Skip to content

fix(opencut): align template standards#683

Open
mberlofa wants to merge 1 commit into
mainfrom
fix/opencut-template-standards
Open

fix(opencut): align template standards#683
mberlofa wants to merge 1 commit into
mainfrom
fix/opencut-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

  • keep the Helm test hook under templates/tests so helm test remains functional
  • add networkPolicy.extraEgress support with schema and unit coverage
  • fix k3d IPv4-only CI values for the local validation cluster
  • expand NOTES and README coverage for the operational controls

Validation

  • make validate-chart CHART=opencut TIMEOUT=900: FULLY VALIDATED (12 layers), including k3d behavioral scenarios for default, ci/ci-values.yaml, and ci/k3d-values.yaml.
  • k3d observed only transient resource metrics warnings in a healthy workload; validator accepted them as justified.
  • make site-sync-check CHART=opencut
  • make release-check REPO=charts passed with the expected GR-077 post-merge release confirmation warning.
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#361
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added networkPolicy.extraEgress to append additional custom egress rules while keeping the existing DNS/database/Redis-over-HTTP/HTTPS egress behavior.
  • Documentation
    • Updated deployment notes formatting and revised the security scan status wording.
    • Documented networkPolicy networking configuration guidance.
  • CI / Configuration
    • Updated chart networking to IPv4-only (single-stack) for CI.
    • Extended the values schema and default values to support extraEgress.
  • Tests
    • Added a network policy test for “extra web egress”.
    • Removed the previous Helm connection test.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds NetworkPolicy extraEgress support to the OpenCut chart, updates the README and tests, reformats NOTES.txt into numbered sections, and switches CI service networking to IPv4-only.

Changes

NetworkPolicy extraEgress feature

Layer / File(s) Summary
Schema and default values for extraEgress
charts/opencut/values.schema.json, charts/opencut/values.yaml
Adds extraEgress array definitions to the networkPolicy schema and default values.
Template rendering and test coverage for extraEgress
charts/opencut/templates/networkpolicy.yaml, charts/opencut/tests/networkpolicy_test.yaml
Renders extraEgress in the NetworkPolicy egress spec and adds a test covering the appended rule alongside default DNS egress.
README documentation for extraEgress and security scan formatting
charts/opencut/README.md
Adds a NetworkPolicy example with extraEgress and updates the security scan section wording and formatting.

Chart Maintenance

Layer / File(s) Summary
NOTES.txt numbered section restructuring
charts/opencut/templates/NOTES.txt
Replaces unnumbered NOTES headings with numbered sections while keeping the same access, service, database, redis, operations, reminders, and documentation content.
CI IPv4-only service networking
charts/opencut/ci/ci-values.yaml
Changes CI service networking from dual-stack preference to SingleStack IPv4-only.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately reflects the main chart-standard alignment changes in opencut.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/opencut-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: opencut

Framework Score
MITRE + NSA + SOC2 92.85353%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review


P2 Badge Keep the Helm test hook under templates/

When users install the chart and run helm test, this hook will no longer be available because the manifest was moved out of templates/tests/ into the chart's top-level tests/ directory. Helm's chart docs specify that templates/ is the directory whose files are rendered into Kubernetes manifests, while other files are left as chart files (https://helm.sh/docs/topics/charts/#the-chart-file-structure), so this Pod is now just packaged as an ordinary file and the documented smoke test in NOTES/production docs becomes a no-op.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@mberlofa mberlofa force-pushed the fix/opencut-template-standards branch from 6e236e4 to 7c1297c Compare July 4, 2026 08:55
@mberlofa mberlofa force-pushed the fix/opencut-template-standards branch from 7c1297c to 287c1ac Compare July 4, 2026 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant