fix(generic): align template standards#667
Conversation
📝 WalkthroughWalkthroughThis PR updates generic chart networking and ingress rendering, extracts Helm validation into a helper template, changes PDB selection to preserve explicit zero values, and fixes an ExternalSecret test template reference. Related docs, values, schema, and tests were updated. ChangesGeneric chart updates
Estimated code review effort: 3 (Moderate) | ~25 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Standards Check (GR-079) — PASSEvery changed chart fully passes standards-check. |
🟢 Security Scan:
|
| Framework | Score |
|---|---|
| MITRE + NSA + SOC2 | 75.757576% |
✅ Security posture acceptable.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 00e8a1d2b6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@charts/generic/templates/_helpers.tpl`:
- Around line 370-391: The validation in _helpers.tpl only checks the DNS-1123
name shape for containers, jobs, cronjobs, and configMaps, but it does not
enforce the 63-character maximum. Update the existing validation blocks that use
$namePattern and fail messages so they also reject .name values longer than 63
characters, keeping the checks alongside the current regexMatch logic for each
range.
- Around line 400-404: The PDB validation and rendering logic is treating
numeric 0 as unset because it relies on truthiness checks in the _helpers.tpl
PDB guard and in the pdb.yaml template. Update the checks around
.Values.pdb.minAvailable and .Values.pdb.maxUnavailable to use explicit presence
detection instead of not/truthy tests, and apply the same approach where the PDB
fields are emitted so a valid 0 is preserved and rendered correctly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 2dad990a-c7f2-495e-8729-66ec05423786
📒 Files selected for processing (12)
charts/generic/README.mdcharts/generic/docs/security.mdcharts/generic/templates/_helpers.tplcharts/generic/templates/externalsecret.yamlcharts/generic/templates/ingress.yamlcharts/generic/templates/networkpolicy.yamlcharts/generic/templates/validate.yamlcharts/generic/tests/externalsecret_test.yamlcharts/generic/tests/ingress_test.yamlcharts/generic/tests/security_test.yamlcharts/generic/values.schema.jsoncharts/generic/values.yaml
4b2b9c2 to
31cf7c0
Compare
Summary
ingressClassNamerendering so empty values omitspec.ingressClassNameexternalsecret.yamlnamenetworkPolicy.extraEgresssupport with schema and unit coverage, and centralize validation through the chart validate helperValidation
Site PR: helmforgedev/site#345
Issue: #633
Summary by CodeRabbit
networkPolicy.extraEgressto append egress rules and include theEgresspolicy type when applicable.spec.ingressClassNamewheningress.ingressClassNameis set to"".networkPolicyguidance fordefaultDenyandextraEgress.minAvailable/maxUnavailablebased on key presence (so0is handled correctly).