Helm chart, GitHub deploy workflow, and Kubernetes/Compose parity

[aprilrieger]

Summary

Repository: github.com/notch8/dataverseup · Live demo (active): demo-dataverseup.notch8.cloud

Delivers Kubernetes support for DataverseUp while keeping Compose as the lab default: a Helm chart, deploy automation, one deployment runbook, a cleaner scripts/ layout, and working SMTP wiring for the demo environment (SendGrid + Dataverse 6.2+ MicroProfile mail settings).

What’s included

Helm (charts/dataverseup)

• GDCC Dataverse Deployment/Service, optional PVCs (data + docroot), Ingress, HPA, ServiceAccount.
• Optional internal Solr 9 + solrInit initContainer (standalone default; SolrCloud path documented).
• Bootstrap Job: post-install hook; bootstrapJob.mode: compose mirrors local flow (wait → configbaker → apply-branding.sh → seed-content.sh via ConfigMap-backed fixtures).
• Optional AWS S3 (awsS3.*) and mail relay script via ConfigMap; initdFromChart can ship the full Payara scripts/init.d/*.sh bundle.
• Chart files/ uses symlinks into the repo (especially files/init.d/ → scripts/init.d/) so helm package inlines real content without duplicating scripts.

SMTP / email (demo deploy + docs)

• Dataverse 6.2+ sends mail via MicroProfile dataverse.mail.*, exposed as pod env DATAVERSE_MAIL_* (installation guide — SMTP/Email). ops/demo-deploy.tmpl.yaml sets DATAVERSE_MAIL_SYSTEM_EMAIL, DATAVERSE_MAIL_SUPPORT_EMAIL (support@notch8.com), DATAVERSE_MAIL_MTA_* for SendGrid (host, 587, STARTTLS, user apikey, password from secret), and DATAVERSE_MAIL_DEBUG (false by default; flip to true for troubleshooting).
• 010-mailrelay-set.sh (Payara JavaMail + :SystemEmail) remains for legacy/parity but is not sufficient alone for outbound mail on current Dataverse; the DATAVERSE_MAIL_* block is required for verification/password email.
• GitHub Actions deploy: envsubst injects only DB_PASSWORD, SMTP_PASSWORD, and GITHUB_RUN_ID into the demo template; SMTP host/ports/addresses are literals in the template. Removed unused MAIL_SMTP_PASSWORD and redundant SMTP_* workflow env vars that did not feed envsubst.
• docs/DEPLOYMENT.md: SMTP checklist, SendGrid + SendGrid Activity, DATAVERSE_MAIL_DEBUG, Payara log path /opt/payara/appserver/glassfish/domains/domain1/logs, pod restart after mail secret changes (MTA session cached). .env.example: commented Compose SMTP variables for local testing.

Operations & CI

• bin/helm_deploy: opinionated helm upgrade --install wrapper (--atomic, default timeout, HELM_EXTRA_ARGS).
• .github/workflows/deploy.yaml: environment-driven deploy (kubeconfig, rendered values, rollout + optional bootstrap job wait).
• ops/demo-deploy.tmpl.yaml: example values pattern for a named environment (literals for URLs/hosts/mail; envsubst for DB + SendGrid API key + rollout nonce).

Documentation

• docs/DEPLOYMENT.md: single runbook — Helm, SMTP/Dataverse mail, S3, Ingress, GitHub Actions secrets, upgrades, learnings.
• README.md: Helm + deployment pointer; repo + demo links; scripts/ layout.

Repo layout (scripts)

• init.d/ → scripts/init.d/ (Compose still mounts to /opt/payara/init.d).
• triggers/ → scripts/triggers/ (Compose: /triggers, /opt/payara/triggers).
• config/update-fields.sh → scripts/solr/update-fields.sh (config/ keeps Solr XML only).

Behavior & quality

• scripts/init.d/006-s3-aws-storage.sh: DRY/KISS; Amazon S3: leave endpointUrl empty when using real AWS.
• Seed / API: JSON booleans and hints aligned with Dataverse Native API expectations; branding path fixes for K8s docroot.

How to test

• helm lint charts/dataverseup and helm template with your values (e.g. demo template).
• Mail: GitHub Environment secret SMTP_PASSWORD (SendGrid API key); deploy and roll Dataverse pods; trigger signup/verify or password reset; confirm in SendGrid Activity. Optionally set DATAVERSE_MAIL_DEBUG=true in the template briefly and inspect kubectl logs / server.log.
• Local Compose: docker compose after pull; .env.example SMTP block for 010-mailrelay parity.
• Optional: run the deploy workflow against a non-prod cluster.

Risks / follow-ups

• Chart does not install PostgreSQL; DB and Solr conf ConfigMap are operator-owned.
• Some scripts/init.d scripts assume Compose-only resources (MinIO, scripts/triggers). Review before initdFromChart everywhere.
• Mail: SendGrid must verify the From/support addresses; DATAVERSE_MAIL_MTA_PASSWORD changes require Payara restart (cached session).
• scripts/init.d/vendor-solr/update-fields.sh vs scripts/solr/update-fields.sh — see README for IQSS refresh.

Stats

~87+ files touched; net addition mostly chart templates, deployment doc, ops template, and SMTP env wiring.