fix(langflow): align template standards#670
Conversation
📝 WalkthroughWalkthroughThis PR updates the Langflow Helm chart by bumping the default image tag to 1.10.1, centralizing validation, making ingress class rendering conditional, adding NetworkPolicy egress support, and expanding the chart README and install notes. ChangesLangflow chart validation, networking, and label fixes
Estimated code review effort: 3 (Moderate) | ~25 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Standards Check (GR-079) — PASSEvery changed chart fully passes standards-check. |
🟢 Security Scan:
|
| Framework | Score |
|---|---|
| MITRE + NSA + SOC2 | 75.757576% |
✅ Security posture acceptable.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7346f16d05
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@charts/langflow/templates/networkpolicy.yaml`:
- Line 3: The network policy template currently gates the baseline Egress rules
on .Values.networkPolicy.extraEgress being non-empty, so an empty list renders
ingress-only policy. Update charts/langflow/templates/networkpolicy.yaml so the
default DNS/HTTPS egress rules are always included whenever networkPolicy is
enabled, and treat extraEgress as additive rather than a شرط for rendering
Egress. Add or adjust a test around the NetworkPolicy rendering path to cover
the empty-list case and verify egress is still present.
In `@charts/langflow/templates/NOTES.txt`:
- Around line 12-19: The runtime env hints in NOTES are hardcoded and can become
stale when app.env or extraEnv overrides those names. Update the NOTES template
to render LANGFLOW_SAVE_DB_IN_CONFIG_DIR and LANGFLOW_OPEN_BROWSER from the same
values source used by the chart, or remove those hints entirely if they cannot
be derived reliably. Use the NOTES template and the app.env/extraEnv rendering
logic as the reference points when making the change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: a3c6519a-2a4d-4ba7-9e27-0a27c0a440fa
📒 Files selected for processing (12)
charts/langflow/README.mdcharts/langflow/templates/NOTES.txtcharts/langflow/templates/_helpers.tplcharts/langflow/templates/deployment.yamlcharts/langflow/templates/ingress.yamlcharts/langflow/templates/networkpolicy.yamlcharts/langflow/templates/validate.yamlcharts/langflow/tests/networkpolicy_test.yamlcharts/langflow/tests/templates_test.yamlcharts/langflow/tests/validation_test.yamlcharts/langflow/values.schema.jsoncharts/langflow/values.yaml
7346f16 to
e36676b
Compare
e36676b to
7959594
Compare
Summary
networkPolicy.enabled=true, with scoped configurable DNS peers, built-in HTTPS allowance, and additivenetworkPolicy.extraEgress.Related
Validation
helm template test charts/langflow --set networkPolicy.enabled=true | rg -n "policyTypes|Egress|kube-system|kube-dns|port: 53|port: 443"helm unittest charts/langflow(20 tests, 6 suites)make template-standards-check CHART=langflownode scripts/charts/validate-chart.js --chart langflow --no-k3dmake validate-chart CHART=langflow TIMEOUT=900(FULLY VALIDATED, 17 layers)make site-sync-check CHART=langflowmake release-check REPO=charts(expected GR-077 post-merge release warning)make attribution-check REPO=chartsSummary by CodeRabbit
networkPolicyDNS allow-listing viadnsEgressPeers.networkPolicy.extraEgressto append additional outbound rules after the built-in DNS and HTTPS allowances.ingressClassNameis now omitted when unset or intentionally blank.1.10.1.