From 94b7737bacfd597834d2e475ad2e4aa1448af8f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= <boschi1997@gmail.com>
Date: Fri, 6 Dec 2024 18:36:52 +0100
Subject: [PATCH 1/7] feat: add more permissions to deployer (#1)

* feat: add more permissions to deployer

* feat: add more permissions to deployer
---
 charts/langstream/Chart.yaml                               | 2 +-
 .../templates/deployer/deployer-serviceaccount.yaml        | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/charts/langstream/Chart.yaml b/charts/langstream/Chart.yaml
index fb0ac9b..8898ee0 100644
--- a/charts/langstream/Chart.yaml
+++ b/charts/langstream/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: langstream
 description: Helm chart for LangStream
 type: application
-version: 0.6.3
+version: 1.0.0
 appVersion: 0.6.2
diff --git a/charts/langstream/templates/deployer/deployer-serviceaccount.yaml b/charts/langstream/templates/deployer/deployer-serviceaccount.yaml
index b1c383d..ce46b43 100644
--- a/charts/langstream/templates/deployer/deployer-serviceaccount.yaml
+++ b/charts/langstream/templates/deployer/deployer-serviceaccount.yaml
@@ -82,6 +82,13 @@ rules:
       - services
       - pods
       - configmaps
+      - namespaces
+    verbs:
+      - "*"
+  - apiGroups:
+      - "metrics.k8s.io"
+    resources:
+      - pods
     verbs:
       - "*"
 ---

From e7b2c764cb7053dc06cf4c1af462963f96255c54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= <boschi1997@gmail.com>
Date: Mon, 9 Dec 2024 17:06:12 +0100
Subject: [PATCH 2/7] ci: trigger release action

---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4b46ab9..8b67268 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

From c3a9da48a194206b596e0dea78b19e8a8bc39cee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= <boschi1997@gmail.com>
Date: Mon, 9 Dec 2024 17:07:25 +0100
Subject: [PATCH 3/7] ci: trigger release action

---
 .github/workflows/ci.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 8b67268..edd5a1b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,6 +1,7 @@
 name: Charts CI and Release
 
 on:
+  workflow_dispatch: {}
   pull_request:
     branches:
       - main

From 518b579013c6c3b78ae12aec5d006e7dbb232b1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= <boschi1997@gmail.com>
Date: Mon, 9 Dec 2024 17:37:14 +0100
Subject: [PATCH 4/7] ci: trigger release action

---
 .github/workflows/ci.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index edd5a1b..8b67268 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,7 +1,6 @@
 name: Charts CI and Release
 
 on:
-  workflow_dispatch: {}
   pull_request:
     branches:
       - main

From aa7778ddc2cf03b78c45baf168cedd884bc2146c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= <boschi1997@gmail.com>
Date: Wed, 8 Jan 2025 13:21:49 +0100
Subject: [PATCH 5/7] feat: add statefulsets permission to control plane (#2)

---
 .../control-plane/control-plane-serviceaccount.yaml         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml b/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml
index 0231b80..ebe12af 100644
--- a/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml
+++ b/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml
@@ -70,6 +70,12 @@ rules:
       - applications/status
     verbs:
       - "*"
+  - apiGroups:
+      - "apps"
+    resources:
+      - statefulsets
+    verbs:
+      - "*"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

From f25ce3aa8c3f9334db549a24d2dd2285e25cde3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20Boschi?= <boschi1997@gmail.com>
Date: Wed, 8 Jan 2025 13:24:23 +0100
Subject: [PATCH 6/7] bump to 1.1.0

---
 charts/langstream/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/langstream/Chart.yaml b/charts/langstream/Chart.yaml
index 8898ee0..6c76d7f 100644
--- a/charts/langstream/Chart.yaml
+++ b/charts/langstream/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: langstream
 description: Helm chart for LangStream
 type: application
-version: 1.0.0
+version: 1.1.0
 appVersion: 0.6.2

From 64b1a0385b2ba411da8673ede330111e5f74d7db Mon Sep 17 00:00:00 2001
From: DK09876 <Dikshant.pradhan@vectorize.io>
Date: Tue, 10 Jun 2025 12:42:24 -0700
Subject: [PATCH 7/7] Create secret-scan.yml

---
 .github/workflows/secret-scan.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/secret-scan.yml

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
new file mode 100644
index 0000000..0ac0931
--- /dev/null
+++ b/.github/workflows/secret-scan.yml
@@ -0,0 +1,24 @@
+name: GitLeaks Security Scan
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  gitleaks:
+    name: Secret Detection
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run GitLeaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}