1.4.4

.github/workflows/chart-ci.yaml

@@ -1,173 +1,15 @@
-name: Chart CI
+name: redcap-helmchart-ci
+run-name: Helm Chart CI triggered by @${{ github.actor }}
 
 on:
   push:
     branches:
       - "dev"
-      - "main"
-
-jobs: 
-  lint-test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/[email protected]
-        with:
-          version: v3.14.4
-
-      - name: Add Helm repositories
-        run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-
-      - name: Setup Helm plugins
-        run: |
-          helm plugin install https://github.com/jtyr/kubeconform-helm
-
-      - name: Setup Polaris
-        run: |
-          mkdir -p .local/bin
-          curl -s https://api.github.com/repos/FairwindsOps/polaris/releases/latest | \
-            jq '.assets[] | select(.name=="polaris_linux_amd64.tar.gz")'.browser_download_url | \
-            xargs curl -s -L | \
-          tar xvz -C .local/bin polaris
-          echo "$PWD/.local/bin" >> $GITHUB_PATH
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.x'
-          check-latest: true
-
-      - name: Set up chart-testing
-        uses: helm/[email protected]
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: |
-          ct lint --target-branch ${{ github.event.repository.default_branch }}
-
-      - name: Run chart-testing (kubeconform)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: |
-          helm kubeconform ./charts/redcap --output json --kubernetes-version "1.24.0" --strict --summary
-
-      - name: Run chart-testing (polaris)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: |
-          polaris audit \
-            --only-show-failed-tests \
-            --set-exit-code-below-score=80 \
-            --set-exit-code-on-danger=true \
-            --helm-chart ./charts/redcap \
-            --helm-values ./charts/redcap/tests/values.yaml \
-            --format=pretty \
-            --color=true
-
-      - name: Create kind cluster
-        if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/[email protected]
-
-      - name: Run chart-testing (install)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --target-branch ${{ github.event.repository.default_branch }}
-
-  generate-doc-schema:
-    needs: lint-test
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
-    - name: Cache chart dir
-      id: cache-dir
-      uses: actions/cache@v4
-      with:
-        path: charts
-        key: ${{ github.sha }}-redcap-chart
-
-    - name: Helm-docs
-      uses: losisin/[email protected]
-      with:
-        chart-search-root: ./charts/redcap
-        values-file : ./values.yaml
-        output-file: ./README.md
-        template-files: ./README.md.gotpl
-        sort-values-order: file
-
-    - name: Generate values schema json
-      uses: losisin/[email protected]
-      with:
-        input: ./charts/redcap/values.yaml
-        output: ./charts/redcap/values.schema.json
-
-
-  release:
-    needs: generate-doc-schema
-    permissions:
-      contents: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Cache chart dir
-        id: cache-dir
-        uses: actions/cache@v4
-        with:
-          path: charts
-          key: ${{ github.sha }}-redcap-chart
-
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "[email protected]"
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Add Helm repositories
-        run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-
-      ### DEV specific steps ###
-      - name: Add release suffix - DEV
-        if: github.ref == 'refs/heads/dev'
-        run: |
-          yq -i '.version |= . + "-dev"' charts/redcap/Chart.yaml
-
-      - name: Run chart-releaser - DEV
-        if: github.ref == 'refs/heads/dev'
-        uses: helm/[email protected]
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: false
-
-      ### PROD specific steps ###
-      - name: Run chart-releaser - MAIN
-        if: github.ref == 'refs/heads/main'
-        uses: helm/[email protected]
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-        with:
-          skip_existing: true
-          mark_as_latest: true
+    tags:
+      - "v*.*.*"
+
+jobs:
+  aphp-chart-ci-workflow:
+    uses: aphp/ci-workflows/.github/workflows/chart-ci.yml@dev
+    with:
+      chart-dir: "charts/redcap"

LICENSE

@@ -200,4 +200,4 @@
    See the License for the specific language governing permissions and
    limitations under the License.
 
-[2023 - 2024] [REDCap Helm Chart] © Assistance Publique – Hôpitaux de Paris. 
+[2023 - 2025] [REDCap Helm Chart] © Assistance Publique – Hôpitaux de Paris. 

README.md

@@ -1,10 +1,13 @@
-# `aphp/redcap-helmchart`
+# APHP - REDCap Helm Chart
+
+[![redcap-helmchart-ci](https://github.com/aphp/redcap-helmchart/actions/workflows/chart-ci.yaml/badge.svg)](https://github.com/aphp/redcap-helmchart/actions/workflows/chart-ci.yaml)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/aphp-redcap)](https://artifacthub.io/packages/search?repo=aphp-redcap)
 
 ## Presentation
 
-This repository hosts the REDCap Helm Chart developped by the Greater Paris University Hospitals (`APHP` in French - Assistance Publique des Hôpitaux de Paris). This Chart allows for a cloud-natuve and cloud-agnostic deployment of REDCap, a secure web application for building and managing online surveys and databases.
+This repository hosts the REDCap Helm Chart developed by the Greater Paris University Hospitals (`APHP` in French - Assistance Publique des Hôpitaux de Paris). This Chart allows for a cloud-native and cloud-agnostic deployment of REDCap, a secure web application for building and managing online surveys and databases.
 
-REDCap is devopped by the Vanderbilt University and **is not provided by this Chart or any of its dependencies.**
+REDCap is developed by the Vanderbilt University and **is not provided by this Chart or any of its dependencies.**
 If you wish to use REDCap and are not sure where to start, you may visit the dedicated [REDCap Community Site](https://projectredcap.org/resources/community/).
 
 This Chart aims to provide with an easy way to retrieve the REDcap application from the official server (using your consortium member's credentials), and deploying it in a standard Kubernetes cluster, be it on-premise or in a managed cloud environment.
@@ -32,7 +35,7 @@ The documentation of the Chart can be found in its [README file](./charts/redcap
 ## How can I test it?
 
 In the [example directory](./examples/), there several subdirectories containing documented examples according to your needs. 
-- If you want to quicly boot-up a local/test environement, you can start by looking at the [local example](./examples/local/)
+- If you want to quickly boot-up a local/test environment, you can start by looking at the [local example](./examples/local/)
 - If you want to start deploying a more stable and secure environment, you can have a look at the [production example](./examples/production/)
 
 ## Lifecycle management
@@ -41,13 +44,13 @@ Here are a few important notions to keep in mind to efficiently manage a REDCap
 
 ### Init Job
 
-If you choose to automatically install REDCap using your community credentials whith this chart, an Kubernetes Job called `init-job` will be automatically fired during the chart's installation process, in order to call the `/install.php` script, with the `auto=1` parameter. This is a convenience script allowing a fresh REDCap installation to be readily available once the chart is installed.
+If you choose to automatically install REDCap using your community credentials with this chart, an Kubernetes Job called `init-job` will be automatically fired during the chart's installation process, in order to call the `/install.php` script, with the `auto=1` parameter. This is a convenience script allowing a fresh REDCap installation to be readily available once the chart is installed.
 
 **Note** : The auto-install feature doesn't fully configure the REDCap installation, hence you'll need to do those post-installation actions in the REDCap Control Center as soon as possible : 
 - Set the `REDCap base URL`
 - Set the `Local Server File Storage` path to `/edocs`
 - Set an authentication method
-- Checks that the CronJobs were called (you can manually lauch one if the Kubernetes CronJob dedicated to this task hasn't run yet)
+- Checks that the CronJobs were called (you can manually launch one if the Kubernetes CronJob dedicated to this task hasn't run yet)
 - Launch the `Configuration Check`
 
 ### Administration Cronjob
@@ -82,7 +85,7 @@ kubectl -n redcap create job manual-backup-job --from cronjob/redcap-backup-job
 
 The name of your namespace as well as the name of the jobs may vary depending your installation's configuration and the name you gave to your Helm release.
 
-**Note** : The backup process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, kepe in mind that this process is not official and may contains flaws or limitations, alhough it has been battle-tested on our end several times.
+**Note** : The backup process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, keep in mind that this process is not official and may contains flaws or limitations, although it has been battle-tested on our end several times.
 
 ### Restoration Job
 
@@ -91,7 +94,7 @@ With the backup process, a restoration job has also been set up. It does the rev
 - Restores the  `redcap` directory, which contains the application
 - Restores the database dump
 
-In order to have a job template ready to be fired on-demand, a dedicated Kubernetes CronJob has been created to this end, called `restore-cronjob`. It never runs (you woudn't want to have your data periodically erased by a restore process ;)), but it allows to run a restore process from the latest backup at any time, just with the `kubectl` command : 
+In order to have a job template ready to be fired on-demand, a dedicated Kubernetes CronJob has been created to this end, called `restore-cronjob`. It never runs (you wouldn't want to have your data periodically erased by a restore process ;)), but it allows to run a restore process from the latest backup at any time, just with the `kubectl` command : 
 
 ```sh
 kubectl -n redcap create job manual-restore-job --from cronjob/redcap-restore-job
@@ -101,7 +104,7 @@ The name of your namespace as well as the name of the jobs may vary depending yo
 
 You'll need to enable and configure the CronJob in the chart's parameters in order to use it (see the [chart's documentation](./charts/redcap/README.md)).
 
-**Note** : The restore process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, kepe in mind that this process is not official and may contains flaws or limitations, alhough it has been battle-tested on our end several times.
+**Note** : The restore process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, keep in mind that this process is not official and may contains flaws or limitations, although it has been battle-tested on our end several times.
 
 ## General questions
 
@@ -111,7 +114,7 @@ You'll need to enable and configure the CronJob in the chart's parameters in ord
 
 - *What REDCap feature can I use?*
 
-  This Chart aims to deploy REDCap in an evironment that looks 'familiar' for the application, so you should be able to use any feature you'd use in a more traditional context.
+  This Chart aims to deploy REDCap in an environment that looks 'familiar' for the application, so you should be able to use any feature you'd use in a more traditional context.
   At the Greater Paris University Hospitals, we're using this chart in production for more than a year on several projects. It is possible though that with time, new versions of REDCap will need extra dependencies to be available on the PHP FPM server. If it's the case, the corresponding container image will be released.
 
 - *How secure is it?*
@@ -120,7 +123,7 @@ You'll need to enable and configure the CronJob in the chart's parameters in ord
 
 - *How can I update it?*
 
-  We recommend to setup your REDCap installtion using the default method stated [in the examples](./examples/), that is to provide the chart with your REDCap Community credentials via a Secret. You can then simply use the REDCap "one click update" feature to update your installation via the Control Center. 
+  We recommend to setup your REDCap installation using the default method stated [in the examples](./examples/), that is to provide the chart with your REDCap Community credentials via a Secret. You can then simply use the REDCap "one click update" feature to update your installation via the Control Center. 
 
 - *How can I manage backups?*
 
@@ -130,14 +133,14 @@ You'll need to enable and configure the CronJob in the chart's parameters in ord
 
   You can override the initContainer in charge of retrieving the REDCap application, and add as many other initContainers you like to build your own retrieval logic. It might take some time to get into the logic, but you can help yourself with the few snippets presents [in the example directory](./examples/snippets/).
 
-## Continous Integration / Continous Delivery
+## Continuous Integration / Continuous Delivery
 
 This project contains a Github Workflow, which will :
-- Lint the Chart unsing `helm ct`
+- Lint the Chart using `helm ct`
 - Verify the generated Kubernetes resources using `Kubeconform`
-- Scan the Chart for anti-patterns and securoty issues using `Polaris`  
+- Scan the Chart for anti-patterns and security issues using `Polaris`  
 - Validates the Chart deployment on `KinD` using `helm ct`
-- Package en release the chart on Hithub using `helm-cr`
+- Package en release the chart on Github using `helm-cr`
 
 ## How can I contribute?
 

SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Security Updates are currently concerning the following versions :
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.4.x   | :white_check_mark: |
+
+
+## Reporting a Vulnerability
+
+If you wish to report any security issues, please write an email to one of the persons listed as maintainers in the [Chart description file](./charts/redcap/Chart.yaml).

artifacthub-repo.yaml

@@ -0,0 +1,15 @@
+# Artifact Hub repository metadata file
+#
+# Some settings like the verified publisher flag or the ignored packages won't
+# be applied until the next time the repository is processed. Please keep in
+# mind that the repository won't be processed if it has not changed since the
+# last time it was processed. Depending on the repository kind, this is checked
+# in a different way. For Helm http based repositories, we consider it has
+# changed if the `index.yaml` file changes. For git based repositories, it does
+# when the hash of the last commit in the branch you set up changes. This does
+# NOT apply to ownership claim operations, which are processed immediately.
+#
+repositoryID: 29f4e806-a427-4e69-af5d-c9021a302988
+owners: # (optional, used to claim repository ownership)
+  - name: kzgrzendek
+    email: [email protected]

charts/redcap/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: redcap
-version: 1.4.3
+version: 1.4.4
 appVersion: 14.5.25
 kubeVersion: '>= 1.24.0-0'
 description: A Helm chart to deploy REDCap on a Kubernetes cluster.

charts/redcap/README.md

@@ -128,7 +128,7 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | redcap.adminJob | object | `{"image":{"imagePullSecrets":[],"pullPolicy":"Always","repository":"ghcr.io/aphp/redcap-fastcgi-client","tag":"1.1.0"},"resources":{},"schedule":"0 * * * *"}` | REDCap Administration Job's settings |
-| redcap.adminJob.schedule | string | `"0 * * * *"` | Schedule of the Admin Job, which runs every hours by default. This job is nedded to refresh REDCap administrative's data. |
+| redcap.adminJob.schedule | string | `"* * * * *"` | Schedule of the Admin Job, which runs every minute by default. This job is nedded to refresh REDCap administrative's data. |
 | redcap.adminJob.image.repository | string | `"ghcr.io/aphp/redcap-fastcgi-client"` | Image of the Admin Job. Must be and FCGI Client capable to query REDCap's pod(s). |
 | redcap.adminJob.image.tag | string | `"1.1.0"` | Tag of the Admin Job's image. |
 | redcap.adminJob.image.pullPolicy | string | `"Always"` | PullPolicy of the Admin Job's image. |

charts/redcap/templates/cronjobs/admin-cronjob.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     {{- include "redcap.adminJob.labels" . | nindent 4 }}
 spec:
-  schedule: {{ .Values.redcap.adminJob.schedule }}
+  schedule: {{ .Values.redcap.adminJob.schedule | quote }}
   successfulJobsHistoryLimit: 3
   failedJobsHistoryLimit: 1
   jobTemplate:

charts/redcap/templates/cronjobs/backup-cronjob.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     {{- include "redcap.backupJob.labels" . | nindent 4 }}
 spec:
-  schedule: {{ .Values.backupJob.schedule }}
+  schedule: {{ .Values.backupJob.schedule | quote }}
   successfulJobsHistoryLimit: 3
   failedJobsHistoryLimit: 1
   jobTemplate:

charts/redcap/templates/cronjobs/restore-cronjob.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     {{- include "redcap.restoreJob.labels" . | nindent 4 }}
 spec:
-  schedule: {{ .Values.restoreJob.schedule }}
+  schedule: {{ .Values.restoreJob.schedule | quote }}
   suspend: true # We don't want the restore Job to run on a scheduled basis, but we still want the convenience to have that job templated correctly, ready to be manually fired from the JobTemplate inside that Cronjob.
   successfulJobsHistoryLimit: 3
   failedJobsHistoryLimit: 1