stac-utils · whatnick · Sep 23, 2025 · Sep 23, 2025 · Sep 25, 2025 · Oct 7, 2025
diff --git a/.github/actions/setup-helm-repos/action.yml b/.github/actions/setup-helm-repos/action.yml
@@ -0,0 +1,12 @@
+name: 'Setup Helm Repositories'
+description: 'Add required Helm repositories for STAC FastAPI'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Add Helm repositories
+      shell: bash
+      run: |
+        helm repo add elasticsearch https://helm.elastic.co
+        helm repo add opensearch https://opensearch-project.github.io/helm-charts/
+        helm repo update
diff --git a/.github/ct-lint.yaml b/.github/ct-lint.yaml
@@ -0,0 +1,43 @@
+# Chart Testing Lint Configuration
+# Additional linting rules for chart-testing
+
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  document-end: disable
+  document-start: disable
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 1
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: 2
+    indent-sequences: true
+  key-duplicates: enable
+  line-length:
+    max: 120
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: false
diff --git a/.github/ct.yaml b/.github/ct.yaml
@@ -0,0 +1,33 @@
+# Chart Testing Configuration
+# This configuration is used by the chart-testing (ct) tool
+
+# Chart directories relative to repository root
+chart-dirs:
+  - helm-chart
+
+# Target branch for pull request testing
+target-branch: main
+
+# Chart repositories to add
+chart-repos:
+  - elasticsearch=https://helm.elastic.co
+  - opensearch=https://opensearch-project.github.io/helm-charts/
+
+# Helm version to use
+helm-version: v3.13.0
+
+# Additional configurations
+validate-chart-schema: true
+validate-maintainers: false
+check-version-increment: true
+process-skipped-charts: false
+
+# Test configuration
+upgrade: false
+skip-missing-values: true
+
+# Linting configuration
+lint-conf: .github/ct-lint.yaml
+
+# Additional Helm lint settings
+helm-lint-extra-args: --set app.image.tag=latest
diff --git a/.github/kind/multi-node.yaml b/.github/kind/multi-node.yaml
@@ -0,0 +1,6 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+  - role: worker
+  - role: worker
diff --git a/.github/workflows/helm-chart-test.yml b/.github/workflows/helm-chart-test.yml
@@ -0,0 +1,164 @@
+name: Helm Chart Tests
+
+on:
+  push:
+    branches: [ main, develop, feat/* ]
+    paths:
+      - 'helm-chart/**'
+      - '.github/workflows/helm-chart-test.yml'
+  pull_request:
+    branches: [ main, develop ]
+    paths:
+      - 'helm-chart/**'
+      - '.github/workflows/helm-chart-test.yml'
+
+env:
+  HELM_VERSION: v4.0.0
+  KUBECTL_VERSION: v1.34.0
+  KIND_VERSION: v0.30.0
+
+jobs:
+  lint:
+    name: Lint Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Lint Helm chart
+        run: |
+          cd helm-chart/stac-fastapi
+          helm dependency update
+          helm lint .
+
+  test-matrix:
+    name: Test Chart
+    runs-on: ubuntu-latest
+    needs: lint
+    strategy:
+      matrix:
+        backend: [elasticsearch, opensearch]
+        kubernetes-version: [v1.33.1]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: ${{ env.KUBECTL_VERSION }}
+
+      - name: Set up Kind
+        uses: helm/[email protected]
+        with:
+          version: ${{ env.KIND_VERSION }}
+          node_image: kindest/node:${{ matrix.kubernetes-version }}
+          cluster_name: stac-fastapi-${{ matrix.kubernetes-version }}
+          config: .github/kind/multi-node.yaml
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run matrix tests
+        env:
+          BACKEND: ${{ matrix.backend }}
+          MATRIX_MODE: true
+        run: |
+          chmod +x ./helm-chart/test-chart.sh
+          ./helm-chart/test-chart.sh -m -b ${{ matrix.backend }} ci
+
+      - name: Upload test reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-report-${{ matrix.backend }}-k8s-${{ matrix.kubernetes-version }}
+          path: test-report-*.json
+
+  integration-test:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    needs: test-matrix
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: ${{ env.KUBECTL_VERSION }}
+
+      - name: Set up Kind
+        uses: helm/[email protected]
+        with:
+          version: ${{ env.KIND_VERSION }}
+          cluster_name: stac-fastapi-integration
+          config: .github/kind/multi-node.yaml
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run full integration tests
+        run: |
+          chmod +x ./helm-chart/test-chart.sh
+          ./helm-chart/test-chart.sh test-all
+
+      - name: Test upgrade scenarios
+        run: |
+          # Test elasticsearch to opensearch migration scenario
+          ./helm-chart/test-chart.sh -b elasticsearch install
+          ./helm-chart/test-chart.sh validate
+          ./helm-chart/test-chart.sh cleanup
+
+          # Test opensearch deployment
+          ./helm-chart/test-chart.sh -b opensearch install  
+          ./helm-chart/test-chart.sh validate
+          ./helm-chart/test-chart.sh cleanup
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    needs: lint
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION }}
+
+      - name: Setup Helm repositories
+        uses: ./.github/actions/setup-helm-repos
+
+      - name: Run Checkov security scan
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: helm-chart/
+          framework: kubernetes
+          output_format: sarif
+          output_file_path: reports/results.sarif
+
+      - name: Upload Checkov results
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: reports/results.sarif
diff --git a/.gitignore b/.gitignore
@@ -141,3 +141,14 @@ venv
 /docs/src/api/*
 
 .DS_Store
+
+# Helm
+*.tgz
+charts/*/charts/
+charts/*/requirements.lock
+charts/*/Chart.lock
+helm-chart/stac-fastapi/charts/
+helm-chart/stac-fastapi/Chart.lock
+helm-chart/stac-fastapi/*.tgz
+helm-chart/test-results/
+helm-chart/tmp/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Added
 
+- Spatial search support for collections via `bbox` parameter on `/collections` endpoint. Collections are now indexed with a `bbox_shape` field (GeoJSON polygon) derived from their spatial extent for efficient geospatial queries when created or updated. [#481](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/481)
+- Introduced SFEOS Tools (`sfeos_tools/`) - An installable Click-based CLI package for managing SFEOS deployments. Initial command `add-bbox-shape` adds the `bbox_shape` field to existing collections for spatial search compatibility. Install with `pip install sfeos-tools[elasticsearch]` or `pip install sfeos-tools[opensearch]`. [#481](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/481)
+- CloudFerro logo to sponsors and supporters list [#485](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/485)
+- Latest news section to README [#485](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/485)
+- Added Helm chart for ES or OS in-cluster deployment [#455](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/455)
 ### Changed
 
 ### Fixed

diff --git a/helm-chart/stac-fastapi/Chart.yaml b/helm-chart/stac-fastapi/Chart.yaml
@@ -0,0 +1,32 @@
+apiVersion: v2
+name: stac-fastapi
+description: A Helm chart for STAC FastAPI with Elasticsearch and OpenSearch backends
+type: application
+version: 0.1.0
+appVersion: "6.3.0"
+
+keywords:
+  - stac
+  - fastapi
+  - elasticsearch
+  - opensearch
+  - geospatial
+  - api
+
+home: https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch
+sources:
+  - https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch
+
+maintainers:
+  - name: STAC Utils
+    url: https://github.com/stac-utils
+
+dependencies:
+  - name: elasticsearch
+    version: 8.5.1
+    repository: https://helm.elastic.co
+    condition: elasticsearch.enabled
+  - name: opensearch
+    version: 3.2.1
+    repository: https://opensearch-project.github.io/helm-charts/
+    condition: opensearch.enabled