Chore/update-to-oci-helm-releases

[KevinGruber2001]

Summary by CodeRabbit

• Chores
  • Updated release workflow to publish packages to the container registry using OCI format with automated packaging, pushing, and dynamic version tagging for releases.
  • Updated container image repository references and standardized the build image tag to "latest".

[coderabbitai]

Warning

Rate limit exceeded

@KevinGruber2001 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 45 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1f446403-2a1b-4c3c-a94a-d41496b1c15d

📥 Commits

Reviewing files that changed from the base of the PR and between b9c583a and 6432c19.

📒 Files selected for processing (1)

• .github/workflows/build.yml

📝 Walkthrough

Walkthrough

Release workflow replaced chart-releaser flow with OCI-based packaging and GHCR authentication; build and helm values updated to use ghcr.io/eduide/garbage-collector.

Changes

Cohort / File(s)	Summary
Release Workflow /.github/workflows/release.yml	Replaced chart-releaser flow: removed Configure Git and chart-releaser steps; added registry owner setup, GHCR login, extract chart version, package & push chart to OCI, and create GitHub Release with the extracted chart version; updated workflow permissions (pages → packages).
Build Workflow /.github/workflows/build.yml	Updated Docker image name from ghcr.io/ls1intum/theia/garbage-collector to ghcr.io/eduide/garbage-collector and changed docker-tag from a dated tag to latest; other build settings unchanged.
Helm Values helm/values.yaml	Changed image.repository from the duplicated/prefixed path to ghcr.io/eduide/garbage-collector; tag and pullPolicy unchanged.

Sequence Diagram(s)

sequenceDiagram
    rect rgba(220, 230, 241, 0.5)
    participant Repo as Repository (charts + workflows)
    end
    rect rgba(200, 240, 200, 0.5)
    participant GHActions as GitHub Actions
    end
    rect rgba(255, 245, 200, 0.5)
    participant GHCR as GHCR / OCI Registry
    end
    rect rgba(241, 220, 230, 0.5)
    participant GRelease as GitHub Releases
    end

    Repo->>GHActions: push tag / trigger release workflow
    GHActions->>GHCR: login with GHCR credentials
    GHActions->>Repo: extract chart version from Chart.yaml
    GHActions->>GHCR: package chart as OCI artifact and push using extracted version
    GHActions->>GRelease: create GitHub Release with tag_name/name = extracted version
    GHCR-->>GRelease: artifact available (implicit)
    GRelease-->>GHActions: release created (status)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through workflows, tidy and spry,
Packaged charts and waved them to the sky.
GHCR doors opened, versions set just right,
Images pointed home, ready for flight.
A joyful thump — releases out of sight! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title references 'update-to-oci-helm-releases' which aligns with the main changes: updating Docker image repositories and adding OCI/Helm release workflow changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/switch-to-oci-helm-releases

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/release.yml (2)

34-38: Version extraction may fail with quoted or malformed versions.

The current grep | awk approach assumes the version value has no quotes and is cleanly formatted. If Chart.yaml contains version: "1.0.0" or has trailing whitespace, the extracted value could be incorrect.

Consider using yq for more robust YAML parsing:

♻️ Proposed fix using yq

      - name: Extract chart version
        id: chart
        run: |
-          VERSION=$(grep '^version:' helm/Chart.yaml | awk '{print $2}')
+          VERSION=$(yq '.version' helm/Chart.yaml)
          echo "version=${VERSION}" >> $GITHUB_OUTPUT

Note: You'll need to install yq first or use an action like mikefarah/yq.

Alternatively, use sed to strip quotes:

VERSION=$(grep '^version:' helm/Chart.yaml | awk '{print $2}' | tr -d '"'"'")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 34 - 38, The "Extract chart
version" step currently uses VERSION=$(grep '^version:' helm/Chart.yaml | awk
'{print $2}') which fails for quoted or whitespace-padded values; update the
step (id: chart) to parse helm/Chart.yaml robustly by either using yq to read
the version field (e.g., yq eval '.version' helm/Chart.yaml) or, if yq is not
available, append a pipeline that trims whitespace and strips surrounding quotes
from the extracted value (i.e., post-process the awk output to remove
leading/trailing whitespace and any '"' characters) before writing
version=${VERSION} to $GITHUB_OUTPUT.

---

40-43: Hardcoded chart name creates a maintenance burden and potential failure point.

The chart name theia-workspace-garbage-collector is hardcoded in the .tgz filename. If the chart name in Chart.yaml ever changes, this step will fail. Consider extracting the chart name dynamically alongside the version.

♻️ Proposed fix to extract chart name dynamically

Update the extraction step:

      - name: Extract chart version
        id: chart
        run: |
          VERSION=$(grep '^version:' helm/Chart.yaml | awk '{print $2}')
+          NAME=$(grep '^name:' helm/Chart.yaml | awk '{print $2}')
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "name=${NAME}" >> $GITHUB_OUTPUT

Then update the push step:

      - name: Package and push to OCI
        run: |
          helm package ./helm
-          helm push theia-workspace-garbage-collector-${{ steps.chart.outputs.version }}.tgz oci://ghcr.io/${{ env.REGISTRY_OWNER }}/charts
+          helm push ${{ steps.chart.outputs.name }}-${{ steps.chart.outputs.version }}.tgz oci://ghcr.io/${{ env.REGISTRY_OWNER }}/charts

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 40 - 43, The workflow hardcodes
the chart filename "theia-workspace-garbage-collector-...tgz" causing failures
if Chart.yaml name changes; modify the job to extract the chart name into a
variable/output (e.g., from Chart.yaml) in the step that runs before packaging,
reference that output (chart_name) when building the .tgz filename in the helm
package/push steps instead of the literal "theia-workspace-garbage-collector",
and ensure the packaging step (helm package ./helm) and the push step use the
same chart_name and the existing steps.chart.outputs.version so the push uses
chart_name-${{ steps.chart.outputs.version }}.tgz.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 34-38: The "Extract chart version" step currently uses
VERSION=$(grep '^version:' helm/Chart.yaml | awk '{print $2}') which fails for
quoted or whitespace-padded values; update the step (id: chart) to parse
helm/Chart.yaml robustly by either using yq to read the version field (e.g., yq
eval '.version' helm/Chart.yaml) or, if yq is not available, append a pipeline
that trims whitespace and strips surrounding quotes from the extracted value
(i.e., post-process the awk output to remove leading/trailing whitespace and any
'"' characters) before writing version=${VERSION} to $GITHUB_OUTPUT.
- Around line 40-43: The workflow hardcodes the chart filename
"theia-workspace-garbage-collector-...tgz" causing failures if Chart.yaml name
changes; modify the job to extract the chart name into a variable/output (e.g.,
from Chart.yaml) in the step that runs before packaging, reference that output
(chart_name) when building the .tgz filename in the helm package/push steps
instead of the literal "theia-workspace-garbage-collector", and ensure the
packaging step (helm package ./helm) and the push step use the same chart_name
and the existing steps.chart.outputs.version so the push uses chart_name-${{
steps.chart.outputs.version }}.tgz.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ad5ec70a-d363-45f6-a3ef-c8eec903d077

📥 Commits

Reviewing files that changed from the base of the PR and between ea87207 and 6112571.

📒 Files selected for processing (2)

• .github/workflows/release.yml
• helm/values.yaml

[lukaskratzel]

Code looks great, thank you!

[Mtze]

Should we rename this also to eduid her?

Suggested change

	repository: ghcr.io/eduide/theia/garbage-collector
	repository: ghcr.io/eduide/eduide/garbage-collector

[KevinGruber2001]

Thank you, actually the garbage collector was still build and stored in the ls1intum org. I changed that now, and setup the repository link to ghcr.io/eduide/garbage-collector.
I think we dont need the eduide prefix, since its now our own org

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build.yml:
- Around line 11-13: The workflow currently publishes only the mutable "tags"
value which overwrites the same image; update the build workflow to push an
immutable image tag as well (e.g., use the commit SHA / GITHUB_SHA) alongside
the existing image-name and docker-context so both "latest" and a unique
immutable tag are created, and then update the chart's image.tag reference (the
Helm chart values key for image tag) to reference that immutable tag for
deployments so releases are reproducible and rollouts use the fixed image.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4a5f484a-63ba-4178-8727-4c3d91fd5f1d

📥 Commits

Reviewing files that changed from the base of the PR and between b0bb813 and b9c583a.

📒 Files selected for processing (1)

• .github/workflows/build.yml