diff --git a/.github/workflows/codegen.yaml b/.github/workflows/codegen.yaml
new file mode 100644
index 0000000..0af4aaf
--- /dev/null
+++ b/.github/workflows/codegen.yaml
@@ -0,0 +1,30 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Verify codegen
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+      - 'release*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  required:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: go.mod
+          cache-dependency-path: go.sum
+      - name: Verify codegen
+        run: |
+          set -e
+          make verify-codegen
diff --git a/Makefile b/Makefile
index b5ad157..e5517a0 100644
--- a/Makefile
+++ b/Makefile
@@ -80,6 +80,27 @@ ko-build: $(KO) ## Build image (with ko)
 	@LDFLAGS=$(LD_FLAGS) KOCACHE=$(KO_CACHE) KO_DOCKER_REPO=$(KO_REGISTRY) \
 		$(KO) build . --preserve-import-paths --tags=$(KO_TAGS) --platform=$(LOCAL_PLATFORM)
 
+###########
+# CODEGEN #
+###########
+
+.PHONY: codegen-helm-docs
+codegen-helm-docs: ## Generate helm docs
+	@echo Generate helm docs... >&2
+	@docker run -v ${PWD}/charts:/work -w /work jnorwood/helm-docs:v1.11.0 -s file
+
+.PHONY: codegen
+codegen: ## Rebuild all generated code and docs
+codegen: codegen-helm-docs
+
+.PHONY: verify-codegen
+verify-codegen: codegen ## Verify all generated code and docs are up to date
+	@echo Checking codegen is up to date... >&2
+	@git --no-pager diff -- .
+	@echo 'If this test fails, it is because the git diff is non-empty after running "make codegen".' >&2
+	@echo 'To correct this, locally run "make codegen", commit the changes, and re-run tests.' >&2
+	@git diff --quiet --exit-code -- .
+
 ########
 # KIND #
 ########
diff --git a/charts/policy-reports/README.md b/charts/policy-reports/README.md
new file mode 100644
index 0000000..1dfe0a2
--- /dev/null
+++ b/charts/policy-reports/README.md
@@ -0,0 +1,82 @@
+# policy-reports
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.1](https://img.shields.io/badge/AppVersion-v0.0.1-informational?style=flat-square)
+
+TODO
+
+## Installing the Chart
+
+Add `policy-reports` Helm repository:
+
+```shell
+helm repo add policy-reports https://kyverno.github.io/policy-reports/
+```
+
+Install `policy-reports` Helm chart:
+
+```shell
+helm install policy-reports --namespace policy-reports --create-namespace policy-reports/policy-reports
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| postgresql.enabled | bool | `true` | Deploy postgresql dependency chart |
+| postgresql.auth.postgresPassword | string | `"reports"` |  |
+| postgresql.auth.database | string | `"reportsdb"` |  |
+| nameOverride | string | `""` | Name override |
+| fullnameOverride | string | `""` | Full name override |
+| replicaCount | int | `1` | Number of pod replicas |
+| image.registry | string | `"ghcr.io"` | Image registry |
+| image.repository | string | `"kyverno/policy-reports"` | Image repository |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.tag | string | `nil` | Image tag (will default to app version if not set) |
+| imagePullSecrets | list | `[]` | Image pull secrets |
+| priorityClassName | string | `"system-cluster-critical"` | Priority class name |
+| serviceAccount.create | bool | `true` | Create service account |
+| serviceAccount.annotations | object | `{}` | Service account annotations |
+| serviceAccount.name | string | `""` | Service account name (required if `serviceAccount.create` is `false`) |
+| podAnnotations | object | `{}` | Pod annotations |
+| podSecurityContext | object | `{"fsGroup":2000}` | Pod security context |
+| securityContext | object | See [values.yaml](values.yaml) | Container security context |
+| livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/livez","port":"https","scheme":"HTTPS"},"periodSeconds":10}` | Liveness probe |
+| readinessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/readyz","port":"https","scheme":"HTTPS"},"initialDelaySeconds":20,"periodSeconds":10}` | Readiness probe |
+| resources.limits | string | `nil` | Container resource limits |
+| resources.requests | string | `nil` | Container resource requests |
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.minReplicas | int | `1` | Min number of replicas |
+| autoscaling.maxReplicas | int | `100` | Max number of replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilisation |
+| autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target Memory utilisation |
+| nodeSelector | object | `{}` | Node selector |
+| tolerations | list | `[]` | Tolerations |
+| affinity | object | `{}` | Affinity |
+| service.type | string | `"ClusterIP"` | Service type |
+| service.port | int | `443` | Service port |
+| config.debug | bool | `false` | Enable debug (to use inmemorydatabase) |
+| config.db.host | string | `"policy-reports-postgresql"` | Database host |
+| config.db.name | string | `"reportsdb"` | Database name |
+| config.db.user | string | `"postgres"` | Database user |
+| config.db.password | string | `"reports"` | Database password |
+
+## Source Code
+
+* <https://github.com/kyverno/policy-reports>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 13.4.1 |
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Nirmata | <cncf-kyverno-maintainers@lists.cncf.io> | <https://kyverno.io/> |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/policy-reports/README.md.gotmpl b/charts/policy-reports/README.md.gotmpl
new file mode 100644
index 0000000..ca4ef56
--- /dev/null
+++ b/charts/policy-reports/README.md.gotmpl
@@ -0,0 +1,31 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.badgesSection" . }}
+
+TODO
+
+## Installing the Chart
+
+Add `policy-reports` Helm repository:
+
+```shell
+helm repo add policy-reports https://kyverno.github.io/policy-reports/
+```
+
+Install `policy-reports` Helm chart:
+
+```shell
+helm install policy-reports --namespace policy-reports --create-namespace policy-reports/policy-reports
+```
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "helm-docs.versionFooter" . }}