From 0dfc9cc0932b127407f5d1e702d514b8a5179f4f Mon Sep 17 00:00:00 2001
From: Jumpy Squirrel <jsquirrel_github_9a6d@packetloss.de>
Date: Sat, 10 Aug 2024 19:53:36 +0200
Subject: [PATCH 1/2] feat(#4): support separate find api access config

---
 charts/eurofurence-registration-system/Chart.yaml |  2 +-
 .../templates/configmap.yaml                      |  1 +
 .../tests/configmap_test.yaml                     |  4 ++++
 .../values.schema.json                            | 15 +++++++++++++++
 .../eurofurence-registration-system/values.yaml   |  6 +++++-
 5 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/charts/eurofurence-registration-system/Chart.yaml b/charts/eurofurence-registration-system/Chart.yaml
index 66940f4..423b368 100644
--- a/charts/eurofurence-registration-system/Chart.yaml
+++ b/charts/eurofurence-registration-system/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: eurofurence-registration-system
-version: 0.0.26
+version: 0.0.27
 description: A helm chart that can deploy the Eurofurence Registration System.
 type: application
 home: https://github.com/eurofurence/reg-helm-chart
diff --git a/charts/eurofurence-registration-system/templates/configmap.yaml b/charts/eurofurence-registration-system/templates/configmap.yaml
index 64d5efb..84fd9e6 100644
--- a/charts/eurofurence-registration-system/templates/configmap.yaml
+++ b/charts/eurofurence-registration-system/templates/configmap.yaml
@@ -114,6 +114,7 @@ data:
         allow_origin: '{{ . }}'
         {{- end }}
       require_login_for_reg: {{ .Values.system.components.attendee_service.require_login_for_reg }}
+      find_api_access: {{- .Values.choices.find_api_access | toYaml | nindent 8 }}
     logging:
       severity: {{ .Values.system.logging.severity }}
       style: {{ .Values.system.logging.style }}
diff --git a/charts/eurofurence-registration-system/tests/configmap_test.yaml b/charts/eurofurence-registration-system/tests/configmap_test.yaml
index 88dc38a..708804f 100644
--- a/charts/eurofurence-registration-system/tests/configmap_test.yaml
+++ b/charts/eurofurence-registration-system/tests/configmap_test.yaml
@@ -255,6 +255,10 @@ tests:
               cors:
                 disable: false
               require_login_for_reg: true
+              find_api_access:
+                permissions:
+                - regdesk
+                - sponsordesk
             logging:
               severity: INFO
               style: ecs
diff --git a/charts/eurofurence-registration-system/values.schema.json b/charts/eurofurence-registration-system/values.schema.json
index 66ba70c..f885d57 100644
--- a/charts/eurofurence-registration-system/values.schema.json
+++ b/charts/eurofurence-registration-system/values.schema.json
@@ -1239,6 +1239,21 @@
               }
             }
           }
+        },
+        "find_api_access": {
+          "type": "object",
+          "description": "Configure permissions for the non-admin version of the find attendees API. Used by some on-site UIs and interfaces.",
+          "additionalProperties": false,
+          "properties": {
+            "permissions": {
+              "type": "array",
+              "description": "the list of permissions assigned to an attendee that will allow access to the find attendees api",
+              "items": {
+                "type": "string"
+              },
+              "default": ["regdesk","sponsordesk"]
+            }
+          }
         }
       }
     },
diff --git a/charts/eurofurence-registration-system/values.yaml b/charts/eurofurence-registration-system/values.yaml
index db9432b..78ad2a6 100644
--- a/charts/eurofurence-registration-system/values.yaml
+++ b/charts/eurofurence-registration-system/values.yaml
@@ -182,7 +182,11 @@ choices:
     sponsordesk:
       permissions:
         - sponsordesk
-
+  find_api_access:
+    permissions:
+      # minimum entries required for correct system operation
+      - regdesk
+      - sponsordesk
 # development only - do NOT enable any of this for production, or you'll make the system insecure.
 development:
   cors:

From 3b892ab402ea820808664d6a1898f8835f65fa75 Mon Sep 17 00:00:00 2001
From: Jumpy Squirrel <jsquirrel_github_9a6d@packetloss.de>
Date: Sat, 10 Aug 2024 19:57:30 +0200
Subject: [PATCH 2/2] chore(#4): fix action checkout

---
 .github/workflows/helm-unit-tests.yml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/helm-unit-tests.yml b/.github/workflows/helm-unit-tests.yml
index 3e845e3..fc54e74 100644
--- a/.github/workflows/helm-unit-tests.yml
+++ b/.github/workflows/helm-unit-tests.yml
@@ -12,12 +12,11 @@ jobs:
       contents: read
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        run: 'git clone -b "$BRANCH_OR_TAG_NAME" --depth 1 "$FULL_REPO_URL" app'
-        shell: bash
-        env:
-          FULL_REPO_URL: "https://github.com/${{ github.repository }}"
-          BRANCH_OR_TAG_NAME: ${{ github.ref_name }}
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          path: 'app'
 
       - name: Run Helm Unit Tests
         run: >