repositories:
  - name: gatekeeper
    url: https://open-policy-agent.github.io/gatekeeper/charts
  - name: dapr
    url: https://dapr.github.io/helm-charts/
  - name: bitnami
    url: https://charts.bitnami.com/bitnami
  - name: ratify
    url: ghcr.io/deislabs/ratify-chart-dev # PRERELEASE: Change to 'https://deislabs.github.io/ratify' before copying to helmfile.yaml
    oci: true # PRERELEASE: Remove before copying to helmfile.yaml
    
releases:
  - name: dapr
    namespace: dapr-system
    createNamespace: true
    chart: dapr/dapr
    version: 1.11.1
    wait: true
  - name: gatekeeper
    namespace: gatekeeper-system
    createNamespace: true
    chart: gatekeeper/gatekeeper
    version: 3.14.0
    wait: true
    set:
      - name: enableExternalData
        value: true
      - name: validatingWebhookTimeoutSeconds
        value: 5
      - name: mutatingWebhookTimeoutSeconds
        value: 2
      - name: externaldataProviderResponseCacheTTL
        value: 10s
  - name: redis
    namespace: gatekeeper-system
    createNamespace: true
    chart: bitnami/redis
    version: 17.11.6
    wait: true
    set:
      - name: image.tag
        value: 7.0-debian-11
      - name: replica.replicaCount
        value: 1
      - name: tls.enabled
        value: true
      - name: tls.autoGenerated
        value: true
      - name: tls.authClients
        value: false
  - name: ratify
    namespace: gatekeeper-system
    chart: ratify/ratify
    version: 0-dev # ATTENTION: Needs to match latest in Chart.yaml
    wait: true
    needs:
      - dapr-system/dapr
      - gatekeeper-system/redis
      - gatekeeper-system/gatekeeper
    hooks:
      - events: ["presync"]
        showlogs: true
        command: "bash"
        args:
          - "-c"
          - "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -"
      - events: ["presync"]
        showlogs: true
        command: "kubectl"
        args:
          - "apply"
          - "-f"
          - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
          - "-n"
          - "gatekeeper-system"
      - events: ["presync"]
        showlogs: true
        command: "bash"
        args:
          - "-c"
          - "kubectl apply -f https://deislabs.github.io/ratify/library/default/template.yaml && kubectl apply -f https://deislabs.github.io/ratify/library/default/samples/constraint.yaml"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "-f"
          - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml"
          - "-n"
          - "gatekeeper-system"
          - "--ignore-not-found=true"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "-f"
          - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
          - "-n"
          - "gatekeeper-system"
          - "--ignore-not-found=true"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "-f"
          - "https://deislabs.github.io/ratify/library/default/template.yaml"
          - "--ignore-not-found=true"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "-f"
          - "https://deislabs.github.io/ratify/library/default/samples/constraint.yaml"
          - "--ignore-not-found=true"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "crd"
          - "stores.config.ratify.deislabs.io"
          - "verifiers.config.ratify.deislabs.io"
          - "certificatestores.config.ratify.deislabs.io"
          - "policies.config.ratify.deislabs.io"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "secret"
          - "ratify-tls"
          - "-n"
          - "gatekeeper-system"
    set:
      - name: featureFlags.RATIFY_EXPERIMENTAL_HIGH_AVAILABILITY
        value: true
      - name: featureFlags.RATIFY_CERT_ROTATION
        value: true
      - name: logger.level
        value: debug
      - name: notationCert
        value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
      - name: replicaCount
        value: 2
      - name: provider.cache.type
        value: dapr
      - name: provider.cache.name
        value: dapr-redis