRoute.port | default 8080 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,58 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "taskchampion-sync-server.fullname" . }}
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- toYaml .Values.ingress.tls | nindent 4 }}
{{- end }}
rules:
{{- $svcName := include "taskchampion-sync-server.fullname" . -}}
{{- $svcPort := $.Values.service.port -}}
{{- range .Values.ingress.hosts }}
{{- if kindIs "string" . }}
- host: {{ . | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path | default "/" | quote }}
pathType: {{ .pathType | default "Prefix" }}
backend:
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- else }}
- path: /
pathType: Prefix
backend:
service:
name: {{ $svcName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,17 @@
{{- if and (eq .Values.sqlite.enabled true) .Values.sqlite.persistence.enabled (not .Values.sqlite.existingPV) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "taskchampion-sync-server.fullname" . }}-pvc
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.sqlite.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.sqlite.persistence.size }}
{{- if .Values.sqlite.persistence.storageClass }}
storageClassName: {{ .Values.sqlite.persistence.storageClass }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,11 @@
{{- if .Values.postgres.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "taskchampion-sync-server.postgres-secret-name" . }}
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
type: Opaque
data:
connection: {{ include "taskchampion-sync-server.postgres-connection" . | b64enc }}
{{- end }}

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "taskchampion-sync-server.fullname" . }}
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: http
selector:
{{- include "taskchampion-sync-server.selectorLabels" . | nindent 4 }}

View File

@ -0,0 +1,9 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "taskchampion-sync-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "taskchampion-sync-server.labels" . | nindent 4 }}
{{- end }}

View File

@ -0,0 +1,14 @@
{{- /* Validate imagePullSecrets entries are objects (not plain strings) */ -}}
{{- range $i, $secret := .Values.image.pullSecrets -}}
{{- if not (kindIs "map" $secret) -}}
{{- fail (printf "ERROR: image.pullSecrets[%d] is a string (%q). Each entry must be an object with a 'name' key, e.g.\n image:\n pullSecrets:\n - name: %s" $i $secret $secret) -}}
{{- end -}}
{{- end -}}
{{- if and (eq .Values.sqlite.enabled false) (eq .Values.postgres.enabled false) -}}
{{- fail "ERROR: Exactly one storage backend must be enabled. Either sqlite.enabled or postgres.enabled must be true." -}}
{{- end -}}
{{- if and (eq .Values.sqlite.enabled true) (eq .Values.postgres.enabled true) -}}
{{- fail "ERROR: Only one storage backend can be enabled. Both sqlite.enabled and postgres.enabled cannot be true at the same time." -}}
{{- end -}}

View File

@ -0,0 +1,169 @@
# Override the chart name used in resource names
nameOverride: ""
# Override the full resource name (takes precedence over nameOverride)
fullnameOverride: ""
# Image configuration
image:
repository: ghcr.io/gothenburgbitfactory/taskchampion-sync-server
tag: "0.7.0"
pullPolicy: IfNotPresent
pullSecrets: []
# pullSecrets expects a list of objects with a "name" key:
# pullSecrets:
# - name: my-registry-cred
# Existing secret containing client IDs (comma-separated UUIDs)
# Expected key: client-ids
clientIdSecret: ""
# Environment variables passed directly to the container
# NOTE: DATA_DIR and CONNECTION are set automatically based on backend
# To add secret/configMap references, use valueFrom:
# - name: MY_SECRET_VAR
# valueFrom:
# secretKeyRef:
# name: my-secret
# key: my-key
env:
- name: RUST_LOG
value: info
- name: LISTEN
value: "0.0.0.0:8080"
- name: CREATE_CLIENTS
value: "true"
# Service configuration
service:
type: ClusterIP
port: 8080
targetPort: 8080
# Ingress configuration
# Each host can be a string (simple) or a map with path rules:
# hosts:
# - host: app.example.com
# paths:
# - path: /
# pathType: Prefix
# - path: /api
# pathType: Exact
ingress:
enabled: false
className: ""
annotations: {}
hosts: []
tls: []
# HTTPRoute configuration (Kubernetes Gateway API)
httpRoute:
enabled: false
annotations: {}
# List of parent gateway references.
# name is required; namespace and sectionName are optional.
parentRefs: []
# parentRefs:
# - name: my-gateway
# namespace: gateway-system # optional — cross-namespace gateway reference
# sectionName: https # optional — targets a specific listener on the gateway
# List of hostnames the route applies to.
hostnames: []
# hostnames:
# - tasks.example.com
# - tasks.internal.example.com
# List of routing rules. Each rule matches a path and forwards to this chart's Service.
# When empty, falls back to the deprecated path/port fields below.
rules: []
# rules:
# - path:
# type: PathPrefix # PathPrefix or Exact
# value: /
# backendPort: 8080
# Deprecated: use parentRefs instead
gateway: ""
# Deprecated: use hostnames instead
host: ""
# Deprecated: use rules instead
path: "/"
port: 8080
# Replica configuration (only applies when postgres is enabled)
replicas:
enabled: false
count: 1
# ServiceAccount configuration
# The app does not access the Kubernetes API, so no RBAC permissions are needed.
# A dedicated ServiceAccount is created to give the pod a stable identity
# for network policies, pod security, or future RBAC.
serviceAccount:
# create specifies whether a ServiceAccount should be created
create: true
# name sets the ServiceAccount name
name: taskchampion-sync-server
# Security context for the pod
# NOTE: runAsUser and runAsGroup are intentionally unset.
# The Docker entrypoint requires root to chown the data directory and then
# drops privileges via su-exec to the taskchampion user (uid 1092).
securityContext:
fsGroup: 100
# SQLite backend configuration (mutually exclusive with postgres)
sqlite:
enabled: false
dataDir: /var/lib/taskchampion-sync-server/data
# Resource limits and requests
resources:
limits:
memory: 25Mi
cpu: 100m
requests:
# 5Mi is sufficient for the SQLite image
memory: 5Mi
cpu: 10m
existingPV: ""
emptyDir:
sizeLimit: ""
medium: ""
persistence:
enabled: true
size: 1Gi
accessMode: ReadWriteOnce
storageClass: ""
existingClaim: ""
# PostgreSQL configuration
postgres:
enabled: false
existingSecret: "" # If empty, auto-create secret; if provided, use existing
# Individual connection components for building connection string
database: taskchampion
host: postgres
port: 5432
username: user
password: ""
# SSL mode for the PostgreSQL connection.
# Use 'disable' for internal cluster connections (no TLS).
# Options: disable, allow, prefer, require, verify-ca, verify-full
sslMode: disable
initContainer:
enabled: true
image: postgres:17-alpine
imagePullPolicy: IfNotPresent
# Override the schema URL. Defaults to the official schema for this chart's appVersion.
# e.g. https://raw.githubusercontent.com/GothenburgBitFactory/taskchampion-sync-server/v0.7.0/postgres/schema.sql
schemaUrl: ""
# Resource limits and requests
resources:
limits:
memory: 100Mi
cpu: 100m
requests:
# 20Mi is the minimum for the Postgres image
memory: 20Mi
cpu: 10m