Switch Docker CI from gitlab to github

Adds buildx signing and helm chart publication.

Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>

charts/smarter-device-manager/.helmignore

@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl

charts/smarter-device-manager/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: smarter-device-manager
+description: smarter-device-manager chart for SMARTER edge devices
+home: https://getsmarter.io
+version: 0.0.7
+appVersion: v1.20.11
+kubeVersion: ">=1.16.0-0"
+keywords:
+  - kubernetes
+  - device
+  - hardware
+sources:
+  - https://github.com/smarter-project/smarter-device-manager
+icon: https://gitlab.com/uploads/-/system/group/avatar/59012546/ARM1636_Project_Logo_ST2_RGB_V1.png
+annotations:
+  artifacthub.io/changes: |
+    - Fix template
+    - Add annotations
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/maintainers: |
+    - name: Alexandre Ferreira
+      email: alexandref75@gmail.com
+  artifacthub.io/prerelease: "false"
+  artifacthub.io/signKey: |
+    fingerprint: 71EDA4E3D652DC73EB09E3A5387D298C169CF24E
+    url: https://smarter-project.github.io/documentation/pgp_keys.asc

charts/smarter-device-manager/README.md

@@ -0,0 +1,56 @@
+# SMARTER Device Manager
+
+Enables k8s containers to access devices (linux device drivers) available on nodes.
+
+For more information check out https://getsmarter.io
+
+## TL;DR
+
+```console
+helm repo add smarter https://smarter-project.gitlab.io/documentation/charts
+helm install my-smarter-device-manager smarter-device-manager --version 0.0.2
+```
+
+## Overview
+
+In the IoT world, interaction with the external environment is the reason of existence.
+This interaction is done by acquiring data about the environment and, possibly, actuating to achieve the desired objective, with complexity ranging from a simple thermostat to a very complex industrial process control (e.g. chemical plant). In more practical terms, the main CPU interacts directly with those sensors and actuators and the OS (Linux in our case) provides an abstract view in the form of device drivers.
+Even though the container runtime allows direct access to device drivers, containers running on Kubernetes in the cloud are not expected to do so since hardware independence is a very useful characteristic to enhance mobility.
+Kubernetes primarily manages CPU, memory, storage, and network, while leaving other resources unmanaged.
+In IoT environments, applications can have direct access to sensors and actuators, either directly by interfacing with a device driver on the kernel (e.g. digital I/O pins, temperature sensors, analog inputs, microphones, audio output, video cameras) or indirectly through hardware interfaces (like serial ports, I2C, SPI, bluetooth, LoRa, USB and others).
+Controlled access to these devices is essential to enable a container-based IoT solution. Smarter-device-manager allows containers to have direct access to host devices in a secure way.
+
+## Values
+
+The configuration.nodeSelector value allows the nodeSelector to be changed in a higher level chart simplyfyng deploying multiple services at the same time; CNI, DNS and device-manager with a single label for example.
+
+## Pre-requisites
+
+- k8s > 1.18 (before this the plugin interface used a different directory which requires a different configuration)
+- by default, smarter-device manager uses a node-select to choose which nodes to deploy to, so label your nodes appropriately in order to deploy:
+```
+kubectl label node mynode01 smarter-device-manager=enabled
+```
+
+## Usage Model
+
+The smarter-device-manager starts by reading a YAML configuration file. This configuration file describes, using regular expressions, the files that identify each device that is to be exported and how many access can be done simultaneously. For example, the configuration below finds every V4L device (cameras, video tuners, etc...) available on the host node (/dev/video0, /dev/video1, etc), and adds them as resources (smarter-devices/video0, smarter-devices/video1, etc) that allow up to 10 simulatenous accesses (up to 10 containers can request access to those devices simultaneously). 
+```
+- devicematch: ^video[0-9]*$
+  nummaxdevices: 10
+```
+
+If the config value is provided a configMap is generated and smarter-device-manager will use it. The values.yaml file contains two examples, the first is replicated the config that exists on the container and the second enables nitro-enclaves (AWS nitro).
+
+Devices in subdirectories have the slash replaced with underscore in the
+resource name, due to kubernetes naming restrictions: e.g. `/dev/net/tun`
+becomes `smarter-devices/net_tun`.
+
+The default config file provided will enable most of the devices available on a Raspberry Pi (vers 1-4) or equivalent boards. I2C, SPI, video devices, sound and others would be enabled. The config file can be replaced using a configmap to enable or disable access to different devices, like accelerators, GPUs, etc.
+
+# Uninstalling the Chart
+
+```
+helm delete my-smarter-device-manager
+
+```

charts/smarter-device-manager/templates/common.yaml

@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ .Values.application.appName }}
+  labels:
+    name: {{ .Values.application.appName }}
+    role: agent
+spec:
+  selector:
+    matchLabels:
+      name: {{ .Values.application.appName }}
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels: 
+        name: {{ .Values.application.appName }}
+      annotations:
+        node.kubernetes.io/bootstrap-checkpoint: "true"
+    spec: 
+      nodeSelector:
+        {{- if .Values.nodeSelector }}
+        {{- toYaml .Values.nodeSelector | nindent 8 }}
+        {{- else }}
+        smarter.device-manager: enabled
+        {{- end }}
+      tolerations:
+      - key: "smarter.type"
+        operator: "Equal"
+        value: "edge"
+        effect: "NoSchedule"
+      priorityClassName: "system-node-critical"
+      hostname: {{ .Values.application.appName }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+      - name: {{ .Values.application.appName }}
+        image: {{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+        resources:
+          limits:
+            cpu: 200m
+            memory: 15Mi
+          requests:
+            cpu: 10m
+            memory: 15Mi
+        volumeMounts:
+          - name: device-plugin
+            mountPath: /var/lib/kubelet/device-plugins
+          - name: dev-dir
+            mountPath: /dev
+          - name: sys-dir
+            mountPath: /sys
+          {{- if .Values.config }}
+          - name: config
+            mountPath: /root/config
+          {{- end }}
+      volumes:
+        - name: device-plugin
+          hostPath:
+            path: /var/lib/kubelet/device-plugins
+        - name: dev-dir
+          hostPath:
+            path: /dev
+        - name: sys-dir
+          hostPath:
+            path: /sys
+        {{- if .Values.config }}
+        - name: config
+          configMap:
+            name: {{ .Values.application.appName }}
+        {{- end }}
+      terminationGracePeriodSeconds: 30

charts/smarter-device-manager/templates/configmap.yaml

@@ -0,0 +1,9 @@
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.application.appName }}
+data:
+  conf.yaml: |
+  {{- toYaml .Values.config | nindent 4 }}
+{{- end }}

charts/smarter-device-manager/values.yaml

@@ -0,0 +1,57 @@
+#
+
+application:
+  appName: smarter-device-manager
+
+image:
+  repository: ghcr.io/smarter-project/smarter-device-manager
+  # @default -- chart.appVersion
+  tag: ""
+  pullPolicy: IfNotPresent
+
+# If a specific configurations is used it can be provided by uncommenting this lines
+# config:
+#   - devicematch: ^snd$
+#     nummaxdevices: 20
+#   - devicematch: ^gpiomem$
+#     nummaxdevices: 40
+#   - devicematch: ^gpiochip[0-9]*$
+#     nummaxdevices: 20
+#   - devicematch: ^hci[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^i2c-[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^rtc0$
+#     nummaxdevices: 20
+#   - devicematch: ^video[0-9]*$
+#     nummaxdevices: 20
+#   - devicematch: ^vchiq$
+#     nummaxdevices: 20
+#   - devicematch: ^vcsm.*$
+#     nummaxdevices: 20
+#   - devicematch: ^ttyUSB[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^ttyACM[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^ttyTHS[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^ttyS[0-9]*$
+#     nummaxdevices: 1
+#
+
+# This example of configmap allows nitro enclaves to be allocated in a pod
+# config:
+#   - devicematch: ^nitro_enclaves$
+#     nummaxdevices: 1
+#   - devicematch: ^vsock$
+#     nummaxdevices: 1
+#   - devicematch: ^rtc0$
+#     nummaxdevices: 20
+#   - devicematch: ^ttyUSB[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^ttyACM[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^ttyTHS[0-9]*$
+#     nummaxdevices: 1
+#   - devicematch: ^ttyS[0-9]*$
+#     nummaxdevices: 1