Skip to content

fix(sonarqube): align template standards#685

Open
mberlofa wants to merge 1 commit into
mainfrom
fix/sonarqube-template-standards
Open

fix(sonarqube): align template standards#685
mberlofa wants to merge 1 commit into
mainfrom
fix/sonarqube-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

  • keep the Helm test hook under templates/tests so helm test remains functional
  • add networkPolicy.egress.extraEgress and extraManifests support with schema and unit coverage
  • make k3d CI fixtures self-contained for IPv4, external PostgreSQL, External Secrets, and plugin init validation
  • expand NOTES and README coverage for the new operational controls

Validation

  • make validate-chart CHART=sonarqube TIMEOUT=1200: FULLY VALIDATED (18 layers), including k3d behavioral scenarios for default, dual-stack, external-db, external-secrets, gateway-api, hardening, ingress, plugins, and smoke.
  • make site-sync-check CHART=sonarqube
  • make release-check REPO=charts passed with the expected GR-077 post-merge release confirmation warning.
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#363
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added extraManifests support to include additional resources in the release.
    • Enhanced NetworkPolicy egress with networkPolicy.egress.extraEgress and improved conditional egress rendering.
  • Bug Fixes
    • Refined CI configurations for external database and external secrets wiring.
    • Updated CI service networking to use IPv4 single-stack.
  • Documentation
    • Improved README and in-chart notes, including clearer NetworkPolicy/value descriptions.
  • Tests
    • Expanded operations tests to cover extra manifests and NetworkPolicy egress scenarios.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@coderabbitai

coderabbitai Bot commented Jul 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds extraManifests support and networkPolicy.egress.extraEgress handling to the SonarQube chart, updates schema and defaults, rewrites NOTES output, expands README documentation, adjusts operations tests, and updates CI fixture manifests.

Changes

Chart feature updates

Layer / File(s) Summary
Schema and values
charts/sonarqube/values.schema.json, charts/sonarqube/values.yaml
Defines structured networkPolicy.egress fields and adds extraManifests to schema and defaults.
Template rendering
charts/sonarqube/templates/extra-manifests.yaml, charts/sonarqube/templates/networkpolicy.yaml
Adds the extra-manifests template and updates NetworkPolicy rendering to include extraEgress handling.
Operations tests
charts/sonarqube/tests/operations_test.yaml
Expands operations coverage for the extra-manifests template and the NetworkPolicy extraEgress path.
README and NOTES
charts/sonarqube/README.md, charts/sonarqube/templates/NOTES.txt
Documents extra manifests and NetworkPolicy egress options, and rewrites NOTES output sections and labels.

CI fixture updates

Layer / File(s) Summary
Dual-stack service fixture
charts/sonarqube/ci/dual-stack.yaml
Changes the CI service networking configuration from dual-stack to single-stack IPv4-only.
External database fixture
charts/sonarqube/ci/external-db.yaml
Updates the external database JDBC target and adds extraManifests for a PostgreSQL Deployment and Service.
External secrets fixture
charts/sonarqube/ci/external-secrets.yaml
Rewires secret store references and adds extraManifests for a PostgreSQL Deployment and Service.
Plugins fixture
charts/sonarqube/ci/plugins.yaml
Removes the installed plugin and disables the community branch plugin in the CI plugin fixture.

Estimated code review effort: 3 (Moderate) | ~25 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main goal: updating the SonarQube chart to align with template standards.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/sonarqube-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: sonarqube

Framework Score
MITRE + NSA + SOC2 94.44445%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review


P2 Badge Restore the Helm test hook to templates

With this hook manifest moved to chart-root tests/, it is no longer rendered into the installed release: I checked helm help test, which says tests are defined in the chart that was installed, and verified with helm template that top-level tests/ hook files are absent while templates/tests/ hooks are emitted. In any install where users rely on the documented helm test/tests.enabled smoke check, Helm has no connection pod to run, so the status endpoint validation silently disappears.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@mberlofa mberlofa force-pushed the fix/sonarqube-template-standards branch from 5d09110 to b90c025 Compare July 4, 2026 08:42
@mberlofa mberlofa force-pushed the fix/sonarqube-template-standards branch from b90c025 to 9d60f5d Compare July 4, 2026 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant