wireapp · alexandreferris · Jun 24, 2026 · Jun 24, 2026 · Jun 24, 2026
@@ -0,0 +1,9 @@
+apiVersion: v2
+name: githubapp
+description: Wire Github-App - A Helm chart for deploying the Wire Github app
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
+home: https://github.com/wireapp/github-app
+maintainers:
+  - name: Wire Integrations Team
@@ -0,0 +1,5 @@
+## Deployment notes
+
+Helm charts are here, while values for each environment are in the `argocd-integrations` repo.
+
+That repo uses ArgoCD with an ImageUpdater to trigger deploys when new images are published.
@@ -0,0 +1,54 @@
+Wire Github-App has been deployed successfully!
+
+DEPLOYMENT INFORMATION:
+{{- if .Values.persistence.enabled }}
+- Persistent storage: {{ .Values.persistence.size }} ({{ .Values.persistence.storageClass | default "default" }} storage class)
+{{- end }}
+- Health checks: Startup, liveness, and readiness probes configured
+- Resource limits: {{ .Values.resources.limits.cpu }} CPU, {{ .Values.resources.limits.memory }} memory
+- Service: {{ .Values.service.type }} on port {{ .Values.service.port }} -> {{ .Values.service.targetPort }}
+
+MONITORING & DEBUGGING:
+
+1. Check application status:
+   kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "githubapp.name" . }}
+
+2. View application logs:
+   kubectl logs -f deployment/{{ include "githubapp.fullname" . }} -n {{ .Release.Namespace }}
+
+3. Access health endpoint:
+{{- if contains "ClusterIP" .Values.service.type }}
+   kubectl port-forward -n {{ .Release.Namespace }} svc/{{ include "githubapp.fullname" . }} 8080:{{ .Values.service.port }}
+   # Then visit: http://localhost:8080/health
+{{- else if contains "NodePort" .Values.service.type }}
+   export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "githubapp.fullname" . }})
+   export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+   # Visit: http://$NODE_IP:$NODE_PORT/health
+{{- else if contains "LoadBalancer" .Values.service.type }}
+   export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "githubapp.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+   # Visit: http://$SERVICE_IP:{{ .Values.service.port }}/health
+{{- end }}
+
+4. Check configuration:
+   kubectl describe configmap/{{ include "githubapp.fullname" . }} -n {{ .Release.Namespace }}
+{{- if .Values.secrets.secretName }}
+   kubectl describe secret/{{ .Values.secrets.secretName }} -n {{ .Release.Namespace }}
+{{- end }}
+
+CONFIGURATION:
+{{- range .Values.env }}
+{{- if eq .name "WIRE_SDK_ENVIRONMENT" }}
+- Wire SDK Environment: {{ .value | default "Not configured" }}
+{{- end }}
+{{- if eq .name "WIRE_ENV" }}
+- Wire Environment: {{ .value | default "Not configured" }}
+{{- end }}
+{{- if eq .name "PORT" }}
+- Application Port: {{ .value | default "8080" }}
+{{- end }}
+{{- end }}
+{{- if .Values.secrets.secretName }}
+- Secrets mounted at: {{ .Values.secrets.mountPath }}
+{{- end }}
+
+The app is ready for Wire environments!
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "githubapp.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "githubapp.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "githubapp.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "githubapp.labels" -}}
+helm.sh/chart: {{ include "githubapp.chart" . }}
+{{ include "githubapp.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "githubapp.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "githubapp.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "githubapp.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "githubapp.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "githubapp.fullname" . }}-config
+  labels:
+    {{- include "githubapp.labels" . | nindent 4 }}
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "githubapp.fullname" . }}-pvc
+  annotations:
+    "helm.sh/resource-policy": keep
+  labels:
+    {{- include "githubapp.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  storageClassName: {{ .Values.persistence.storageClass }}
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "githubapp.fullname" . }}
+  labels:
+    {{- include "githubapp.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "githubapp.selectorLabels" . | nindent 4 }}
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "githubapp.serviceAccountName" . }}
+  labels:
+    {{- include "githubapp.labels" . | nindent 4 }}
@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "githubapp.fullname" . }}
+  labels:
+    {{- include "githubapp.labels" . | nindent 4 }}
+spec:
+  endpoints:
+    - port: http
+      path: /metrics
+  selector:
+    matchLabels:
+      {{- include "githubapp.selectorLabels" . | nindent 6 }}
@@ -0,0 +1,98 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "githubapp.fullname" . }}
+  labels:
+    {{- include "githubapp.labels" . | nindent 4 }}
+spec:
+  serviceName: {{ include "githubapp.fullname" . }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "githubapp.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "githubapp.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "githubapp.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.targetPort }}
+              protocol: TCP
+          {{- if .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe }}
+          startupProbe:
+            {{- toYaml .Values.startupProbe | nindent 12 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            {{- range .Values.env }}
+            - name: {{ .name }}
+              value: {{ .value | quote }}
+            {{- end }}
+            {{- if .Values.secrets.secretName }}
+            - name: WIRE_SDK_API_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.secretName }}
+                  key: WIRE_SDK_API_TOKEN
+            - name: WIRE_SDK_CRYPTOGRAPHY_STORAGE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.secrets.secretName }}
+                  key: WIRE_SDK_CRYPTOGRAPHY_STORAGE_PASSWORD
+            {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: /opt/githubapp/storage
+            {{- if .Values.secrets.secretName }}
+            - name: secrets
+              mountPath: {{ .Values.secrets.mountPath }}
+              readOnly: true
+            {{- end }}
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "githubapp.fullname" . }}-pvc
+        {{- if .Values.secrets.secretName }}
+        - name: secrets
+          secret:
+            secretName: {{ .Values.secrets.secretName }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
@@ -0,0 +1,106 @@
+replicaCount: 1
+
+image:
+  repository: quay.io/wire/github-app
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+nameOverride: "github-app"
+fullnameOverride: "github-app"
+
+serviceAccount:
+  create: true
+  annotations: {}
+  name: "github-app-account"
+
+podAnnotations: {}
+
+podSecurityContext: {}
+
+securityContext: {}
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+
+# External secrets configuration
+secrets:
+  secretName: "githubapp-secrets"
+  mountPath: "/etc/secrets"
+
+# Persistent storage configuration
+persistence:
+  enabled: true
+  storageClass: "gp3-automode-nodepool"
+  accessMode: ReadWriteOnce
+  size: 1Gi
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 200m
+    memory: 256Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 1
+  targetCPUUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# Environment variables for the application
+env:
+  - name: WIRE_SDK_APP_ID
+    value: ""
+  - name: WIRE_SDK_API_HOST
+    value: ""
+  - name: GHAPP_API_HOST
+    value: ""
+  - name: GHAPP_SERVER_PORT
+    value: ""
+  - name: GHAPP_REDIS_HOST
+    value: ""
+  - name: GHAPP_REDIS_PORT
+    value: ""
+
+# Health check configuration (latest Kubernetes spec)
+livenessProbe:
+  httpGet:
+    path: /health
+    port: http
+    scheme: HTTP
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 5
+  successThreshold: 1
+  failureThreshold: 3
+
+readinessProbe:
+  httpGet:
+    path: /health
+    port: http
+    scheme: HTTP
+  initialDelaySeconds: 10
+  periodSeconds: 5
+  timeoutSeconds: 3
+  successThreshold: 1
+  failureThreshold: 3
+
+startupProbe:
+  httpGet:
+    path: /health
+    port: http
+    scheme: HTTP
+  initialDelaySeconds: 5
+  periodSeconds: 10
+  timeoutSeconds: 5
+  successThreshold: 1
+  failureThreshold: 18