Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions charts/fleet/templates/vulnprocessing/cronjob.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ metadata:
release: {{ .Release.Name }}
name: fleet-vulnprocessing
namespace: {{ .Release.Namespace }}
{{- with .Values.vulnProcessing.annotations }}
annotations:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
Comment on lines +12 to +15

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Add OPENFRAME sentinel comments around the fork-added annotations block.

Per the coding guidelines, fork edits in YAML files must be wrapped in # >>> OPENFRAME(<slug>): <why> — openframe/docs/<doc>.md / # <<< OPENFRAME(<slug>) sentinel comments. Other fork additions in this file (e.g., lines 17–23, 41–78, 81–87) follow this convention, but the new annotations block does not.

As per coding guidelines: **/*.yaml: Fork edits in YAML configuration files must be wrapped in sentinel comments with the format # >>> OPENFRAME(<slug>): <why> — openframe/docs/<doc>.md followed by fork code, then # <<< OPENFRAME(<slug>).

📝 Proposed fix
+  # >>> OPENFRAME(vuln-persistence): fork-added CronJob annotations passthrough — openframe/docs/helm-chart.md
   {{- with .Values.vulnProcessing.annotations }}
   annotations:
     {{- toYaml . | trim | nindent 4 }}
   {{- end }}
+  # <<< OPENFRAME(vuln-persistence)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
{{- with .Values.vulnProcessing.annotations }}
annotations:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
# >>> OPENFRAME(vuln-persistence): fork-added CronJob annotations passthrough — openframe/docs/helm-chart.md
{{- with .Values.vulnProcessing.annotations }}
annotations:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
# <<< OPENFRAME(vuln-persistence)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/fleet/templates/vulnprocessing/cronjob.yaml` around lines 12 - 15,
Wrap the annotations block under the Helm `with
.Values.vulnProcessing.annotations` directive with matching OPENFRAME sentinel
comments, using a unique slug, a concise reason, and the applicable
`openframe/docs/<doc>.md` reference before the block, then close it afterward.

Source: Coding guidelines

spec:
# >>> OPENFRAME(vuln-persistence): optional namespace-derived hourly stagger — openframe/docs/helm-chart.md
{{- if .Values.vulnProcessing.staggerSchedule }}
Expand Down
5 changes: 5 additions & 0 deletions charts/fleet/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,11 @@ vulnProcessing:
# When true, `schedule` is ignored and the job runs hourly at a minute derived
# from the release namespace, so tenants sharing a cluster don't all fire at :00.
staggerSchedule: false
# Extra annotations for the CronJob object. Argo CD users: set
# argocd.argoproj.io/ignore-healthcheck: "true" — the built-in CronJob health
# check marks it Degraded after a single failed run until the next success,
# which otherwise degrades the whole Application (argo-cd issue #24429).
annotations: {}
# Persist FLEET_VULNERABILITIES_DATABASES_PATH (/tmp/vuln) across runs so each
# run only fetches feed deltas instead of the full ~800MB. Requires dedicated=true.
persistence:
Expand Down
Loading