Add github workflows to run unit tests and helm lint

[chandrams]

Add github workflows to run unit tests and helm lint

Summary by Sourcery

Add a Helm chart for deploying the Kruize application, including database and UI components, with environment-specific configuration for Kubernetes, OpenShift, and Minikube, and wire it into automated linting and unit testing in CI.

Build:

• Define Helm chart metadata, default values, and schema for packaging Kruize as a reusable Helm chart.

CI:

• Add GitHub Actions workflows to run helm-unittest across value sets and to lint the Helm chart with default, Minikube, and OpenShift values on pushes and pull requests.

Documentation:

• Document Helm-based installation, configuration, and usage of Kruize, including environment-specific guidance and configuration tables.
• Describe how to run helm-unittest-based unit tests for the chart across default, OpenShift, and Minikube values.

Tests:

• Introduce comprehensive helm-unittest suites covering core Kruize, DB, UI, RBAC, storage, cronjobs, monitoring, and network policy templates for default, OpenShift, and Minikube configurations.

[sourcery-ai]

Reviewer's Guide

Introduces a full Kruize Helm chart (templates, values, and tests) for Kubernetes/OpenShift/Minikube along with GitHub Actions workflows to lint the chart and run helm-unittest-based unit tests on pushes and pull requests.

Sequence diagram for GitHub Actions Helm lint and unit test workflows

sequenceDiagram
  actor Dev as Developer
  participant GitHub as GitHub
  participant WF_Lint as Workflow_Helm_Lint
  participant WF_UT as Workflow_Helm_UnitTests
  participant Helm as Helm_CLI
  participant Artifacts as Test_Artifacts

  Dev->>GitHub: Push or PR to main/mvp_demo (charts/kruize/**)
  GitHub->>WF_Lint: Trigger helm-lint workflow
  GitHub->>WF_UT: Trigger helm-unittest workflow

  rect rgb(230,230,230)
    WF_Lint->>WF_Lint: Checkout repository
    WF_Lint->>WF_Lint: Set up Helm v3.13.0
    WF_Lint->>Helm: helm lint charts/kruize (default values)
    WF_Lint->>Helm: helm lint -f values-minikube.yaml (if present)
    WF_Lint->>Helm: helm lint -f values-openshift.yaml (if present)
    WF_Lint->>WF_Lint: Validate chart structure (files/directories)
  end

  rect rgb(230,230,250)
    WF_UT->>WF_UT: Checkout repository
    WF_UT->>WF_UT: Set up Helm v3.13.0
    WF_UT->>Helm: Install helm-unittest plugin
    WF_UT->>Helm: Run helm unittest (default/minikube/openshift tests)
    WF_UT->>Helm: Generate JUnit XML report
    WF_UT->>Helm: Generate HTML report
    WF_UT->>Artifacts: Upload test-results.xml and test-results.html
    WF_UT->>WF_UT: Parse XML summary, fail on 0 tests or failures
  end

Loading

File-Level Changes

Change	Details	Files
Add a production-ready Kruize Helm chart with configurable app, DB, UI, monitoring, RBAC, and storage settings for multiple environments.	Define chart metadata, versions, maintainers, and supported Kubernetes versions. Introduce default, OpenShift, and Minikube-specific values files covering Kruize app, database, UI, cron jobs, monitoring, RBAC, and network policies. Parameterize and template deployment, service, configmap, RBAC, storage, cronjob, ServiceMonitor, and NetworkPolicy resources using helper functions and value-driven configuration. Provide nginx-based UI exposure via dedicated Pod, Service, and configmap templates. Add storage class bootstrap template for a manual StorageClass when not present in the cluster.	charts/kruize/Chart.yaml charts/kruize/values.yaml charts/kruize/values-openshift.yaml charts/kruize/values-minikube.yaml charts/kruize/templates/_helpers.tpl charts/kruize/templates/kruize_deployment.yaml charts/kruize/templates/kruize_service.yaml charts/kruize/templates/kruize_db_deployment.yaml charts/kruize/templates/kruize_db_service.yaml charts/kruize/templates/configmap_kruize.yaml charts/kruize/templates/configmap_nginx.yaml charts/kruize/templates/cronjobs.yaml charts/kruize/templates/role.yaml charts/kruize/templates/rolebinding.yaml charts/kruize/templates/service_account.yaml charts/kruize/templates/service_monitor.yaml charts/kruize/templates/network_policy.yaml charts/kruize/templates/storage_pv.yaml charts/kruize/templates/storage_pvc.yaml charts/kruize/templates/storage_manual.yaml charts/kruize/templates/kruize_ui_nginx_pod.yaml charts/kruize/templates/kruize_ui_nginx_service.yaml
Introduce a comprehensive helm-unittest test suite validating rendered manifests under default, OpenShift, and Minikube value sets.	Document helm-unittest usage, directory layout, and how to run tests for different values files. Add default-values tests for core resources such as deployments, services, configmaps, cronjobs, network policies, service monitors, storage, DB deployment/service, and UI nginx components. Add OpenShift-focused tests validating deployment labels, service account behavior, and RBAC role/rolebinding behavior driven by rbac.create and serviceAccount.create. Add Minikube-focused tests validating use of default service account, disabled RBAC bindings, adjusted storage and DB paths, disabled resources, and Minikube-specific environment values.	charts/kruize/tests/README.md charts/kruize/tests/with-default-values/configmap_test.yaml charts/kruize/tests/with-default-values/cronjobs_test.yaml charts/kruize/tests/with-default-values/kruize_db_deployment_test.yaml charts/kruize/tests/with-default-values/kruize_db_service_test.yaml charts/kruize/tests/with-default-values/kruize_service_test.yaml charts/kruize/tests/with-default-values/kruize_ui_test.yaml charts/kruize/tests/with-default-values/network_policy_test.yaml charts/kruize/tests/with-default-values/service_monitor_test.yaml charts/kruize/tests/with-default-values/storage_test.yaml charts/kruize/tests/with-openshift-values/kruize_deployment_test.yaml charts/kruize/tests/with-openshift-values/rbac_test.yaml charts/kruize/tests/with-minikube-values/kruize_deployment_minikube_test.yaml charts/kruize/tests/with-minikube-values/kruize_db_deployment_minikube_test.yaml charts/kruize/tests/with-minikube-values/network_policy_minikube_test.yaml charts/kruize/tests/with-minikube-values/rbac_minikube_test.yaml charts/kruize/tests/with-minikube-values/service_monitor_minikube_test.yaml charts/kruize/tests/with-minikube-values/storage_minikube_test.yaml
Add GitHub Actions workflows to lint the Helm chart and run Helm unit tests with reporting on pushes and pull requests.	Create a helm-unittest workflow that sets up Helm, installs the helm-unittest plugin, runs tests across all three value profiles, and emits JUnit and HTML reports as artifacts, with a summary and gate on failures or zero tests. Create a helm-lint workflow that runs helm lint against default, Minikube, and OpenShift values and validates the chart folder structure (required files present), with a final summary. Configure workflow triggers on main and mvp_demo branches for both push and PR events, scoped to chart and workflow file path changes, plus manual workflow_dispatch.	.github/workflows/helm-unittest.yaml .github/workflows/helm-lint.yaml
Add user-facing documentation and top-level repo wiring for the chart.	Provide a detailed chart README describing installation flows for OpenShift, Minikube, and generic Kubernetes, along with a full configuration options table and example custom values. Add a root README that points to the chart README and include license stubs within the chart directory to support Helm packaging expectations. Introduce schema and ignore files to support chart validation and packaging.	charts/kruize/README.md charts/kruize/tests/README.md charts/kruize/.helmignore charts/kruize/LICENSE charts/kruize/values.schema.json README.md LICENSE

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 3 issues, and left some high level feedback:

• In kruize_db_deployment.yaml, the labels: block under the pod template has a tab-based indentation before {{- include "kruize.selectorLabels" . | nindent 8 }}, which will produce invalid YAML; switch to spaces and align the helper call correctly under labels:.
• The storage_manual.yaml template relies on lookup against a cluster-scoped StorageClass (manual), which breaks helm template/lint in environments without live cluster access; consider gating creation with a value flag instead of lookup, or documenting that this StorageClass must be managed outside the chart.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `kruize_db_deployment.yaml`, the `labels:` block under the pod template has a tab-based indentation before `{{- include "kruize.selectorLabels" . | nindent 8 }}`, which will produce invalid YAML; switch to spaces and align the helper call correctly under `labels:`.
- The `storage_manual.yaml` template relies on `lookup` against a cluster-scoped `StorageClass` (`manual`), which breaks `helm template`/lint in environments without live cluster access; consider gating creation with a value flag instead of `lookup`, or documenting that this StorageClass must be managed outside the chart.

## Individual Comments

### Comment 1
<location path="charts/kruize/templates/kruize_db_deployment.yaml" line_range="20" />
<code_context>
+  template:
+    metadata:
+      labels:
+	{{- include "kruize.selectorLabels" . | nindent 8 }}
+        app: {{ $fullName }}-db
+    spec:
</code_context>
<issue_to_address>
**issue (bug_risk):** Tab indentation here will produce invalid YAML in the rendered manifest.

YAML does not allow tab characters for indentation, so this tab will make the manifest invalid and be rejected by `helm template` / `kubectl`. Please replace it with spaces matching the surrounding indentation.
</issue_to_address>

### Comment 2
<location path="charts/kruize/templates/role.yaml" line_range="8-10" />
<code_context>
+metadata:
+  name: {{ $fullName }}-recommendation-updater
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - customresourcedefinitions
</code_context>
<issue_to_address>
**issue (bug_risk):** Granting `customresourcedefinitions` under the core API group is invalid and may cause RBAC validation errors.

Here `apiGroups: ["""]` with `resources: ["pods", "customresourcedefinitions"]` is invalid because `customresourcedefinitions` belong to `apiextensions.k8s.io`, not the core group. Since you already grant `apiextensions.k8s.io/customresourcedefinitions` in a separate rule, this entry is both wrong and redundant. Please remove `customresourcedefinitions` here and keep only `pods` to avoid RBAC validation issues.
</issue_to_address>

### Comment 3
<location path=".github/workflows/helm-unittest.yaml" line_range="31" />
<code_context>
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Helm
</code_context>
<issue_to_address>
**issue (bug_risk):** The specified major versions for some GitHub Actions do not exist and will cause the workflow to fail.

`actions/checkout@v6` and `actions/upload-artifact@v7` are not published (current latest major for both is v4), so the workflow will fail when resolving these actions. Please update to existing versions (e.g. `actions/checkout@v4` / `actions/upload-artifact@v4`) or pin to specific SHAs so the workflow can run successfully.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Tab indentation here will produce invalid YAML in the rendered manifest.

YAML does not allow tab characters for indentation, so this tab will make the manifest invalid and be rejected by helm template / kubectl. Please replace it with spaces matching the surrounding indentation.

[sourcery-ai]

issue (bug_risk): Granting customresourcedefinitions under the core API group is invalid and may cause RBAC validation errors.

Here apiGroups: ["""] with resources: ["pods", "customresourcedefinitions"] is invalid because customresourcedefinitions belong to apiextensions.k8s.io, not the core group. Since you already grant apiextensions.k8s.io/customresourcedefinitions in a separate rule, this entry is both wrong and redundant. Please remove customresourcedefinitions here and keep only pods to avoid RBAC validation issues.

[sourcery-ai]

issue (bug_risk): The specified major versions for some GitHub Actions do not exist and will cause the workflow to fail.

actions/checkout@v6 and actions/upload-artifact@v7 are not published (current latest major for both is v4), so the workflow will fail when resolving these actions. Please update to existing versions (e.g. actions/checkout@v4 / actions/upload-artifact@v4) or pin to specific SHAs so the workflow can run successfully.