build: add a simple helm chart for backend deployment only + publish pipeline

Author: spwoodcock

.github/workflows/release_chart.yaml

@@ -0,0 +1,24 @@
+name: Release Chart
+
+on:
+  # Push includes PR merge
+  push:
+    branches:
+      - develop
+    paths:
+      # Workflow is triggered only if chart dir changes
+      - chart/**
+  # Allow manual trigger
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  publish:
+    uses: hotosm/gh-workflows/.github/workflows/just.yml@3.3.2
+    with:
+      environment: "test"
+      command: "chart publish"
+    secrets: inherit

.gitignore

@@ -62,3 +62,6 @@ fAIr-utilities
 data
 
 fair-app-data/*
+
+# helm charts
+fair-*.tgz

Justfile

@@ -0,0 +1,30 @@
+set dotenv-load
+
+mod chart 'tasks/chart'
+
+# List available commands
+[private]
+default:
+  just help
+
+# List available commands
+help:
+  just --justfile {{justfile()}} --list
+
+# Echo to terminal with blue colour
+[no-cd]
+_echo-blue text:
+  #!/usr/bin/env sh
+  printf "\033[0;34m%s\033[0m\n" "{{ text }}"
+
+# Echo to terminal with yellow colour
+[no-cd]
+_echo-yellow text:
+  #!/usr/bin/env sh
+  printf "\033[0;33m%s\033[0m\n" "{{ text }}"
+
+# Echo to terminal with red colour
+[no-cd]
+_echo-red text:
+  #!/usr/bin/env sh
+  printf "\033[0;41m%s\033[0m\n" "{{ text }}"

chart/.helmignore

@@ -0,0 +1,9 @@
+.DS_Store
+.git
+.gitignore
+.idea
+*.swp
+*.bak
+*.tmp
+*.orig
+*~

chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: fair
+description: AI Assisted Mapping Tool
+type: application
+version: 0.1.0
+appVersion: "2.2.19"

chart/README.md

@@ -0,0 +1,48 @@
+# fAIr Helm Chart
+
+Deploys the fAIr backend API and Django-Q async worker.
+
+The frontend is deployed separately (S3 + CloudFront via GitHub Actions).
+PostgreSQL is expected to be provided externally (e.g.
+[CloudNativePG](https://cloudnative-pg.io/) or a managed database service).
+
+## Quick start
+
+```bash
+helm install fair oci://ghcr.io/hotosm/charts/fair
+```
+
+## Example values
+
+```yaml
+externalDatabase:
+  host: my-pg-cluster-rw.db.svc
+  database: ai
+  username: fair
+  existingSecret: fair-db-credentials
+  existingSecretKey: password
+
+ingress:
+  enabled: true
+  className: nginx
+  hosts:
+    - host: fair.example.com
+      paths:
+        - path: /api
+          pathType: Prefix
+
+backend:
+  envFrom:
+    - secretRef:
+        name: fair-backend-secrets
+```
+
+## Key values
+
+| Parameter | Description | Default |
+|---|---|---|
+| `externalDatabase.host` | PostgreSQL host | `""` |
+| `externalDatabase.existingSecret` | Secret containing DB password | `""` |
+| `backend.djangoQ.enabled` | Run Django-Q sidecar for async tasks | `true` |
+| `backend.migrate.enabled` | Run migrations on install/upgrade | `true` |
+| `ingress.enabled` | Create Ingress resource | `false` |

chart/templates/NOTES.txt

@@ -0,0 +1,20 @@
+fAIr has been deployed!
+
+Components:
+  - Backend API: {{ include "fair.backend.fullname" . }}
+{{- if .Values.backend.djangoQ.enabled }}
+  - Django-Q:    running as sidecar in backend pod
+{{- end }}
+  - PostgreSQL:  external ({{ .Values.externalDatabase.host }})
+
+{{- if .Values.ingress.enabled }}
+
+Access the application at:
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}
+{{- end }}
+{{- else }}
+
+To access the backend API, run:
+  kubectl port-forward svc/{{ include "fair.backend.fullname" . }} 8000:{{ .Values.backend.service.port }}
+{{- end }}

chart/templates/_helpers.tpl

@@ -0,0 +1,90 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fair.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "fair.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fair.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fair.labels" -}}
+helm.sh/chart: {{ include "fair.chart" . }}
+{{ include "fair.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fair.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fair.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "fair.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "fair.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Backend fullname
+*/}}
+{{- define "fair.backend.fullname" -}}
+{{- printf "%s-backend" (include "fair.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Backend selector labels
+*/}}
+{{- define "fair.backend.selectorLabels" -}}
+{{ include "fair.selectorLabels" . }}
+app.kubernetes.io/component: backend
+{{- end }}
+
+{{/*
+Backend image
+*/}}
+{{- define "fair.backend.image" -}}
+{{- $tag := default .Chart.AppVersion .Values.image.backend.tag -}}
+{{- printf "%s:%s" .Values.image.backend.repository $tag }}
+{{- end }}
+
+{{/*
+DATABASE_URL for Django
+*/}}
+{{- define "fair.databaseUrl" -}}
+postgis://$(DATABASE_USER):$(DATABASE_PASSWORD)@{{ .Values.externalDatabase.host }}:{{ .Values.externalDatabase.port | toString }}/{{ .Values.externalDatabase.database }}
+{{- end }}

chart/templates/backend/configmap.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "fair.backend.fullname" . }}
+  labels:
+    {{- include "fair.labels" . | nindent 4 }}
+    app.kubernetes.io/component: backend
+data:
+  DATABASE_HOST: {{ .Values.externalDatabase.host | quote }}
+  DATABASE_PORT: {{ .Values.externalDatabase.port | toString | quote }}
+  DATABASE_NAME: {{ .Values.externalDatabase.database | quote }}
+  DATABASE_USER: {{ .Values.externalDatabase.username | quote }}
+  {{- range $key, $value := .Values.backend.env }}
+  {{ $key }}: {{ $value | quote }}
+  {{- end }}

chart/templates/backend/deployment.yaml

@@ -0,0 +1,126 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "fair.backend.fullname" . }}
+  labels:
+    {{- include "fair.labels" . | nindent 4 }}
+    app.kubernetes.io/component: backend
+spec:
+  replicas: {{ .Values.backendReplicaCount }}
+  selector:
+    matchLabels:
+      {{- include "fair.backend.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/backend/configmap.yaml") . | sha256sum }}
+      {{- with .Values.backend.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "fair.backend.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "fair.serviceAccountName" . }}
+      {{- with .Values.backend.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: api
+          image: {{ include "fair.backend.image" . }}
+          imagePullPolicy: {{ .Values.image.backend.pullPolicy }}
+          {{- with .Values.backend.command }}
+          command:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.backend.port }}
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: {{ include "fair.backend.fullname" . }}
+            {{- with .Values.backend.envFrom }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          env:
+            - name: DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.externalDatabase.existingSecret }}
+                  name: {{ .Values.externalDatabase.existingSecret }}
+                  key: {{ .Values.externalDatabase.existingSecretKey }}
+                  {{- else }}
+                  name: {{ include "fair.backend.fullname" . }}-db
+                  key: password
+                  {{- end }}
+            - name: DATABASE_URL
+              value: {{ include "fair.databaseUrl" . | quote }}
+          {{- with .Values.backend.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.backend.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.backend.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.backend.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- if .Values.backend.djangoQ.enabled }}
+        - name: django-q
+          image: {{ include "fair.backend.image" . }}
+          imagePullPolicy: {{ .Values.image.backend.pullPolicy }}
+          command:
+            - python
+            - manage.py
+            - qcluster
+          envFrom:
+            - configMapRef:
+                name: {{ include "fair.backend.fullname" . }}
+            {{- with .Values.backend.envFrom }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          env:
+            - name: DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  {{- if .Values.externalDatabase.existingSecret }}
+                  name: {{ .Values.externalDatabase.existingSecret }}
+                  key: {{ .Values.externalDatabase.existingSecretKey }}
+                  {{- else }}
+                  name: {{ include "fair.backend.fullname" . }}-db
+                  key: password
+                  {{- end }}
+            - name: DATABASE_URL
+              value: {{ include "fair.databaseUrl" . | quote }}
+          {{- with .Values.backend.djangoQ.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.backend.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- end }}
+      {{- with .Values.backend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.backend.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.backend.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}