Add Helm chart and GitLab CI pipeline

- Helm chart with PostgreSQL, MinIO, Redis as optional subcharts
- Production and external infrastructure value files
- HPA, Ingress, and health probe support
- GitLab CI pipeline using Buildah for container builds
- Multi-stage pipeline: test, build, publish

.gitlab-ci.yml

@@ -0,0 +1,92 @@
+stages:
+  - test
+  - build
+  - publish
+
+variables:
+  # Container registry settings
+  REGISTRY: ${CI_REGISTRY}
+  IMAGE_NAME: ${CI_REGISTRY_IMAGE}
+  # Buildah settings
+  STORAGE_DRIVER: vfs
+  BUILDAH_FORMAT: docker
+  BUILDAH_ISOLATION: chroot
+
+.buildah-base:
+  image: quay.io/buildah/stable:latest
+  before_script:
+    - buildah version
+    - buildah login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
+
+# Run Go tests
+test:
+  stage: test
+  image: golang:1.22-alpine
+  before_script:
+    - apk add --no-cache git
+  script:
+    - go mod download
+    - go vet ./...
+    - go test -v -race ./...
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Build container image for merge requests (no push)
+build:
+  stage: build
+  extends: .buildah-base
+  script:
+    - |
+      buildah build \
+        --tag ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} \
+        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
+        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
+        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
+        --layers \
+        --cache-from ${IMAGE_NAME}:latest \
+        .
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+
+# Build and push on main branch
+publish:
+  stage: publish
+  extends: .buildah-base
+  script:
+    - |
+      buildah build \
+        --tag ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} \
+        --tag ${IMAGE_NAME}:${CI_COMMIT_REF_SLUG} \
+        --tag ${IMAGE_NAME}:latest \
+        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
+        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
+        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
+        --layers \
+        --cache-from ${IMAGE_NAME}:latest \
+        .
+    - buildah push ${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}
+    - buildah push ${IMAGE_NAME}:${CI_COMMIT_REF_SLUG}
+    - buildah push ${IMAGE_NAME}:latest
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+# Build and push tagged releases
+publish-release:
+  stage: publish
+  extends: .buildah-base
+  script:
+    - |
+      buildah build \
+        --tag ${IMAGE_NAME}:${CI_COMMIT_TAG} \
+        --tag ${IMAGE_NAME}:latest \
+        --label org.opencontainers.image.source=${CI_PROJECT_URL} \
+        --label org.opencontainers.image.revision=${CI_COMMIT_SHA} \
+        --label org.opencontainers.image.version=${CI_COMMIT_TAG} \
+        --label org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
+        --layers \
+        .
+    - buildah push ${IMAGE_NAME}:${CI_COMMIT_TAG}
+    - buildah push ${IMAGE_NAME}:latest
+  rules:
+    - if: $CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/