Thanks for your interest in improving the public deployment artifacts for Linera. This repository is small and focused: Helm charts, Docker images, docker-compose files, and the documentation that goes with them.
We use GitHub issues to track planned improvements, feature requests, and bug reports.
- If you plan to contribute a new feature or chart, please open an issue first so we can discuss the approach.
- If you are reporting a bug, please include enough information to reproduce: chart version, values file, Kubernetes version, cluster provider, and what went wrong.
- Fork the repo and create your branch from
main. - Make your changes in a focused commit (or a small series of focused commits).
- Run the local checks listed below.
- Open a pull request with a clear description of what changed and why.
This repository enforces a linear commit history. Use git rebase rather
than merge commits, and feel free to amend / force-push your PR branch
while it's under review.
Only commits in a PR that has been reviewed and approved should land on
main.
Before pushing, please run:
make lint test # or: just lint test
make act # or: just act — runs the full GitHub Actions workflow locallyThe Makefile / Justfile exposes every check the CI runs (yamllint,
shellcheck, hadolint, helm lint, helm-unittest, kubeconform,
chart-testing, helm-docs drift). See make help / just --list.
CI will run the same checks on every push.
This is a public repo. Anything you commit (code, comments, example values, screenshots, log snippets in PR descriptions) is indexed by GitHub, mirrored by clones, and unrecoverable from search caches even after a force-push. Specifically, do not commit or include in PR discussions:
- Personal absolute paths (
/home/<your-username>/...,/Users/<your-username>/...). Use~,$PWD, or relative paths. - Internal hostnames, private DNS names, or production IP addresses
(e.g.
*.infra.linera.net, validator host IPs). - Internal Slack / Discord channel names, internal ticket IDs that reference private repos, or names of teammates in commit messages.
- Real validator keys, real domain names you operate, real ACME
emails. Use
validator.example.com/admin@example.com/your-domain.example.comin every example. - Internal-only image tags (
*_internal). The public default istestnet_conway_release. - Pasted output from running production validators (logs, metrics scrape, kubectl describe). Sanitize first or paraphrase.
If you find a leak in an existing file, treat it as a bug — open a PR to scrub it (and assume it's already in the GitHub search index). For credential / key leaks, also rotate immediately.
- Each chart lives under
helm/<name>/with its ownChart.yaml,values.yaml,README.md, andtemplates/. - Charts follow SemVer. Bump
versionfor any templated change; bumpappVersiononly when targeting a new upstream release. - Default
values.yamlshould produce a working installation for a local cluster (kind / minikube). Cloud-specific overrides live underdocs/examples/. - Each value gets a
# --comment line explaining what it does. This is whathelm-docspicks up to regenerateREADME.md.
- Each image lives under
docker/<name>/with its ownDockerfile,entrypoint.sh, andREADME.md. - Pin upstream base images by digest, not by tag.
- Document required volumes, env vars, and exit codes in the
image's
README.md.
User-facing docs live in docs/. Keep them practical:
each guide should be a working recipe a new operator can follow.
By contributing, you agree that your contributions will be licensed under the Apache 2.0 license.