Release gohoarder 0.0.3

2026-06-08 23:39:59 +00:00 · 2026-01-03 01:03:31 +00:00
parent e46d791173
commit 6c53ba9e2b
7 changed files with 78 additions and 12 deletions
@@ -2,8 +2,8 @@ apiVersion: v2
 name: gohoarder
 description: A universal package cache proxy supporting npm, PyPI, and Go modules with security scanning
 type: application
-version: 0.0.2
-appVersion: "0.0.2"
+version: 0.0.3
+appVersion: "0.0.3"
 keywords:
  - package-manager
  - cache
@@ -26,7 +26,30 @@ spec:
      {{- end }}
      serviceAccountName: {{ include "gohoarder.serviceAccountName" . }}
      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+        fsGroup: 101
+        runAsNonRoot: true
+        runAsUser: 101
+      initContainers:
+      - name: copy-static-files
+        image: "{{ .Values.image.frontend.repository }}:{{ .Values.image.frontend.tag | default .Chart.AppVersion }}"
+        command: ['sh', '-c']
+        args:
+        - |
+          # Copy built frontend files to writable volume
+          cp -rp /usr/share/nginx/html/* /html/
+          # Copy nginx config to writable volume
+          cp -rp /etc/nginx/conf.d/* /conf/
+        volumeMounts:
+        - name: nginx-html
+          mountPath: /html
+        - name: nginx-conf
+          mountPath: /conf
+        securityContext:
+          runAsUser: 101
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
      containers:
      - name: frontend
        securityContext:
@@ -35,6 +58,7 @@ spec:
            drop:
            - ALL
          readOnlyRootFilesystem: false
+          runAsUser: 101
        image: "{{ .Values.image.frontend.repository }}:{{ .Values.image.frontend.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.frontend.pullPolicy }}
        ports:
@@ -64,6 +88,10 @@ spec:
          mountPath: /var/cache/nginx
        - name: nginx-run
          mountPath: /var/run
+        - name: nginx-html
+          mountPath: /usr/share/nginx/html
+        - name: nginx-conf
+          mountPath: /etc/nginx/conf.d
      volumes:
      - name: tmp
        emptyDir: {}
@@ -71,6 +99,10 @@ spec:
        emptyDir: {}
      - name: nginx-run
        emptyDir: {}
+      - name: nginx-html
+        emptyDir: {}
+      - name: nginx-conf
+        emptyDir: {}
      {{- with .Values.frontend.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@@ -42,9 +42,14 @@ spec:
          chown -R 1000:1000 /var/cache/gohoarder /var/lib/gohoarder /tmp/gohoarder
          chmod 750 /var/cache/gohoarder /var/lib/gohoarder
        volumeMounts:
-        {{- include "gohoarder.storageVolume" . | nindent 8 }}
-        {{- include "gohoarder.metadataVolume" . | nindent 8 }}
-        {{- include "gohoarder.trivyCacheVolume" . | nindent 8 }}
+        - name: storage
+          mountPath: /var/cache/gohoarder
+        - name: metadata
+          mountPath: /var/lib/gohoarder/metadata
+        {{- if .Values.security.scanners.trivy.enabled }}
+        - name: trivy-cache
+          mountPath: {{ .Values.security.scanners.trivy.cacheDb }}
+        {{- end }}
        - name: tmp
          mountPath: /tmp/gohoarder
        securityContext:
@@ -39,8 +39,10 @@ spec:
          chown -R 1000:1000 /var/cache/gohoarder /var/lib/gohoarder /tmp/gohoarder
          chmod 750 /var/cache/gohoarder /var/lib/gohoarder
        volumeMounts:
-        {{- include "gohoarder.storageVolume" . | nindent 8 }}
-        {{- include "gohoarder.metadataVolume" . | nindent 8 }}
+        - name: storage
+          mountPath: /var/cache/gohoarder
+        - name: metadata
+          mountPath: /var/lib/gohoarder/metadata
        - name: tmp
          mountPath: /tmp/gohoarder
        securityContext:
@@ -51,17 +51,17 @@ image:
  server:
    repository: ghcr.io/lukaszraczylo/gohoarder-server
    pullPolicy: IfNotPresent
-    tag: "0.0.2"
+    tag: "0.0.3"

  frontend:
    repository: ghcr.io/lukaszraczylo/gohoarder-frontend
    pullPolicy: IfNotPresent
-    tag: "0.0.2"
+    tag: "0.0.3"

  scanner:
    repository: ghcr.io/lukaszraczylo/gohoarder-scanner
    pullPolicy: IfNotPresent
-    tag: "0.0.2"
+    tag: "0.0.3"

 # Service Account
 serviceAccount:
@@ -1,6 +1,33 @@
 apiVersion: v1
 entries:
  gohoarder:
+  - apiVersion: v2
+    appVersion: 0.0.3
+    created: "2026-01-03T01:03:31.232406402Z"
+    description: A universal package cache proxy supporting npm, PyPI, and Go modules
+      with security scanning
+    digest: dde1dfcbb9268689e54d12b12f337c870748392905d2b84f0b218a816d8d6255
+    home: https://github.com/lukaszraczylo/gohoarder
+    icon: https://raw.githubusercontent.com/lukaszraczylo/gohoarder/main/docs/logo.png
+    keywords:
+    - package-manager
+    - cache
+    - proxy
+    - npm
+    - pypi
+    - go-modules
+    - security
+    - vulnerability-scanning
+    maintainers:
+    - email: lukasz@raczylo.com
+      name: Lukasz Raczylo
+    name: gohoarder
+    sources:
+    - https://github.com/lukaszraczylo/gohoarder
+    type: application
+    urls:
+    - https://github.com/lukaszraczylo/helm-charts/releases/download/gohoarder-0.0.3/gohoarder-0.0.3.tgz
+    version: 0.0.3
  - apiVersion: v2
    appVersion: 0.0.2
    created: "2026-01-03T00:29:54.106039869Z"
@@ -1678,4 +1705,4 @@ entries:
    urls:
    - https://github.com/lukaszraczylo/helm-charts/releases/download/kubemirror-0.2.8/kubemirror-0.2.8.tgz
    version: 0.2.8
-generated: "2026-01-03T00:29:54.104537639Z"
+generated: "2026-01-03T01:03:31.230925033Z"