Skip to content

feat(helm): add webhook support and update e2e tests to use Helm#7

Merged
STRRL merged 1 commit intomasterfrom
test/update-e2e
Nov 23, 2025
Merged

feat(helm): add webhook support and update e2e tests to use Helm#7
STRRL merged 1 commit intomasterfrom
test/update-e2e

Conversation

@STRRL
Copy link
Owner

@STRRL STRRL commented Nov 21, 2025

  • Add webhook templates: service, cert-manager issuer/certificate, mutating/validating webhook configurations
  • Update deployment to mount webhook certs and expose webhook port
  • Add webhook configuration values (enabled, ports, failurePolicy)
  • Migrate e2e tests from make deploy to helm upgrade --install
  • Add dynamic image tagging based on git SHA in e2e suite

@STRRL @claude
feat(helm): add webhook support and update e2e tests to use Helm
302a1c7 
- Add webhook templates: service, cert-manager issuer/certificate,
  mutating/validating webhook configurations
- Update deployment to mount webhook certs and expose webhook port
- Add webhook configuration values (enabled, ports, failurePolicy)
- Migrate e2e tests from make deploy to helm upgrade --install
- Add dynamic image tagging based on git SHA in e2e suite

Co-Authored-By: Claude <noreply@anthropic.com>
@STRRL STRRL requested a review from Copilot November 21, 2025 07:16
@STRRL
Copy link
Owner Author

STRRL commented Nov 21, 2025

@claude review it;

@claude
Copy link

claude bot commented Nov 21, 2025
edited
Loading

Claude finished @STRRL's task —— View job

PR Review: feat(helm): add webhook support and update e2e tests to use Helm

  • Read changed files
  • Review Helm webhook templates
  • Review e2e test changes
  • Provide feedback

Overall: This is a well-structured PR that adds proper webhook support to the Helm chart and migrates e2e tests to use Helm installation. The changes look solid.

✅ What looks good

  1. Helm templates are well-organized - Proper conditional rendering with {{- if .Values.webhook.enabled }}, good use of helper templates for service/secret names
  2. Cert-manager integration - Correct setup with self-signed issuer, certificate with proper DNS names, and CA injection annotation
  3. Deployment changes - Clean volume mount and port configuration for webhooks
  4. E2e test migration - Good use of helm upgrade --install with dynamic image tagging based on git SHA

🔧 Suggestions

  1. webhook-configurations.yaml:23-24 and 44-45 - Consider adding DELETE to webhook operations if you want to validate/mutate deletions:

    operations: ["CREATE", "UPDATE"]

  2. values.yaml:71 - webhook.enabled: true by default means cert-manager is a hard dependency. Consider documenting this requirement or defaulting to false.

  3. e2e_test.go:69-74 - The CRD cleanup explicitly deletes supabaseprojects.supabase.strrl.dev but Helm uninstall should handle this via the chart. This could cause issues if the CRD is bundled with the chart.

  4. e2e_suite_test.go:33-34 - projectImageTag and projectImage are initialized empty but set in BeforeSuite. Consider using sync.Once or ensuring thread-safety if tests run in parallel.

  5. Minor: webhook-configurations.yaml - The webhook port is not explicitly set in clientConfig.service. It defaults to 443 which matches webhook.servicePort, but explicit is better than implicit.

📋 Missing items to consider

  • No namespaceSelector on webhooks - they will intercept resources across all namespaces
  • No objectSelector - consider if you want to exclude certain labeled resources
  • No RBAC rules visible for webhook-related resources (though these might be elsewhere)

Verdict: The PR looks good to merge. The suggestions above are minor improvements, not blockers.

Copilot AI reviewed Nov 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds comprehensive webhook support to the Helm chart and modernizes the e2e test infrastructure by migrating from make deploy to Helm-based deployments.

Key Changes:

  • Implements webhook infrastructure with cert-manager integration for TLS certificate management
  • Updates e2e tests to use helm upgrade --install instead of make deploy
  • Adds dynamic image tagging based on git SHA with fallback strategies

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
helm/supabase-operator/values.yaml Adds webhook configuration values including ports and failure policy
helm/supabase-operator/templates/webhook-service.yaml Creates ClusterIP service to expose webhook endpoint
helm/supabase-operator/templates/webhook-configurations.yaml Defines mutating and validating webhook configurations with cert-manager CA injection
helm/supabase-operator/templates/webhook-certmanager.yaml Sets up self-signed certificate issuer and certificate for webhook TLS
helm/supabase-operator/templates/deployment.yaml Adds webhook port exposure and mounts certificate volume with conditional logic
helm/supabase-operator/templates/_helpers.tpl Adds helper templates for webhook service and certificate secret naming
test/e2e/e2e_suite_test.go Implements dynamic image tagging with git SHA support and helper functions
test/e2e/e2e_test.go Migrates test setup to Helm with updated label selectors and cleanup procedures

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@STRRL STRRL merged commit 4a4a1fe into master Nov 23, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@STRRL