feat: initial commit

.envrc

@@ -0,0 +1,2 @@
+nix_direnv_watch_file "./nix/env.nix" "./nix/fmt.nix" "./nix/packages.nix" "./nix/shells.nix" "./nix/pre-commit.nix" "./flake.nix"
+use flake

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/deployment.yaml

@@ -0,0 +1,31 @@
+name: CI-CD
+
+on:
+  push:
+
+jobs:
+  precommit:
+    name: Pre-commit Check
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Run pre-commit
+        run: nix develop .#ci -c ./scripts/ci/pre-commit.sh
+
+  release:
+    name: Semantic Release
+    needs:
+      - precommit
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: rlespinasse/github-slug-action@v3.x
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: nix develop .#releaser -c scripts/ci/release.sh

.gitignore

@@ -0,0 +1,8 @@
+.direnv
+.task
+.pre-commit-config.yaml
+.idea
+.env
+dist
+debug.yaml
+.DS_Store

.gitlint

@@ -0,0 +1,6 @@
+[general]
+contrib=CT1
+ignore=B6
+
+[contrib-title-conventional-commits]
+types = action,chore,config,docs,feat,fix,release,upstream

README.MD

@@ -0,0 +1,13 @@
+# Sulfoxide Helium
+
+Helm chart to deploy ArgoCD to AtomiCloud's Infrastructure as the deployment platform. This is purely client-side deploy
+and is not handled by any server-side automation.
+
+## Prerequisites
+- nix
+- direnv
+- docker
+
+## Helm Docs
+
+You can view the helm documentation generated at [helm-docs](./chart/README.md)

Taskfile.yml

@@ -0,0 +1,30 @@
+version: "3"
+
+env:
+  RELEASE_NAME: argocd
+
+includes:
+  suicune:opal-ruby:
+    taskfile: tasks/Taskfile.cluster.yaml
+    vars:
+      LANDSCAPE: suicune
+      CLUSTER: opal-ruby
+
+tasks:
+  # Utility
+  start:cluster:
+    desc: Starts the playground cluster to test helm charts
+    cmds:
+      - ./scripts/local/create-k3d-cluster.sh
+
+  stop:cluster:
+    desc: Destroys the playground cluster to test helm charts
+    cmds:
+      - ./scripts/local/delete-k3d-cluster.sh
+
+  # Helm Operations
+  update:
+    desc: Update Helm dependencies
+    dir: chart
+    cmds:
+      - helm dependency update

atomi_release.yaml

@@ -0,0 +1,141 @@
+gitlint: .gitlint
+
+conventionMarkdown:
+  path: docs/developer/CommitConventions.md
+  template: |
+    ---
+    id: commit-conventions
+    title: Commit Conventions
+    ---
+    var___convention_docs___
+keywords:
+  - BREAKING CHANGE
+  - BREAKING CHANGES
+  - BREAKING
+
+branches:
+  - main
+
+specialScopes:
+  no-release:
+    desc: Prevent release from happening
+    release: false
+
+plugins:
+  - module: "@semantic-release/changelog"
+    config:
+      changelogFile: Changelog.md
+  - module: "@semantic-release/exec"
+    config:
+      prepareCmd: ./scripts/ci/publish.sh ${nextRelease.version}
+  - module: "@semantic-release/git"
+    config:
+      message: "release: ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      assets:
+        - chart/**/*.*
+        - Changelog.md
+  - module: "semantic-release-major-tag"
+    config:
+      customTags:
+        - "v${major}"
+        - "v${major}.${minor}"
+  - module: "@semantic-release/github"
+
+# Helm
+types:
+  - type: upstream
+    desc: "Changes from dependencies upstream"
+    section: 📦 Upstreams Changes
+    scopes:
+      default:
+        desc: Generic update from upstream dependencies
+        release: "minor"
+    vae:
+      verb: update upstream
+      application: <scope>, <title>
+      example: "upstream(mysql): from v5.7 to v8.0"
+
+  - type: config
+    desc: "Changes to configuration files and scripts"
+    scopes:
+      default:
+        desc: Updates the configuration of the repository, not related to the other scopes
+        release: false
+      lint:
+        desc: Add, update or remove linters
+        release: false
+      fmt:
+        desc: Add, updatge or remove formatters
+        release: false
+      build:
+        desc: Add, update or change build pipelines and generators
+        release: false
+      nix:
+        desc: Add, update or change nix shell
+        release: false
+      env:
+        desc: Add, update or change environment
+        release: false
+      ignore:
+        desc: Add, update or change ignore configurations
+        release: false
+      ci:
+        desc: Add, update or change CI configuration files
+        release: false
+    vae:
+      verb: configure
+      application: <scope> to <title>
+      example: "config(ci): setup nix before executing"
+
+  - type: release
+    desc: Initiate a release (machine initiated)
+    scopes:
+      default:
+        desc: Machine initiated release
+        release: false
+
+  - type: docs
+    section: 📝 Documentation Updates
+    desc: Documentation only changes
+    scopes:
+      default:
+        desc: Update generic documentation file
+        release: false
+    vae:
+      verb: add
+      application: <scope> documention <title>
+      example: "docs(developer): on how to install dependency packages"
+  - type: feat
+    section: 🚀 New Features
+    desc: A new feature
+    vae:
+      verb: add
+      application: <scope> <title>
+      example: "feat(rapid): new withdraw api"
+    scopes:
+      default:
+        desc: Release a new features
+        release: minor
+  - type: action
+    desc: Imperative action, mainly changing the values files
+    scopes:
+      default:
+        desc: Imperative action, mainly changing the values files
+        release: false
+  - type: fix
+    section: 🐛 Bug Fixes
+    desc: A bug fix
+    vae:
+      verb: fix
+      application: <title>
+      example: "fix(rapid): deposit api for rapid"
+    scopes:
+      default:
+        desc: Generic fixes
+        release: patch
+  - type: chore
+    desc: Menial Tasks
+    scopes:
+      default:
+        desc: Menial Tasks
+        release: false

chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: argo-cd
+  repository: https://argoproj.github.io/argo-helm
+  version: 5.42.0
+digest: sha256:2b7ee3fa38fe1cd3ca600ad8490d1afca76594777292613b9bc77e1243d251f2
+generated: "2023-07-30T19:44:55.403863+08:00"

chart/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: atomi-deployment-platform
+description: AtomiCloud's Deployment Platform via ArgoCD
+
+type: application
+
+version: 1.0.0
+
+appVersion: "5.42.0"
+
+dependencies:
+  - name: argo-cd
+    version: 5.42.0
+    repository: https://argoproj.github.io/argo-helm

chart/README.md

@@ -0,0 +1,76 @@
+# atomi-deployment-platform
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.42.0](https://img.shields.io/badge/AppVersion-5.42.0-informational?style=flat-square)
+
+AtomiCloud's Deployment Platform via ArgoCD
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://argoproj.github.io/argo-helm | argo-cd | 5.42.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| admin | bool | `true` |  |
+| applicationWait | bool | `true` |  |
+| argo-cd.configs.cm.create | bool | `false` |  |
+| argo-cd.configs.params.create | bool | `false` |  |
+| argo-cd.dex.enabled | bool | `false` |  |
+| argo-cd.global.logging.format | string | `"json"` |  |
+| argo-cd.global.logging.level | string | `"info"` |  |
+| auth.external.enable | bool | `true` |  |
+| auth.external.policy.creation | string | `"Owner"` |  |
+| auth.external.policy.deletion | string | `"Retain"` |  |
+| auth.external.refreshInterval | string | `"1h"` |  |
+| auth.external.remoteSecretName | string | `"/suicune/github/credentials"` |  |
+| auth.external.secretStore.kind | string | `"ClusterSecretStore"` |  |
+| auth.external.secretStore.name | string | `"aws-ssm-secret-store"` |  |
+| auth.internal.enable | bool | `false` |  |
+| auth.internal.password | string | `""` |  |
+| auth.internal.type | string | `""` |  |
+| auth.internal.url | string | `""` |  |
+| auth.internal.username | string | `""` |  |
+| auth.secretName | string | `"argo-cd-creds"` |  |
+| connector.clusters | object | `{}` |  |
+| connector.policy | object | `{"creation":"Owner","deletion":"Retain"}` | Secret policy |
+| connector.policy.creation | string | `"Owner"` | Creation policy |
+| connector.policy.deletion | string | `"Retain"` | Deletion policy |
+| connector.secretStore.kind | string | `"ClusterSecretStore"` | Kind of the Secret Store: ClusterSecretStore or SecretStore |
+| connector.secretStore.name | string | `"awsssm-store"` | Name of the Secret Store |
+| exec | bool | `true` |  |
+| helm | bool | `true` |  |
+| jsonnet | bool | `true` |  |
+| kustomize | bool | `true` |  |
+| otelAddress | string | `""` |  |
+| projects.bootstrap.desc | string | `"Bootstrap Project used to setup the cluster"` |  |
+| rbac.clientID | string | `""` |  |
+| rbac.enable | bool | `true` |  |
+| rbac.group | string | `"https://atomi.cloud/roles"` |  |
+| rbac.issuer | string | `"https://atomicloud-internal.jp.auth0.com/"` |  |
+| rbac.name | string | `"Atomi"` |  |
+| rbac.requestedScopes[0] | string | `"openid"` |  |
+| rbac.requestedScopes[1] | string | `"profile"` |  |
+| rbac.requestedScopes[2] | string | `"email"` |  |
+| rbac.requestedScopes[3] | string | `"https://atomi.cloud/roles"` |  |
+| serviceTree.cluster | string | `"opal"` |  |
+| serviceTree.landscape | string | `"suicune"` |  |
+| serviceTree.module | string | `"argocd"` |  |
+| serviceTree.platform | string | `"systems"` |  |
+| serviceTree.service | string | `"deployment-platform"` |  |
+| sso.external.enable | bool | `true` |  |
+| sso.external.policy.creation | string | `"Owner"` |  |
+| sso.external.policy.deletion | string | `"Retain"` |  |
+| sso.external.refreshInterval | string | `"1h"` |  |
+| sso.external.remoteSecretName | string | `"/suicune/auth0/client_secret"` |  |
+| sso.external.secretStore.kind | string | `"ClusterSecretStore"` |  |
+| sso.external.secretStore.name | string | `"aws-ssm-secret-store"` |  |
+| sso.internal.enable | bool | `false` |  |
+| sso.internal.secret | string | `""` |  |
+| sso.secretName | string | `"argo-cd-sso-secret"` |  |
+| url | string | `"https://deploy.atomi.cloud"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.1](https://github.com/norwoodj/helm-docs/releases/v1.11.1)

chart/templates/NOTES.txt

@@ -0,0 +1 @@
+Installed AtomiCloud's ArgoCD