{"id":47725307,"url":"https://github.com/helmforgedev/charts","last_synced_at":"2026-06-13T14:02:50.404Z","repository":{"id":348981858,"uuid":"1198410910","full_name":"helmforgedev/charts","owner":"helmforgedev","description":"Open-source Helm charts, forged to last. The alternative to Bitnami — official upstream images, Apache 2.0 licensed, Cosign signed.","archived":false,"fork":false,"pushed_at":"2026-06-10T03:00:25.000Z","size":54118,"stargazers_count":32,"open_issues_count":15,"forks_count":10,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-10T05:03:42.103Z","etag":null,"topics":["cosign","devops","helm","helm-charts","k8s","kubernetes","oci","open-source","production-ready","self-hosted"],"latest_commit_sha":null,"homepage":"https://helmforge.dev","language":"Go Template","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/helmforgedev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"buy_me_a_coffee":"mberlofa"}},"created_at":"2026-04-01T11:58:16.000Z","updated_at":"2026-06-10T03:00:00.000Z","dependencies_parsed_at":"2026-04-09T06:02:20.894Z","dependency_job_id":"d806d11d-2cd0-4868-8a41-66eeb1f3d0ab","html_url":"https://github.com/helmforgedev/charts","commit_stats":null,"previous_names":["helmforgedev/charts"],"tags_count":1088,"template":false,"template_full_name":null,"purl":"pkg:github/helmforgedev/charts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helmforgedev%2Fcharts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helmforgedev%2Fcharts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helmforgedev%2Fcharts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helmforgedev%2Fcharts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/helmforgedev","download_url":"https://codeload.github.com/helmforgedev/charts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/helmforgedev%2Fcharts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34165764,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cosign","devops","helm","helm-charts","k8s","kubernetes","oci","open-source","production-ready","self-hosted"],"created_at":"2026-04-02T20:17:39.976Z","updated_at":"2026-06-13T14:02:50.277Z","avatar_url":"https://github.com/helmforgedev.png","language":"Go Template","funding_links":["https://buymeacoffee.com/mberlofa"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/images/helmforge_banner.svg\" alt=\"HelmForge\" width=\"960\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eHelmForge Charts\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Production-ready Helm charts for self-hosted and platform workloads.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/helmforgedev/charts/actions/workflows/ci.yml/badge.svg\" alt=\"Tests\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/actions/workflows/publish.yml\"\u003e\u003cimg src=\"https://github.com/helmforgedev/charts/actions/workflows/publish.yml/badge.svg\" alt=\"Publish\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/actions/workflows/code-quality.yml\"\u003e\n    \u003cimg src=\"https://github.com/helmforgedev/charts/actions/workflows/code-quality.yml/badge.svg\" alt=\"Quality\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/actions/workflows/security-scan.yml\"\u003e\n    \u003cimg src=\"https://github.com/helmforgedev/charts/actions/workflows/security-scan.yml/badge.svg\" alt=\"Security\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/actions/workflows/upstream-watch.yml\"\u003e\n    \u003cimg src=\"https://github.com/helmforgedev/charts/actions/workflows/upstream-watch.yml/badge.svg\" alt=\"Upstream\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/helmforgedev/charts?style=flat\u0026label=Stars\u0026logo=github\" alt=\"GitHub stars\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://buymeacoffee.com/mberlofa\"\u003e\u003cimg src=\"https://img.shields.io/badge/Buy%20Me%20a%20Coffee-support-FFDD00?logo=buymeacoffee\u0026logoColor=000000\" alt=\"Buy Me a Coffee\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.apache.org/licenses/LICENSE-2.0\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache--2.0-blue.svg\" alt=\"License: Apache-2.0\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://artifacthub.io/packages/search?repo=helmforge\"\u003e\u003cimg src=\"https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/helmforge\" alt=\"Artifact Hub\" /\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/endpoint?url=https://repo.helmforge.dev/badges/charts-count.json\" alt=\"Charts count\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Signed-GPG%20%2B%20Cosign-brightgreen\" alt=\"GPG + Cosign Signed\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Helm-4-blue?logo=helm\" alt=\"Helm 4\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Kubernetes-≥1.26-blue?logo=kubernetes\" alt=\"Kubernetes \u003e=1.26\" /\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/helmforgedev/charts?label=Open%20Issues\" alt=\"Open issues\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/pulls\"\u003e\u003cimg src=\"https://img.shields.io/github/issues-pr/helmforgedev/charts?label=Open%20PRs\" alt=\"Open pull requests\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/commits/main\"\u003e\u003cimg src=\"https://img.shields.io/github/last-commit/helmforgedev/charts/main?label=Last%20Commit\" alt=\"Last commit\" /\u003e\u003c/a\u003e\n  \u003ca href=\"CONTRIBUTING.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/PRs-welcome-brightgreen\" alt=\"PRs Welcome\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://helmforge.dev\"\u003eWebsite\u003c/a\u003e ·\n  \u003ca href=\"https://helmforge.dev/docs\"\u003eDocumentation\u003c/a\u003e ·\n  \u003ca href=\"https://repo.helmforge.dev\"\u003eHelm Repository\u003c/a\u003e ·\n  \u003ca href=\"https://buymeacoffee.com/mberlofa\"\u003eSupport\u003c/a\u003e ·\n  \u003ca href=\"CONTRIBUTING.md\"\u003eContributing\u003c/a\u003e ·\n  \u003ca href=\"GOVERNANCE.md\"\u003eGovernance\u003c/a\u003e\n\u003c/p\u003e\n\n## Quick Start\n\nHelmForge publishes charts through both a standard HTTPS Helm repository and an OCI registry on GHCR.\nUse the HTTPS repository when you want classic `helm repo` workflows,\nand OCI when you prefer registry-native pulls and signatures.\n\n### HTTPS repository\n\n```bash\nhelm repo add helmforge https://repo.helmforge.dev\nhelm repo update\nhelm search repo helmforge/\nhelm install \u003crelease-name\u003e helmforge/\u003cchart-name\u003e --version \u003cversion\u003e -f values.yaml\n```\n\n### OCI registry\n\n```bash\nhelm install \u003crelease-name\u003e oci://ghcr.io/helmforgedev/helm/\u003cchart-name\u003e --version \u003cversion\u003e -f values.yaml\n\n# Show default values\nhelm show values oci://ghcr.io/helmforgedev/helm/\u003cchart-name\u003e --version \u003cversion\u003e\n```\n\nCheck each chart's README and [git tags](../../tags) for available versions.\n\n### Verify a packaged chart\n\nEvery published chart package is signed with GPG provenance, and OCI artifacts are signed with Cosign by the release workflow. Import the HelmForge public key before using Helm provenance verification.\n\n```bash\n# HTTPS repository provenance verification\nhelm pull helmforge/\u003cchart-name\u003e --version \u003cversion\u003e --verify\n\n# OCI signature verification\ncosign verify \\\n  --certificate-oidc-issuer https://token.actions.githubusercontent.com \\\n  --certificate-identity-regexp 'https://github.com/helmforgedev/charts/.github/workflows/publish.yml@refs/heads/main' \\\n  ghcr.io/helmforgedev/helm/\u003cchart-name\u003e:\u003cversion\u003e\n```\n\n## Why HelmForge\n\nHelmForge is built on a simple principle: **use what upstream ships, make the Kubernetes contract explicit, and keep releases verifiable**.\n\n- **Official upstream images** — charts prefer images published by the application maintainers. No proprietary rebuild layer or vendor-specific runtime wrapper.\n- **Pinned version tags** — charts reference explicit, immutable image tags. No `:latest`, no floating tags, no surprises after a pull.\n- **Apache-2.0 licensed** — the charts, tests, and docs use a CNCF-aligned permissive license. No open-core, no paid tiers, no license traps.\n- **GPG + Cosign signed** — every release includes GPG provenance files for Helm verification and [Sigstore Cosign](https://www.sigstore.dev/) keyless signatures on OCI artifacts via GitHub Actions OIDC.\n- **No vendor lock-in** — standard Helm, standard Kubernetes APIs, standard images. If you stop using HelmForge tomorrow, nothing breaks.\n- **Explicit values contracts** — product-oriented `values.yaml` files map directly to application and Kubernetes configuration, with schemas and validations where they prevent bad releases.\n- **HelmForge-native dependencies** — charts that need databases, caches, queues, or coordination services use HelmForge subcharts when available, keeping dependency behavior consistent across the catalog.\n- **Operator-first docs** — chart READMEs, site docs, examples, and test values are kept close to the release surface.\n\n## Support and Star Tracking\n\nHelmForge is maintained in the open and funded by practical community signals: stars, issues, reviews, and direct support.\n\n\u003cp\u003e\n  \u003ca href=\"https://github.com/helmforgedev/charts/stargazers\"\u003e\n    \u003cimg\n      src=\"https://img.shields.io/github/stars/helmforgedev/charts?style=for-the-badge\u0026logo=github\u0026label=GitHub%20Stars\"\n      alt=\"GitHub stars\"\n    /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://buymeacoffee.com/mberlofa\"\u003e\n    \u003cimg\n      src=\"https://img.shields.io/badge/Buy%20Me%20a%20Coffee-support%20HelmForge-FFDD00?style=for-the-badge\u0026logo=buymeacoffee\u0026logoColor=000000\"\n      alt=\"Support HelmForge on Buy Me a Coffee\"\n    /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nIf HelmForge helps your cluster or saves maintenance time, please give the repository a star.\nStars help track real adoption, make the project easier to discover, and guide where maintenance time should go next.\nFor direct support, use [Buy Me a Coffee](https://buymeacoffee.com/mberlofa).\n\n## Charts\n\n60+ production-ready charts covering databases, authentication, CMS, analytics, automation, AI tooling, observability, and platform infrastructure.\n\nBrowse the full catalog with descriptions, install commands, and playground configs at **[helmforge.dev/docs/charts](https://helmforge.dev/docs/charts)**.\n\nCommon categories include:\n\n- **Databases and data stores** — PostgreSQL, MySQL, MariaDB, MongoDB, Redis, Valkey, Kafka, ZooKeeper, RabbitMQ, Elasticsearch, and Druid.\n- **Identity and access** — Keycloak, Authelia, and application charts with ingress/auth integration patterns.\n- **Automation and operations** — n8n, Cronicle, FastMCP Server, Cloudflared, Velero, DDNS Updater, and Envoy Gateway.\n- **Content and community apps** — WordPress, Ghost, Drupal, Gitea, Wallabag, Castopod, Komga, OpenWebUI, and more.\n\n### Generic platform chart\n\nThe [`generic`](charts/generic) chart is the reusable platform chart for workloads that need a Kubernetes contract\ninstead of an application-specific chart. It is useful for internal services, workers, batch releases,\nsidecar-based apps, and platform integration tests where a full bespoke chart would add more maintenance than value.\n\nIt supports:\n\n- Deployments, StatefulSets, DaemonSets, Jobs, and CronJobs.\n- Multiple containers, init containers, global env/envFrom, probes, rollout checksums, and explicit restarts.\n- Primary and additional Services, headless Service mode, Ingress, and Gateway API HTTPRoutes.\n- RBAC, NetworkPolicy, ServiceMonitor, PodMonitor, PrometheusRule, VPA, HPA, and KEDA.\n- Safer validation for disabled-Service routing and KEDA ScaledObject targets.\n\n## Automation and Governance\n\nThe repository is governed by a comprehensive suite of GitHub Actions workflows that enforce quality, security, and operational intelligence automatically.\n\n| Workflow | Trigger | Purpose |\n|----------|---------|----------|\n| **[ci.yml](../../actions/workflows/ci.yml)** | PR | Dependency build, lint, template, unit test, kubeconform, ArtifactHub lint |\n| **[publish.yml](../../actions/workflows/publish.yml)** | Push to main | Semver bump, package, sign, publish to GHCR + Pages |\n| **[code-quality.yml](../../actions/workflows/code-quality.yml)** | PR | Markdown lint, values quality checks, SPDX license headers |\n| **[security-scan.yml](../../actions/workflows/security-scan.yml)** | PR | Kubescape MITRE + NSA + SOC2 compliance scanning |\n| **[pr-governance.yml](../../actions/workflows/pr-governance.yml)** | PR | Conventional commit enforcement, auto-labeling |\n| **[upstream-watch.yml](../../actions/workflows/upstream-watch.yml)** | Weekly (Mon 8AM UTC) | Monitors upstream image tags across Docker Hub, GHCR, and Quay.io |\n| **[community.yml](../../actions/workflows/community.yml)** | Daily | Stale issue/PR management |\n| **[repo-health.yml](../../actions/workflows/repo-health.yml)** | Daily | Helm index, OCI registry, and badge endpoint monitoring |\n\n## Tests and Publishing\n\nCharts are automatically tested and published via GitHub Actions.\n\n```text\nPR        --\u003e ci.yml           --\u003e [Lint] [Template] [Unit Test] [Kubeconform] [ArtifactHub Lint]\n          --\u003e code-quality.yml --\u003e [Markdown Lint] [Values Quality] [License Headers]\n          --\u003e security-scan.yml --\u003e [Kubescape MITRE+NSA+SOC2]\n          --\u003e pr-governance.yml --\u003e [Conventional Commits] [Auto Labels]\nPush main --\u003e publish.yml      --\u003e Detect --\u003e Semver --\u003e Package --\u003e Sign --\u003e Publish --\u003e Git tag\nWeekly    --\u003e upstream-watch.yml --\u003e Scan all charts --\u003e Create issues for outdated images\n```\n\nPR workflows (`ci.yml`, `code-quality.yml`, `security-scan.yml`) dynamically detect which charts changed\nand run jobs only for affected charts using a matrix strategy.\nChanges to docs (`README.md`, `examples/`, `docs/`) are ignored.\nScheduled workflows run against the full repository.\n\nThe `Tests` workflow runs for pull requests and pushes to `main` that affect chart templates,\nchart metadata, tests, or the workflow itself. The `Publish` workflow runs on pushes to `main`\nand publishes chart releases. Documentation-only changes are intentionally excluded\nfrom chart tests and release publishing.\n\nQuality gates include:\n\n- `helm dependency build` for charts with subcharts.\n- `helm lint` and `helm lint --strict`.\n- `helm template` with default values and every `ci/*.yaml` scenario.\n- `helm unittest` when a chart has a test suite.\n- `kubeconform` against Kubernetes schemas and CRD schemas from the Datree CRDs catalog.\n- Kubescape security compliance scanning (MITRE, NSA, SOC2 frameworks).\n- Markdown linting and SPDX license header enforcement on changed files.\n- Artifact Hub package lint before release metadata is published.\n- Signed package publishing to GHCR and the HTTPS Helm repository.\n\n### Versioning\n\nVersions are calculated automatically from Conventional Commits affecting each chart.\n\n| Commit prefix | Bump | Example |\n|---------------|------|---------|\n| `fix:`, `docs:`, `refactor:` | PATCH | `fix(generic): correct HPA indentation` |\n| `feat:` | MINOR | `feat(generic): add DaemonSet support` |\n| `feat!:` or `BREAKING CHANGE` | MAJOR | `feat(generic)!: restructure workload config` |\n\nTags follow the format `{chart}-v{version}` (for example `generic-v1.2.3`).\n\n### Release Notes\n\nEvery chart release automatically creates a [GitHub Release](https://github.com/helmforgedev/charts/releases) with categorized notes generated from Conventional Commits:\n\n- **Breaking Changes** — commits with `!:` or `BREAKING CHANGE`\n- **Features** — `feat(...):`\n- **Bug Fixes** — `fix(...):`\n- **Other Changes** — `docs`, `refactor`, `ci`, etc.\n\nEach release includes install instructions for both OCI and Helm repository.\n\n### Testing\n\nEach chart can include a `ci/` directory with test values files. The pipeline runs `helm template`\nand kubeconform against every `ci/*.yaml` file automatically, in addition to default values, lint,\nArtifact Hub lint, and chart unit tests when present.\n\nFor local chart work:\n\n```bash\n# For charts with HelmForge OCI subcharts, authenticate to GHCR if your environment is not already logged in.\necho \"$GHCR_TOKEN\" | helm registry login ghcr.io -u \"$GHCR_USERNAME\" --password-stdin\nhelm dependency build charts/\u003cchart-name\u003e\nhelm lint charts/\u003cchart-name\u003e --strict\nhelm template test-release charts/\u003cchart-name\u003e\nhelm unittest charts/\u003cchart-name\u003e\nhelm template test-release charts/\u003cchart-name\u003e \\\n  | kubeconform -strict -summary \\\n      -schema-location default \\\n      -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \\\n      -exit-on-error\nah lint -p charts/\u003cchart-name\u003e\nkubescape scan framework \"MITRE,NSA,SOC2\" charts/\u003cchart-name\u003e\n```\n\nFor runtime validation, use a local k3d cluster instead of a production Kubernetes context.\n\n### Kubernetes Compatibility\n\nAll charts require **Helm 4** (`apiVersion: v2`) and target **Kubernetes 1.26+**.\n\n| Kubernetes Version | Status |\n|--------------------|--------|\n| 1.26.x | Supported (minimum) |\n| 1.27.x | Supported |\n| 1.28.x | Supported |\n| 1.29.x | Supported |\n| 1.30.x | Supported |\n| 1.31.x | Supported |\n| 1.32.x | Supported |\n| 1.33.x | Supported |\n| 1.34.x | Supported |\n| 1.35.x | Supported |\n\nThe Tests workflow validates rendered manifests with [kubeconform](https://github.com/yannh/kubeconform)\nagainst the default Kubernetes JSON schemas. Local runtime validation uses [k3d](https://k3d.io/) clusters.\n\nCharts use standard stable APIs (`apps/v1`, `batch/v1`, `networking.k8s.io/v1`) and avoid alpha/beta API versions to maximize compatibility.\n\n## Contributing\n\nContributions are welcome. Please read the [contributing guide](CONTRIBUTING.md) for branch flow, validation requirements, commit conventions, and chart standards.\n\nCommunity and project governance documents:\n\n- [Code of Conduct](CODE_OF_CONDUCT.md)\n- [Governance](GOVERNANCE.md)\n- [Maintainers](MAINTAINERS.md)\n- [Adopters](ADOPTERS.md)\n- [Security Policy](SECURITY.md)\n\n## Contributors\n\n\u003ca href=\"https://github.com/helmforgedev/charts/graphs/contributors\"\u003e\n  \u003cimg src=\"https://repo.helmforge.dev/badges/contributors.svg\" alt=\"HelmForge Charts contributors\" /\u003e\n\u003c/a\u003e\n\n## License\n\nApache License 2.0\n\n\u003c!-- @AI-METADATA\ntype: overview\ntitle: HelmForge Charts\ndescription: Helm chart repository overview, installation, charts list, tests, and publishing\n\nkeywords: helm, charts, oci, ghcr, repository, install\n\npurpose: Repository overview with charts list, installation, tests, publishing, and contributing guide\nscope: Repository\n\nrelations:\n  - .claude/AGENTS.md\n  - docs/testing-strategy.md\n  - CONTRIBUTING.md\n  - CODE_OF_CONDUCT.md\n  - GOVERNANCE.md\n  - MAINTAINERS.md\n  - ADOPTERS.md\n  - SECURITY.md\npath: README.md\nversion: 1.2\ndate: 2026-04-01\nupdated: 2026-04-29\n--\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhelmforgedev%2Fcharts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhelmforgedev%2Fcharts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhelmforgedev%2Fcharts/lists"}