diff --git a/.github/workflows/release-helm.yaml b/.github/workflows/release-helm.yaml new file mode 100644 index 0000000..2e75c3d --- /dev/null +++ b/.github/workflows/release-helm.yaml @@ -0,0 +1,67 @@ +name: Release Helm Chart + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' # Only semantic version tags (v1.2.3) + +permissions: + contents: write # Required for pushing to gh-pages branch + +concurrency: + group: helm-release + cancel-in-progress: false # Queue releases, don't cancel + +jobs: + release-chart: + name: Package and Release Helm Chart + runs-on: ubuntu-latest + + steps: + # T007: Add checkout step with full git history + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Full history for version extraction + + # T008: Add version extraction step + - name: Extract Version from Tag + id: extract_version + run: | + GIT_TAG=${GITHUB_REF##*/} + VERSION=${GIT_TAG##v} + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "Extracted version: $VERSION from tag: $GIT_TAG" + + # T009: Update Chart.yaml with extracted version + - name: Update Chart Version + run: | + sed -i "s/^version:.*/version: ${{ steps.extract_version.outputs.version }}/" helm/supabase-operator/Chart.yaml + sed -i "s/^appVersion:.*/appVersion: \"${{ steps.extract_version.outputs.version }}\"/" helm/supabase-operator/Chart.yaml + echo "Updated Chart.yaml with version ${{ steps.extract_version.outputs.version }}" + + # T010: Add helm lint validation step + - name: Lint Helm Chart + run: | + helm lint helm/supabase-operator + if [ $? -ne 0 ]; then + echo "Helm chart validation failed" + exit 1 + fi + echo "Helm chart validation passed" + + # T011 & T013: Configure stefanprodan/helm-gh-pages action with git user + - name: Publish Helm Chart + uses: stefanprodan/helm-gh-pages@master + with: + token: ${{ secrets.HELM_TOKEN }} + charts_dir: helm + charts_url: https://helm.strrl.dev + owner: STRRL + repository: helm.strrl.dev + branch: gh-pages + app_version: ${{ steps.extract_version.outputs.version }} + chart_version: ${{ steps.extract_version.outputs.version }} + linting: on + commit_username: github-actions[bot] + commit_email: github-actions[bot]@users.noreply.github.com \ No newline at end of file diff --git a/CLAUDE.md b/CLAUDE.md index f63f8f4..a266633 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -30,10 +30,9 @@ Building a Kubernetes operator for deploying and managing self-hosted Supabase i - Follow Kubernetes API conventions ## Recent Changes +- 002-helm-chart-release: Added Go 1.22+ (operator code), YAML (Helm charts/workflows) + GitHub Actions, helm-gh-pages action, Helm 3.x - Initialized Kubebuilder project with domain strrl.dev - Created SupabaseProject API scaffold -- Defined comprehensive data model with status design -- Planned reconciliation strategy based on Rook patterns ## Testing Requirements - Unit tests for reconciliation logic @@ -42,4 +41,8 @@ Building a Kubernetes operator for deploying and managing self-hosted Supabase i - E2E tests for deployment scenarios ## Current Focus -Implementing the SupabaseProject controller with granular status management and component deployment logic. \ No newline at end of file +Implementing the SupabaseProject controller with granular status management and component deployment logic. + +## Active Technologies +- Go 1.22+ (operator code), YAML (Helm charts/workflows) + GitHub Actions, helm-gh-pages action, Helm 3.x (002-helm-chart-release) +- GitHub Pages repository for chart hosting (002-helm-chart-release) diff --git a/specs/002-helm-chart-release/checklists/requirements.md b/specs/002-helm-chart-release/checklists/requirements.md new file mode 100644 index 0000000..5568ada --- /dev/null +++ b/specs/002-helm-chart-release/checklists/requirements.md @@ -0,0 +1,37 @@ +# Specification Quality Checklist: Automated Helm Chart Release + +**Purpose**: Validate specification completeness and quality before proceeding to planning +**Created**: 2025-11-23 +**Feature**: [spec.md](../spec.md) + +## Content Quality + +- [x] No implementation details (languages, frameworks, APIs) +- [x] Focused on user value and business needs +- [x] Written for non-technical stakeholders +- [x] All mandatory sections completed + +## Requirement Completeness + +- [x] No [NEEDS CLARIFICATION] markers remain +- [x] Requirements are testable and unambiguous +- [x] Success criteria are measurable +- [x] Success criteria are technology-agnostic (no implementation details) +- [x] All acceptance scenarios are defined +- [x] Edge cases are identified +- [x] Scope is clearly bounded +- [x] Dependencies and assumptions identified + +## Feature Readiness + +- [x] All functional requirements have clear acceptance criteria +- [x] User scenarios cover primary flows +- [x] Feature meets measurable outcomes defined in Success Criteria +- [x] No implementation details leak into specification + +## Notes + +- All checklist items pass validation +- The specification is complete and ready for planning phase +- No clarifications needed from the user +- The feature scope is well-defined with clear boundaries \ No newline at end of file diff --git a/specs/002-helm-chart-release/contracts/chart-metadata.yaml b/specs/002-helm-chart-release/contracts/chart-metadata.yaml new file mode 100644 index 0000000..d5e5618 --- /dev/null +++ b/specs/002-helm-chart-release/contracts/chart-metadata.yaml @@ -0,0 +1,86 @@ +# Helm Chart Metadata Contract +# This defines the required structure for Chart.yaml +# Location: charts/supabase-operator/Chart.yaml + +# Required Fields +apiVersion: v2 # Required: Helm chart API version (v2 for Helm 3) +name: supabase-operator # Required: Chart name (must be lowercase alphanumeric, - or .) +version: 0.1.0 # Required: SemVer 2 version of the chart + +# Recommended Fields +appVersion: "0.1.0" # Version of the application (quoted to ensure string type) +description: Kubernetes operator for deploying self-hosted Supabase instances # Max 140 characters +type: application # application or library (default: application) + +# Optional Metadata +home: https://github.com/STRRL/supabase-operator # Project home page +sources: # Source code URLs + - https://github.com/STRRL/supabase-operator + +# Maintainers +maintainers: + - name: STRRL # Required if maintainers section exists + email: contact@example.com # Optional + url: https://github.com/STRRL # Optional + +# Search Keywords +keywords: + - supabase + - operator + - kubernetes + - database + - realtime + - authentication + +# Chart Icon +icon: https://raw.githubusercontent.com/STRRL/supabase-operator/main/logo.png # Optional + +# Deprecation Flag +deprecated: false # Optional, default is false + +# Dependencies (Optional) +dependencies: # List of charts this chart depends on + - name: postgresql # Required: Dependency chart name + version: "12.x.x" # Required: Version constraint + repository: https://charts.bitnami.com/bitnami # Required: Repository URL + condition: postgresql.enabled # Optional: Condition for including + tags: # Optional: Tags for grouping + - database + import-values: # Optional: Import values from dependency + - child: postgresql.auth + parent: auth + +# Annotations (Optional) +annotations: + # ArtifactHub Annotations + artifacthub.io/changes: | # Changelog for this version + - kind: added + description: Initial release + artifacthub.io/containsSecurityUpdates: "false" + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | # GPG key for verification + fingerprint: ABCD1234567890 + url: https://raw.githubusercontent.com/STRRL/supabase-operator/main/pgp-key.asc + + # Custom Annotations + example.com/team: platform + example.com/tier: production + +# Validation Rules: +# 1. apiVersion must be "v2" for Helm 3 +# 2. name must match directory name and be valid DNS name +# 3. version must be valid SemVer (without 'v' prefix) +# 4. version must be unique across all releases +# 5. appVersion should be quoted to preserve string format +# 6. description should be concise (recommended < 140 chars) +# 7. URLs in sources, home, icon must be valid and accessible +# 8. dependencies versions must use valid constraints + +# Version Update Contract: +# When releasing new version: +# 1. version field MUST be updated to match git tag (without 'v') +# 2. appVersion SHOULD be updated to match application version +# 3. annotations.artifacthub.io/changes SHOULD be updated with changelog + +# File Encoding: UTF-8 +# Line Endings: LF (Unix-style) \ No newline at end of file diff --git a/specs/002-helm-chart-release/contracts/github-workflow.yaml b/specs/002-helm-chart-release/contracts/github-workflow.yaml new file mode 100644 index 0000000..975ff10 --- /dev/null +++ b/specs/002-helm-chart-release/contracts/github-workflow.yaml @@ -0,0 +1,110 @@ +# GitHub Actions Workflow Contract +# This defines the interface for the Helm release workflow + +name: Release Helm Chart + +# Trigger Contract +on: + push: + tags: + # Pattern: Semantic version tags only + # Format: v{MAJOR}.{MINOR}.{PATCH} + # Examples: v1.0.0, v2.3.1, v0.1.0 + - 'v[0-9]+.[0-9]+.[0-9]+' + +# Permission Contract +permissions: + contents: write # Required for pushing to gh-pages branch + +# Concurrency Contract +concurrency: + group: helm-release + cancel-in-progress: false # Queue releases, don't cancel + +# Environment Contract +env: + CHARTS_DIR: charts + CHART_NAME: supabase-operator + TARGET_REPO: STRRL/helm.strrl.dev + TARGET_BRANCH: gh-pages + +# Job Contract +jobs: + release: + name: Package and Release Helm Chart + runs-on: ubuntu-latest + + # Output Contract + outputs: + chart_version: ${{ steps.version.outputs.version }} + chart_url: ${{ steps.release.outputs.chart_url }} + + steps: + # Step 1: Checkout Contract + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Full history for version extraction + + # Step 2: Version Extraction Contract + - name: Extract Version from Tag + id: version + # Input: GITHUB_REF (refs/tags/v1.2.3) + # Output: version (1.2.3) + run: | + VERSION=${GITHUB_REF#refs/tags/v} + echo "version=$VERSION" >> $GITHUB_OUTPUT + + # Step 3: Chart Update Contract + - name: Update Chart Version + # Input: Chart.yaml at $CHARTS_DIR/$CHART_NAME/Chart.yaml + # Operation: Update version and appVersion fields + # Output: Modified Chart.yaml + run: | + sed -i "s/^version:.*/version: ${{ steps.version.outputs.version }}/" \ + ${{ env.CHARTS_DIR }}/${{ env.CHART_NAME }}/Chart.yaml + sed -i "s/^appVersion:.*/appVersion: \"${{ steps.version.outputs.version }}\"/" \ + ${{ env.CHARTS_DIR }}/${{ env.CHART_NAME }}/Chart.yaml + + # Step 4: Validation Contract + - name: Lint Helm Chart + # Input: Chart at $CHARTS_DIR/$CHART_NAME + # Output: Success/Failure status + # Failure: Stops workflow execution + run: | + helm lint ${{ env.CHARTS_DIR }}/${{ env.CHART_NAME }} + + # Step 5: Release Contract + - name: Package and Publish Chart + id: release + uses: stefanprodan/helm-gh-pages@master + with: + # Authentication + token: ${{ secrets.HELM_REPO_TOKEN }} + + # Source Configuration + charts_dir: ${{ env.CHARTS_DIR }} + + # Target Configuration + owner: STRRL + repository: helm.strrl.dev + branch: ${{ env.TARGET_BRANCH }} + charts_url: https://helm.strrl.dev + + # Version Configuration + chart_version: ${{ steps.version.outputs.version }} + app_version: ${{ steps.version.outputs.version }} + + # Validation + linting: on + + # Git Configuration + commit_username: github-actions[bot] + commit_email: github-actions[bot]@users.noreply.github.com + +# Failure Contract +# On any step failure: +# - Workflow stops immediately +# - No partial release +# - No notification sent (per spec) +# - Failure visible in GitHub Actions UI \ No newline at end of file diff --git a/specs/002-helm-chart-release/contracts/helm-repository-index.yaml b/specs/002-helm-chart-release/contracts/helm-repository-index.yaml new file mode 100644 index 0000000..d567036 --- /dev/null +++ b/specs/002-helm-chart-release/contracts/helm-repository-index.yaml @@ -0,0 +1,95 @@ +# Helm Repository Index Contract +# This defines the structure of the index.yaml file in the gh-pages branch +# Generated by: helm repo index command +# Location: https://helm.strrl.dev/index.yaml + +apiVersion: v1 +generated: "2025-11-23T12:00:00Z" # ISO 8601 timestamp + +entries: + supabase-operator: # Chart name (must match Chart.yaml name field) + # Array of versions, newest first + - apiVersion: v2 # Helm chart API version + + # Required Metadata + name: supabase-operator + version: 0.2.0 # Chart version (SemVer) + appVersion: "0.2.0" # Application version + description: Kubernetes operator for deploying self-hosted Supabase instances + type: application # application or library + + # Maintainers + maintainers: + - name: STRRL + email: strrl@example.com # Optional + url: https://github.com/STRRL # Optional + + # Repository Links + home: https://github.com/STRRL/supabase-operator + sources: + - https://github.com/STRRL/supabase-operator + + # Keywords for Discovery + keywords: + - supabase + - operator + - kubernetes + - postgresql + - realtime + + # Package Information + created: "2025-11-23T12:00:00Z" # Package creation timestamp + digest: sha256:abcd1234... # SHA256 of the .tgz file + urls: + - https://helm.strrl.dev/supabase-operator-0.2.0.tgz + + # Optional Fields + icon: https://example.com/icon.png # Chart icon URL + deprecated: false # Mark if deprecated + annotations: + # Custom annotations + artifacthub.io/changes: | + - Added feature X + - Fixed bug Y + artifacthub.io/signKey: | + fingerprint: ABCD1234 + url: https://example.com/pgp-key.asc + + # Dependencies (if any) + dependencies: + - name: postgresql + version: "12.x.x" + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled # Optional condition + + # Previous version entry + - apiVersion: v2 + name: supabase-operator + version: 0.1.0 + appVersion: "0.1.0" + description: Kubernetes operator for deploying self-hosted Supabase instances + type: application + maintainers: + - name: STRRL + home: https://github.com/STRRL/supabase-operator + sources: + - https://github.com/STRRL/supabase-operator + created: "2025-11-20T10:00:00Z" + digest: sha256:efgh5678... + urls: + - https://helm.strrl.dev/supabase-operator-0.1.0.tgz + +# Index Validation Rules: +# 1. Must be valid YAML +# 2. apiVersion must be "v1" +# 3. Each chart entry must have unique version +# 4. URLs must be absolute and accessible +# 5. Digest must match actual file SHA256 +# 6. Versions should be in descending order (newest first) +# 7. All required fields must be present + +# Generation Command: +# helm repo index . --url https://helm.strrl.dev + +# Update Command (preserving existing entries): +# helm repo index . --url https://helm.strrl.dev --merge index.yaml \ No newline at end of file diff --git a/specs/002-helm-chart-release/data-model.md b/specs/002-helm-chart-release/data-model.md new file mode 100644 index 0000000..7a10ab3 --- /dev/null +++ b/specs/002-helm-chart-release/data-model.md @@ -0,0 +1,177 @@ +# Data Model: Automated Helm Chart Release + +**Feature**: 002-helm-chart-release | **Date**: 2025-11-23 + +## Overview + +This feature primarily involves CI/CD configuration and workflow automation. The data model consists of configuration entities and workflow state rather than traditional database entities. + +## Core Entities + +### 1. GitTag +**Description**: Version tag that triggers the release workflow +**Source**: Git repository tags + +| Field | Type | Validation | Description | +|-------|------|------------|-------------| +| name | string | ^v[0-9]+\.[0-9]+\.[0-9]+$ | Semantic version tag (e.g., v1.2.3) | +| ref | string | refs/tags/* | Full git reference | +| sha | string | [a-f0-9]{40} | Git commit SHA | +| timestamp | datetime | ISO 8601 | Tag creation time | + +### 2. HelmChart +**Description**: Helm chart package to be released +**Source**: charts/supabase-operator/ + +| Field | Type | Validation | Description | +|-------|------|------------|-------------| +| name | string | supabase-operator | Chart name (fixed) | +| version | string | SemVer | Chart version from tag | +| appVersion | string | SemVer | Application version | +| description | string | Max 140 chars | Chart description | +| digest | string | sha256:* | Package checksum | +| created | datetime | ISO 8601 | Package creation time | +| urls | array[string] | Valid URLs | Download locations | + +### 3. ChartRepository +**Description**: GitHub Pages repository hosting charts +**Source**: Configuration + +| Field | Type | Validation | Description | +|-------|------|------------|-------------| +| owner | string | STRRL | Repository owner | +| name | string | helm.strrl.dev | Repository name | +| branch | string | gh-pages | Publishing branch | +| url | string | https URL | Public access URL | +| index | object | Valid YAML | Repository index.yaml | + +### 4. WorkflowRun +**Description**: GitHub Actions workflow execution +**Source**: GitHub Actions API + +| Field | Type | Validation | Description | +|-------|------|------------|-------------| +| id | number | Positive int | Workflow run ID | +| status | enum | queued\|in_progress\|completed | Current status | +| conclusion | enum | success\|failure\|cancelled | Final result | +| trigger | string | Tag name | Triggering tag | +| duration | number | Seconds | Execution time | +| logs_url | string | Valid URL | Logs location | + +### 5. ReleaseConfiguration +**Description**: Static configuration for the release process +**Source**: Workflow file and secrets + +| Field | Type | Validation | Description | +|-------|------|------------|-------------| +| token_name | string | HELM_REPO_TOKEN | Secret name for PAT | +| charts_dir | string | Valid path | Source charts directory | +| target_url | string | https URL | Target repository URL | +| linting | boolean | true/false | Enable chart validation | +| signing | boolean | true/false | Enable chart signing (future) | + +## Relationships + +```mermaid +graph TD + GitTag -->|triggers| WorkflowRun + WorkflowRun -->|packages| HelmChart + HelmChart -->|published to| ChartRepository + ReleaseConfiguration -->|configures| WorkflowRun + ChartRepository -->|contains| HelmChart +``` + +## State Transitions + +### WorkflowRun States +``` +[Tag Push] → queued → in_progress → completed(success) + ↓ + completed(failure) +``` + +### Chart Lifecycle +``` +[Source] → Validated → Packaged → Published → Indexed → Available + ↓ ↓ ↓ + [Failed] [Failed] [Failed] +``` + +## Validation Rules + +### Tag Validation +- MUST match pattern `v[0-9]+.[0-9]+.[0-9]+` +- MUST NOT be duplicate of existing release +- MUST reference valid commit + +### Chart Validation +- MUST pass `helm lint` checks +- MUST contain required metadata fields +- MUST have unique version number +- Chart.yaml version MUST match tag version (without 'v' prefix) + +### Repository Validation +- Target repository MUST exist +- gh-pages branch MUST be initialized +- PAT MUST have write permissions +- Index.yaml MUST be valid Helm repository index + +## Data Flow + +1. **Input**: Developer pushes semantic version tag +2. **Extraction**: Workflow extracts version from tag name +3. **Transformation**: Version applied to Chart.yaml +4. **Packaging**: Helm creates .tgz archive with metadata +5. **Publishing**: Archive pushed to gh-pages branch +6. **Indexing**: Repository index.yaml updated with new version +7. **Output**: Chart available at public URL + +## Storage Locations + +| Data Type | Storage Location | Retention | +|-----------|------------------|-----------| +| Source charts | charts/supabase-operator/ | Permanent | +| Workflow config | .github/workflows/ | Permanent | +| Packaged charts | gh-pages branch | Permanent | +| Repository index | gh-pages/index.yaml | Permanent | +| Workflow logs | GitHub Actions | 90 days | +| Secrets | GitHub Secrets | Until rotated | + +## Security Considerations + +### Sensitive Data +- **PAT Token**: Stored as encrypted GitHub Secret, never exposed in logs +- **GPG Key** (future): Private key for chart signing, stored encrypted + +### Access Control +- Write access to gh-pages branch restricted to workflow +- PAT scoped to minimum required permissions +- Workflow triggered only by authorized tag pushers + +## Error Handling + +| Error Type | Handling | Recovery | +|------------|----------|----------| +| Invalid tag format | Skip workflow | Push correct tag | +| Lint failure | Fail workflow | Fix chart and retag | +| Network failure | Fail workflow | Retry tag push | +| Permission denied | Fail workflow | Fix PAT permissions | +| Concurrent release | Queue execution | Automatic retry | + +## Metrics & Monitoring + +| Metric | Source | Purpose | +|--------|--------|---------| +| Release frequency | Workflow runs | Track release cadence | +| Success rate | Workflow conclusions | Quality indicator | +| Release duration | Workflow timing | Performance tracking | +| Chart downloads | GitHub insights | Adoption metrics | +| Failed releases | Workflow failures | Issue detection | + +## Future Extensions + +1. **Multi-chart support**: Extend model to handle multiple charts +2. **Signing metadata**: Add GPG signature fields +3. **Approval workflow**: Add approval state before publishing +4. **Rollback tracking**: Track rollback operations +5. **Dependency graph**: Model chart dependencies \ No newline at end of file diff --git a/specs/002-helm-chart-release/plan.md b/specs/002-helm-chart-release/plan.md new file mode 100644 index 0000000..73867d8 --- /dev/null +++ b/specs/002-helm-chart-release/plan.md @@ -0,0 +1,98 @@ +# Implementation Plan: Automated Helm Chart Release + +**Branch**: `002-helm-chart-release` | **Date**: 2025-11-23 | **Spec**: [spec.md](spec.md) +**Input**: Feature specification from `/specs/002-helm-chart-release/spec.md` + +**Note**: This template is filled in by the `/speckit.plan` command. See `.specify/templates/commands/plan.md` for the execution workflow. + +## Summary + +Implement automated Helm chart packaging and publishing workflow that triggers on semantic version tags (v*.*.*) and publishes charts to GitHub Pages repository at https://github.com/STRRL/helm.strrl.dev/tree/gh-pages using GitHub Actions and a personal access token for authentication. + +## Technical Context + +**Language/Version**: Go 1.22+ (operator code), YAML (Helm charts/workflows) +**Primary Dependencies**: GitHub Actions, helm-gh-pages action, Helm 3.x +**Storage**: GitHub Pages repository for chart hosting +**Testing**: GitHub Actions workflow validation, Helm chart linting +**Target Platform**: GitHub Actions runners (Ubuntu latest) +**Project Type**: CI/CD workflow for Kubernetes operator +**Performance Goals**: Chart availability within 5 minutes of tag push +**Constraints**: Must fail fast on errors, no notifications required +**Scale/Scope**: Single chart repository, multiple versions + +## Constitution Check + +*GATE: Must pass before Phase 0 research. Re-check after Phase 1 design.* + +### Evaluation Against Core Principles + +- ✅ **Controller Reconciliation Pattern**: N/A - This is CI/CD infrastructure, not controller logic +- ✅ **Custom Resource Definitions First**: N/A - No CRD changes required +- ✅ **Test-First Development**: Will implement workflow tests and chart validation +- ✅ **Structured Status Reporting**: N/A - Using GitHub Actions status reporting +- ✅ **Dependency Integration**: Uses established helm-gh-pages action +- ✅ **Observability**: GitHub Actions provides logs and status visibility +- ✅ **Security and RBAC**: Uses PAT with minimal required permissions + +### Kubernetes Best Practices Assessment + +- ✅ **API Versioning**: N/A - No API changes +- ✅ **Finalizers and Cleanup**: N/A - No resource cleanup needed +- ✅ **Admission Webhooks**: N/A - No webhook changes +- ✅ **Performance**: Workflow designed for fast execution + +### Development Workflow Compliance + +- ✅ **Code Organization**: Follows standard GitHub Actions workflow structure +- ✅ **Documentation**: Will include workflow documentation and chart README +- ✅ **Integration Testing**: Will validate chart installation in CI + +**Gate Status**: ✅ PASSED - No constitution violations + +### Post-Design Re-evaluation + +After completing Phase 1 design: +- ✅ **No new violations introduced**: Design follows CI/CD best practices +- ✅ **Security principles maintained**: PAT with minimal permissions, secrets encryption +- ✅ **Testing incorporated**: Helm lint validation before publishing +- ✅ **Observability preserved**: GitHub Actions provides comprehensive logging +- ✅ **Idempotent operations**: Chart versions are immutable, preventing overwrites + +**Final Gate Status**: ✅ PASSED - Design compliant with constitution + +## Project Structure + +### Documentation (this feature) + +```text +specs/002-helm-chart-release/ +├── plan.md # This file (/speckit.plan command output) +├── research.md # Phase 0 output (/speckit.plan command) +├── data-model.md # Phase 1 output (/speckit.plan command) +├── quickstart.md # Phase 1 output (/speckit.plan command) +├── contracts/ # Phase 1 output (/speckit.plan command) +└── tasks.md # Phase 2 output (/speckit.tasks command - NOT created by /speckit.plan) +``` + +### Source Code (repository root) + +```text +.github/ +├── workflows/ +│ └── release-helm.yaml # GitHub Actions workflow for Helm release +│ +charts/ +└── supabase-operator/ # Existing Helm chart directory + ├── Chart.yaml # Chart metadata (to be updated with version) + ├── values.yaml # Default values + └── templates/ # Kubernetes manifests +``` + +**Structure Decision**: Utilizing existing Helm chart structure in `charts/supabase-operator/` directory and adding new GitHub Actions workflow in `.github/workflows/`. No changes to operator source code required as this is purely CI/CD infrastructure. + +## Complexity Tracking + +> **Fill ONLY if Constitution Check has violations that must be justified** + +*No violations - section not applicable* \ No newline at end of file diff --git a/specs/002-helm-chart-release/quickstart.md b/specs/002-helm-chart-release/quickstart.md new file mode 100644 index 0000000..3ec3664 --- /dev/null +++ b/specs/002-helm-chart-release/quickstart.md @@ -0,0 +1,246 @@ +# Quickstart: Automated Helm Chart Release + +This guide helps you set up automated Helm chart releases for the Supabase Operator. + +## Prerequisites + +- GitHub repository with Helm charts in `charts/` directory +- GitHub account with permissions to: + - Push tags to source repository + - Create Personal Access Token + - Access target repository (STRRL/helm.strrl.dev) + +## Setup Steps + +### 1. Create Personal Access Token + +1. Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic) +2. Click "Generate new token (classic)" +3. Name: `HELM_REPO_TOKEN` +4. Expiration: 90 days (or your preference) +5. Select scopes: + - `repo` (full control of private repositories) + - Or `public_repo` if both repositories are public +6. Generate token and copy it (you won't see it again!) + +### 2. Add Token to Repository Secrets + +1. Navigate to your repository: https://github.com/STRRL/supabase-operator +2. Go to Settings → Secrets and variables → Actions +3. Click "New repository secret" +4. Name: `HELM_REPO_TOKEN` +5. Value: Paste your Personal Access Token +6. Click "Add secret" + +### 3. Create GitHub Actions Workflow + +Create file `.github/workflows/release-helm.yaml`: + +```yaml +name: Release Helm Chart + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +permissions: + contents: write + +concurrency: + group: helm-release + cancel-in-progress: false + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Extract version + id: version + run: | + VERSION=${GITHUB_REF#refs/tags/v} + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Update Chart.yaml + run: | + sed -i "s/^version:.*/version: ${{ steps.version.outputs.version }}/" charts/supabase-operator/Chart.yaml + sed -i "s/^appVersion:.*/appVersion: \"${{ steps.version.outputs.version }}\"/" charts/supabase-operator/Chart.yaml + + - name: Release Chart + uses: stefanprodan/helm-gh-pages@master + with: + token: ${{ secrets.HELM_REPO_TOKEN }} + charts_dir: charts + owner: STRRL + repository: helm.strrl.dev + branch: gh-pages + charts_url: https://helm.strrl.dev + linting: on +``` + +### 4. Prepare Target Repository + +Ensure the target repository exists and is configured: + +1. Repository `STRRL/helm.strrl.dev` must exist +2. Initialize gh-pages branch: + ```bash + git clone https://github.com/STRRL/helm.strrl.dev + cd helm.strrl.dev + git checkout --orphan gh-pages + git rm -rf . + echo "# Helm Charts" > README.md + git add README.md + git commit -m "Initialize gh-pages" + git push origin gh-pages + ``` + +3. Enable GitHub Pages: + - Go to repository Settings → Pages + - Source: Deploy from a branch + - Branch: `gh-pages` / `/ (root)` + - Save + +### 5. Trigger Your First Release + +1. Commit and push the workflow file: + ```bash + git add .github/workflows/release-helm.yaml + git commit -m "Add Helm chart release workflow" + git push origin main + ``` + +2. Create and push a version tag: + ```bash + git tag v0.1.0 + git push origin v0.1.0 + ``` + +3. Monitor the release: + - Go to Actions tab in your repository + - Watch the "Release Helm Chart" workflow + - Check for green checkmark + +4. Verify the release: + - Visit https://helm.strrl.dev + - Check for index.yaml and chart package + +## Usage + +### For Maintainers: Creating a Release + +```bash +# 1. Ensure you're on main branch with latest changes +git checkout main +git pull origin main + +# 2. Create and push a semantic version tag +git tag v1.2.3 +git push origin v1.2.3 + +# 3. Monitor workflow in GitHub Actions +# The chart will be available within 5 minutes +``` + +### For Users: Installing the Chart + +```bash +# Add the Helm repository +helm repo add supabase-operator https://helm.strrl.dev +helm repo update + +# Search for available versions +helm search repo supabase-operator --versions + +# Install the operator +helm install my-supabase supabase-operator/supabase-operator \ + --namespace supabase-system \ + --create-namespace + +# Upgrade to a new version +helm upgrade my-supabase supabase-operator/supabase-operator \ + --namespace supabase-system +``` + +## Troubleshooting + +### Workflow Fails with Permission Denied + +**Issue**: Token doesn't have required permissions +**Solution**: Ensure PAT has `repo` scope and write access to target repository + +### Chart Not Appearing in Repository + +**Issue**: Workflow succeeded but chart not visible +**Solution**: +1. Check gh-pages branch exists in target repo +2. Verify GitHub Pages is enabled +3. Wait for GitHub Pages deployment (can take 10 minutes) + +### Version Conflict + +**Issue**: Version already exists +**Solution**: Charts are immutable - use a new version number + +### Lint Failures + +**Issue**: Helm lint step fails +**Solution**: +1. Run `helm lint charts/supabase-operator` locally +2. Fix reported issues +3. Commit fixes and create new tag + +### Concurrent Release Issues + +**Issue**: Multiple tags pushed simultaneously +**Solution**: Workflow has concurrency control - releases will queue automatically + +## Best Practices + +1. **Test Locally First** + ```bash + helm lint charts/supabase-operator + helm package charts/supabase-operator + ``` + +2. **Use Semantic Versioning** + - MAJOR.MINOR.PATCH (e.g., 1.2.3) + - Increment MAJOR for breaking changes + - Increment MINOR for new features + - Increment PATCH for bug fixes + +3. **Document Changes** + - Update Chart.yaml annotations with changelog + - Create GitHub release with notes + +4. **Monitor Releases** + - Watch GitHub Actions for failures + - Subscribe to workflow notifications + - Test installation after release + +## Security Notes + +- Personal Access Token expires - set calendar reminder for renewal +- Never commit tokens in code +- Rotate tokens if compromised +- Consider using fine-grained PATs for better security + +## Next Steps + +- [ ] Set up chart signing with GPG +- [ ] Add installation tests to workflow +- [ ] Register chart on ArtifactHub +- [ ] Configure release notifications +- [ ] Add changelog generation + +## Links + +- [Workflow File](.github/workflows/release-helm.yaml) +- [Chart Repository](https://helm.strrl.dev) +- [GitHub Actions Runs](https://github.com/STRRL/supabase-operator/actions) +- [Helm Documentation](https://helm.sh/docs/) \ No newline at end of file diff --git a/specs/002-helm-chart-release/research.md b/specs/002-helm-chart-release/research.md new file mode 100644 index 0000000..2fb704b --- /dev/null +++ b/specs/002-helm-chart-release/research.md @@ -0,0 +1,151 @@ +# Research: Automated Helm Chart Release + +**Feature**: 002-helm-chart-release | **Date**: 2025-11-23 + +## Key Decisions + +### 1. GitHub Action Selection +**Decision**: Use `stefanprodan/helm-gh-pages` action +**Rationale**: Mature, well-maintained action specifically designed for Helm charts on GitHub Pages. Handles all packaging, versioning, and index updates automatically. +**Alternatives considered**: +- `helm/chart-releaser-action`: More complex, designed for GitHub Releases rather than Pages +- Custom script: Unnecessary complexity when existing action meets all requirements + +### 2. Workflow Trigger Strategy +**Decision**: Trigger on semantic version tags (v*.*.*) +**Rationale**: Aligns with spec requirement FR-001, ensures deliberate releases, prevents accidental publishing +**Alternatives considered**: +- Push to main branch: Too frequent, would publish incomplete work +- Manual dispatch: Requires human intervention, defeats automation purpose + +### 3. Authentication Method +**Decision**: GitHub Personal Access Token (PAT) stored as secret +**Rationale**: Specified in clarifications, provides necessary permissions for cross-repository push +**Alternatives considered**: +- GITHUB_TOKEN: Insufficient permissions for pushing to external repository +- Deploy keys: More complex setup, PAT is simpler and sufficient + +### 4. Chart Repository Structure +**Decision**: Host on GitHub Pages at https://github.com/STRRL/helm.strrl.dev +**Rationale**: Free hosting, integrated with GitHub, standard approach for Helm charts +**Alternatives considered**: +- ChartMuseum: Requires hosting infrastructure +- ArtifactHub only: Doesn't host charts, only indexes them + +### 5. Version Extraction +**Decision**: Extract version from git tag and apply to Chart.yaml +**Rationale**: Single source of truth for versioning, tag-driven releases +**Alternatives considered**: +- Manual Chart.yaml updates: Prone to inconsistency +- Automated commits: Creates noise in git history + +### 6. Concurrency Control +**Decision**: Implement workflow concurrency group +**Rationale**: Prevents race conditions during simultaneous releases, ensures index.yaml integrity +**Alternatives considered**: +- No control: Risk of corrupted repository index +- Queue all runs: Implemented via cancel-in-progress: false + +### 7. Error Handling +**Decision**: Fail fast with no notifications (per spec clarification) +**Rationale**: Aligns with user preference, GitHub Actions UI shows failures +**Alternatives considered**: +- Email notifications: User explicitly chose "No Notification" +- Slack webhooks: Unnecessary complexity + +## Best Practices Applied + +### GitHub Actions Configuration +- Use `actions/checkout@v4` with `fetch-depth: 0` for full history +- Pin action versions for reproducibility +- Set explicit permissions (`contents: write`) +- Configure git user for commits + +### Helm Chart Publishing +- Validate charts with `helm lint` before publishing +- Maintain all chart versions in repository +- Generate proper index.yaml with chart URLs +- Preserve existing versions (no overwrites) + +### Security Measures +- Store PAT as encrypted secret +- Use minimum required permissions +- Never expose tokens in logs +- Consider chart signing for production (future enhancement) + +### Repository Structure +``` +.github/workflows/release-helm.yaml # Workflow definition +charts/supabase-operator/ # Existing chart location + ├── Chart.yaml # Version updated by workflow + ├── values.yaml + └── templates/ +``` + +### Target Repository Structure (gh-pages) +``` +index.yaml # Repository index +supabase-operator-0.1.0.tgz # Packaged charts +supabase-operator-0.2.0.tgz +... +``` + +## Required GitHub Configuration + +### 1. Personal Access Token Setup +- Create PAT with `repo` scope (for public repository) +- Add as secret `HELM_REPO_TOKEN` in source repository +- Token needs write access to STRRL/helm.strrl.dev repository + +### 2. Target Repository Setup +- Repository `STRRL/helm.strrl.dev` must exist +- Enable GitHub Pages from `gh-pages` branch +- Initialize gh-pages branch if not present + +### 3. Workflow Permissions +- Ensure Actions have write permissions in source repository +- Settings → Actions → General → Workflow permissions → Read and write + +## Implementation Approach + +### Phase 1: Core Workflow +1. Create `.github/workflows/release-helm.yaml` +2. Configure tag pattern matching (v*.*.*) +3. Extract version from tag +4. Update Chart.yaml versions +5. Package and publish using helm-gh-pages action + +### Phase 2: Validation & Testing +1. Add helm lint step +2. Validate chart installation in test namespace +3. Verify repository index generation +4. Test concurrent release handling + +### Phase 3: Documentation +1. Update README with installation instructions +2. Document release process +3. Add troubleshooting guide + +## Risks & Mitigations + +| Risk | Impact | Mitigation | +|------|--------|------------| +| PAT expiration | Release failures | Set expiration reminder, document rotation | +| Concurrent releases | Corrupted index | Concurrency control in workflow | +| Invalid chart syntax | Failed installation | Helm lint validation | +| Target repo unavailable | No release | Fail fast, rely on GitHub status | + +## Future Enhancements + +1. **Chart Signing**: Implement GPG signing for production readiness +2. **Automated Testing**: Add chart installation tests in Kind cluster +3. **Release Notes**: Generate changelog from commit messages +4. **ArtifactHub Integration**: Register chart for better discoverability +5. **Multi-Chart Support**: Extend to support multiple charts if needed + +## References + +- [stefanprodan/helm-gh-pages documentation](https://github.com/stefanprodan/helm-gh-pages) +- [Helm Chart Repository Guide](https://helm.sh/docs/topics/chart_repository/) +- [GitHub Actions workflow syntax](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions) +- [Reference workflow](https://github.com/STRRL/cloudflare-tunnel-ingress-controller/blob/master/.github/workflows/release-helm.yaml) \ No newline at end of file diff --git a/specs/002-helm-chart-release/spec.md b/specs/002-helm-chart-release/spec.md new file mode 100644 index 0000000..d30f2a6 --- /dev/null +++ b/specs/002-helm-chart-release/spec.md @@ -0,0 +1,110 @@ +# Feature Specification: Automated Helm Chart Release + +**Feature Branch**: `002-helm-chart-release` +**Created**: 2025-11-23 +**Status**: Draft +**Input**: User description: "release helm charts to https://github.com/STRRL/helm.strrl.dev/tree/gh-pages, 参考https://github.com/STRRL/cloudflare-tunnel-ingress-controller/blob/master/.github/workflows/release-helm.yaml" + +## Clarifications + +### Session 2025-11-23 + +- Q: Which version tag patterns should trigger the release workflow? → A: Only v*.*.* semantic version tags (e.g., v1.2.3) +- Q: When a chart release fails during the publishing process, how should the system respond? → A: Alert maintainers and stop release +- Q: How should the system authenticate to push charts to the GitHub Pages repository? → A: GitHub personal access token (PAT) +- Q: What should be the name of the Helm chart that users will install? → A: supabase-operator +- Q: How should maintainers be alerted when a chart release fails? → A: No Notification + +## User Scenarios & Testing *(mandatory)* + +### User Story 1 - Automated Chart Publishing on Version Tag (Priority: P1) + +As a maintainer, when I create a new version tag for the Supabase Operator, the Helm charts should be automatically packaged and published to the central Helm repository, making them immediately available for users to install. + +**Why this priority**: This is the core functionality that enables users to consume the operator through Helm. Without automated publishing, users cannot easily install or upgrade the operator, severely limiting adoption and usability. + +**Independent Test**: Can be fully tested by pushing a version tag and verifying the chart appears in the Helm repository with correct version and is installable via standard Helm commands. + +**Acceptance Scenarios**: + +1. **Given** a new semantic version tag (e.g., v1.2.3) is pushed to the repository, **When** the release process triggers, **Then** the Helm chart is packaged with version 1.2.3 and published to the Helm repository +2. **Given** the Helm chart is published, **When** a user adds the repository and searches for charts, **Then** the new version appears in the available charts list +3. **Given** multiple version tags exist, **When** users list available versions, **Then** all published versions are displayed in chronological order + +--- + +### User Story 2 - Chart Installation and Upgrade (Priority: P2) + +As an end user, I want to easily install and upgrade the Supabase Operator using standard Helm commands, with all necessary resources properly configured and deployed. + +**Why this priority**: While publishing is critical (P1), the user experience of actually installing and upgrading is what delivers the value. This ensures the published charts work correctly in real environments. + +**Independent Test**: Can be tested by installing the chart in a test cluster and verifying all operator components deploy successfully and function as expected. + +**Acceptance Scenarios**: + +1. **Given** the Helm repository is added, **When** a user runs the install command, **Then** the operator and all required resources are deployed successfully +2. **Given** an existing installation, **When** a user upgrades to a new version, **Then** the upgrade completes without data loss or service disruption +3. **Given** installation parameters need customization, **When** users provide custom values, **Then** the deployment respects all provided configurations + +--- + +### User Story 3 - Chart Discovery and Documentation (Priority: P3) + +As a potential user, I want to discover available Helm charts, understand their capabilities, and access installation documentation through standard Helm repository interfaces. + +**Why this priority**: Discovery and documentation enhance adoption but are not critical for basic functionality. The operator can function without perfect discoverability, though it impacts user experience. + +**Independent Test**: Can be tested by accessing the Helm repository index and verifying metadata, descriptions, and links to documentation are present and accurate. + +**Acceptance Scenarios**: + +1. **Given** the Helm repository URL, **When** users access the index, **Then** they see chart metadata including description, version, and maintainer information +2. **Given** a published chart, **When** users examine the chart, **Then** they find comprehensive README with installation instructions and configuration options + +--- + +### Edge Cases + +- What happens when a tag is pushed that doesn't follow semantic versioning format v*.*.* (ignored, no release triggered)? +- How does the system handle concurrent releases from multiple tags pushed simultaneously? +- What occurs if the target repository is temporarily unavailable during publishing (stop release, no notification)? +- How are pre-release versions (e.g., v1.0.0-rc1) handled in the repository (not triggered per semantic version pattern)? +- What happens if chart validation fails due to malformed templates (stop release, no notification)? + +## Requirements *(mandatory)* + +### Functional Requirements + +- **FR-001**: System MUST automatically trigger chart packaging only when semantic version tags matching pattern v*.*.* are created +- **FR-002**: System MUST extract version numbers from git tags and apply them to chart versions +- **FR-003**: System MUST publish packaged charts to the designated repository location +- **FR-004**: Charts MUST be accessible via standard Helm repository protocols +- **FR-005**: System MUST maintain an updated index of all available chart versions +- **FR-006**: Each chart version MUST include all necessary templates and dependencies for operator deployment +- **FR-007**: System MUST preserve existing chart versions when publishing new ones +- **FR-008**: Charts MUST include comprehensive metadata (name, version, description, maintainers) +- **FR-009**: System MUST validate chart integrity before publishing +- **FR-010**: Published charts MUST be installable using standard Helm commands without additional configuration +- **FR-011**: System MUST stop the release process when any failure occurs during publishing (no notification required) +- **FR-012**: System MUST authenticate to the GitHub Pages repository using a GitHub personal access token (PAT) +- **FR-013**: The published Helm chart MUST be named "supabase-operator" in the repository index + +### Key Entities + +- **Helm Chart**: Package named "supabase-operator" containing all templates, values, and metadata needed to deploy the Supabase Operator +- **Chart Version**: Specific release of the chart, corresponding to a git tag, with semantic versioning +- **Chart Repository**: Centralized location where all chart versions are stored and indexed for distribution +- **Chart Index**: Metadata file listing all available charts and versions with their locations + +## Success Criteria *(mandatory)* + +### Measurable Outcomes + +- **SC-001**: New chart versions are available for installation within 5 minutes of tag creation +- **SC-002**: 100% of semantic version tags (v*.*.*) result in successfully published and installable charts +- **SC-003**: Users can install the operator with a single Helm command in under 30 seconds +- **SC-004**: Chart repository maintains 99.9% availability for chart downloads +- **SC-005**: All published charts pass validation checks without errors +- **SC-006**: Chart upgrades complete successfully 95% of the time without manual intervention +- **SC-007**: Repository index updates reflect new versions within 1 minute of publishing \ No newline at end of file diff --git a/specs/002-helm-chart-release/tasks.md b/specs/002-helm-chart-release/tasks.md new file mode 100644 index 0000000..8b3354e --- /dev/null +++ b/specs/002-helm-chart-release/tasks.md @@ -0,0 +1,233 @@ +--- + +description: "Task list for implementing automated Helm chart release" +--- + +# Tasks: Automated Helm Chart Release + +**Input**: Design documents from `/specs/002-helm-chart-release/` +**Prerequisites**: plan.md (required), spec.md (required for user stories), research.md, data-model.md, contracts/ + +**Tests**: No test tasks included - specification does not request TDD approach for this CI/CD feature + +**Organization**: Tasks are grouped by user story to enable independent implementation and testing of each story. + +## Format: `[ID] [P?] [Story] Description` + +- **[P]**: Can run in parallel (different files, no dependencies) +- **[Story]**: Which user story this task belongs to (e.g., US1, US2, US3) +- Include exact file paths in descriptions + +## Path Conventions + +- **Workflow**: `.github/workflows/` at repository root +- **Charts**: `charts/supabase-operator/` at repository root +- **Documentation**: Root level `README.md` and `docs/` + +## Phase 1: Setup (Shared Infrastructure) + +**Purpose**: GitHub repository configuration and prerequisite setup + +**Note**: Assumes PAT already exists and will be manually added to repository settings + +- [ ] T001 Verify PAT is added as secret named HELM_TOKEN in repository settings +- [X] T002 [P] Verify target repository STRRL/helm.strrl.dev exists +- [X] T003 [P] Initialize gh-pages branch in STRRL/helm.strrl.dev if not present +- [X] T004 Enable GitHub Pages for STRRL/helm.strrl.dev from gh-pages branch + +--- + +## Phase 2: Foundational (Blocking Prerequisites) + +**Purpose**: No foundational blocking tasks for this feature - workflow is self-contained + +**Note**: This phase is empty as the GitHub Actions workflow does not depend on any operator code changes + +**Checkpoint**: Setup complete - user story implementation can now begin + +--- + +## Phase 3: User Story 1 - Automated Chart Publishing on Version Tag (Priority: P1) 🎯 MVP + +**Goal**: Automatically package and publish Helm charts when semantic version tags are pushed + +**Independent Test**: Push a version tag v1.0.0 and verify chart appears at https://helm.strrl.dev with correct version + +### Implementation for User Story 1 + +- [X] T005 [US1] Create GitHub Actions workflow file at .github/workflows/release-helm.yaml +- [X] T006 [US1] Configure workflow trigger for semantic version tags (v*.*.*) +- [X] T007 [US1] Add checkout step with full git history in workflow +- [X] T008 [US1] Add version extraction step to parse tag into version number +- [X] T009 [US1] Add Chart.yaml update step to apply extracted version +- [X] T010 [US1] Add helm lint validation step in workflow +- [X] T011 [US1] Configure stefanprodan/helm-gh-pages action with required parameters +- [X] T012 [US1] Add concurrency control to prevent race conditions +- [X] T013 [US1] Configure git user for automated commits in workflow +- [ ] T014 [US1] Test workflow by pushing test tag v0.0.1-test + +**Checkpoint**: At this point, charts should automatically publish when version tags are pushed + +--- + +## Phase 4: User Story 2 - Chart Installation and Upgrade (Priority: P2) + +**Goal**: Ensure published charts are properly installable and upgradeable via standard Helm commands + +**Independent Test**: Run `helm repo add` and `helm install` commands to verify chart installation works + +### Implementation for User Story 2 + +- [X] T015 [P] [US2] Update charts/supabase-operator/Chart.yaml with proper metadata +- [X] T016 [P] [US2] Add maintainers section to Chart.yaml +- [X] T017 [P] [US2] Add home and sources URLs to Chart.yaml +- [X] T018 [P] [US2] Add keywords for chart discovery in Chart.yaml +- [X] T019 [US2] Verify charts/supabase-operator/values.yaml has sensible defaults +- [ ] T020 [US2] Test chart installation with helm install command locally +- [ ] T021 [US2] Verify chart upgrade path with helm upgrade command + +**Checkpoint**: Charts can be installed and upgraded successfully via Helm commands + +--- + +## Phase 5: User Story 3 - Chart Discovery and Documentation (Priority: P3) + +**Goal**: Improve chart discoverability and provide comprehensive documentation for users + +**Independent Test**: Access https://helm.strrl.dev/index.yaml and verify metadata is complete and accurate + +### Implementation for User Story 3 + +- [X] T022 [P] [US3] Create charts/supabase-operator/README.md with installation instructions +- [X] T023 [P] [US3] Add description field to Chart.yaml (max 140 chars) +- [X] T024 [P] [US3] Add icon URL to Chart.yaml for visual identification +- [X] T025 [US3] Update root README.md with Helm installation section +- [X] T026 [US3] Add usage examples to charts/supabase-operator/README.md +- [X] T027 [US3] Add configuration options documentation to chart README +- [X] T028 [US3] Create RELEASE.md with instructions for maintainers on creating releases +- [X] T029 [P] [US3] Add annotations for ArtifactHub compatibility in Chart.yaml + +**Checkpoint**: Charts are well-documented and easily discoverable + +--- + +## Phase 6: Polish & Cross-Cutting Concerns + +**Purpose**: Improvements that enhance the overall release process + +- [X] T030 [P] Add troubleshooting section to documentation +- [X] T031 Create GitHub release template for version tags +- [X] T032 [P] Document PAT rotation process for security +- [ ] T033 Test concurrent release scenario with multiple tags +- [X] T034 [P] Add workflow status badge to README.md +- [ ] T035 Validate quickstart.md instructions end-to-end + +--- + +## Dependencies & Execution Order + +### Phase Dependencies + +- **Setup (Phase 1)**: No dependencies - must complete first for PAT and repository configuration +- **Foundational (Phase 2)**: Empty phase - no blocking tasks +- **User Stories (Phase 3+)**: + - User Story 1 depends on Setup completion + - User Stories 2 and 3 can proceed after Setup but benefit from Story 1 completion +- **Polish (Phase 6)**: Depends on all user stories being complete + +### User Story Dependencies + +- **User Story 1 (P1)**: Depends on Setup - Core workflow implementation +- **User Story 2 (P2)**: Can start after Setup - Chart metadata improvements (benefits from US1 for testing) +- **User Story 3 (P3)**: Can start after Setup - Documentation (benefits from US1 & US2 for examples) + +### Within Each User Story + +- User Story 1: Sequential workflow construction (each step builds on previous) +- User Story 2: Chart.yaml updates can be parallel, testing is sequential +- User Story 3: Documentation tasks mostly parallel + +### Parallel Opportunities + +- All Setup tasks marked [P] can run in parallel after T001 +- User Story 2 Chart.yaml updates (T015-T018) can run in parallel +- User Story 3 documentation tasks (T022-T024, T029) can run in parallel +- Polish phase tasks marked [P] can run in parallel + +--- + +## Parallel Example: User Story 2 + +```bash +# Launch all Chart.yaml updates together: +Task: "Update charts/supabase-operator/Chart.yaml with proper metadata" +Task: "Add maintainers section to Chart.yaml" +Task: "Add home and sources URLs to Chart.yaml" +Task: "Add keywords for chart discovery in Chart.yaml" +``` + +--- + +## Parallel Example: User Story 3 + +```bash +# Launch all documentation tasks together: +Task: "Create charts/supabase-operator/README.md with installation instructions" +Task: "Add description field to Chart.yaml (max 140 chars)" +Task: "Add icon URL to Chart.yaml for visual identification" +Task: "Add annotations for ArtifactHub compatibility in Chart.yaml" +``` + +--- + +## Implementation Strategy + +### MVP First (User Story 1 Only) + +1. Complete Phase 1: Setup (T001-T004) +2. Complete Phase 3: User Story 1 (T005-T014) +3. **STOP and VALIDATE**: Test by pushing a version tag +4. Verify chart publishes to https://helm.strrl.dev +5. MVP complete - automated releases working! + +**Total MVP Tasks**: 14 tasks (4 setup + 10 implementation) + +### Incremental Delivery + +1. Complete Setup → Prerequisites ready +2. Add User Story 1 → Test tag push → Automated publishing works (MVP!) +3. Add User Story 2 → Test installation → Charts fully installable +4. Add User Story 3 → Documentation complete → Full user experience +5. Each story adds value without breaking previous functionality + +### Parallel Team Strategy + +With multiple developers: + +1. Developer A: Complete Setup (T001-T004) +2. Once Setup done: + - Developer A: User Story 1 (workflow implementation) + - Developer B: User Story 2 (chart metadata) + - Developer C: User Story 3 (documentation) +3. Stories complete independently and integrate seamlessly + +--- + +## Task Summary + +- **Total Tasks**: 35 +- **Setup Tasks**: 4 +- **User Story 1 Tasks**: 10 (Core workflow - MVP) +- **User Story 2 Tasks**: 7 (Chart quality) +- **User Story 3 Tasks**: 8 (Documentation) +- **Polish Tasks**: 6 +- **Parallel Opportunities**: 15 tasks marked [P] + +## Notes + +- [P] tasks = different files or independent GitHub configurations +- [Story] label maps task to specific user story for traceability +- Each user story is independently testable +- Commit after each task completion +- Test workflow with incremental tags (v0.0.1-test, v0.0.2-test) +- No operator code changes required - purely CI/CD configuration \ No newline at end of file