Added helm unit tests.

Author: pantierra

.github/workflows/cicd.yaml

@@ -50,3 +50,19 @@ jobs:
           path: |
             htmlcov/
             coverage.xml
+
+  helm-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Helm install
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+      - run: helm lint helm
+      - name: Helm unit tests
+        uses: d3adb5/helm-unittest-action@v2
+        with:
+          helm-version: latest
+          charts: helm/

helm/README.md

@@ -1,82 +1,9 @@
 # STAC Auth Proxy Helm Chart
 
-A Helm chart for deploying [STAC Auth Proxy](https://developmentseed.org/stac-auth-proxy) on Kubernetes.
+For documentation, see [Kubernetes Deployment](https://developmentseed.org/stac-auth-proxy/user-guide/kubernetes).
 
-## Overview
-
-This chart deploys a reverse proxy that adds authentication and authorization capabilities to your STAC API using OpenID Connect (OIDC).
-
-## Prerequisites
-
-- Kubernetes 1.19+
-- Helm 3.0+
-- An OIDC provider (e.g., Keycloak, Auth0, Google, etc.)
-- A STAC API backend
-
-## Installation
+## Local Installation
 
 ```bash
-helm install stac-auth-proxy ./stac-auth-proxy \
-  --set env.UPSTREAM_URL=https://your-stac-api.example.com \
-  --set env.OIDC_DISCOVERY_URL=https://your-oidc-provider.example.com/.well-known/openid-configuration \
-  --set ingress.host=stac-proxy.example.com
-```
-
-## Configuration
-
-### Required Values
-
-| Parameter | Description |
-|-----------|-------------|
-| `env.UPSTREAM_URL` | URL of the upstream STAC API |
-| `env.OIDC_DISCOVERY_URL` | OpenID Connect discovery URL |
-| `ingress.host` | Hostname for the ingress |
-
-### Common Configurations
-
-See [`values.yaml`](./values.yaml) for all available configuration options, including:
-
-- **Authentication**: Configure OIDC settings and endpoint protection
-- **Resources**: Set CPU/memory limits and requests
-- **Ingress**: Configure TLS, annotations, and hostname
-- **Security**: Pod and container security contexts
-
-### Example: Custom Values File
-
-```yaml
-# custom-values.yaml
-image:
-  tag: "v1.0.0"
-
-ingress:
-  host: "my-stac-api.example.com"
-
-env:
-  UPSTREAM_URL: "https://stac-api.internal:8080"
-  OIDC_DISCOVERY_URL: "https://my-auth.example.com/.well-known/openid-configuration"
-  DEFAULT_PUBLIC: false
+helm install stac-auth-proxy ./helm
 ```
-
-Install with custom values:
-
-```bash
-helm install stac-auth-proxy ./stac-auth-proxy -f custom-values.yaml
-```
-
-## Upgrading
-
-```bash
-helm upgrade stac-auth-proxy ./stac-auth-proxy -f custom-values.yaml
-```
-
-## Uninstalling
-
-```bash
-helm uninstall stac-auth-proxy
-```
-
-## Documentation
-
-For more information about STAC Auth Proxy features and configuration:
-- [Project Documentation](https://developmentseed.org/stac-auth-proxy)
-- [GitHub Repository](https://github.com/developmentseed/stac-auth-proxy)

helm/tests/deployment_test.yaml

@@ -0,0 +1,51 @@
+suite: test deployment
+templates:
+  - deployment.yaml
+tests:
+  - it: should create deployment with correct name
+    set:
+      env.UPSTREAM_URL: "https://example.com"
+      env.OIDC_DISCOVERY_URL: "https://example.com/.well-known/openid-configuration"
+    asserts:
+      - isKind:
+          of: Deployment
+      - matchRegex:
+          path: metadata.name
+          pattern: ^RELEASE-NAME-stac-auth-proxy$
+
+  - it: should set replica count
+    set:
+      replicaCount: 3
+      env.UPSTREAM_URL: "https://example.com"
+      env.OIDC_DISCOVERY_URL: "https://example.com/.well-known/openid-configuration"
+    asserts:
+      - equal:
+          path: spec.replicas
+          value: 3
+
+  - it: should set required environment variables
+    set:
+      env.UPSTREAM_URL: "https://stac-api.example.com"
+      env.OIDC_DISCOVERY_URL: "https://auth.example.com/.well-known/openid-configuration"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: UPSTREAM_URL
+            value: "https://stac-api.example.com"
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: OIDC_DISCOVERY_URL
+            value: "https://auth.example.com/.well-known/openid-configuration"
+
+  - it: should use correct image
+    set:
+      image.repository: "custom/repo"
+      image.tag: "v1.2.3"
+      env.UPSTREAM_URL: "https://example.com"
+      env.OIDC_DISCOVERY_URL: "https://example.com/.well-known/openid-configuration"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: "custom/repo:v1.2.3"

helm/tests/service_test.yaml

@@ -0,0 +1,36 @@
+suite: test service
+templates:
+  - service.yaml
+tests:
+  - it: should create service with correct name
+    set:
+      env.UPSTREAM_URL: "https://example.com"
+      env.OIDC_DISCOVERY_URL: "https://example.com/.well-known/openid-configuration"
+    asserts:
+      - isKind:
+          of: Service
+      - matchRegex:
+          path: metadata.name
+          pattern: ^RELEASE-NAME-stac-auth-proxy$
+
+  - it: should use ClusterIP by default
+    set:
+      env.UPSTREAM_URL: "https://example.com"
+      env.OIDC_DISCOVERY_URL: "https://example.com/.well-known/openid-configuration"
+    asserts:
+      - equal:
+          path: spec.type
+          value: ClusterIP
+
+  - it: should expose correct port
+    set:
+      service.port: 8000
+      env.UPSTREAM_URL: "https://example.com"
+      env.OIDC_DISCOVERY_URL: "https://example.com/.well-known/openid-configuration"
+    asserts:
+      - equal:
+          path: spec.ports[0].port
+          value: 8000
+      - equal:
+          path: spec.ports[0].targetPort
+          value: http