Skip to content

fix(cronicle): align template validation standards#656

Merged
mberlofa merged 2 commits into
mainfrom
fix/cronicle-template-standards
Jul 6, 2026
Merged

fix(cronicle): align template validation standards#656
mberlofa merged 2 commits into
mainfrom
fix/cronicle-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add centralized cronicle values validation through templates/validate.yaml
  • add helm-unittest coverage for secret, ingress, and selector-label guardrails
  • preserve hostless catch-all Ingress rendering by omitting spec.rules[].host when unset

Validation

  • make template-standards-check CHART=cronicle
  • helm unittest charts/cronicle
  • helm lint --strict charts/cronicle
  • make standards-check CHART=cronicle
  • make validate-chart CHART=cronicle TIMEOUT=900: FULLY VALIDATED (12 layers)
  • make site-sync-check CHART=cronicle
  • make release-check REPO=charts
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#335
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added render-time chart validation to fail fast on invalid configuration (e.g., missing required secret settings, missing Ingress hosts, and conflicting pod label configuration).
    • Added support for “hostless” Ingress rules by omitting the host field when no host is provided.
  • Bug Fixes
    • Prevented podLabels from overriding the chart’s selector label keys.
  • Tests
    • Added Ingress coverage for hostless catch-all behavior.
    • Added a validation test suite for both passing and failing scenarios.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 11222a8f-6ffe-4f14-a132-0fa79a92497d

📥 Commits

Reviewing files that changed from the base of the PR and between ec3018b and 4f51831.

📒 Files selected for processing (1)
  • charts/cronicle/templates/_helpers.tpl
🚧 Files skipped from review as they are similar to previous changes (1)
  • charts/cronicle/templates/_helpers.tpl

📝 Walkthrough

Walkthrough

Adds a render-time validation helper for secret, ingress, and pod label checks, wires it through a new template, and updates ingress host rendering to allow hostless rules. Adds tests for validation failures and hostless ingress output.

Changes

Cronicle Chart Standards Alignment

Layer / File(s) Summary
Validation helper and wiring
charts/cronicle/templates/_helpers.tpl, charts/cronicle/templates/validate.yaml, charts/cronicle/tests/validation_test.yaml
New cronicle.validate helper enforces secret, ingress-hosts, and podLabels rules via fail; a new template includes it; validation tests cover pass and fail cases.
Conditional ingress host rendering
charts/cronicle/templates/ingress.yaml, charts/cronicle/tests/ingress_test.yaml
Ingress rule host rendering now skips empty hosts and preserves quoted host values; a test verifies hostless catch-all rules render without host.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main goal of adding centralized Helm template validation and related guardrails for the Cronicle chart.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/cronicle-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: cronicle

Framework Score
MITRE + NSA + SOC2 72.72727%

✅ Security posture acceptable.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
charts/cronicle/templates/_helpers.tpl (1)

46-59: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Guardrails look correct; selector-key list duplicates cronicle.selectorLabels.

The three checks (secret dependency, ingress hosts, podLabels vs. selector keys) are logically sound and align with the downstream consumers (secret.yaml, ingress.yaml, deployment.yaml). One maintainability note: the app.kubernetes.io/name / app.kubernetes.io/instance key list at Lines 54 is hardcoded separately from whatever cronicle.selectorLabels actually defines. If that helper is ever extended with another selector key, this guard will silently miss it.

Consider deriving the guarded key set from cronicle.selectorLabels output (e.g., via fromYaml (include "cronicle.selectorLabels" .)) so the two stay in sync automatically.

♻️ Example approach
-{{- range $key, $_ := .Values.podLabels -}}
-{{- if or (eq $key "app.kubernetes.io/name") (eq $key "app.kubernetes.io/instance") -}}
-{{- fail (printf "podLabels must not override selector label %q" $key) -}}
-{{- end -}}
-{{- end -}}
+{{- $selectorKeys := fromYaml (include "cronicle.selectorLabels" .) -}}
+{{- range $key, $_ := .Values.podLabels -}}
+{{- if hasKey $selectorKeys $key -}}
+{{- fail (printf "podLabels must not override selector label %q" $key) -}}
+{{- end -}}
+{{- end -}}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/cronicle/templates/_helpers.tpl` around lines 46 - 59, The podLabels
selector-key guard in cronicle.validate is duplicating the selector label list
instead of reusing cronicle.selectorLabels, so it can drift when selector keys
change. Update the validation logic to derive the blocked keys from the
cronicle.selectorLabels helper output and compare podLabels against that set,
keeping the guard aligned automatically with any future selector label
additions.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@charts/cronicle/templates/_helpers.tpl`:
- Around line 46-59: The podLabels selector-key guard in cronicle.validate is
duplicating the selector label list instead of reusing cronicle.selectorLabels,
so it can drift when selector keys change. Update the validation logic to derive
the blocked keys from the cronicle.selectorLabels helper output and compare
podLabels against that set, keeping the guard aligned automatically with any
future selector label additions.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 75ac9922-804f-40df-860a-8aac58b2a3c5

📥 Commits

Reviewing files that changed from the base of the PR and between 870b4c7 and 33ad17f.

📒 Files selected for processing (5)
  • charts/cronicle/templates/_helpers.tpl
  • charts/cronicle/templates/ingress.yaml
  • charts/cronicle/templates/validate.yaml
  • charts/cronicle/tests/ingress_test.yaml
  • charts/cronicle/tests/validation_test.yaml

@mberlofa mberlofa force-pushed the fix/cronicle-template-standards branch from 33ad17f to ec3018b Compare July 4, 2026 16:18
@mberlofa

mberlofa commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Addressed the CodeRabbit review-summary nitpick for selector-label validation.

Change:

  • Updated cronicle.validate to derive the blocked podLabels keys from cronicle.selectorLabels via fromYaml, instead of duplicating the selector key names in the validation guard.
  • Normalized podLabels with default dict before checking keys.

Validation:

  • make validate-chart CHART=cronicle passed
  • Result: cronicle: FULLY VALIDATED (12 layers), including all k3d GR-027 scenarios
  • make release-check REPO=charts passed with only the expected post-merge release confirmation warning
  • make attribution-check REPO=charts passed
  • git diff --check passed

Note: this CodeRabbit item was posted in the review summary/body, not as an active review thread, so there is no thread ID to reply to or resolve for it.

@mberlofa mberlofa merged commit be6130a into main Jul 6, 2026
17 checks passed
@mberlofa mberlofa deleted the fix/cronicle-template-standards branch July 6, 2026 08:27
mberlofa added a commit to helmforgedev/site that referenced this pull request Jul 6, 2026
## Summary
- add cronicle to the Helm values playground eligibility map required by
the chart sync check

## Validation
- make site-sync-check CHART=cronicle
- npm run lint
- npm run format:check
- npm run build
- make release-check REPO=site
- make attribution-check REPO=site

Chart PR: helmforgedev/charts#656
Issue: helmforgedev/charts#633

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for the `cronicle` chart in the playground’s sync/config
selection, making it available alongside other eligible chart slugs.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant