chore: Sync helm templates

[peturgq]

...

Attach a link to issue if relevant

What

Specify what you're trying to achieve

Why

Specify why you need to achieve this

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced a new Helm chart template for Kubernetes jobs, including support for ARM architecture.
  • Added templates for Kubernetes Job, PersistentVolumeClaim, ExternalSecret, and ServiceAccount resources.
  • Enhanced CronJob and Deployment configurations with additional environment variables and scheduling options.
  • Added support for Pod Disruption Budgets to enhance application stability.

• Improvements

  • Improved naming logic in Helm templates for better customization.
  • Restructured configuration files to adopt a global context for environment variables and settings, improving clarity and organization.

• Configuration Changes

  • Updated values.yaml to provide more flexible configuration options, including resource limits and security contexts.
  • Introduced global environment variables for various services, streamlining configuration management.
  • Added new namespace permissions to several services, expanding operational scope.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The pull request introduces several modifications to Helm templates in the infra/helm/libs directory. Key changes include enhancements to the naming logic in _helpers.tpl, the addition of ARM-specific configurations in deployment.yaml and cronjob.yaml, and the introduction of a new Pod Disruption Budget template in pdb.yaml. Additionally, several new templates for Kubernetes Job resources, PersistentVolumeClaims, ExternalSecrets, and ServiceAccounts are added in the job-template directory, along with corresponding updates to the values.yaml file for configuration management.

Changes

File Path	Change Summary
infra/helm/libs/api-template/templates/_helpers.tpl	Updated functions api-template.name and api-template.fullname to improve naming logic, allowing direct overrides through .Values.name.
infra/helm/libs/api-template/templates/deployment.yaml	Added ARM architecture support with tolerations and nodeSelector. Introduced new environment variables DD_DBM_PROPAGATION_MODE and DD_PROFILING_ENABLED.
infra/helm/libs/api-template/templates/pdb.yaml	Added a new Helm template for Pod Disruption Budget (PDB) with conditional creation based on chart values.
infra/helm/libs/cronjob-template/templates/cronjob.yaml	Enhanced CronJob template with startingDeadlineSeconds, ARM-specific tolerations, nodeSelector, and ttlSecondsAfterFinished.
infra/helm/libs/cronjob-template/values.yaml	Modified to include startingDeadlineSeconds and other configuration options for CronJob.
infra/helm/libs/job-template/.helmignore	Introduced a new .helmignore file to specify ignored files and directories when building Helm packages.
infra/helm/libs/job-template/Chart.yaml	Created a new Helm chart template for Kubernetes jobs with specified attributes.
infra/helm/libs/job-template/templates/_helpers.tpl	Added several template helper functions for job templates, including job-template.name, job-template.fullname, and others for generating names and labels.
infra/helm/libs/job-template/templates/job.yaml	New template for Kubernetes Job resources with extensive configurability through Helm values.
infra/helm/libs/job-template/templates/pvc.yaml	New template for creating PersistentVolumeClaims (PVCs) with conditional creation based on values.
infra/helm/libs/job-template/templates/secrets.yaml	New template for creating Kubernetes ExternalSecret resources with dynamic generation based on Helm chart values.
infra/helm/libs/job-template/templates/serviceaccount.yaml	New template for Kubernetes ServiceAccount resource with conditional rendering based on chart values.
infra/helm/libs/job-template/values.yaml	Updated to include a new global section with various configuration options, including environment settings, resource management, and service account creation.
infra/helm/libs/cronjob-template/templates/_helpers.tpl	Updated functions cronjob-template.name, cronjob-template.fullname, and cronjob-template.chart to enhance naming logic and flexibility.
infra/helm/libs/cronjob-template/values.global.yaml	Added a new entry for global.image.tag set to debug.
infra/helm/libs/job-template/values.global.yaml	Added a new entry for global.image.tag set to debug.

Possibly related PRs

• infra(services-auth-delegation-api): Grant user-notification-worker access to delegation-api #15912: This PR adds a namespace grant for the user-notification-worker, which is relevant as the main PR also involves modifications to Helm templates that may interact with user notifications.
• fix: added missing grant to auth ids api for user notification #16680: This PR adds a missing grant to the auth IDs API for user notifications, which directly relates to the changes in the main PR that enhance the naming logic for Helm templates, potentially affecting how notifications are processed.
• fix: Add namespace grants for services that need it, but don't have it #16697: This PR adds namespace grants for services that need it, including nginx-ingress-external and user-notification, which aligns with the main PR's focus on improving service configurations and interactions.
• fix(download-service): Grant namespace to bff admin portal #16728: This PR grants a namespace to the bff admin portal, which is relevant as it may interact with the changes made in the main PR regarding service configurations.
• chore(application-system): Increase cpu and mem limit and request to avoid crashloops #16792: This PR increases CPU and memory limits to avoid crash loops, which may relate to the overall stability and performance of services affected by the changes in the main PR.
• chore(application-system): Set initialDelay to 20 seconds #16893: This PR sets the initial delay for health checks, which is relevant for ensuring that services are properly initialized before being marked as ready, potentially impacting the services modified in the main PR.

Suggested labels

automerge, deploy-feature

Suggested reviewers

• robertaandersen
• svanaeinars

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[datadog-island-is]

Datadog Report

All test runs fca7080 🔗

✅ 68 Total Test Services: 0 Failed, 66 Passed
➡️ Test Sessions change in coverage: 200 no change

Test Services

This report shows up to 10 services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
air-discount-scheme-backend	0	0	0	82	0	32.03s	N/A	Link
air-discount-scheme-web	0	0	0	2	0	8.77s	N/A	Link
api	0	0	0	4	0	3.52s	N/A	Link
api-domains-air-discount-scheme	0	0	0	6	0	22.36s	N/A	Link
api-domains-assets	0	0	0	3	0	13.91s	1 no change	Link
api-domains-auth-admin	0	0	0	18	0	14.89s	N/A	Link
api-domains-communications	0	0	0	5	0	37.58s	1 no change	Link
api-domains-criminal-record	0	0	0	5	0	11.06s	1 no change	Link
api-domains-driving-license	0	0	0	23	0	33.03s	N/A	Link
api-domains-education	0	0	0	8	0	23.39s	1 no change	Link

[coderabbitai]

Actionable comments posted: 12

🧹 Outside diff range and nitpick comments (22)

infra/helm/libs/job-template/templates/secrets.yaml (3)

1-2: Consider adding validation for secrets structure

While the template checks for non-empty secrets, it doesn't validate the structure of the secrets map.

Consider adding validation for the secrets structure:

 {{- if .Values.enabled }}
-{{- if not (empty .Values.secrets) }}
+{{- if and (not (empty .Values.secrets)) (kindIs "map" .Values.secrets) }}

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

---

10-16: Review the systemManager backend configuration

The template hardcodes systemManager as the backend type. This might limit reusability across different environments that use different secret backends.

Consider making the backend type configurable through values:

 spec:
-  backendType: systemManager
+  backendType: {{ .Values.secrets.backendType | default "systemManager" }}

---

1-18: Consider adding annotations for secret rotation

To enhance security, consider adding annotations to support secret rotation and lifecycle management.

Add support for refresh interval and other security annotations:

 metadata:
   {{- if .Values.namespace }}
   namespace: {{ .Values.namespace }}
   {{- end }}
   name: {{ include "cronjob-template.fullname" . }}
+  annotations:
+    {{- if .Values.secrets.refreshInterval }}
+    refresh-interval: {{ .Values.secrets.refreshInterval | quote }}
+    {{- end }}

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/job-template/templates/serviceaccount.yaml (2)

7-9: Review namespace handling approach

While the conditional namespace setting is implemented correctly, consider whether this ServiceAccount should always be created in a specific namespace for better isolation and security.

Consider:

1. Documenting the implications of namespace configuration
2. Adding validation for namespace value if it's required
3. Implementing namespace isolation policies

---

1-17: Add documentation for required values

The template requires specific values to be set in values.yaml, but these requirements are not documented.

Add a comment block at the beginning of the file explaining:

{{/* 
Required values:
- .Values.enabled: boolean to enable/disable the entire template
- .Values.serviceAccount.create: boolean to control ServiceAccount creation
- .Values.serviceAccount.annotations: map of annotations (optional)
*/}}

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/job-template/templates/pvc.yaml (2)

14-19: Enhance PVC specification flexibility

Two improvements are needed for better Kubernetes compatibility:

1. Support multiple access modes instead of a single string
2. Make storageClassName optional as per Kubernetes spec

Apply this diff to enhance the template:

 accessModes:
-  - {{ .accessModes }}
+  {{- toYaml .accessModes | nindent 2 }}
 resources:
   requests:
     storage: {{ .size }}
-  storageClassName: {{ .storageClass }}
+  {{- if .storageClass }}
+  storageClassName: {{ .storageClass }}
+  {{- end }}

---

1-22: Add template documentation

Consider adding a comment block at the beginning of the template to document:

1. The purpose of this template
2. Required and optional values
3. Example usage in values.yaml

Add documentation like this at the start of the file:

{{/*
PersistentVolumeClaim template for job-template chart.

Required values:
  - .Values.pvcs[].name: Name of the PVC
  - .Values.pvcs[].accessModes: List of access modes (e.g., ["ReadWriteOnce"])
  - .Values.pvcs[].size: Storage size (e.g., "1Gi")

Optional values:
  - .Values.pvcs[].storageClass: Storage class name
  - .Values.pvcs[].useExisting: Set to true to skip PVC creation

Example values.yaml:
pvcs:
  - name: data-volume
    accessModes: ["ReadWriteOnce"]
    size: 1Gi
    storageClass: standard
*/}}

Note: The YAML syntax error reported by yamllint can be safely ignored as it's a false positive due to Helm templating.

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/api-template/templates/pdb.yaml (3)

1-3: Consider adding namespace validation

While the namespace variable is correctly defined, it's recommended to add validation to ensure the namespace value is provided in the Values.

Add this validation:

{{- $labels := include "api-template.labels" . -}}
-{{- $namespace := $.Values.namespace -}}
+{{- $namespace := required "A valid .Values.namespace entry required!" $.Values.namespace -}}
{{- $serviceName := include "api-template.name" . -}}

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

---

4-11: Enhance template configuration and naming

The template structure is good, but could be improved in a few ways:

1. The PDB suffix could be configurable
2. The conditions could be combined for better readability

Consider this improvement:

-{{- if .Values.enabled }}
-{{- if .Values.podDisruptionBudget }}
+{{- if and .Values.enabled .Values.podDisruptionBudget }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
-  name: {{ $serviceName }}-pdb
+  name: {{ $serviceName }}-{{ .Values.podDisruptionBudget.nameSuffix | default "pdb" }}
   namespace: {{ $namespace }}

---

1-22: Document PDB configuration in values.yaml

To ensure proper cluster availability, it's important to document the PDB configuration options and provide sensible defaults.

Add this to your values.yaml:

podDisruptionBudget:
  enabled: false  # Enable PDB
  # Only one of minAvailable or maxUnavailable should be set
  minAvailable: 1  # Minimum number of pods that must be available
  # maxUnavailable: 1  # Maximum number of pods that can be unavailable
  nameSuffix: "pdb"  # Suffix for PDB name

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/cronjob-template/values.yaml (2)

12-12: Consider documenting the startingDeadlineSeconds field

The startingDeadlineSeconds field is crucial for controlling how CronJobs handle missed or delayed schedules. When set to null, there's no deadline, which might lead to unexpected behavior in production.

Add a comment explaining the implications:

+# Deadline in seconds for starting the job if it misses scheduled time for any reason.
+# Null means no deadline (the job will always be started). Set a value to ensure jobs don't
+# stack up when the controller is down or during deployments.
startingDeadlineSeconds: null

---

Line range hint 25-37: Security contexts should be explicitly defined

The security contexts are currently empty. For production workloads, it's recommended to explicitly define security settings.

Consider applying these security best practices:

podSecurityContext:
-  {}
+  fsGroup: 1000
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000

securityContext:
-  {}
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false

infra/helm/libs/job-template/values.yaml (1)

9-10: Add documentation for required value override

The repository value "defaultmissing" appears to be a placeholder. Consider:

1. Adding a comment explaining this needs to be overridden
2. Making it more obvious this is a required value

 image:
+  # Required: Override this with your container image repository
   repository: defaultmissing

infra/helm/libs/api-template/templates/_helpers.tpl (1)

Line range hint 1-1: Document the new naming behavior in values.yaml.

The new naming logic introduces additional flexibility, but it should be properly documented to guide users.

Please add documentation in the chart's values.yaml file explaining:

• The new .Values.name option
• The precedence order of name overrides (.Values.name > .Values.nameOverride > .Chart.Name)
• Examples of how different combinations of values affect the final name

infra/helm/libs/job-template/templates/_helpers.tpl (3)

5-7: Consider adding DNS subdomain name validation

While the template follows Kubernetes naming length restrictions, consider adding validation to ensure the name complies with DNS subdomain name requirements (RFC 1123):

• Contains only lowercase alphanumeric characters or '-'
• Starts with an alphanumeric character
• Ends with an alphanumeric character

 {{- define "job-template.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- $name := default .Chart.Name .Values.nameOverride | lower | trunc 63 | trimSuffix "-" }}
+{{- if regexMatch "^[a-z0-9][a-z0-9-]*[a-z0-9]$" $name }}
+{{- $name }}
+{{- else }}
+{{- fail (printf "Name %q must consist of lowercase alphanumeric characters or '-', start with an alphanumeric character, and end with an alphanumeric character" $name) }}
+{{- end }}
 {{- end }}

---

30-32: Consider adding semantic version validation

While the template handles basic version formatting, consider adding validation to ensure the chart version follows semantic versioning:

 {{- define "job-template.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- $version := .Chart.Version | replace "+" "_" }}
+{{- if not (regexMatch "^v?(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" $version) }}
+{{- fail (printf "Chart version %q must be a valid semantic version" $version) }}
+{{- end }}
+{{- printf "%s-%s" .Chart.Name $version | trunc 63 | trimSuffix "-" }}
 {{- end }}

---

57-63: Consider adding service account name validation

While the template handles the service account name generation, consider adding validation to ensure the name complies with Kubernetes naming requirements:

 {{- define "job-template.serviceAccountName" -}}
+{{- $name := "" }}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "job-template.fullname" .) .Values.serviceAccount.name }}
+{{- $name = default (include "job-template.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- $name = default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- if not (regexMatch "^[a-z0-9][a-z0-9-]*[a-z0-9]$" $name) }}
+{{- fail (printf "ServiceAccount name %q must consist of lowercase alphanumeric characters or '-', start with an alphanumeric character, and end with an alphanumeric character" $name) }}
 {{- end }}
+{{- $name }}
 {{- end }}

infra/helm/libs/job-template/templates/job.yaml (2)

66-101: Add validation for required environment variables

The template accepts environment variables from multiple sources (global, local, secrets) but lacks validation for required variables. This could lead to silent failures if critical environment variables are missing.

Consider adding validation using Helm's required function for critical environment variables:

        env:
+         {{- if not .Values.global.env.REQUIRED_VAR }}
+         {{- fail "REQUIRED_VAR must be set in global.env" }}
+         {{- end }}
          {{- range $key, $value := .Values.global.env }}

Also, consider documenting the expected environment variables in the values.yaml file:

# values.yaml
env:
  # Required variables
  REQUIRED_VAR: ""  # Description of what this variable is for
  
  # Optional variables
  OPTIONAL_VAR: ""  # Description of what this variable is for

---

132-132: Add validation for restart policy values

The restart policy defaults to "Never" but doesn't validate custom values. Kubernetes only allows specific values for job restart policies: "Never", "OnFailure".

Consider adding validation:

-      restartPolicy: {{ .Values.restartPolicy | default "Never" }}
+      restartPolicy: {{ $policy := .Values.restartPolicy | default "Never" }}
+                     {{- if not (or (eq $policy "Never") (eq $policy "OnFailure")) }}
+                     {{- fail (printf "Invalid restartPolicy: %s. Must be either 'Never' or 'OnFailure'" $policy) }}
+                     {{- end }}
+                     {{ $policy }}

infra/helm/libs/cronjob-template/templates/cronjob.yaml (2)

21-23: Consider adding validation for startingDeadlineSeconds

While the conditional block for startingDeadlineSeconds is correctly implemented, consider adding validation to ensure the value is positive and within reasonable bounds.

  {{- if .Values.startingDeadlineSeconds }}
+ {{- if and (kindIs "float64" .Values.startingDeadlineSeconds) (gt .Values.startingDeadlineSeconds 0) }}
  startingDeadlineSeconds: {{ .Values.startingDeadlineSeconds }}
+ {{- else }}
+ {{- fail "startingDeadlineSeconds must be a positive number" }}
+ {{- end }}
  {{- end }}

---

35-35: Consider making ttlSecondsAfterFinished optional

The ttlSecondsAfterFinished field is always set with a default value. Consider making it optional like other fields for more flexibility.

-      ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished | default 600 }}
+      {{- if or .Values.ttlSecondsAfterFinished (eq (toString .Values.ttlSecondsAfterFinished) "0") }}
+      ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }}
+      {{- end }}

infra/helm/libs/api-template/templates/deployment.yaml (1)

187-188: Review DataDog configuration implications

A few considerations about the DataDog configuration changes:

1. Setting DD_DBM_PROPAGATION_MODE=full enables full SQL query tracking, which might impact performance
2. Disabling profiling (DD_PROFILING_ENABLED=false) while runtime metrics are enabled (DD_RUNTIME_METRICS_ENABLED=true) seems inconsistent

Consider:

• Documenting the performance implications of full DBM propagation mode
• Evaluating if profiling should be enabled in alignment with runtime metrics

Also applies to: 197-198

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 64ad820 and 9dc731a.

📒 Files selected for processing (13)

• infra/helm/libs/api-template/templates/_helpers.tpl (2 hunks)
• infra/helm/libs/api-template/templates/deployment.yaml (4 hunks)
• infra/helm/libs/api-template/templates/pdb.yaml (1 hunks)
• infra/helm/libs/cronjob-template/templates/cronjob.yaml (1 hunks)
• infra/helm/libs/cronjob-template/values.yaml (1 hunks)
• infra/helm/libs/job-template/.helmignore (1 hunks)
• infra/helm/libs/job-template/Chart.yaml (1 hunks)
• infra/helm/libs/job-template/templates/_helpers.tpl (1 hunks)
• infra/helm/libs/job-template/templates/job.yaml (1 hunks)
• infra/helm/libs/job-template/templates/pvc.yaml (1 hunks)
• infra/helm/libs/job-template/templates/secrets.yaml (1 hunks)
• infra/helm/libs/job-template/templates/serviceaccount.yaml (1 hunks)
• infra/helm/libs/job-template/values.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• infra/helm/libs/job-template/.helmignore
• infra/helm/libs/job-template/Chart.yaml

🧰 Additional context used

🪛 yamllint

infra/helm/libs/api-template/templates/pdb.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/job-template/templates/job.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/job-template/templates/pvc.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/job-template/templates/secrets.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

infra/helm/libs/job-template/templates/serviceaccount.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

🔇 Additional comments (11)

infra/helm/libs/job-template/templates/secrets.yaml (1)

3-9: Verify ExternalSecret CRD compatibility

The template uses kubernetes-client.io/v1 API version. Please ensure this matches your cluster's External Secrets Operator version, as newer versions might use external-secrets.io/v1beta1.

infra/helm/libs/job-template/templates/serviceaccount.yaml (1)

11-11: Verify labels template consistency

The template is using cronjob-template.labels helper. Let's verify if this helper exists and is consistent across the templates.

✅ Verification successful

Let me gather more information about the label templates to verify their consistency.

---

Label templates are consistent and correctly used

The cronjob-template.labels helper is correctly defined in the cronjob-template's _helpers.tpl and follows the same structure as other templates (job-template and api-template). All templates include:

• helm.sh/chart label
• selector labels
• app version label
• managed-by label

The usage in serviceaccount.yaml is consistent with other resources in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for label helper template definitions and usage

# Search for label helper template definitions
echo "=== Searching for label helper template definitions ==="
rg -l "_helpers.tpl" infra/helm/libs/
for helper in $(rg -l "_helpers.tpl" infra/helm/libs/); do
  echo "\n=== Content of $helper ==="
  cat "$helper" | grep -A 5 "labels"
done

# Search for label helper usage
echo "\n=== Searching for label helper usage ==="
rg "template.labels" infra/helm/libs/

Length of output: 2360

---

Script:

#!/bin/bash
# Check the content of label helper definitions
echo "=== Content of job-template labels ==="
cat infra/helm/libs/job-template/templates/_helpers.tpl | grep -A 10 "job-template.labels"

echo -e "\n=== Content of cronjob-template labels ==="
cat infra/helm/libs/cronjob-template/templates/_helpers.tpl | grep -A 10 "cronjob-template.labels"

echo -e "\n=== Content of api-template labels ==="
cat infra/helm/libs/api-template/templates/_helpers.tpl | grep -A 10 "api-template.labels"

Length of output: 1531

infra/helm/libs/cronjob-template/values.yaml (1)

Line range hint 15-21: Review resource limits for production workload

The current resource configuration might need adjustment:

1. CPU limit (400m) is 4x the request (100m), which could lead to throttling
2. Memory limit (256Mi) is 2x the request (128Mi), which might be tight for some workloads

Let's analyze similar CronJobs in the cluster:

infra/helm/libs/job-template/values.yaml (1)

6-8: LGTM! Good security practices

Good defaults:

• Job disabled by default prevents accidental execution
• Dedicated service account follows the principle of least privilege

infra/helm/libs/api-template/templates/_helpers.tpl (1)

6-10: LGTM! Verify the name propagation in dependent templates.

The new naming logic is well-structured and maintains backward compatibility while adding flexibility through .Values.name. The implementation correctly handles Kubernetes naming requirements.

Let's verify how this new naming pattern is used across templates:

✅ Verification successful

The name template changes are safe and properly integrated

The new .Values.name override is well integrated across the template library:

• Used consistently in resource naming (configs, secrets, deployment, PDB)
• Properly referenced in labels and selectors
• Correctly propagated to the fullname template which maintains compatibility with the new naming pattern

The implementation maintains backward compatibility while adding the new override option, and all template usages are consistent with the changes.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check usage of the name template across all Helm templates
# Expected: Find all template files that might need to be updated for the new naming pattern

# Search for uses of the name template
rg -t yaml -t tpl 'template.*"api-template\.name"' infra/helm/libs/

Length of output: 97

---

Script:

#!/bin/bash
# Search for uses of the name template without file type restrictions
rg 'template.*"api-template\.name"' infra/helm/libs/

# Also search for potential uses with single quotes
rg "template.*'api-template\.name'" infra/helm/libs/

# Search for any occurrences of api-template.name in case it's used differently
rg 'api-template\.name' infra/helm/libs/

# Let's also check the content of the entire _helpers.tpl file to understand the context better
cat infra/helm/libs/api-template/templates/_helpers.tpl

Length of output: 3408

infra/helm/libs/job-template/templates/_helpers.tpl (4)

1-4: LGTM! Proper file setup with vim modeline.

The vim filetype setting ensures proper syntax highlighting for template files.

---

14-25: LGTM! Well-implemented fullname template.

The template correctly implements the standard Helm chart naming pattern with proper handling of overrides and name composition.

---

37-44: LGTM! Follows Kubernetes labeling best practices.

The template implements all recommended Kubernetes labels as per kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/.

---

49-52: LGTM! Proper implementation of selector labels.

The template correctly implements the minimum required labels for Kubernetes selectors.

infra/helm/libs/job-template/templates/job.yaml (1)

55-65: Add validation for volume configurations

The template mounts volumes from PVCs and ConfigMaps without validating their existence or required configurations. This could lead to runtime failures if the volumes don't exist.

Let's verify the PVC configurations in the cluster:

Consider adding validation for volume configurations:

        volumeMounts:
        {{- if not (empty .Values.pvcs) }}
        {{- range .Values.pvcs}}
+         {{- if not .name }}
+         {{- fail "PVC name is required" }}
+         {{- end }}
+         {{- if not .mountPath }}
+         {{- fail "mountPath is required for PVC" }}
+         {{- end }}
          - mountPath: {{ .mountPath }}
            name: {{ .name }}
        {{- end}}
        {{- end }}

Also applies to: 117-131

infra/helm/libs/api-template/templates/deployment.yaml (1)

58-66: Verify ARM configuration compatibility with existing selectors

The ARM configuration looks correct, but we should verify it doesn't conflict with existing node selectors and tolerations defined in values.yaml.

✅ Verification successful

ARM configuration is compatible with existing node configurations

The implementation is safe because:

• The values.yaml shows empty defaults for nodeSelector: {}, tolerations: [], and affinity: {}
• The deployment.yaml correctly handles both ARM and non-ARM configurations:
  • ARM settings are only applied when .Values.armBetaEnrolled is true
  • Default node selectors and tolerations are applied separately using .Values.nodeSelector and .Values.tolerations
  • The template structure ensures no conflicts between ARM and custom configurations

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for potential conflicts in node selectors and tolerations
fd -e yaml -e yml values.yaml$ | while read -r file; do
  echo "Checking $file for node configurations..."
  yq e '.nodeSelector // .tolerations' "$file"
done

Length of output: 1367

---

Script:

#!/bin/bash
# Let's try a different approach using grep to check for node configurations
echo "Checking api-template values.yaml:"
cat infra/helm/libs/api-template/values.yaml

echo -e "\nChecking for existing nodeSelector or tolerations in deployment.yaml:"
cat infra/helm/libs/api-template/templates/deployment.yaml | grep -A 5 -B 5 'nodeSelector\|tolerations'

Length of output: 3205

[coderabbitai]

🛠️ Refactor suggestion

Add validation for required PVC configuration values

The template should validate that required PVC configuration values (name, accessModes, size, storageClass) are provided before attempting to create the resource.

Add validation like this at the start of the range loop:

 {{- range .Values.pvcs }}
+{{- if not .name }}
+{{- fail "PVC name must be provided" }}
+{{- end }}
+{{- if not .accessModes }}
+{{- fail "PVC accessModes must be provided" }}
+{{- end }}
+{{- if not .size }}
+{{- fail "PVC size must be provided" }}
+{{- end }}
+{{- if not .storageClass }}
+{{- fail "PVC storageClass must be provided" }}
+{{- end }}
 {{- if not .useExisting }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if .Values.enabled }}
	{{- range .Values.pvcs }}
	{{- if not .useExisting }}
	{{- if .Values.enabled }}
	{{- range .Values.pvcs }}
	{{- if not .name }}
	{{- fail "PVC name must be provided" }}
	{{- end }}
	{{- if not .accessModes }}
	{{- fail "PVC accessModes must be provided" }}
	{{- end }}
	{{- if not .size }}
	{{- fail "PVC size must be provided" }}
	{{- end }}
	{{- if not .storageClass }}
	{{- fail "PVC storageClass must be provided" }}
	{{- end }}
	{{- if not .useExisting }}

[coderabbitai]

⚠️ Potential issue

Add validation for PDB configuration

The current implementation allows both minAvailable and maxUnavailable to be set simultaneously, which could lead to confusion. Additionally, the selector could be more flexible.

Consider these improvements:

spec:
{{- if hasKey .Values.podDisruptionBudget "minAvailable" }}
+{{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
+{{- fail "Cannot set both minAvailable and maxUnavailable in PDB" }}
+{{- end }}
  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ $serviceName }}
+      {{- include "api-template.selectorLabels" . | nindent 6 }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if hasKey .Values.podDisruptionBudget "minAvailable" }}
	minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
	{{- end }}
	{{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
	maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
	{{- end }}
	selector:
	matchLabels:
	app.kubernetes.io/name: {{ $serviceName }}
	{{- if hasKey .Values.podDisruptionBudget "minAvailable" }}
	{{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
	{{- fail "Cannot set both minAvailable and maxUnavailable in PDB" }}
	{{- end }}
	minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
	{{- end }}
	{{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
	maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
	{{- end }}
	selector:
	matchLabels:
	{{- include "api-template.selectorLabels" . | nindent 6 }}

[coderabbitai]

💡 Codebase verification

Resource specifications need alignment with HPA configuration

The resource specifications appear inconsistent with the HPA configuration:

• CPU target utilization is set to 70% in HPA
• Current CPU limit (400m) and request (100m) seem arbitrary
• Same resource values are copy-pasted across job, cronjob, and api templates without workload consideration
• No documentation exists explaining the resource choices

Recommendations:

• Document the rationale for CPU/memory values
• Align CPU requests/limits with HPA's target utilization (70%)
• Consider different resource profiles for job/cronjob vs api workloads
• Remove the "Research" comment after proper investigation

🔗 Analysis chain

Review resource specifications and document rationale

1. The "Research" comment suggests CPU limits need investigation
2. Resource values seem arbitrary without context about the workload
3. Consider documenting:
   • Expected resource consumption patterns
   • How these values were determined
   • Recommendations for different workload sizes

---

Let me search for any documentation or configuration files that might provide context about these resource specifications.

---

Let me check the HPA (Horizontal Pod Autoscaler) configuration and any performance-related settings in the found files to understand if there's any correlation with the resource specifications.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for similar resource specifications in other job templates
rg -A 5 "cpu: 400m" infra/helm/libs/

Length of output: 1111

---

Script:

#!/bin/bash
# Search for documentation about resource specifications
rg -i -g '*.{md,yaml,yml}' -B2 -A2 'resource|cpu|memory' 'infra/helm/libs/**/README*'

# Search for comments or documentation in template files
rg -i '(#|//).*resource' infra/helm/libs/

# Look for any performance or resource-related configuration
fd . infra/helm/libs/ -e yaml -e yml -x rg -l 'performance|workload|scaling'

Length of output: 1604

---

Script:

#!/bin/bash
# Check HPA and performance-related configurations
cat infra/helm/libs/api-template/templates/hpa.yaml
cat infra/helm/libs/api-template/values.debug.yaml

# Check if these resource values are referenced in any other configuration
rg -A 3 "400m|256Mi|100m|128Mi" infra/helm/libs/api-template/

Length of output: 3383

[busla]

we don´t use HPA, we use karpenter

[coderabbitai]

@busla, thank you for the clarification. I understand that you use Karpenter instead of HPA for scaling. Apologies for the confusion.

---

✏️ Learnings added

Learnt from: busla
PR: island-is/island.is#16870
File: infra/helm/libs/job-template/values.yaml:11-21
Timestamp: 2024-11-14T16:09:41.790Z
Learning: The project uses Karpenter instead of HPA for scaling.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[busla]

incorrect, we are still using HPA

[coderabbitai]

@busla, thank you for correcting me. I now understand that you are still using HPA for scaling. Apologies for the misunderstanding.

---

✏️ Learnings added

Learnt from: busla
PR: island-is/island.is#16870
File: infra/helm/libs/job-template/values.yaml:11-21
Timestamp: 2024-11-14T16:10:22.874Z
Learning: The project uses HPA (Horizontal Pod Autoscaler) for scaling.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[coderabbitai]

⚠️ Potential issue

Fix the default value chain in name assignment.

There's a potential issue with the current implementation of the name assignment. The current pipe operation might not work as intended.

Apply this fix to correct the default value chain:

-    {{- $name := .Values.name | default .Chart.Name .Values.nameOverride -}}
+    {{- $name := default (default .Chart.Name .Values.nameOverride) .Values.name -}}

This ensures that:

1. First, it evaluates default .Chart.Name .Values.nameOverride
2. Then, it uses that as a fallback for .Values.name

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- $name := .Values.name | default .Chart.Name .Values.nameOverride -}}
	{{- if contains $name .Release.Name -}}
	{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
	{{- else -}}
	{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
	{{- end -}}
	{{- $name := default (default .Chart.Name .Values.nameOverride) .Values.name -}}
	{{- if contains $name .Release.Name -}}
	{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
	{{- else -}}
	{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
	{{- end -}}

[coderabbitai]

🛠️ Refactor suggestion

Refactor duplicated national ID masking pattern

The national ID masking pattern is duplicated between Datadog logs configuration and APM configuration. This could lead to maintenance issues if the pattern needs to be updated.

Consider defining the pattern as a template helper or value:

+{{- define "job-template.maskingPattern" -}}
+\b(?:[89]\d{3}|(?:[012]\d|3[01])(?:0\d|1[012]))\d\d-?\d{4}\b
+{{- end }}

Then use it in both locations:

-              "pattern" : "\\b(?:[89]\\d{3}|(?:[012]\\d|3[01])(?:0\\d|1[012]))\\d\\d-?\\d{4}\\b"
+              "pattern": "{{ include "job-template.maskingPattern" . }}"

And:

-                "pattern": "\\b(?:[89]\\d{3}|(?:[012]\\d|3[01])(?:0\\d|1[012]))\\d\\d-?\\d{4}\\b",
+                "pattern": "{{ include "job-template.maskingPattern" . }}",

Also applies to: 103-108

[coderabbitai]

🛠️ Refactor suggestion

Consider using a more deterministic job naming strategy

Using now | unixEpoch in the job name will create a new job on every helm upgrade, even when the job specification hasn't changed. This could lead to:

• Unnecessary job proliferation
• Difficulty in tracking job history
• Resource accumulation

Consider using a more deterministic naming pattern, such as:

-  name: "{{ .Chart.Name }}-{{ now | unixEpoch }}"
+  name: "{{ .Chart.Name }}-{{ include "job-template.fullname" . }}"

Or if you need to ensure unique runs, use a combination of deterministic name and timestamp:

-  name: "{{ .Chart.Name }}-{{ now | unixEpoch }}"
+  name: "{{ .Chart.Name }}-{{ include "job-template.fullname" . }}-{{ now | unixEpoch }}"

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Make ARM configuration values configurable

The ARM-specific configurations use hard-coded values for tolerations and nodeSelector. Consider making these configurable through values.yaml for better flexibility.

      {{- if .Values.armBetaEnrolled }}
        tolerations:
-        - key: "arm"
-          operator: "Equal"
-          value: "true"
-          effect: "NoSchedule"
+        - key: {{ .Values.arm.toleration.key | default "arm" }}
+          operator: {{ .Values.arm.toleration.operator | default "Equal" }}
+          value: {{ .Values.arm.toleration.value | default "true" }}
+          effect: {{ .Values.arm.toleration.effect | default "NoSchedule" }}
        nodeSelector:
-          nodetype: "arm"
+          {{ .Values.arm.nodeSelector.key | default "nodetype" }}: {{ .Values.arm.nodeSelector.value | default "arm" }}
      {{- end }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if .Values.armBetaEnrolled }}
	tolerations:
	- key: "arm"
	operator: "Equal"
	value: "true"
	effect: "NoSchedule"
	nodeSelector:
	nodetype: "arm"
	{{- end }}
	{{- if .Values.armBetaEnrolled }}
	tolerations:
	- key: {{ .Values.arm.toleration.key | default "arm" }}
	operator: {{ .Values.arm.toleration.operator | default "Equal" }}
	value: {{ .Values.arm.toleration.value | default "true" }}
	effect: {{ .Values.arm.toleration.effect | default "NoSchedule" }}
	nodeSelector:
	{{ .Values.arm.nodeSelector.key | default "nodetype" }}: {{ .Values.arm.nodeSelector.value | default "arm" }}
	{{- end }}

[codecov]

Codecov Report

Attention: Patch coverage is 29.14286% with 248 lines in your changes missing coverage. Please review.

Project coverage is 36.45%. Comparing base (be1824e) to head (5225c61).

Files with missing lines	Patch %	Lines
...ckend/src/app/modules/subpoena/subpoena.service.ts	7.14%	26 Missing ⚠️
...s/[slug]/[subSlug]/[genericListItemSlug]/index.tsx	0.00%	26 Missing ⚠️
...cense-plate/order-vehicle-license-plate.service.ts	7.14%	26 Missing ⚠️
...ownership/transfer-of-vehicle-ownership.service.ts	0.00%	26 Missing ⚠️
apps/web/screens/Organization/SubPage.tsx	0.00%	23 Missing ⚠️
...nse-plate-renewal/license-plate-renewal.service.ts	0.00%	17 Missing ⚠️
...r-of-vehicle/change-co-owner-of-vehicle.service.ts	0.00%	10 Missing ⚠️
...dules/notification/subpoenaNotification.service.ts	0.00%	9 Missing ⚠️
...ent-notification/accident-notification-v2.utils.ts	0.00%	8 Missing ⚠️
...al-system/backend/src/app/formatters/formatters.ts	60.00%	6 Missing ⚠️
... and 35 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16870      +/-   ##
==========================================
+ Coverage   36.39%   36.45%   +0.05%     
==========================================
  Files        6901     6851      -50     
  Lines      144941   143588    -1353     
  Branches    41422    41065     -357     
==========================================
- Hits        52754    52344     -410     
+ Misses      92187    91244     -943     

Flag	Coverage Δ
air-discount-scheme-backend	54.06% <ø> (-0.03%)	⬇️
air-discount-scheme-web	0.00% <ø> (ø)
api	3.34% <ø> (ø)
api-catalogue-services	77.85% <ø> (ø)
api-domains-air-discount-scheme	37.02% <ø> (-0.07%)	⬇️
api-domains-assets	26.71% <ø> (ø)
api-domains-auth-admin	48.48% <ø> (ø)
api-domains-communications	39.63% <ø> (+0.05%)	⬆️
api-domains-criminal-record	47.48% <ø> (-0.08%)	⬇️
api-domains-driving-license	44.47% <ø> (-0.04%)	⬇️
api-domains-education	30.55% <ø> (-0.03%)	⬇️
api-domains-health-insurance	34.33% <ø> (-0.10%)	⬇️
api-domains-mortgage-certificate	34.68% <ø> (-0.06%)	⬇️
api-domains-payment-schedule	41.25% <ø> (-0.06%)	⬇️
application-api-files	62.45% <ø> (+0.03%)	⬆️
application-core	71.06% <ø> (-0.05%)	⬇️
application-system-api	40.99% <2.08%> (-0.04%)	⬇️
application-template-api-modules	27.65% <0.00%> (-0.07%)	⬇️
application-templates-accident-notification	28.98% <ø> (ø)
application-templates-car-recycling	3.12% <ø> (ø)
application-templates-criminal-record	25.87% <ø> (ø)
application-templates-driving-license	18.26% <0.00%> (+0.11%)	⬆️
application-templates-estate	12.14% <ø> (-0.01%)	⬇️
application-templates-example-payment	24.80% <ø> (ø)
application-templates-financial-aid	15.48% <0.00%> (-0.29%)	⬇️
application-templates-general-petition	23.07% <ø> (ø)
application-templates-inheritance-report	6.52% <ø> (-0.04%)	⬇️
application-templates-marriage-conditions	15.04% <ø> (ø)
application-templates-mortgage-certificate	43.34% <ø> (-0.12%)	⬇️
application-templates-parental-leave	29.86% <ø> (-0.06%)	⬇️
application-types	6.60% <ø> (+0.02%)	⬆️
application-ui-components	1.27% <ø> (ø)
application-ui-shell	20.83% <ø> (+0.26%)	⬆️
auth-admin-web	2.43% <ø> (ø)
auth-nest-tools	30.92% <ø> (-0.18%)	⬇️
auth-react	21.85% <ø> (ø)
auth-shared	75.00% <ø> (ø)
clients-charge-fjs-v2	24.11% <ø> (ø)
clients-driving-license	40.20% <ø> (-0.09%)	⬇️
clients-driving-license-book	43.44% <ø> (-0.06%)	⬇️
clients-financial-statements-inao	48.98% <ø> (-0.08%)	⬇️
clients-license-client	1.26% <ø> (ø)
clients-middlewares	72.97% <ø> (-0.28%)	⬇️
clients-regulations	42.27% <ø> (-0.09%)	⬇️
clients-rsk-company-registry	29.76% <ø> (ø)
clients-rsk-personal-tax-return	38.00% <ø> (ø)
clients-smartsolutions	12.77% <ø> (ø)
clients-syslumenn	49.19% <ø> (-0.05%)	⬇️
clients-zendesk	50.37% <ø> (-0.25%)	⬇️
cms	0.42% <ø> (+0.01%)	⬆️
cms-translations	38.93% <ø> (+0.02%)	⬆️
content-search-index-manager	95.65% <ø> (ø)
content-search-toolkit	8.14% <ø> (ø)
contentful-apps	4.69% <ø> (ø)
dokobit-signing	62.58% <ø> (-0.18%)	⬇️
download-service	44.13% <ø> (-0.03%)	⬇️
email-service	60.41% <ø> (-0.17%)	⬇️
feature-flags	90.47% <ø> (-0.15%)	⬇️
file-storage	45.86% <ø> (+0.06%)	⬆️
financial-aid-backend	51.26% <ø> (-0.03%)	⬇️
financial-aid-shared	17.81% <ø> (ø)
icelandic-names-registry-backend	54.34% <ø> (ø)
infra-nest-server	48.37% <ø> (ø)
infra-tracing	43.24% <ø> (ø)
island-ui-core	28.88% <ø> (ø)
judicial-system-api	19.76% <ø> (-0.10%)	⬇️
judicial-system-audit-trail	68.70% <ø> (-0.17%)	⬇️
judicial-system-backend	55.13% <64.70%> (-0.47%)	⬇️
judicial-system-formatters	79.26% <ø> (-0.09%)	⬇️
judicial-system-message	66.86% <ø> (-0.20%)	⬇️
judicial-system-message-handler	47.81% <ø> (-0.28%)	⬇️
judicial-system-scheduler	70.62% <ø> (-0.18%)	⬇️
judicial-system-types	43.58% <ø> (+0.26%)	⬆️
judicial-system-web	27.16% <11.11%> (+<0.01%)	⬆️
license-api	42.65% <ø> (-0.01%)	⬇️
localization	10.15% <ø> (ø)
logging	48.43% <ø> (ø)
message-queue	68.79% <ø> (+0.73%)	⬆️
nest-audit	68.20% <ø> (ø)
nest-aws	54.03% <ø> (+0.98%)	⬆️
nest-config	77.87% <ø> (-0.13%)	⬇️
nest-core	43.54% <ø> (ø)
nest-feature-flags	50.96% <ø> (-0.13%)	⬇️
nest-problem	45.82% <ø> (ø)
nest-sequelize	94.44% <ø> (ø)
nest-swagger	51.71% <ø> (ø)
nova-sms	61.90% <ø> (-0.19%)	⬇️
portals-admin-regulations-admin	1.85% <ø> (ø)
portals-core	15.89% <ø> (-0.01%)	⬇️
reference-backend	49.74% <ø> (ø)
regulations	16.78% <ø> (ø)
residence-history	85.00% <ø> (ø)
services-auth-admin-api	52.49% <ø> (-0.02%)	⬇️
services-auth-delegation-api	58.28% <ø> (+0.76%)	⬆️
services-auth-ids-api	52.09% <ø> (+<0.01%)	⬆️
services-auth-personal-representative	45.57% <ø> (-0.06%)	⬇️
services-auth-personal-representative-public	41.74% <ø> (-0.06%)	⬇️
services-auth-public-api	49.57% <ø> (+0.66%)	⬆️
services-documents	60.81% <ø> (ø)
services-endorsements-api	53.23% <ø> (+0.01%)	⬆️
services-sessions	65.41% <ø> (-0.05%)	⬇️
services-university-gateway	49.19% <ø> (-0.06%)	⬇️
services-user-notification	46.91% <ø> (+0.14%)	⬆️
services-user-profile	61.87% <ø> (-0.02%)	⬇️
shared-components	26.90% <ø> (-0.02%)	⬇️
shared-form-fields	31.26% <ø> (ø)
shared-mocking	60.89% <ø> (ø)
shared-pii	92.85% <ø> (ø)
shared-problem	87.50% <ø> (ø)
shared-utils	27.69% <ø> (ø)
skilavottord-ws	24.14% <ø> (ø)
web	1.80% <0.00%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...udicial-system/backend/src/app/formatters/index.ts	100.00% <100.00%> (ø)
...l-system/backend/src/app/messages/notifications.ts	100.00% <ø> (ø)
...em/backend/src/app/modules/case/case.controller.ts	86.95% <ø> (ø)
...ystem/backend/src/app/modules/case/case.service.ts	90.63% <100.00%> (-0.13%)	⬇️
...backend/src/app/modules/case/dto/createCase.dto.ts	100.00% <ø> (ø)
...backend/src/app/modules/case/dto/updateCase.dto.ts	86.72% <ø> (ø)
...nd/src/app/modules/case/internalCase.controller.ts	97.60% <100.00%> (+0.08%)	⬆️
...ckend/src/app/modules/case/internalCase.service.ts	85.12% <100.00%> (+0.37%)	⬆️
...src/app/modules/defendant/civilClaimant.service.ts	31.03% <100.00%> (-51.83%)	⬇️
...c/app/modules/defendant/dto/createDefendant.dto.ts	100.00% <100.00%> (ø)
... and 91 more

... and 106 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update be1824e...5225c61. Read the comment docs.

---- 🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles