From b2570cfba103c8ddb82591699c0a4f2eb77d2246 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Coelho?=
 <16445494+jcoelho93@users.noreply.github.com>
Date: Fri, 5 Apr 2024 18:27:56 +0100
Subject: [PATCH] feat: Adds securityContext to initConfig (#374)

* Adds securityContext to initConfig
---
 charts/atlantis/Chart.yaml                 | 2 +-
 charts/atlantis/README.md                  | 1 +
 charts/atlantis/templates/statefulset.yaml | 3 +++
 charts/atlantis/values.schema.json         | 5 +++++
 charts/atlantis/values.yaml                | 2 ++
 5 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
index 57d17ce6..5f7743b4 100644
--- a/charts/atlantis/Chart.yaml
+++ b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.27.2
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 4.24.1
+version: 4.25.0
 keywords:
   - terraform
 home: https://www.runatlantis.io
diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md
index f39dd63f..c657823b 100644
--- a/charts/atlantis/README.md
+++ b/charts/atlantis/README.md
@@ -134,6 +134,7 @@ extraManifests:
 | initConfig.image | string | `"alpine:latest"` |  |
 | initConfig.imagePullPolicy | string | `"IfNotPresent"` |  |
 | initConfig.script | string | Check values.yaml. | Script to run on the init container. |
+| initConfig.securityContext | object | `{}` | Security context for the container. |
 | initConfig.sharedDir | string | `"/plugins"` | SharedDir is set as env var INIT_SHARED_DIR. |
 | initConfig.sizeLimit | string | `"100Mi"` | Size for the shared volume. |
 | initConfig.workDir | string | `"/tmp"` |  |
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index c7faf243..e5b79828 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -181,6 +181,9 @@ spec:
               subPath: init-config.sh
             - name: init-shared-path
               mountPath: {{ .Values.initConfig.sharedDir }}
+          {{- if .Values.initConfig.containerSecurityContext }}
+          securityContext: {{- toYaml .Values.initConfig.containerSecurityContext | nindent 12 }}
+          {{- end }}
         {{- end }}
       {{- end }}
       containers:
diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json
index 172bcc7f..73ae7d7b 100644
--- a/charts/atlantis/values.schema.json
+++ b/charts/atlantis/values.schema.json
@@ -1001,6 +1001,11 @@
           "type": "string",
           "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
         },
+        "containerSecurityContext": {
+          "type": "object",
+          "description": "SecurityContext configuration for the initConfig container.",
+          "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext"
+        },
         "sharedDir": {
           "type": "string",
           "description": "sharedDir is set as env var INIT_SHARED_DIR"
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
index 74044a7a..7923796c 100644
--- a/charts/atlantis/values.yaml
+++ b/charts/atlantis/values.yaml
@@ -567,6 +567,8 @@ initConfig:
   workDir: /tmp
   # -- Size for the shared volume.
   sizeLimit: 100Mi
+  # -- Security context for the container.
+  securityContext: {}
   # -- Script to run on the init container.
   # @default -- Check values.yaml.
   script: |