Skip to content

fix(changedetection): align template standards#650

Merged
mberlofa merged 2 commits into
mainfrom
fix/changedetection-template-standards
Jul 6, 2026
Merged

fix(changedetection): align template standards#650
mberlofa merged 2 commits into
mainfrom
fix/changedetection-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add the canonical changedetection.validate helper and validate.yaml gate
  • validate ingress, Gateway API, External Secrets, and selector label override combinations before rendering broken manifests
  • add helm-unittest coverage for validation failures and align NOTES.txt with numbered sections

Validation

  • make template-standards-check CHART=changedetection
  • helm unittest charts/changedetection
  • helm lint --strict charts/changedetection
  • make standards-check CHART=changedetection
  • make validate-chart CHART=changedetection TIMEOUT=900: FULLY VALIDATED (15 layers)
  • make site-sync-check CHART=changedetection
  • make release-check REPO=charts
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#330 (merged)
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added Helm chart validation to fail fast on common misconfigurations (ingress hosts, gateway parent references, external secret store settings, and restricted selector label overrides).
  • Bug Fixes
    • Improved Ingress rendering so spec.rules[].host is omitted when no host is provided, while still producing a valid catch-all rule.
  • Documentation
    • Refreshed post-install notes with clearer numbered sections and reorganized routing/external secrets guidance.
  • Tests
    • Added validation and Ingress test coverage for both success cases and specific expected failure messages.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 07771c83-da51-4fd3-9dec-e0c6a7cde739

📥 Commits

Reviewing files that changed from the base of the PR and between a287a19 and 5a5ff8d.

📒 Files selected for processing (2)
  • charts/changedetection/templates/_helpers.tpl
  • charts/changedetection/tests/validation_test.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
  • charts/changedetection/tests/validation_test.yaml
  • charts/changedetection/templates/_helpers.tpl

📝 Walkthrough

Walkthrough

This PR adds chart-time validation for ingress, gateway, externalSecrets, and podLabels, makes ingress host rendering omit empty hosts, adds tests for those paths, and renumbers NOTES.txt sections.

Changes

Changedetection chart validation

Layer / File(s) Summary
Validation helper logic and entry point
charts/changedetection/templates/_helpers.tpl, charts/changedetection/templates/validate.yaml, charts/changedetection/tests/validation_test.yaml
Adds changedetection.validate with fail checks for ingress hosts, gateway parentRefs, externalSecrets config, and podLabels overrides, wires it through a validate template, and covers the validation cases with Helm tests.
Ingress host rendering and tests
charts/changedetection/templates/ingress.yaml, charts/changedetection/tests/ingress_test.yaml
Makes ingress host emission conditional on a provided host value and adds a hostless ingress test case.

NOTES.txt Section Renumbering

Layer / File(s) Summary
Header renumbering
charts/changedetection/templates/NOTES.txt
Renumbers the chart notes headings and separates routing summary content from the External Secrets subsection.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Helm
  participant validate.yaml
  participant changedetection.validate

  Helm->>validate.yaml: render chart
  validate.yaml->>changedetection.validate: include current context
  changedetection.validate->>changedetection.validate: validate ingress, gateway, externalSecrets, podLabels
  changedetection.validate-->>Helm: fail or continue
Loading
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and broadly matches the PR’s template-validation and standards cleanup work.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/changedetection-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: changedetection

Framework Score
MITRE + NSA + SOC2 87.878784%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9421840e3a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread charts/changedetection/templates/_helpers.tpl Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
charts/changedetection/templates/validate.yaml (1)

1-2: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

yamllint flags this file; consider excluding it from raw YAML linting.

Since this file's raw content is entirely Go template directives (never valid standalone YAML), yamllint understandably fails to parse it. If the yamllint config doesn't already exclude pure-template files, add a targeted disable or glob exclusion for validate.yaml files to avoid recurring false positives in CI.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/changedetection/templates/validate.yaml` around lines 1 - 2, The raw
template in changedetection’s validate.yaml is being parsed by yamllint even
though it is not valid standalone YAML. Update the yamllint configuration to
exclude this pure Go-template file pattern, or add a targeted disable for
validate.yaml so the lint step skips it. Make the change in the lint config
rather than the template itself, and ensure the exclusion covers the
changedetection chart’s validate.yaml files.

Source: Linters/SAST tools

charts/changedetection/templates/_helpers.tpl (1)

69-73: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Use changedetection.selectorLabels in this guard
The chart already defines changedetection.selectorLabels; derive the disallowed keys from that helper instead of hardcoding "app.kubernetes.io/name" and "app.kubernetes.io/instance". That keeps the validation aligned if selector labels change.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/changedetection/templates/_helpers.tpl` around lines 69 - 73, The
podLabels validation in changedetection.selectorLabels is hardcoded to specific
keys, so update the guard in the _helpers.tpl range to derive the forbidden
labels from changedetection.selectorLabels instead of comparing against literal
app.kubernetes.io/name and app.kubernetes.io/instance values. Use the existing
helper to determine which selector labels must not be overridden, and keep the
fail message behavior the same while making the validation follow any future
selector label changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@charts/changedetection/templates/_helpers.tpl`:
- Around line 69-73: The podLabels validation in changedetection.selectorLabels
is hardcoded to specific keys, so update the guard in the _helpers.tpl range to
derive the forbidden labels from changedetection.selectorLabels instead of
comparing against literal app.kubernetes.io/name and app.kubernetes.io/instance
values. Use the existing helper to determine which selector labels must not be
overridden, and keep the fail message behavior the same while making the
validation follow any future selector label changes.

In `@charts/changedetection/templates/validate.yaml`:
- Around line 1-2: The raw template in changedetection’s validate.yaml is being
parsed by yamllint even though it is not valid standalone YAML. Update the
yamllint configuration to exclude this pure Go-template file pattern, or add a
targeted disable for validate.yaml so the lint step skips it. Make the change in
the lint config rather than the template itself, and ensure the exclusion covers
the changedetection chart’s validate.yaml files.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 1ab1fc99-8ca2-407a-a3c7-e3e01e2c2600

📥 Commits

Reviewing files that changed from the base of the PR and between 0d8168f and 9421840.

📒 Files selected for processing (4)
  • charts/changedetection/templates/NOTES.txt
  • charts/changedetection/templates/_helpers.tpl
  • charts/changedetection/templates/validate.yaml
  • charts/changedetection/tests/validation_test.yaml

@mberlofa mberlofa force-pushed the fix/changedetection-template-standards branch from 9421840 to 31178f6 Compare July 3, 2026 04:40
mberlofa added a commit to helmforgedev/site that referenced this pull request Jul 3, 2026
## Summary
- register changedetection in the site sync playground registry
- keep the playground/site sync gate aligned with the chart validation
PR

## Related
- Chart PR: helmforgedev/charts#650
- Issue: helmforgedev/charts#633

## Validation
- make site-sync-check CHART=changedetection
- npm run lint
- npm run format:check
- npm run build
- make release-check REPO=site
- make attribution-check REPO=site

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for the **changedetection** chart in the playground, so
it now appears in chart selection and filtering.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@mberlofa mberlofa force-pushed the fix/changedetection-template-standards branch from 31178f6 to a287a19 Compare July 4, 2026 17:04
@mberlofa

mberlofa commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Addressed the still-valid CodeRabbit review-body nitpick for selector label validation.

Changes:

  • podLabels validation now derives protected keys from changedetection.selectorLabels instead of comparing hardcoded label names.
  • Added coverage for overriding app.kubernetes.io/name in addition to the existing app.kubernetes.io/instance case.

Validation:

  • make validate-chart CHART=changedetection passed
  • Result: changedetection: FULLY VALIDATED (15 layers), including all k3d GR-027 scenarios
  • make release-check REPO=charts passed with only the expected post-merge release confirmation warning
  • make attribution-check REPO=charts passed
  • git diff --check passed

Skipped item:

  • The templates/validate.yaml yamllint note is not actionable in this repository: there is no yamllint configuration or workflow in charts, so adding a new repo-level yamllint config just for a CodeRabbit external-tool false positive would be broader than this PR.

Note: these CodeRabbit items were posted in the review summary/body, not as active review threads, so there are no thread IDs to reply to or resolve for them. The existing inline thread is already resolved.

@mberlofa mberlofa merged commit 7a76c6f into main Jul 6, 2026
17 checks passed
@mberlofa mberlofa deleted the fix/changedetection-template-standards branch July 6, 2026 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:templates area:tests chart:changedetection Issues related to the changedetection chart size:M

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant