Chart testing (#13)

* init * add release logic * fix: pr workflow repo * fix: typo in tasks * fix: release task * fix: linting * add: more log * fix: stopping at linting * fix: charts * check linting * lint target branch master * cat git ref * check branch * checkout this branch * linting against master * test: remove checkout * test: ct since based linting * test: add git log and use origin with branch name * test: git fetch all * test: shorten log * test: add origin * test: remove exit 0 * test: unshallowing * test: add fetch all * test: remove clutter * test: remove more clutter * test: chart testing * test: add git config * fix: charts * fix: test and release * fix: add cleanup * fix: brackets * fix: remove helm extra args * exit on testing fail * fix: handle exit codes and remove errexit * add: error exit * add: erroexit in linting * fix: table format changed by ide vscode plugin * feat: ct config * fix: get sc, silent curl, fix kind img condition * fix: output path in release task * fix: storage class * fix: livenesspob initial seconds * chnages in erpnext * fix: by pre-commit hook * fix: chart testing * feat: mega linter * fix: n8n charts-yaml * fix: filename * fix: erpnext ct test remove affinity * test * fix: minio upload source * error handling * remove n8n helm chart * remove images from task * fix: chart release * feat: more pre-commit hooks * feat: env based helm and ct downloading * feat: conventional commit linting using precommit * feat(precommit): yaml linting with fixed * ci: github release for charts - add github release for individual charts - add custom tarr bash function * ci: conventional commit linting insted of angula * ci: add chart bumping and changelog with gitchglog * ci: fix github release script * docs: add init ci step for charts [ci skip] * ci: bump, package and release seprate tasks * ci: skip all error based on SKIP_ERR env * ci: move skip error portion to only chart testing * ci: fix pipeline * ci: remove bumping from linting task * ci: redirect err to /dev/null and fix SKIP_ERR * fix: ci fix healthchecks test * fix: increase initial dealy in probs healthchecks * bump: erpnext:- 3.1.8 → 3.2.0 [ci skip] * bump: freeipa:- 0.1.1 → 0.2.0 [ci skip] * bump: healthchecks:- 1.0.4 → 1.0.5 [ci skip] * chore(status): modify status pointer [ci skip] * chore(status): move status pointer [ci skip] * ci: move .yamllint to .ci * fix: merge upstream chart with our changes - Add mariadb as dependent chart which helps in chart testing pipeline - Separate backup pre upgrade job - Remove test (it was default test that comes with chart template) - MUST NOT provide storage class, it will pickup from default sc in k8s - Add affinity where necessary * fix: capabilities to all * ci: better ct lsc condition * ci: handle ct exit code * ci: fix ct lsc * ci: fix entry condition * chore(status): move status pointer [ci skip] * ci: fix fetching when linting to stop exit 128 * ci: remove SKIP_ERR * ci: diffrent task fro pr workflow * ci: move back status pointer, ignore freeipa chart - move back status pointer to check testing * ci: remove trap * ci: docker system prine on exit, forking on docker load * bump: erpnext:- 3.2.4 → 3.2.5 [ci skip] * chore(status): modify status pointer [ci skip] * chore(status): move status pointer [ci skip] Co-authored-by: concourse <concourse@github-noreply.com>
2021-11-10 12:55:23 +05:30 · 2021-11-10 12:55:23 +05:30 · 459f692e33
parent 91d3b66431
commit 459f692e33
78 changed files with 1690 additions and 923 deletions
--- a/.ci/.yamllint
+++ b/.ci/.yamllint
@ -0,0 +1,42 @@
 ---
 yaml-files:
  - '*.yaml'
  - '*.yml'
  - '.yamllint'
 rules:
  braces:
    ignore: |
      **.ci**
  brackets: enable
  colons: enable
  commas: enable
  comments:
    level: warning
  comments-indentation:
    level: warning
  document-end: disable
  document-start:
    level: warning
    ignore: |
      **values.yaml**
      **override-values.yaml**
  empty-lines: enable
  empty-values: disable
  hyphens: enable
  indentation: enable
  key-duplicates: enable
  key-ordering: disable
  line-length:
    max: 100
    level: warning
  new-line-at-end-of-file: enable
  new-lines: enable
  octal-values: disable
  quoted-strings: disable
  trailing-spaces: enable
  truthy:
    level: warning
 ignore: |
  **templates**
--- a/.ci/CHANGELOG.tpl.md
+++ b/.ci/CHANGELOG.tpl.md
@ -0,0 +1,38 @@
 {{ range .Versions }}
 <a name="{{ .Tag.Name }}"></a>
 ## {{ if .Tag.Previous }}[{{ .Tag.Name }}]({{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}){{ else }}{{ .Tag.Name }}{{ end }} ({{ datetime "2006-01-02" .Tag.Date }})
 {{ range .CommitGroups -}}
 ### {{ .Title }}
 {{ range .Commits -}}
 * {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
 {{ end }}
 {{ end -}}
 {{- if .RevertCommits -}}
 ### Reverts
 {{ range .RevertCommits -}}
 * {{ .Revert.Header }}
 {{ end }}
 {{ end -}}
 {{- if .MergeCommits -}}
 ### Pull Requests
 {{ range .MergeCommits -}}
 * {{ .Header }}
 {{ end }}
 {{ end -}}
 {{- if .NoteGroups -}}
 {{ range .NoteGroups -}}
 ### {{ .Title }}
 {{ range .Notes }}
 {{ .Body }}
 {{ end }}
 {{ end -}}
 {{ end -}}
 {{ end -}}
--- a/.ci/chart_schema.yaml
+++ b/.ci/chart_schema.yaml
@ -0,0 +1,37 @@
 name: str()
 home: str(required=False)
 version: str()
 apiVersion: str()
 appVersion: any(str(), num(), required=False)
 description: str()
 keywords: list(str(), required=False)
 sources: list(str(), required=False)
 maintainers: list(include('maintainer'), required=False)
 dependencies: list(include('dependency'), required=False)
 icon: str(required=False)
 engine: str(required=False)
 condition: str(required=False)
 tags: str(required=False)
 deprecated: bool(required=False)
 kubeVersion: str(required=False)
 annotations: map(str(), str(), required=False)
 type: str(required=False)
 ---
 maintainer:
  name: str()
  email: str(required=False)
  url: str(required=False)
 ---
 dependency:
  name: str()
  version: str()
  repository: str()
  condition: str(required=False)
  tags: list(str(), required=False)
  enabled: bool(required=False)
  import-values: any(list(str()), list(include('import-value')), required=False)
  alias: str(required=False)
 ---
 import-value:
  child: str()
  parent: str()
--- a/.ci/git-chglog-config.yml
+++ b/.ci/git-chglog-config.yml
@ -0,0 +1,34 @@
 style: github
 template: CHANGELOG.tpl.md
 info:
  title: CHANGELOG
  repository_url: n
 options:
  commits:
    filters:
      Type:
        - feat
        - fix
        - perf
        - refactor
        - ci
  commit_groups:
    title_maps:
      feat: Features
      fix: Bug Fixes
      perf: Performance Improvements
      refactor: Code Refactoring
      ci: CI
  header:
    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
    pattern_maps:
      - Type
      - Scope
      - Subject
  merges:
    pattern: "^Merge branch '(\\w+)'$"
    pattern_maps:
      - Source
  notes:
    keywords:
      - BREAKING CHANGE
--- a/.ci/lintconf.yaml
+++ b/.ci/lintconf.yaml
@ -0,0 +1,42 @@
 ---
 rules:
  braces:
    min-spaces-inside: 0
    max-spaces-inside: 0
    min-spaces-inside-empty: -1
    max-spaces-inside-empty: -1
  brackets:
    min-spaces-inside: 0
    max-spaces-inside: 0
    min-spaces-inside-empty: -1
    max-spaces-inside-empty: -1
  colons:
    max-spaces-before: 0
    max-spaces-after: 1
  commas:
    max-spaces-before: 0
    min-spaces-after: 1
    max-spaces-after: 1
  comments:
    require-starting-space: false
    min-spaces-from-content: 1
  document-end: disable
  document-start: disable           # No --- to start a file
  empty-lines:
    max: 2
    max-start: 0
    max-end: 0
  hyphens:
    max-spaces-after: 1
  indentation:
    spaces: consistent
    indent-sequences: whatever      # - list indentation will handle both indentation and without
    check-multi-line-strings: false
  key-duplicates: enable
  line-length: disable              # Lines can be any length
  new-line-at-end-of-file: enable
  new-lines:
    type: unix
  trailing-spaces: enable
  truthy:
    level: warning
--- a/.ci/scripts/bump.sh
+++ b/.ci/scripts/bump.sh
@ -0,0 +1,96 @@
 set -ex
 TASK_ROOT=$(pwd)
 cd repo
 [[ $(ct list-changed --config ct.yaml --since $(head -n1 status) 2>/dev/null) == "" ]] && echo "#### no changes found ####" && exit 0
 # function git_fetch() {
 #   if [[ $(git config --get remote.origin.url) == *"git@github.com"* ]]; then
 #     mkdir -p ~/.ssh
 #     touch ~/.ssh/id_rsa ~/.ssh/known_hosts
 #     echo $KEY | base64 -d >~/.ssh/id_rsa
 #     chmod 600 ~/.ssh/id_rsa
 #     ssh-keyscan github.com >>~/.ssh/known_hosts
 #     git config remote.origin.fetch refs/heads/*:refs/remotes/origin/*
 #     git fetch --all
 #     git fetch $(git config --get remote.origin.url) 'refs/tags/*:refs/tags/*'
 #   else
 #     git config remote.origin.fetch refs/heads/*:refs/remotes/origin/*
 #     git fetch --all
 #   fi
 # }
 # git_fetch
 ## Set git user email and name for commit
 git config --global user.email concourse@github-noreply.com
 git config --global user.name concourse
 ## Insatll YQ
 source <(curl -s https://raw.githubusercontent.com/pratikbalar/bash-functions/main/functions.sh)
 tarr https://github.com/mikefarah/yq/releases/download/v4.9.3/yq_linux_386.tar.gz yq_linux_386 /usr/bin/yq
 # locked version at v3.2.0
 wget -nv -O /usr/bin/semvertool https://raw.githubusercontent.com/fsaintjacques/semver-tool/20028cb53f340a300b460b423e43f0eac13bcd9a/src/semver
 chmod +x /usr/bin/semvertool
 BUMP_PATTERN='^(BREAKING[\-\ ]CHANGE|feat|fix|refactor|perf)(\(.+\))?(!)?'
 MAJOR='(^.+!|.*BREAKING[\-\ ]CHANGE)'
 MINOR='(^feat)'
 PATCH='(^fix|^perf|^refactor)'
 bumpp() {
  semvertool bump $1 $2
 }
 ## Chart version bumping loop
 for chart in $(ct list-changed --config ct.yaml --since $(head -n1 status) 2>/dev/null); do
  CHART_NAME=$(yq e '.name' $chart/Chart.yaml)
  CHARTS=()
  CHARTS+=(${chart})
  echo "Checking version bump for ${CHART_NAME}"
  COMMIT_MESSAGE=$(git log --format=%B -n 1 $chart/)
  printf "last commit message: \"${COMMIT_MESSAGE}\" \n"
  if [[ ${COMMIT_MESSAGE} =~ ${BUMP_PATTERN} ]]; then
    OLD_VERSION=$(yq e '.version' $chart/Chart.yaml)
    CHARTS+=(${OLD_VERSION})
    if [[ ${COMMIT_MESSAGE} =~ ${MAJOR} ]]; then
      BUMP="major"
      echo "Bumping ${BUMP}"
    elif [[ ${COMMIT_MESSAGE} =~ ${MINOR} ]]; then
      BUMP="minor"
      echo "Bumping ${BUMP}"
    elif [[ ${COMMIT_MESSAGE} =~ ${PATCH} ]]; then
      BUMP="patch"
      echo "Bumping ${BUMP}"
    else
      echo "${CHART_NAME}: skipping"
      continue
    fi
    ## mv bump chart and local commit
    ## note: exported NEW_VERSION var so yq can use it with `env` operator
    export NEW_VERSION=$(bumpp ${BUMP} ${OLD_VERSION})
    yq eval '.version = env(NEW_VERSION)' $chart/Chart.yaml >$chart/_Chart.yaml
    mv $chart/_Chart.yaml $chart/Chart.yaml
    ## Commit new chart version
    COMMIT_MSG="bump: ${CHART_NAME}:- ${OLD_VERSION} → ${NEW_VERSION} [ci skip]"
    CHARTS+=(${NEW_VERSION})
    echo ${COMMIT_MSG}
    git add $chart/Chart.yaml
    git commit -m "${COMMIT_MSG}"
    ## add new SHA to array
    COMMIT_SHA=$(git log --oneline -n 1 --format=%H)
    CHARTS+=(${COMMIT_SHA})
    echo ${CHARTS[*]} >>status
    unset CHARTS
  else
    echo "Not bumpable commits found, skipping"
    continue
  fi
 done
 ## Add and commit modified status
 git add status
 git commit -m "chore(status): modify status pointer [ci skip]"
--- a/.ci/scripts/lint.sh
+++ b/.ci/scripts/lint.sh
@ -0,0 +1,8 @@
 set -ex
 TASK_ROOT=$(pwd)
 cd repo
 [[ $(ct list-changed --config ct.yaml --since $(head -n1 status) 2>/dev/null) == "" ]] && echo "#### no changes found ####" && exit 0
 ## ct linting
 export HELM_CONFIG_HOME=./
 ct lint --config ct.yaml --since $(head -n1 status) --debug
--- a/.ci/scripts/package.sh
+++ b/.ci/scripts/package.sh
@ -0,0 +1,24 @@
 set -ex
 TASK_ROOT=$(pwd)
 cd repo
 [[ $(ct list-changed --config ct.yaml --since $(head -n1 status) 2>/dev/null) == "" ]] && echo "#### no changes found ####" && exit 0
 ## Set git user email and name for commiting
 git config --global user.email concourse@github-noreply.com
 git config --global user.name concourse
 export HELM_CONFIG_HOME=$(pwd)/
 tail -n+2 status >${TASK_ROOT}/bumping
 ## Package and index charts, taking input from bumping file
 while read -r line; do
  CHART=($line)
  echo "########### Packaging ${CHART[0]} ###########"
  helm package -u -d ${TASK_ROOT}/charts/charts ${CHART[0]}
  cd ${TASK_ROOT}/charts
  helm repo index --url https://improwised.github.io/charts .
  git add .
  git commit -m "bump: ${CHART[0]/charts\//}:- ${CHART[1]} → ${CHART[2]}"
  cd ${TASK_ROOT}/repo
 done <${TASK_ROOT}/bumping
--- a/.ci/scripts/pr-lint.sh
+++ b/.ci/scripts/pr-lint.sh
@ -0,0 +1,6 @@
 set -ex
 TASK_ROOT=$(pwd)
 cd repo
 ## ct linting
 export HELM_CONFIG_HOME=./
 ct lint --target-branch master --remote origin --config ct.yaml --debug
--- a/.ci/scripts/release.sh
+++ b/.ci/scripts/release.sh
@ -0,0 +1,72 @@
 set -ex
 TASK_ROOT=$(pwd)
 cd repo
 [[ $(ct list-changed --config ct.yaml --since $(head -n1 status) 2>/dev/null) == "" ]] && echo "#### no changes found ####" && exit 0
 ## Functioon for git feching in concoures for ssh or https based repos
 # function git_fetch() {
 #   if [[ $(git config --get remote.origin.url) == *"git@github.com"* ]]; then
 #     mkdir -p ~/.ssh
 #     [[ -z $KEY ]] && echo "#### env var \$KEY not found" && exit 1
 #     touch ~/.ssh/id_rsa ~/.ssh/known_hosts
 #     echo $KEY | base64 -d >~/.ssh/id_rsa
 #     chmod 700 ~/.ssh/id_rsa
 #     ssh-keyscan github.com >>~/.ssh/known_hosts
 #     git config remote.origin.fetch refs/heads/*:refs/remotes/origin/*
 #     git fetch --all
 #     git fetch $(git config --get remote.origin.url) 'refs/tags/*:refs/tags/*'
 #   else
 #     git config remote.origin.fetch refs/heads/*:refs/remotes/origin/*
 #     git fetch --all
 #   fi
 # }
 # git_fetch
 ## Set git user email and name for commit
 git config --global user.email concourse@github-noreply.com
 git config --global user.name concourse
 ## install necessary tools and setup minio
 source <(curl -s https://raw.githubusercontent.com/pratikbalar/bash-functions/main/functions.sh)
 tarr https://github.com/tcnksm/ghr/releases/download/v0.13.0/ghr_v0.13.0_linux_amd64.tar.gz ghr_v0.13.0_linux_amd64/ghr /usr/bin/ghr
 tarr https://github.com/git-chglog/git-chglog/releases/download/v0.14.2/git-chglog_0.14.2_linux_amd64.tar.gz git-chglog /usr/local/bin/git-chglog
 PROJECT_USERNAME=$(git config --get remote.origin.url | sed 's/git\@github\.com\:\|\.git\|https\:\/\/github\.com\///g' | awk -F\/ '{printf $1}')
 PROJECT_REPONAME=$(git config --get remote.origin.url | sed 's/git\@github\.com\:\|\.git\|https\:\/\/github\.com\///g' | awk -F\/ '{printf $2}')
 tail -n+2 status >${TASK_ROOT}/bumping
 while read -r line; do
  ## Extract info from array
  CHART=($line)
  CHART_NAME=${CHART[0]/charts\//}
  OLD_VERSION=${CHART[1]}
  NEW_VERSION=${CHART[2]}
  COMMIT_SHA=${CHART[3]}
  ## Create temporary tag for generating generating proper changelog
  git tag ${CHART_NAME}-${NEW_VERSION} ${COMMIT_SHA}
  git-chglog -o /tmp/${CHART_NAME}-${NEW_VERSION}.md \
    --config .ci/git-chglog-config.yml \
    --path ${CHART} \
    ${CHART_NAME}-${NEW_VERSION}
  git tag -d ${CHART_NAME}-${NEW_VERSION}
  ## Github release chart
  echo "########### Releasing ${CHART_NAME} chart ###########"
  ghr -token "${GITHUB_TOKEN}" \
    -name "${CHART_NAME}-${NEW_VERSION}" \
    -body "$(cat /tmp/${CHART_NAME}-${NEW_VERSION}.md)" \
    -owner "${PROJECT_USERNAME}" \
    -repository "${PROJECT_REPONAME}" \
    -commitish "${COMMIT_SHA}" \
    -replace \
    ${CHART_NAME}-${NEW_VERSION} \
    ${TASK_ROOT}/charts/charts/${CHART_NAME}-${NEW_VERSION}.tgz
 done <${TASK_ROOT}/bumping
 ## Move status pointer
 git log --oneline -n 1 --format=%H >status
 git add status
 git commit -m "chore(status): move status pointer [ci skip]"
--- a/.ci/scripts/test.sh
+++ b/.ci/scripts/test.sh
@ -0,0 +1,67 @@
 set -ex
 TASK_ROOT=$(pwd)
 apk add --no-progress --no-cache git
 ## Install helm and ct same version
 source <(curl -s https://raw.githubusercontent.com/pratikbalar/bash-functions/main/functions.sh)
 tarr https://get.helm.sh/helm-${CT_VERSION}-linux-amd64.tar.gz linux-amd64/helm /usr/bin/helm
 tarr https://github.com/helm/chart-testing/releases/download/${CT_VERSION}/chart-testing_${CT_VERSION/v/}_linux_amd64.tar.gz ct /usr/bin/ct
 ## Check if there any changes
 cd repo
 [[ $(ct list-changed --config ct.yaml --since $(head -n1 status) 2>/dev/null) == "" ]] && echo "#### no changes found ####" && exit 0
 ## Start Docker
 cd ..
 source /docker-lib.sh
 start_docker
 # Cleanup.
 # Not sure if this is required.
 # It's quite possible that Concourse is smart enough to clean up the Docker mess itself.
 function cleanup() {
  docker system prune --all --force --volumes
 }
 trap cleanup EXIT
 # Strictly speaking, preloading of Docker images is not required.
 # However, you might want to do this for a couple of reasons:
 # - If the image comes from a private repository, it is much easier to let Concourse pull it,
 #   and then pass it through to the task.
 # - When the image is passed to th  e task, Concourse can often get the image from its cache.
 KIND_VERSION="${KIND_NODE_VERSION:-$(cat kind-img/tag)}"
 docker_load() {
  if [[ ! -f kind-img/tag ]]; then
    docker pull kindest/node:${KIND_VERSION}
  else
    docker load -i kind-img/image
    docker tag "$(cat kind-img/image-id)" "$(cat kind-img/repository):$(cat kind-img/tag)"
  fi
 }
 docker_load &
 wait_docker_load=$!
 ## installing kubectl
 apk add --no-cache --no-progress -X http://dl-cdn.alpinelinux.org/alpine/edge/testing kubectl
 curl -Lso /usr/bin/kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64
 chmod a+x /usr/bin/kind
 ## create cluster with verbose
 wait ${wait_docker_load}
 kind create cluster --image kindest/node:"${KIND_VERSION}" --name "${KIND_VERSION}" -v 5
 ## Wait for cluster to come up
 kind get clusters
 echo "Waiting for cluster to come up"
 sleep 20
 while [[ $(kubectl get pods -A -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == *"False"* ]]; do
  echo "#### Pods are not ready, waiting... ####"
  kubectl get pods -A
  sleep 5
 done
 echo "#### Cluster is ready ####"
 kubectl get all,sc,cs -A
 cd repo
 export HELM_CONFIG_HOME=./
 ct install --config ct.yaml --since $(head -n1 status) --debug
--- a/.ci/task-bump.yaml
+++ b/.ci/task-bump.yaml
@ -0,0 +1,13 @@
 ---
 platform: linux
 inputs:
  - name: repo
 outputs:
  - name: repo
    path: repo
 run:
  path: bash
  args: [repo/.ci/scripts/bump.sh]
--- a/.ci/task-lint.yaml
+++ b/.ci/task-lint.yaml
@ -0,0 +1,9 @@
 ---
 platform: linux
 inputs:
  - name: repo
 run:
  path: bash
  args: [repo/.ci/scripts/pr-lint.sh]
--- a/.ci/task-package.yaml
+++ b/.ci/task-package.yaml
@ -0,0 +1,13 @@
 ---
 platform: linux
 inputs:
  - name: repo
  - name: charts
 outputs:
  - name: charts
    path: charts
 run:
  path: bash
  args: [repo/.ci/scripts/package.sh]
--- a/.ci/task-pr-lint.yaml
+++ b/.ci/task-pr-lint.yaml
@ -0,0 +1,9 @@
 ---
 platform: linux
 inputs:
  - name: repo
 run:
  path: bash
  args: [repo/.ci/scripts/lint.sh]
--- a/.ci/task-release.yaml
+++ b/.ci/task-release.yaml
@ -0,0 +1,15 @@
 ---
 platform: linux
 # image_resource: { type: docker-image, source: { repository: alpine } }
 inputs:
  - name: repo
  - name: charts
 outputs:
  - name: repo
    path: repo
 run:
  path: bash
  args: [repo/.ci/scripts/release.sh]
--- a/.ci/task-test.yaml
+++ b/.ci/task-test.yaml
@ -0,0 +1,12 @@
 ---
 platform: linux
 image_resource: { type: docker-image, source: { repository: amidos/dcind } }
 inputs:
  - name: kind-img
    optional: true
  - name: repo
 run:
  path: bash
  args: [repo/.ci/scripts/test.sh]
--- a/.gitignore
+++ b/.gitignore
@ -7,9 +7,10 @@
 # Test binary, built with `go test -c`
 *.test
-
+*.tgz
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 # Dependency directories (remove the comment below to include it)
 # vendor/
 tmp-*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,27 @@
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v3.2.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-added-large-files
      - id: check-merge-conflict
      - id: check-symlinks
      - id: detect-private-key
  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.1.0
    hooks:
      - id: detect-secrets
  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
    rev: v2.2.0
    hooks:
      - id: commitlint
        stages: [commit-msg]
        additional_dependencies: ["@commitlint/config-conventional"]
  - repo: https://github.com/adrienverge/yamllint
    rev: 85ccd62
    hooks:
      - id: yamllint
        args: [-c, ".ci/.yamllint"]
--- a/README.md
+++ b/README.md
@ -25,3 +25,9 @@ helm repo add improwised https://improwised.github.io/charts/
   ```
 4. Add appropriate commit message and push it
 ## Adding CI first time
 tag each chart with it's last chart version e.g. `<chart-name>-<chart-version>` to it's `sha`
 e.g. `git tag erpnext-1.0.0 asdasdasdasdasda` here assume that `sha` is pointing to that perticular erpnext chart version `1.0.0`
--- a/charts/erpnext/.helmignore
+++ b/charts/erpnext/.helmignore
@ -20,3 +20,4 @@
 .idea/
 *.tmproj
 .vscode/
 ci
--- a/charts/erpnext/Chart.lock
+++ b/charts/erpnext/Chart.lock
@ -0,0 +1,6 @@
 dependencies:
 - name: mariadb
  repository: https://charts.bitnami.com/bitnami
  version: 9.3.14
 digest: sha256:0815327ab67fe07509fc687ee448701acf9f7aab1927d737512ecc55b9dfb0ef
 generated: "2021-06-11T13:53:12.782657536+05:30"
--- a/charts/erpnext/Chart.yaml
+++ b/charts/erpnext/Chart.yaml
@ -1,7 +1,14 @@
 apiVersion: v2
-appVersion: v13.0.1
+appVersion: v13.4.1
 description: Kubernetes Helm Chart for the lastest stable ERPNext branch
 icon: https://raw.githubusercontent.com/frappe/design/master/logos/logo-2018/erpnext-logo-blue.svg
 name: erpnext
 type: application
-version: 3.0.3
+version: 3.2.5
 maintainers:
  - name: improwised
 dependencies:
  - name: mariadb
    version: 9.3.14
    repository: https://charts.bitnami.com/bitnami
    condition: mariadb.enabled
--- a/charts/erpnext/README.md
+++ b/charts/erpnext/README.md
@ -57,11 +57,12 @@ The command removes all the Kubernetes components associated with the chart and
 The following table lists the configurable parameters of the ERPNext chart and their default values.
 | Parameter                             | Description                                                  | Default                         |
-|----------------------------------|--------------------------------------------------------------|---------------------------------|
+|---------------------------------------|--------------------------------------------------------------|---------------------------------|
 | `replicaCount`                        | Replica Count for App Deployments                            | `1`                             |
 | `nginxImage.repository`               | Frappe/ERPNext Nginx Docker image registry                   | `frappe/erpnext-nginx`          |
 | `nginxImage.tag`                      | Frappe/ERPNext Nginx Docker image tag                        | Latest Stable Release           |
 | `nginxImage.pullPolicy`               | Frappe/ERPNext Nginx Docker image pullPolicy                 | `IfNotPresent`                  |
 | `nginxImage.nginxConfig`              | Frappe/ERPNext Nginx Docker image custom default.conf        | `nil`                           |
 | `pythonImage.repository`              | Frappe/ERPNext Python Docker image registry                  | `frappe/erpnext-worker`         |
 | `pythonImage.tag`                     | Frappe/ERPNext Python Docker image tag                       | Latest Stable Release           |
 | `pythonImage.pullPolicy`              | Frappe/ERPNext Python Docker image pullPolicy                | `IfNotPresent`                  |
@ -81,15 +82,30 @@ The following table lists the configurable parameters of the ERPNext chart and t
 | `redisQueueHost`                      | Queue Redis Host to connect (Optional)                       | `nil`                           |
 | `redisCacheHost`                      | Cache Redis Host to connect (Optional)                       | `nil`                           |
 | `redisSocketIOHost`                   | Socket IO Redis Host to connect (Optional)                   | `nil`                           |
 | `postgresHost`                        | Postgres Host (Optional)                                     | `nil`                           |
 | `postgresPort`                        | Postgres Port (Optional)                                     | `nil`                           |
 | `dbRootPassword`                      | MariaDB Root Password to create first site (Optional)        | `nil`                           |
 | `createSite.enabled`                  | Create First site                                            | `false`                         |
 | `createSite.siteName`                 | Site name to create the site                                 | `erp.cluster.local`             |
 | `createSite.dbRootUser`               | DB root user to create first site                            | `root`                          |
 | `createSite.adminPassword`            | DB root password to create first site                        | `admin`                         |
 | `createSite.installApps`              | Apps to be installed on site separated by comma (`,`)        | `erpnext`                       |
 | `createSite.dropSiteOnUninstall`      | Drop created site on uninstall of helm release               | `false`                         |
 | `ingress.enabled`                     | Enable ingress for first site                                | `false`                         |
 | `ingress.annotations`                 | Annotation object to be used with ingress                    | `{}`                            |
 | `ingress.hosts[0].host`               | Hostname for the site                                        | `erp.cluster.local`             |
 | `ingress.hosts[0].paths[0].path`      | Ingress Path                                                 | `/`                             |
 | `ingress.hosts[0].paths[0].pathType`  | Ingress Path Type                                            | `ImplementationSpecific`        |
 | `ingress.tls`                         | Ingress TLS array                                            | `[]`                            |
 | `migrateJob.enable`                   | Run migrate sites Job after helm install / upgrade           | `false`                         |
 | `migrateJob.backup`                   | Backup before migrate sites Job                              | `true`                          |
 | `persistence.worker.enable`           | Creates PVC with helm release name                           | `true`                          |
 | `persistence.worker.size`             | Creates PVC with size                                        | `8Gi`                           |
-| `persistence.worker.storageClass`| StorageClass with RWX, Required if PVC is created            | `nil`                           |
+| `persistence.worker.storageClass`     | StorageClass with RWX, Required if PVC is created            | `nil`                           |
 | `persistence.logs.enable`             | Creates PVC for logs volume with helm release name           | `true`                          |
 | `persistence.logs.size`               | Creates PVC for logs volume with size                        | `8Gi`                           |
 | `persistence.logs.storageClass`       | StorageClass with RWX, Required if PVC is created            | `nil`                           |
-| `volumePermissions.enabled`      | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false`
+| `volumePermissions.enabled`           | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false`    |
 The above parameters map to the env variables defined in [frappe_docker](http://github.com/frappe/frappe_docker). For more information please refer to the [frappe_docker](http://github.com/frappe/frappe_docker) images documentation.
--- a/charts/erpnext/ci/override-values.yaml
+++ b/charts/erpnext/ci/override-values.yaml
@ -0,0 +1,194 @@
 # Default values for erpnext.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 nginxImage:
  repository: docker.io/improwised/erpnext-nginx
  tag: v13.4.1
  pullPolicy: IfNotPresent
  # nginxConfig: |
  #   # custom /etc/nginx/conf.d/default.conf
 pythonImage:
  repository: docker.io/improwised/erpnext-worker
  tag: v13.4.1
  pullPolicy: IfNotPresent
 socketIOImage:
  repository: frappe/frappe-socketio
  tag: v13.4.1
  pullPolicy: IfNotPresent
 redis:
  image:
    repository: bitnami/redis
    tag: 5.0.10-debian-10-r105
    pullPolicy: IfNotPresent
  extraEnv:
    - name: ALLOW_EMPTY_PASSWORD
      value: "yes"
 # Asset Image Env Variables
 frappePyPort: "8000"
 socketIOPort: "9000"
 # upstreamRealIPAddress: "127.0.0.1"
 # upstreamRealIPRecursive: "off"
 # upstreamRealIPHeader: "X-Forwarded-For"
 mariadb:
  enabled: true
  auth:
    rootPassword: mariadb # pragma: allowlist secret
  primary:
    persistence:
      enabled: false
    ## Below, there are some override configs for supporting barracuda engine for Erpnext
    configuration: |-
      [mysql]                                         # override configuration
      default-character-set=utf8mb4                   # override configuration
      [mysqld]
      innodb-file-format=barracuda                    # override configuration
      innodb-file-per-table=1                         # override configuration
      innodb-large-prefix=1                           # override configuration
      character-set-client-handshake=FALSE            # override configuration
      skip-name-resolve
      explicit_defaults_for_timestamp
      basedir=/opt/bitnami/mariadb
      plugin_dir=/opt/bitnami/mariadb/plugin
      port=3306
      socket=/opt/bitnami/mariadb/tmp/mysql.sock
      tmpdir=/opt/bitnami/mariadb/tmp
      max_allowed_packet=16M
      bind-address=0.0.0.0
      pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
      log-error=/opt/bitnami/mariadb/logs/mysqld.log
      character-set-server=utf8mb4                     # override from UTF8
      collation-server=utf8mb4_unicode_ci              # override utf8_general_ci UTF8
      [client]
      port=3306
      socket=/opt/bitnami/mariadb/tmp/mysql.sock
      default-character-set=UTF8
      plugin_dir=/opt/bitnami/mariadb/plugin
      [manager]
      port=3306
      socket=/opt/bitnami/mariadb/tmp/mysql.sock
      pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
 # Python Image Env Variables
 # mariadbHost: "mariadb.mariadb.svc.cluster.local"
 redisQueueHost: ""
 redisCacheHost: ""
 redisSocketIOHost: ""
 # PostgreSQL related variables
 postgresHost: ""
 postgresPort: ""
 # Create secrets
 # dbRootPassword: mariadb
 # Create first site
 createSite:
  enabled: false
  siteName: "erp.cluster.local"
  dbRootUser: "root"
  adminPassword: "admin" # pragma: allowlist secret
  installApps: "erpnext"
  dropSiteOnUninstall: false
 # Ingress
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: erp.cluster.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: auth-server-tls
  #    hosts:
  #      - auth-server.local
 migrateJob:
  # Set this to true to run migrate as part of helm install/upgrade
  enable: true
  backup: true
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
 podSecurityContext:
  supplementalGroups: [1000]
 securityContext:
  capabilities:
    add:
      - all
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 service:
  type: ClusterIP
  port: 80
 # Additional Services
 socketIOService:
  type: ClusterIP
  port: 9000
 redisSocketIOService:
  type: ClusterIP
  port: 11000
 redisQueueService:
  type: ClusterIP
  port: 12000
 redisCacheService:
  type: ClusterIP
  port: 13000
 persistence:
  worker:
    enabled: true
    # existingClaim: ""
    size: 5Gi
    # storageClass: "local-path"
  logs:
    enabled: true
    # existingClaim: ""
    size: 5Gi
    # storageClass: "local-path"
 volumePermissions:
  enabled: true
 resources: {}
  # If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/charts/erpnext/templates/configmap-nginx-config.yaml
+++ b/charts/erpnext/templates/configmap-nginx-config.yaml
@ -0,0 +1,10 @@
 {{- if .Values.nginxImage.nginxConfig }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "erpnext.fullname" . }}-nginx-config
  labels:
    {{- include "erpnext.labels" . | nindent 4 }}
 data:
  default.conf: {{ .Values.nginxImage.nginxConfig | quote }}
 {{- end }}
--- a/charts/erpnext/templates/deployment-erpnext.yaml
+++ b/charts/erpnext/templates/deployment-erpnext.yaml
@ -23,7 +23,7 @@ spec:
      serviceAccountName: {{ include "erpnext.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      {{- if .Values.volumePermissions.enabled }}
+      {{- if and .Values.volumePermissions.enabled .Values.persistence.worker.enabled }}
      initContainers:
        - name: frappe-bench-ownership
          image: quay.io/libpod/alpine:3.2
@ -52,6 +52,10 @@ spec:
            mountPath: /assets
          - name: sites-dir
            mountPath: /var/www/html/sites
          {{- if .Values.nginxImage.nginxConfig }}
          - name: nginx-config
            mountPath: /etc/nginx/conf.d
          {{- end }}
          imagePullPolicy: {{ .Values.nginxImage.pullPolicy }}
          env:
            - name: "FRAPPE_PY"
@ -74,6 +78,10 @@ spec:
            - name: "UPSTREAM_REAL_IP_HEADER"
              value: {{ .Values.upstreamRealIPHeader }}
              {{- end }}
            {{- if .Values.nginxImage.nginxConfig }}
            - name: "SKIP_NGINX_TEMPLATE_GENERATION"
              value: "1"
            {{- end }}
          ports:
            - name: http
              containerPort: 80
@ -94,7 +102,11 @@ spec:
          imagePullPolicy: {{ .Values.pythonImage.pullPolicy }}
          env:
            - name: "MARIADB_HOST"
              {{- if .Values.mariadb.enabled }}
              value: {{ .Release.Name }}-mariadb.{{ .Release.Namespace }}.svc
              {{- else }}
              value: {{ required "A valid .Values.mariadbHost entry required!" (include "erpnext.mariadbHost" .) }}
              {{- end }}
            - name: "REDIS_QUEUE"
              {{- if eq (include "erpnext.redisQueueHost" .) "" }}
              value: {{ include "erpnext.fullname" . }}-redis-queue:{{ .Values.redisQueueService.port }}
@ -115,16 +127,18 @@ spec:
              {{- end }}
            - name: "SOCKETIO_PORT"
              value: {{ .Values.socketIOPort | quote }}
          {{- if .Values.enableProbs }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.frappePyPort }}
-            initialDelaySeconds: 5
+            initialDelaySeconds: 100
            periodSeconds: 10
          readinessProbe:
            tcpSocket:
              port: {{ .Values.frappePyPort }}
-            initialDelaySeconds: 5
+            initialDelaySeconds: 20
            periodSeconds: 10
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
@ -154,6 +168,11 @@ spec:
          {{- else }}
          emptyDir: {}
          {{- end }}
        {{- if .Values.nginxImage.nginxConfig }}
        - name: nginx-config
          configMap:
            name: {{ include "erpnext.fullname" . }}-nginx-config
        {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
--- a/charts/erpnext/templates/deployment-worker-default.yaml
+++ b/charts/erpnext/templates/deployment-worker-default.yaml
@ -38,6 +38,7 @@ spec:
          env:
            - name: "WORKER_TYPE"
              value: "default"
          {{- if .Values.enableProbs }}
          livenessProbe:
            exec:
              command:
@ -46,7 +47,7 @@ spec:
              - "-p"
              - "{{ .Values.postgresHost }}:{{ .Values.postgresPort }}"
              {{- end }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 100
            periodSeconds: 5
          readinessProbe:
            exec:
@ -56,8 +57,9 @@ spec:
              - "-p"
              - "{{ .Values.postgresHost }}:{{ .Values.postgresPort }}"
              {{- end }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 20
            periodSeconds: 5
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
--- a/charts/erpnext/templates/deployment-worker-long.yaml
+++ b/charts/erpnext/templates/deployment-worker-long.yaml
@ -38,6 +38,7 @@ spec:
          env:
            - name: "WORKER_TYPE"
              value: "long"
          {{- if .Values.enableProbs }}
          livenessProbe:
            exec:
              command:
@ -46,7 +47,7 @@ spec:
              - "-p"
              - "{{ .Values.postgresHost }}:{{ .Values.postgresPort }}"
              {{- end }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 100
            periodSeconds: 5
          readinessProbe:
            exec:
@ -56,8 +57,9 @@ spec:
              - "-p"
              - "{{ .Values.postgresHost }}:{{ .Values.postgresPort }}"
              {{- end }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 20
            periodSeconds: 5
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
--- a/charts/erpnext/templates/deployment-worker-short.yaml
+++ b/charts/erpnext/templates/deployment-worker-short.yaml
@ -38,6 +38,7 @@ spec:
          env:
            - name: "WORKER_TYPE"
              value: "short"
          {{- if .Values.enableProbs }}
          livenessProbe:
            exec:
              command:
@ -46,7 +47,7 @@ spec:
              - "-p"
              - "{{ .Values.postgresHost }}:{{ .Values.postgresPort }}"
              {{- end }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 100
            periodSeconds: 5
          readinessProbe:
            exec:
@ -56,8 +57,9 @@ spec:
              - "-p"
              - "{{ .Values.postgresHost }}:{{ .Values.postgresPort }}"
              {{- end }}
-            initialDelaySeconds: 15
+            initialDelaySeconds: 20
            periodSeconds: 5
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
--- a/charts/erpnext/templates/drop-site-job.yaml
+++ b/charts/erpnext/templates/drop-site-job.yaml
@ -0,0 +1,83 @@
 {{- if and (.Values.createSite.dropSiteOnUninstall) (.Values.dbRootPassword) }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "erpnext.fullname" . }}-drop-site
  labels:
    {{- include "erpnext.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded
 spec:
  backoffLimit: 1
  template:
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "erpnext.serviceAccountName" $ }}
      securityContext:
        {{- toYaml $.Values.podSecurityContext | nindent 8 }}
      containers:
      - name: drop-site
        image: "{{ .Values.pythonImage.repository }}:{{ .Values.pythonImage.tag }}"
        args: ["drop"]
        env:
          - name: "SITE_NAME"
            value: "{{ .Values.createSite.siteName }}"
          - name: "DB_ROOT_USER"
            value: "{{ .Values.createSite.dbRootUser }}"
          - name: "MYSQL_ROOT_PASSWORD"
            valueFrom:
              secretKeyRef:
                key:  dbRootPassword
                name: {{ .Release.Name }}-secrets
        securityContext:
          {{- toYaml $.Values.securityContext | nindent 12 }}
        imagePullPolicy: {{ .Values.pythonImage.pullPolicy }}
        volumeMounts:
          - name: sites-dir
            mountPath: /home/frappe/frappe-bench/sites
          - name: logs
            mountPath: /home/frappe/frappe-bench/logs
      restartPolicy: Never
    {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
        - name: sites-dir
          {{- if .Values.persistence.worker.enabled }}
          persistentVolumeClaim:
            {{- if .Values.persistence.worker.existingClaim }}
            claimName: {{ .Values.persistence.worker.existingClaim }}
            {{- else }}
            claimName: {{ template "erpnext.fullname" . }}
            {{- end }}
            readOnly: false
          {{- else }}
          emptyDir: {}
          {{- end }}
        - name: logs
          {{- if .Values.persistence.logs.enabled }}
          persistentVolumeClaim:
            {{- if .Values.persistence.logs.existingClaim }}
            claimName: {{ .Values.persistence.logs.existingClaim }}
            {{- else }}
            claimName: {{ template "erpnext.fullname" . }}-logs
            {{- end }}
            readOnly: false
          {{- else }}
          emptyDir: {}
          {{- end }}
 {{- end }}
--- a/charts/erpnext/templates/ingress.yaml
+++ b/charts/erpnext/templates/ingress.yaml
@ -0,0 +1,40 @@
 {{- if and (.Values.ingress.enabled) (semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion) (.Values.createSite.enabled) -}}
 {{- $fullName := include "erpnext.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ $fullName }}-ingress
  labels:
    {{- include "erpnext.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ .path }}
            pathType: {{ .pathType }}
            backend:
              service:
                name: {{ $fullName }}
                port:
                  number: {{ $svcPort }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/erpnext/templates/job-backup-sites.yaml
+++ b/charts/erpnext/templates/job-backup-sites.yaml
@ -0,0 +1,62 @@
 {{- if .Values.migrateJob.backup }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: backup-sites-{{ template "erpnext.fullname" . }}-{{ date "20060102150405" .Release.Now }}
  labels:
    {{- include "erpnext.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": pre-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded
 spec:
  backoffLimit: 1
  template:
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "erpnext.serviceAccountName" $ }}
      securityContext:
        {{- toYaml $.Values.podSecurityContext | nindent 8 }}
      containers:
      - name: backup
        image: "{{ .Values.pythonImage.repository }}:{{ .Values.pythonImage.tag }}"
        args: ["backup"]
        imagePullPolicy: {{ .Values.pythonImage.pullPolicy }}
        env:
          - name: "WITH_FILES"
            value: "1"
        securityContext:
          {{- toYaml $.Values.securityContext | nindent 12 }}
        volumeMounts:
          - name: sites-dir
            mountPath: /home/frappe/frappe-bench/sites
      restartPolicy: Never
    {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
        - name: sites-dir
          {{- if .Values.persistence.worker.enabled }}
          persistentVolumeClaim:
            {{- if .Values.persistence.worker.existingClaim }}
            claimName: {{ .Values.persistence.worker.existingClaim }}
            {{- else }}
            claimName: {{ template "erpnext.fullname" . }}
            {{- end }}
            readOnly: false
          {{- else }}
          emptyDir: {}
          {{- end }}
 {{- end }}
--- a/charts/erpnext/templates/job-create-site.yaml
+++ b/charts/erpnext/templates/job-create-site.yaml
@ -0,0 +1,96 @@
 {{- if and (.Values.createSite.enabled) (.Values.dbRootPassword) }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ template "erpnext.fullname" . }}-create-site
  labels:
    {{- include "erpnext.labels" . | nindent 4 }}
 spec:
  backoffLimit: 1
  template:
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "erpnext.serviceAccountName" $ }}
      securityContext:
        {{- toYaml $.Values.podSecurityContext | nindent 8 }}
      initContainers:
      - name: populate-assets
        image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
        command: ["/bin/bash", "-c"]
        args:
          - "rsync -a --delete /var/www/html/assets/frappe /assets"
        volumeMounts:
          - name: assets-cache
            mountPath: /assets
      containers:
      - name: create-site
        image: "{{ .Values.pythonImage.repository }}:{{ .Values.pythonImage.tag }}"
        args: ["new"]
        env:
          - name: "SITE_NAME"
            value: "{{ .Values.createSite.siteName }}"
          - name: "DB_ROOT_USER"
            value: "{{ .Values.createSite.dbRootUser }}"
          - name: "MYSQL_ROOT_PASSWORD"
            valueFrom:
              secretKeyRef:
                key:  dbRootPassword
                name: {{ .Release.Name }}-secrets
          - name: "ADMIN_PASSWORD"
            value: "{{ .Values.createSite.adminPassword }}"
          - name: "INSTALL_APPS"
            value: "{{ .Values.createSite.installApps }}"
        securityContext:
          {{- toYaml $.Values.securityContext | nindent 12 }}
        imagePullPolicy: {{ .Values.pythonImage.pullPolicy }}
        volumeMounts:
          - name: sites-dir
            mountPath: /home/frappe/frappe-bench/sites
          - name: assets-cache
            mountPath: /home/frappe/frappe-bench/sites/assets
          - name: logs
            mountPath: /home/frappe/frappe-bench/logs
      restartPolicy: Never
    {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
        - name: assets-cache
          emptyDir: {}
        - name: sites-dir
          {{- if .Values.persistence.worker.enabled }}
          persistentVolumeClaim:
            {{- if .Values.persistence.worker.existingClaim }}
            claimName: {{ .Values.persistence.worker.existingClaim }}
            {{- else }}
            claimName: {{ template "erpnext.fullname" . }}
            {{- end }}
            readOnly: false
          {{- else }}
          emptyDir: {}
          {{- end }}
        - name: logs
          {{- if .Values.persistence.logs.enabled }}
          persistentVolumeClaim:
            {{- if .Values.persistence.logs.existingClaim }}
            claimName: {{ .Values.persistence.logs.existingClaim }}
            {{- else }}
            claimName: {{ template "erpnext.fullname" . }}-logs
            {{- end }}
            readOnly: false
          {{- else }}
          emptyDir: {}
          {{- end }}
 {{- end }}
--- a/charts/erpnext/templates/job-migrate-sites.yaml
+++ b/charts/erpnext/templates/job-migrate-sites.yaml
@ -3,10 +3,20 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: migrate-sites-{{ template "erpnext.fullname" . }}-{{ date "20060102150405" .Release.Now }}
  labels:
    {{- include "erpnext.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": post-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded
 spec:
  backoffLimit: 1
  template:
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ template "erpnext.serviceAccountName" $ }}
      securityContext:
        {{- toYaml $.Values.podSecurityContext | nindent 8 }}
@ -32,17 +42,6 @@ spec:
        volumeMounts:
          - name: assets-cache
            mountPath: /assets
      {{- if .Values.migrateJob.backup }}
      - name: backup
        image: "{{ .Values.pythonImage.repository }}:{{ .Values.pythonImage.tag }}"
        args: ["backup"]
        imagePullPolicy: {{ .Values.pythonImage.pullPolicy }}
        securityContext:
          {{- toYaml $.Values.securityContext | nindent 12 }}
        volumeMounts:
          - name: sites-dir
            mountPath: /home/frappe/frappe-bench/sites
      {{- end }}
      containers:
      - name: migrate
        image: "{{ .Values.pythonImage.repository }}:{{ .Values.pythonImage.tag }}"
@ -61,6 +60,18 @@ spec:
          - name: logs
            mountPath: /home/frappe/frappe-bench/logs
      restartPolicy: Never
    {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
        - name: assets-cache
          emptyDir: {}
--- a/charts/erpnext/templates/pvc.yaml
+++ b/charts/erpnext/templates/pvc.yaml
@ -14,5 +14,7 @@ spec:
  resources:
    requests:
      storage: {{ .Values.persistence.worker.size | quote }}
-  storageClassName: {{ required "A valid .Values.persistence.worker.storageClass entry required!" .Values.persistence.worker.storageClass }}
+  {{- if .Values.persistence.worker.storageClass }}
  storageClassName: {{ .Values.persistence.worker.storageClass }}
  {{- end }}
 {{- end }}
--- a/charts/erpnext/templates/pvc_logs.yaml
+++ b/charts/erpnext/templates/pvc_logs.yaml
@ -14,5 +14,7 @@ spec:
  resources:
    requests:
      storage: {{ .Values.persistence.logs.size | quote }}
-  storageClassName: {{ required "A valid .Values.persistence.logs.storageClass entry required!" .Values.persistence.logs.storageClass }}
+  {{- if .Values.persistence.logs.storageClass }}
  storageClassName: {{ .Values.persistence.logs.storageClass }}
  {{- end }}
 {{- end }}
--- a/charts/erpnext/templates/secret.yaml
+++ b/charts/erpnext/templates/secret.yaml
@ -0,0 +1,9 @@
 {{- if .Values.dbRootPassword }}
 apiVersion: v1
 data:
  dbRootPassword: {{ .Values.dbRootPassword | b64enc | quote }}
 kind: Secret
 metadata:
  name: {{ .Release.Name }}-secrets
 type: Opaque
 {{- end }}
--- a/charts/erpnext/templates/tests/test-connection.yaml
+++ b/charts/erpnext/templates/tests/test-connection.yaml
@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "erpnext.fullname" . }}-test-connection"
  labels:
 {{ include "erpnext.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args:  ['{{ include "erpnext.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
--- a/charts/erpnext/values.yaml
+++ b/charts/erpnext/values.yaml
@ -5,18 +5,20 @@
 replicaCount: 1
 nginxImage:
-  repository: frappe/erpnext-nginx
+  repository: docker.io/improwised/erpnext-nginx
-  tag: v13.0.1
+  tag: v13.4.1
  pullPolicy: IfNotPresent
  # nginxConfig: |
  #   # custom /etc/nginx/conf.d/default.conf
 pythonImage:
-  repository: frappe/erpnext-worker
+  repository: docker.io/improwised/erpnext-worker
-  tag: v13.0.1
+  tag: v13.4.1
  pullPolicy: IfNotPresent
 socketIOImage:
  repository: frappe/frappe-socketio
-  tag: v13.0.2
+  tag: v13.4.1
  pullPolicy: IfNotPresent
 redis:
@ -36,6 +38,46 @@ socketIOPort: "9000"
 # upstreamRealIPRecursive: "off"
 # upstreamRealIPHeader: "X-Forwarded-For"
 mariadb:
  enabled: false
  auth:
    rootPassword: mariadb # pragma: allowlist secret
  primary:
    ## Below, there are some override configs for supporting barracuda engine for Erpnext
    configuration: |-
      [mysql]                                         # override configuration
      default-character-set=utf8mb4                   # override configuration
      [mysqld]
      innodb-file-format=barracuda                    # override configuration
      innodb-file-per-table=1                         # override configuration
      innodb-large-prefix=1                           # override configuration
      character-set-client-handshake=FALSE            # override configuration
      skip-name-resolve
      explicit_defaults_for_timestamp
      basedir=/opt/bitnami/mariadb
      plugin_dir=/opt/bitnami/mariadb/plugin
      port=3306
      socket=/opt/bitnami/mariadb/tmp/mysql.sock
      tmpdir=/opt/bitnami/mariadb/tmp
      max_allowed_packet=16M
      bind-address=0.0.0.0
      pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
      log-error=/opt/bitnami/mariadb/logs/mysqld.log
      character-set-server=utf8mb4                     # override from UTF8
      collation-server=utf8mb4_unicode_ci              # override utf8_general_ci UTF8
      [client]
      port=3306
      socket=/opt/bitnami/mariadb/tmp/mysql.sock
      default-character-set=UTF8
      plugin_dir=/opt/bitnami/mariadb/plugin
      [manager]
      port=3306
      socket=/opt/bitnami/mariadb/tmp/mysql.sock
      pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
 # Python Image Env Variables
 # mariadbHost: "mariadb.mariadb.svc.cluster.local"
@ -47,6 +89,36 @@ redisSocketIOHost: ""
 postgresHost: ""
 postgresPort: ""
 # Create secrets
 # dbRootPassword: admin
 # Create first site
 createSite:
  enabled: false
  siteName: "erp.cluster.local"
  dbRootUser: "root"
  adminPassword: "admin" # pragma: allowlist secret
  installApps: "erpnext"
  dropSiteOnUninstall: false
 # Ingress
 ingress:
  enabled: false
  annotations:
    {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: erp.cluster.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: auth-server-tls
  #    hosts:
  #      - auth-server.local
 migrateJob:
  # Set this to true to run migrate as part of helm install/upgrade
  enable: false
@ -63,10 +135,10 @@ serviceAccount:
 podSecurityContext:
  supplementalGroups: [1000]
-securityContext: {}
+securityContext:
-  # capabilities:
+  capabilities:
-  #   drop:
+    add:
-  #   - ALL
+      - CAP_CHOWN
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
@ -97,15 +169,17 @@ persistence:
    enabled: true
    # existingClaim: ""
    size: 8Gi
-    # storageClass: "nfs"
+    # storageClass: "local-path"
  logs:
    enabled: true
    # existingClaim: ""
    size: 8Gi
-    # storageClass: "nfs"
+    # storageClass: "local-path"
 volumePermissions:
-  enabled: false
+  enabled: true
 enableProbs: true
 resources: {}
  # If you do want to specify resources, uncomment the following
--- a/charts/freeipa/.helmignore
+++ b/charts/freeipa/.helmignore
@ -21,3 +21,4 @@
 .idea/
 *.tmproj
 .vscode/
 ci
--- a/charts/freeipa/Chart.yaml
+++ b/charts/freeipa/Chart.yaml
@ -1,7 +1,8 @@
 apiVersion: v2
 name: freeipa
 description: A Helm chart for Kubernetes
-
+maintainers:
  - name: improwised
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@ -11,12 +12,10 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
--- a/charts/freeipa/ci/override-values.yaml
+++ b/charts/freeipa/ci/override-values.yaml
@ -0,0 +1,96 @@
 # Default values for freeipa.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 hostname: freeipa.example.testy
 image:
  repository: freeipa/freeipa-server
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "centos-8"
 # args:
 #   realm: EXAMPLE.TESTY
 #   domain: example.testy
 #   dspassword: ASDF1poiu2QWER3mnbv4
 #   adminpassword: ASDF1poiu2QWER3mnbv4
 #   nohostdns: true
 #   nontp: true
 #   setupdns: false
 #   autoforwarders: true # if setup dns is true thiw will be applicable
 #   allowzoneoverlap: true # if setup dns is true thiw will be applicable
 #   sshtrustdns: false
 volumestorage: 1Gi
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 podAnnotations: {}
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 service:
  type: ClusterIP
  #clusterIP: 10.43.201.201
  port: 80
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/charts/freeipa/templates/deployment.yaml
+++ b/charts/freeipa/templates/deployment.yaml
@ -42,10 +42,10 @@ spec:
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args:
          - -U
-          - --realm={{ .Values.args.realm }}
+          - --realm={{ default "localhost.com" .Values.args.realm }}
-          - --domain={{ .Values.args.domain }}
+          - --domain={{ default "localhost" .Values.args.domain }}
-          - --ds-password={{ .Values.args.dspassword }}
+          - --ds-password={{ default "freeipa" .Values.args.dspassword }}
-          - --admin-password={{ .Values.args.adminpassword }}
+          - --admin-password={{ default "freeipa" .Values.args.adminpassword }}
          - --unattended
          {{- if .Values.args.nohostdns }}
          - --no-host-dns
@ -92,7 +92,7 @@ spec:
            readOnly: true
          env:
          - name: IPA_SERVER_HOSTNAME
-            value: {{ .Values.hostname }}
+            value: {{ default "localhost" .Values.hostname }}
          readinessProbe:
            exec:
              command: [ "/usr/bin/systemctl", "status", "ipa" ]
--- a/charts/freeipa/values.yaml
+++ b/charts/freeipa/values.yaml
@ -15,8 +15,8 @@ image:
 args:
  realm: EXAMPLE.TESTY
  domain: example.testy
-  dspassword: ASDF1poiu2QWER3mnbv4
+  dspassword: ASDF1poiu2QWER3mnbv4 #pragma: allowlist secret
-  adminpassword: ASDF1poiu2QWER3mnbv4
+  adminpassword: ASDF1poiu2QWER3mnbv4 #pragma: allowlist secret
  nohostdns: true
  nontp: true
  setupdns: false
--- a/charts/healthchecks/.helmignore
+++ b/charts/healthchecks/.helmignore
@ -24,3 +24,4 @@
 *values-override*
 *healthchecks-secret*
 *fleet*
 ci
--- a/charts/healthchecks/Chart.lock
+++ b/charts/healthchecks/Chart.lock
@ -0,0 +1,6 @@
 dependencies:
 - name: postgresql
  repository: https://charts.bitnami.com/bitnami
  version: 9.1.1
 digest: sha256:4949a7dab1ae4d5ba4f6ecf12667c6b720d385d66d97f14af018e864da292cd7
 generated: "2021-05-14T10:33:25.768505088+05:30"
--- a/charts/healthchecks/Chart.yaml
+++ b/charts/healthchecks/Chart.yaml
@ -1,11 +1,10 @@
-version: 1.0.3
+version: 1.0.5
 apiVersion: v2
 name: healthchecks
 description: A Helm chart for Kubernetes
 maintainers:
- email: pratik@improeised.com
+  - email: pratik@improeised.com
    name: praitk
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@ -15,7 +14,6 @@ maintainers:
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
@ -24,9 +22,8 @@ type: application
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 appVersion: 1.16.0
 sources:
- https://github.com/healthchecks/healthchecks
+  - https://github.com/healthchecks/healthchecks
 dependencies:
  - name: postgresql
    version: 9.1.1
--- a/charts/healthchecks/ci/override-values.yaml
+++ b/charts/healthchecks/ci/override-values.yaml
@ -0,0 +1,111 @@
 # Default values for healthchecks.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
  repository: linuxserver/healthchecks
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "amd64-version-v1.16.0"
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 # override site root url (SITE_ROOT env) see below for more details
 # https://github.com/healthchecks/healthchecks
 siterootOverride: ""
 # override site name (SITE_NAME env) see below for more details
 sitenameOverride: ""
 #  for postgres password, email host password, superuser email, superuser password
 existingSecret: false
 #configure SMTP host
 # email:
 #   host:
 #   port: 1025
 #   user: test
 # pass more environment variables, more details below
 #https://github.com/healthchecks/healthchecks#configuration
 # extraenvs:
 #   EMAIL_USE_TLS: "False"
 probs:
  livenessProbe:
    httpGet:
      path: /
      port: http
    initialDelaySeconds: 50
  readinessProbe:
    httpGet:
      path: /
      port: http
    initialDelaySeconds: 50
 service:
  type: ClusterIP
  port: 8000
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 postgresql:
  enabled: false
  persistence:
    enabled: true
  postgresqlDatabase: healthchecks
  postgresqlUsername: healthchecks
  postgresqlPassword: healthchecks #pragma: allowlist secret
 # existingSecret: healthchecks-secret
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 podAnnotations: {}
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/charts/healthchecks/templates/_helpers.tpl
+++ b/charts/healthchecks/templates/_helpers.tpl
@ -50,4 +50,3 @@ Selector labels
 app.kubernetes.io/name: {{ include "healthchecks.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
--- a/charts/healthchecks/templates/configmap.yaml
+++ b/charts/healthchecks/templates/configmap.yaml
@ -14,9 +14,11 @@ data:
  DB_NAME: {{ default "healthckecks" .Values.postgresql.postgresqlDatabase | quote }}
  DB_USER: {{ default "healthckecks" .Values.postgresql.postgresqlUsername | quote }}
  {{- end }}
  {{- if .Values.email.host }}
  EMAIL_HOST: {{ .Values.email.host | quote }}
  EMAIL_PORT: {{ .Values.email.port | quote }}
  EMAIL_HOST_USER: {{ .Values.email.user | quote }}
  {{- end }}
  {{- if .Values.siterootOverride }}
  SITE_ROOT: {{ .Values.siterootOverride | quote }}
  {{- else if .Values.ingress.enabled }}
@ -32,7 +34,7 @@ data:
  SITE_NAME: {{ .Values.sitenameOverride | quote }}
  {{- else }}
  SITE_NAME: "localhost"
-  {{- end}}
+  {{- end }}
  {{- range $key, $val := .Values.extraenvs  }}
  {{ $key }}: {{ $val | quote }}
  {{- end }}
--- a/charts/healthchecks/templates/deployment.yaml
+++ b/charts/healthchecks/templates/deployment.yaml
@ -35,8 +35,9 @@ spec:
          envFrom:
            - configMapRef:
                name: {{ include "healthchecks.fullname" . }}
                optional: true
          env:
-          {{- if or .Values.existingSecret }}
+          {{- if .Values.existingSecret }}
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
--- a/charts/healthchecks/values.yaml
+++ b/charts/healthchecks/values.yaml
@ -21,7 +21,7 @@ siterootOverride: ""
 sitenameOverride: ""
 #  for postgres password, email host password, superuser email, superuser password
-existingSecret: healthchecks-secret
+existingSecret: healthchecks-secret #pragma: allowlist secret
 #configure SMTP host
 email:
@ -39,10 +39,12 @@ probs:
    httpGet:
      path: /
      port: http
    initialDelaySeconds: 50
  readinessProbe:
    httpGet:
      path: /
      port: http
    initialDelaySeconds: 50
 service:
  type: ClusterIP
@ -67,7 +69,7 @@ postgresql:
    enabled: true
  postgresqlDatabase: healthchecks
  postgresqlUsername: healthchecks
-  postgresqlPassword: healthchecks
+  postgresqlPassword: healthchecks #pragma: allowlist secret
 # existingSecret: healthchecks-secret
 resources: {}
--- a/charts/n8n-helm/.helmignore
+++ b/charts/n8n-helm/.helmignore
@ -1,24 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
 ./
--- a/charts/n8n-helm/Chart.yaml
+++ b/charts/n8n-helm/Chart.yaml
@ -1,32 +0,0 @@
 apiVersion: v2
 name: n8n-helm
 description: A Helm chart for n8n on Kubernetes
 type: application
 metadata:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 appVersion: 0.18.0
 icon: https://n8n.io/n8n-logo.png
 keywords:
 - n8n
 - automation
 - nodemation
 - workflow-automatio
 maintainers:
 - email: pratik@improwised.com
  name: pratik-{{ .Release.Name }}
 sources:
 - https://github.com/n8n-io/n8n
 - https://hub.docker.com/_/postgres
 dependencies:
 - condition: postgres.enabled
  name: postgresql
  repository: "@bitnami"
  version: 9.1.1
--- a/charts/n8n-helm/README.md
+++ b/charts/n8n-helm/README.md
@ -1,111 +0,0 @@
 # n8n-helm chart:chart_with_upwards_trend:
 ----
 ![n8n.io - Workflow Automation](https://raw.githubusercontent.com/n8n-io/n8n/master/assets/n8n-logo.png)
 [n8n](https://n8n.io/) is an extendable workflow automation tool. With a fair-code distribution model, n8n will always have visible source code, be available to self-host, and allow you to add your own custom functions, logic and apps. n8n's node-based approach makes it highly versatile, enabling you to connect anything to everything. this is unofficial helm chart of n8n
 ----
 ## Prerequisites
 - Kubernetes 1.12+
 - Helm 3.0+
 - PV provisioner support in the underlying infrastructure
 - ----
 ## Installing the Chart
 To install the chart with the release name `myn8n`:
 ```sh
 $ git clone https://github.com/n8n-helm/n8n-helm.git
 $ helm install myn8n ./n8n-helm
 # to test chart
 $ helm test myn8n
 ```
 These commands deploy n8n on the Kubernetes cluster in the default configuration.
 > **Tip**: List all releases using `helm list`
 ----
 ## Uninstalling the Chart
 To uninstall/delete the `myn8n` deployment:
 ```bash
 $ helm delete myn8n
 ```
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 > **note**: Deleting the release will delete attached PVC containing n8n encryption key. Please be cautious before doing it.
 ----
 ## Parameters
 The following tables lists the configurable parameters of the NGINX Open Source chart and their default values.
 | Parameter| Description| Default|
 |--------------------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------|
 | `global.imageRegistry` | Global Docker image registry | haha |
 | `image.repository` | n8n Image | `n8nio/n8n` | 
 | `image.restartPolicy` | n8n Image restart policy | `Always` | 
 | `image.pullPolicy` | n8n Image pull policy | `IfNotPresent` | 
 | `image.tag` | tag of Image | `latest` | 
 | `nameOverride` | String to partially override n8n.fullname template with a string (will prepend the release name) | `nil` | 
 | `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` |
 | `commonannotations` | Annotations that will added to all the Kubernetes objects | `{}`(evaluated as a template) | 
 | `atuh.enabled` | Enbale basic authentication | `false` |
 | `atuh.n8nAuthUsername`| Basuc Auth username | `nil` |
 | `atuh.n8nAuthPass`| Basuc Auth password | `nil` |
 | `existingSecret`| Name of an existing secrets | `nil` |
 | `networkPolicy.enabled`| creation of NetworkPolicy | `false` |
 | `networkPolicy.explicitNamespacesSelector`| Explicitly Namespaces for Network policy | `{}`(evaluated as a template) |
 | `service.type` | Kubernetes Service type | `ClusterIP` |
 | `service.port` | n8n port | `5678` |
 | `service.annotations` | Annotations for n8n service | `{}`(evaluated as a template) |
 | `testFramework.enabled` | enable n8n connection test | `true` |
 | `persistence.enabled` | Enable persistence using PVC | `true` |
 | `persistence.mountPath` | Path to mount the volume at | `/mnt/n8n/.n8n` |
 | `persistence.accessModes` | PVC Access Mode for n8n volume | `[ReadWriteOnce]` |
 | `persistence.size` | PVC Storage Request for n8n volume | `2Gi` |
 | `ingress.enabled` | Switch to create ingress for n8n deployment | `true` |
 | `ingress.hostname` | hostname for ingress | `nil` |
 | `ingress.tls` | TLS for ingress | `[]`(evaluated as a template) |
 | `ingress.tls.hosts[]` | Array of TLS hosts for ingress record  | `[]` |
 | `ingress.tls.secretName` | TLS secret name | `n8n.local-tls` |
 | `ingress.annotations` | Ingress annotations | `{}`(evaluated as a template) |
 | `ingress.certManager` | Annotations for cert-manager | `true` |
 | `ingress.secrets[]` | Provide own certificates | `nil` |
 | `ingress.secrets[].name` | TLS Secret Name | `nil` |
 | `ingress.secrets[].key` | TLS Secret Key  | `nil` |
 | `ingress.secrets[].certificate` | TLS Secret Name Certificate | `nil` |
 | `resources` | 'CPU/Memory resource requests/limits' | Memory: `500Mi`, CPU: `500Mi`(evaluated as a template) |
 | `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
 | `nodeSelector` | Node labels for pod assignment for n8n deployment | `{}`(evaluated as a template) |
 | `affinity` | Affinity labels for pod assignment for n8n deployment | `{}`(evaluated as a template) |
 | `tolerations` | Toleration labels for pod assignment for n8n deployment | `[]` (evaluated as a template) |
 | `livenessProbe` | livenessProbe for n8n deployment | `{}`(evaluated as a template) |
 | `readinessProbe` | readinessProbe for n8n deployment | `{}`(evaluated as a template) |
 | `postgresql.testFramework.enabled` | enable postgres connection test | `true` |
 | `postgresql.enabled` | (override) enable or disable postgress | `true` |
 | `postgresql.postgresqlUsername` | (override) Postgresql default username | `nodemation` |
 | `postgresql.postgresqlDatabase` | (override) Postgresql default database | `nodemation` |
 | `postgresql.postgresqlPassword` | (override) Postgresql default password for username | `nodemation` |
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 ```bash
 $ helm install myn8n \
  --set imagePullPolicy=Always \
    ./n8n-helm
 ```
 The above command sets the `imagePullPolicy` to `Always`.
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 ```bash
 $ helm install myn8n -f values.yaml ./n8n-helm
 ```
 > **Tip**: You can use the default [values.yaml](values.yaml) or override your own values.yaml
 ----
--- a/charts/n8n-helm/templates/NOTES.txt
+++ b/charts/n8n-helm/templates/NOTES.txt
@ -1,4 +0,0 @@
 1. Wait for 5 second in order to n8n discover and connect to postgress
 2. n8n dashboard URL is http://localhost:5678
--- a/charts/n8n-helm/templates/_helpers.tpl
+++ b/charts/n8n-helm/templates/_helpers.tpl
@ -1,115 +0,0 @@
 {{- define "n8n-helm.common.labels.standard" -}}
 app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 {{- end -}}
 {{/*
 Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
 */}}
 {{- define "n8n-helm.common.labels.matchLabels" -}}
 app.kubernetes.io/name: {{ default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "n8n-helm.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "n8n-helm.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "n8n-helm.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Namespace
 */}}
 {{- define "n8n-helm.namespace" -}}
 {{- default "default" .Values.namespace }}
 {{- end }}
 {{/*
 DB Hostname
 */}}
 {{- define "n8n-helm.dbhost" -}}
 {{ .Release.Name }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local
 {{- end }}
 {{/*
 Return the proper Storage Class
 */}}
 {{- define "n8n-helm.storageClass" -}}
 {{- if .Values.persistence.storageClass -}}
    {{- if (eq "-" .Values.persistence.storageClass) -}}
 {{- printf "storageClassName: \"\"" -}}
    {{- else }}
 {{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
    {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Get the password secret.
 */}}
 {{- define "n8n-helm.secretName" -}}
 {{- if .Values.existingSecret }}
 {{- printf "%s" (tpl .Values.existingSecret $) -}}
 {{- else -}}
 {{- printf "%s-secrets" (include "n8n-helm.fullname" .) -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Renders a value that contains template.
 Usage:
 {{ include "n8n-hem.tplValue" (dict "value" .Values.path.to.the.Value "context" $) }}
 */}}
 {{- define "n8n-hem.tplValue" -}}
    {{- if typeIs "string" .value }}
        {{- tpl .value .context }}
    {{- else }}
        {{- tpl (.value | toYaml) .context }}
    {{- end }}
 {{- end -}}
 {{/*
 Return the appropriate apiVersion for networkpolicy.
 */}}
 {{- define "n8n-helm.networkPolicy.apiVersion" -}}
 {{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
 "extensions/v1beta1"
 {{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
 "networking.k8s.io/v1"
 {{- end -}}
 {{- end -}}
--- a/charts/n8n-helm/templates/configs.yaml
+++ b/charts/n8n-helm/templates/configs.yaml
@ -1,17 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "n8n-helm.fullname" . }}-config
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
    app: {{ template "n8n-helm.fullname" . }}
 data:
  DB_TYPE: postgresdb
  DB_POSTGRESDB_DATABASE: {{ default "postgres" .Values.postgresql.postgresqlDatabase | quote }}
  DB_POSTGRESDB_HOST: {{ template "n8n-helm.dbhost" . }}
  DB_POSTGRESDB_PORT: {{ .Values.postgresql.service.port | quote }}
  DB_POSTGRESDB_USER: {{ default "postgres" .Values.postgresql.postgresqlUsername | quote }}
  {{- if .Values.auth.enable }}
  N8N_BASIC_AUTH_ACTIVE: "true"
  N8N_BASIC_AUTH_USER: {{ default "nodemation" .Values.auth.n8nAuthUsername | quote }}
  {{- end }}
--- a/charts/n8n-helm/templates/deployment.yaml
+++ b/charts/n8n-helm/templates/deployment.yaml
@ -1,87 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "n8n-helm.fullname" . }}-deployment
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
    app: {{ template "n8n-helm.fullname" . }}
 spec:
  replicas: {{ default "1" .Values.replicaCount }}
  selector:
    matchLabels: {{- include "n8n-helm.common.labels.matchLabels" . | nindent 6 }}
      app: {{ template "n8n-helm.fullname" . }}
  template:
    metadata:
      labels:
        {{- include "n8n-helm.common.labels.standard" . | nindent 8 }}
        app: {{ template "n8n-helm.fullname" . }}
      annotations:
        {{- if .Values.commonannotations }}
        {{- range $key, $value := .Values.commonannotations }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- end }} 
    spec:
      {{- if .Values.schedulerName }}
      schedulerName: "{{ .Values.schedulerName }}"
      {{- end }}
      {{- if .Values.nodeSelector }}
      nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
      {{- end }}
      {{- if .Values.affinity }}
      affinity: {{- toYaml .Values.affinity | nindent 8 }}
      {{- end }}
      {{- if .Values.tolerations }}
      tolerations: {{- toYaml .Values.tolerations | nindent 8 }}
      {{- end }}
      restartPolicy: {{ .Values.image.restartPolicy }}
      containers:
      - name: {{ template "n8n-helm.fullname" . }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        {{- if .Values.resources }}
        resources: {{- toYaml .Values.resources | nindent 12 }}
        {{- end }}
        {{- if or .Values.livenessProbe .Values.readinessProbe }}
        ports:
        - name: http
          containerPort: 5678
        {{- end }}
        {{- if .Values.livenessProbe }}
        livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }}
        {{- end }}
        {{- if .Values.readinessProbe }}
        readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }}
        {{- end }}
        command: ["/bin/sh"]
        args: ["-c", "sleep 20; n8n start"]
        env:
        {{- if .Values.auth.enable }}
        - name: N8N_BASIC_AUTH_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ template "n8n-helm.secretName" . }}
              key: n8nAuthPass
        {{- end }}
        {{- if .Values.postgresql.enabled }}
        - name: DB_POSTGRESDB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ template "n8n-helm.secretName" . }}
              key: postgresqlDbPass
        {{- end }}
        envFrom:
        - configMapRef:
            name: {{ template "n8n-helm.fullname" . }}-config
        ports:
        - name: {{ template "n8n-helm.fullname" . }}
          containerPort: {{ .Values.service.port }}
 {{- if .Values.persistence.enabled }}        
        volumeMounts:
        - name: {{ include "n8n-helm.fullname" . }}-data
          mountPath: /root/.n8n
      volumes:
      - name: {{ include "n8n-helm.fullname" . }}-data
        persistentVolumeClaim:
          claimName: {{ include "n8n-helm.fullname" . }}-data
 {{- end }}
--- a/charts/n8n-helm/templates/ingress.yaml
+++ b/charts/n8n-helm/templates/ingress.yaml
@ -1,54 +0,0 @@
 {{- if .Values.ingress.enabled }}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: {{ template "n8n-helm.fullname" . }}-ingress
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
  annotations:
    {{- if .Values.ingress.tls }}
    ingress.kubernetes.io/secure-backends: "true"
    {{- if .Values.ingress.certManager }}
    kubernetes.io/tls-acme: "true"
    {{- end }}
    {{- end }}
    {{- range $key, $value := .Values.ingress.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
    {{- if .Values.commonannotations }}
    {{- range $key, $value := .Values.commonannotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
    {{- end }}     
 spec:
  rules:
  {{- if .Values.ingress.hostname }}
  - host: {{ .Values.ingress.hostname }}
    http:
      paths:
      - path: /
        backend:
          serviceName: "{{ template "n8n-helm.fullname" . }}-service"
          servicePort: {{ .Values.service.port }}
  {{- else }}
  - http:
      paths:
      - path: /
        backend:
          serviceName: "{{ template "n8n-helm.fullname" . }}-service"
          servicePort: {{   .Values.service.port }}
  {{- end }}
  {{- range .Values.ingress.hosts }}
  - host: {{ .name }}
    http:
      paths:
      - path: {{ default "/" .path }}
        backend:
          serviceName: "{{ template "n8n-helm.fullname" . }}-service"
          servicePort: {{ $.Values.service.port }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
 {{ toYaml .Values.ingress.tls | indent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/n8n-helm/templates/networkpolicy.yaml
+++ b/charts/n8n-helm/templates/networkpolicy.yaml
@ -1,44 +0,0 @@
 {{- if .Values.networkPolicy.enabled }}
 kind: NetworkPolicy
 apiVersion: {{ template "n8n-helm.networkPolicy.apiVersion" . }}
 metadata:
  name: {{ template "n8n-helm.fullname" . }}
  labels:
  {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
  annotations: 
    {{- if .Values.commonannotations }}
    {{- range $key, $value := .Values.commonannotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
    {{- end }}
 spec:
  podSelector:
    matchLabels:
    {{- include "n8n-helm.common.labels.matchLabels" . | nindent 6 }}
  ingress:
    - ports:
        - port: 5678
      {{- if not .Values.networkPolicy.allowExternal }}
      from:
        - podSelector:
            matchLabels:
              {{- include "n8n-helm.common.labels.matchLabels" . | nindent 12 }}
          {{- if .Values.networkPolicy.explicitNamespacesSelector }}
          namespaceSelector:
 {{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
          {{- end }}
      {{- end }}
  egress:
    - ports:
        - port: 5678
      {{- if not .Values.networkPolicy.allowExternal }}
      to:
        - podSelector:
            matchLabels:
              {{- include "n8n-helm.common.labels.matchLabels" . | nindent 12 }}
          {{- if .Values.networkPolicy.explicitNamespacesSelector }}
          namespaceSelector:
 {{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }}
          {{- end }}
      {{- end }}
 {{- end }}  
--- a/charts/n8n-helm/templates/pvc.yaml
+++ b/charts/n8n-helm/templates/pvc.yaml
@ -1,17 +0,0 @@
 {{- if .Values.persistence.enabled }}        
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ include "n8n-helm.fullname" . }}-data
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
 spec:
  {{ include "n8n-helm.storageClass" . }}
  accessModes:
  {{- range .Values.persistence.accessModes }}
    - {{ . | quote }}
  {{- end }}
  resources:
    requests:
      storage: {{ .Values.persistence.size | quote }}
 {{- end }}
--- a/charts/n8n-helm/templates/secrets.yaml
+++ b/charts/n8n-helm/templates/secrets.yaml
@ -1,18 +0,0 @@
 {{- if not .Values.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "n8n-helm.fullname" . }}-secrets
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
    app: {{ template "n8n-helm.fullname" . }}
 type: Opaque
 data:
  #DB_POSTGRESDB_PASSWORD
  postgresqlDbPass: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}
  {{- if .Values.auth.enabled }}
  #N8N_BASIC_AUTH_PASSWORD
  n8nAuthPass: {{ default "nodemation" .Values.auth.n8nAuthPass | b64enc | quote }}
  {{- end -}}
 {{- end }}
--- a/charts/n8n-helm/templates/service.yaml
+++ b/charts/n8n-helm/templates/service.yaml
@ -1,23 +0,0 @@
 kind: Service
 apiVersion: v1
 metadata:
  name: {{ template "n8n-helm.fullname" . }}-service
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
    app: {{ template "n8n-helm.fullname" . }}
  annotations: 
    {{- if .Values.service.annotations }}
    {{- include "n8n-hem.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
    {{- end }}
    {{- if .Values.commonannotations }}
    {{- range $key, $value := .Values.commonannotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}    
    {{- end }}
 spec:
  selector: {{- include "n8n-helm.common.labels.matchLabels" . | nindent 4 }}
    app: {{ template "n8n-helm.fullname" . }}
  ports:
  - name: {{ template "n8n-helm.fullname" . }}
    port: {{ default "5678" .Values.service.port }}
    targetPort: {{ default "5678" .Values.service.port }}
--- a/charts/n8n-helm/templates/tests/test-n8n.yaml
+++ b/charts/n8n-helm/templates/tests/test-n8n.yaml
@ -1,21 +0,0 @@
 {{- if .Values.testFramework.enabled }}
 apiVersion: v1
 kind: Pod
 metadata:
  name: n8n-working-test
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: n8n-working-test
      image: "alpine"
      imagePullPolicy: {{ .Values.image.pullPolicy }}
      env:
        - name: N8N_HOST
          value: {{ template "n8n-helm.fullname" . }}-service.default.svc.cluster.local:{{ .Values.service.port }}
      command:
        - /bin/sh
        - -ec
        - sleep 10; apk update; apk add curl; curl -m 10 -s -o /dev/null -I -w "%{http_code}" $N8N_HOST
  restartPolicy: Never
 {{- end }}
--- a/charts/n8n-helm/templates/tests/test-postgres-connection.yaml
+++ b/charts/n8n-helm/templates/tests/test-postgres-connection.yaml
@ -1,29 +0,0 @@
 {{- if .Values.postgresql.testFramework.enabled }}
 apiVersion: v1
 kind: Pod
 metadata:
  name: {{ template "postgresql.fullname" . }}-connection-test
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: {{ template "postgresql.fullname" . }}-connection-test
      image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}"
      imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }}
      env:
        - name: POSTGRES_DB
          value: {{ .Values.postgresql.postgresqlDatabase | quote }}
        - name: POSTGRES_USER
          value: {{ .Values.postgresql.postgresqlUsername | quote }}
        - name: POSTGRES_PASS
          value: {{ .Values.postgresql.postgresqlPassword | quote }}
        - name: POSTGRES_PORT
          value: {{ .Values.postgresql.service.port | quote }}
        - name: POSTGRES_HOST
          value: {{ template "n8n-helm.dbhost" . }}
      command:
        - /bin/bash
        - -ec
        - PGPASSWORD=$POSTGRES_PASS psql -h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER -d $POSTGRES_DB
  restartPolicy: Never
 {{- end }}
--- a/charts/n8n-helm/templates/tls-secrets.yaml
+++ b/charts/n8n-helm/templates/tls-secrets.yaml
@ -1,15 +0,0 @@
 {{- if .Values.ingress.enabled }}
 {{- range .Values.ingress.secrets }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ .name }}
  labels:
    {{- include "n8n-helm.common.labels.standard" . | nindent 4 }}
 type: kubernetes.io/tls
 data:
  tls.crt: {{ .certificate | b64enc }}
  tls.key: {{ .key | b64enc }}
 ---
 {{- end }}
 {{- end }}
--- a/charts/n8n-helm/values.yaml
+++ b/charts/n8n-helm/values.yaml
@ -1,193 +0,0 @@
 # Default values for n8n-helm.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 ## String to partially override n8n-helm.fullname template (will maintain the release name)
 ##
 nameOverride: ""
 ## common annotations
 commonannotations: {}
 ## String to fully override n8n-helm.fullname template
 ##
 fullnameOverride: ""
 image:
  repository: n8nio/n8n
  restartPolicy: Always
  tag: "latest"
  ## Specify a imagePullPolicy
  ## Defaults set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  ##
  pullPolicy: IfNotPresent
 auth:
  # enable the n8n basic auth 
  enabled: false
  ##  Basic Auth username
  ##  Defaults to 'nodemation' if not set
  #n8nAuthUsername: nodemation
  ##  Basic Auth password
  ## Defaults to 'nodemation' if not set
  #n8nAuthPass: nodemation
 ## n8n password using existing secret. which includes n8nAuthPass and 
 ## postgresqlDbPass as key for the respective value
 #existingSecret: myn8n-secrets
 networkPolicy:
  ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
  ##
  enabled: false
  ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
  ## and that match other criteria, the ones that have the good label, can reach the DB.
  ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this
  ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
  ##
  ## Example:
  ## explicitNamespacesSelector:
  ##   matchLabels:
  ##     role: frontend
  ##   matchExpressions:
  ##    - {key: role, operator: In, values: [frontend]}
  explicitNamespacesSelector: {}
 service:
  ## Kubernetes service type
  type: ClusterIP
  ## n8n port 
  port: 5678
  ## add extra annotation for service
  annotations: {}
 testFramework:
  ## Set to true to enable testing of n8n
  enabled: true
 persistence:
  enabled: true
  ## A manually managed Persistent Volume and Claim
  ## The path the volume will be mounted at, useful when using different
  ##
  mountPath: /mnt/n8n/.n8n
  ##Storage class as per your provider
  #storageClass: "-"
  accessModes:
    - ReadWriteOnce
  size: 2Gi
 ingress:
  ## Set to true to enable ingress
  enabled: true
  ## When the ingress is enabled, a host pointing to this will be created if hostname is set. Default it  will point to localhost:80
  #hostname: n8n.local.com
  # If tls is set, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
  ## The tls configuration for the ingress
  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## Uncomment below to enable tls / https for let's encrypt / cert-manager
  ## Set this to true in order to enable TLS on the ingress record
  ## A side effect of this will be that the backend n8n service will be connected at port 443
  #tls:    
  #- hosts:    
  #  - n8n.local
  #  secretName: n8n.local-tls 
  ## Ingress annotations done as key:value pairs
  ## For a full list of possible ingress annotations, please see
  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
  annotations: {}
  ## Set this to true in order to add the corresponding annotations for cert-manager. validate that tls is set 
  #certManager: true
  secrets:
  ## If you're providing your own certificates, please use this to add the certificates as secrets
  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
  ## -----BEGIN RSA PRIVATE KEY-----
  ##
  ## name should line up with a tlsSecret set further up
  ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
  ##
  ## It is also possible to create and manage the certificates outside of this helm chart
  ## Please see README.md for more information
  # - name: n8n.local-tls
  #   key:
  #   certificate:
 ## Configure resource requests and limits
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 ##
 resources:
  requests:
    memory: "500Mi"
    cpu: "500m"
  limits:
    memory: "500Mi"
    cpu: "500m"
 ## Use an alternate scheduler, e.g. "stork".
 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
 ##
 # schedulerName:
 ##
 ## n8n parameters
 ##
 ## Node, affinity, tolerations, and priorityclass settings for pod assignment
 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
 nodeSelector: {}
 affinity: {}
 tolerations: []
 ## Configure extra options for liveness and readiness probes
 ## This is http get  liveness and readiness probes
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
 #livenessProbe:
 #  httpGet:
 #    path: /
 #    port: 5678
 #  initialDelaySeconds: 20
 #  timeoutSeconds: 10
 #  periodSeconds: 5
 #  failureThreshold: 2
 #
 #readinessProbe:
 #  httpGet:
 #    path: /
 #    port: 5678
 #  initialDelaySeconds: 20
 #  timeoutSeconds: 10
 #  periodSeconds: 5
 #  failureThreshold: 2
 postgresql:
  ## enable for testing  postgresql connection
  testFramework:
    enabled: true
  ## by default postgress is enable, Whether to deploy a postgress server to use database to store workflows set enables as per your requirements. 
  enabled: true
  #Below are overriden values for postgres db
  ## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`)
  #postgresqlPostgresPassword: nodemation
  #n8n will connect to postgres using below username if not set then default 'postgres'
  postgresqlUsername: postgres
  #n8n will connect to below postgres databse if not set then default 'postgres'
  postgresqlDatabase: nodemation
  #n8n will connect to postgres using below password if not set then default 'postgres'
  postgresqlPassword: nodemation
--- a/commitlint.config.js
+++ b/commitlint.config.js
@ -0,0 +1,129 @@
 // https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional
 module.exports = {
  parserPreset: 'conventional-changelog-conventionalcommits',
  rules: {
    'body-leading-blank': [1, 'always'],
    'body-max-line-length': [2, 'always', 100],
    'footer-leading-blank': [1, 'always'],
    'footer-max-line-length': [2, 'always', 100],
    'header-max-length': [2, 'always', 100],
    'subject-case': [
      2,
      'never',
      ['sentence-case', 'start-case', 'pascal-case', 'upper-case'],
    ],
    'subject-empty': [2, 'never'],
    'subject-full-stop': [2, 'never', '.'],
    'type-case': [2, 'always', 'lower-case'],
    'type-empty': [2, 'never'],
    'type-enum': [
      2,
      'always',
      [
        'chore',
        'ci',
        'docs',
        'feat',
        'fix',
        'perf',
        'refactor',
        'revert',
        'style',
        'test',
      ],
    ],
  },
  prompt: {
    questions: {
      type: {
        description: "Select the type of change that you're committing:",
        enum: {
          feat: {
            description: 'A new feature',
            title: 'Features',
            emoji: '✨',
          },
          fix: {
            description: 'A bug fix',
            title: 'Bug Fixes',
            emoji: '🐛',
          },
          docs: {
            description: 'Documentation only changes',
            title: 'Documentation',
            emoji: '📚',
          },
          style: {
            description:
              'Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)',
            title: 'Styles',
            emoji: '💎',
          },
          refactor: {
            description:
              'A code change that neither fixes a bug nor adds a feature',
            title: 'Code Refactoring',
            emoji: '📦',
          },
          perf: {
            description: 'A code change that improves performance',
            title: 'Performance Improvements',
            emoji: '🚀',
          },
          test: {
            description: 'Adding missing tests or correcting existing tests',
            title: 'Tests',
            emoji: '🚨',
          },
          ci: {
            description:
              'Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)',
            title: 'Continuous Integrations',
            emoji: '⚙️',
          },
          chore: {
            description: "Other changes that don't modify src or test files",
            title: 'Chores',
            emoji: '♻️',
          },
          revert: {
            description: 'Reverts a previous commit',
            title: 'Reverts',
            emoji: '🗑',
          },
        },
      },
      scope: {
        description:
          'What is the scope of this change (e.g. component or file name)',
      },
      subject: {
        description:
          'Write a short, imperative tense description of the change',
      },
      body: {
        description: 'Provide a longer description of the change',
      },
      isBreaking: {
        description: 'Are there any breaking changes?',
      },
      breakingBody: {
        description:
          'A BREAKING CHANGE commit requires a body. Please enter a longer description of the commit itself',
      },
      breaking: {
        description: 'Describe the breaking changes',
      },
      isIssueAffected: {
        description: 'Does this change affect any open issues?',
      },
      issuesBody: {
        description:
          'If issues are closed, the commit requires a body. Please enter a longer description of the commit itself',
      },
      issues: {
        description: 'Add issue references (e.g. "fix #123", "re #123".)',
      },
    },
  },
 };
--- a/ct.yaml
+++ b/ct.yaml
@ -0,0 +1,13 @@
 remote: origin
 target-branch: introduce-chart-testing
 lint-conf: .ci/lintconf.yaml
 chart-yaml-schema: .ci/chart_schema.yaml
 check-version-increment: false
 chart-dirs:
  - charts
 chart-repos:
  - bitnami=https://charts.bitnami.com/bitnami
  - stable=https://charts.helm.sh/stable
 helm-extra-args: --timeout 500s
 excluded-charts:
  - freeipa
--- a/repositories.yaml
+++ b/repositories.yaml
@ -0,0 +1,19 @@
 apiVersion: ""
 generated: "0001-01-01T00:00:00Z"
 repositories:
  - caFile: ""
    certFile: ""
    insecure_skip_tls_verify: false
    keyFile: ""
    name: bitnami
    password: ""
    url: https://charts.bitnami.com/bitnami
    username: ""
  - caFile: ""
    certFile: ""
    insecure_skip_tls_verify: false
    keyFile: ""
    name: stable
    password: ""
    url: https://charts.helm.sh/stable
    username: ""
--- a/1
+++ b/1
@ -0,0 +1 @@
 b6a1fa5d23969f1d25927bbcbfa87c61abcbd92c
		`@ -1,4 +0,0 @@`

			`1. Wait for 5 second in order to n8n discover and connect to postgress`

			`2. n8n dashboard URL is http://localhost:5678`