From 707ba79e53032877914b84f4c6b2de6fbf6f42ab Mon Sep 17 00:00:00 2001
From: Starlight Romero <28881133+starlightromero@users.noreply.github.com>
Date: Mon, 29 Dec 2025 19:41:08 -0800
Subject: [PATCH] feat(helm): add schema file and corresponding makefile
 commands

---
 Makefile                                    |  54 +++++++-
 deploy/cert-manager-sync/values.schema.json | 132 ++++++++++++++++++++
 2 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 deploy/cert-manager-sync/values.schema.json

diff --git a/Makefile b/Makefile
index 76c52a3..1a85eff 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,58 @@
 
+# Makefile for cert-manager-sync
+#
+# Available targets:
+#   test                           - Run Go tests and vulnerability checks
+#   helm-validate-template         - Validate Helm chart templates with kubeconform
+#   helm-validate-schema           - Validate Helm chart values against JSON schema
+#   helm-validate-custom-values    - Validate custom values file (requires VALUES_FILE)
+#   helm-validate-all              - Run comprehensive Helm chart validation
+#   helm-update-schema             - Update values.schema.json from values.yaml
+
 .PHONY: test
 test:
 	@echo "Running tests..."
 	@go test -v ./...
-	@govulncheck -show verbose ./...
\ No newline at end of file
+	@govulncheck -show verbose ./...
+
+.PHONY: helm-validate-template
+helm-validate-template:
+	@echo "Validating Helm chart templates..."
+	@command -v helm >/dev/null 2>&1 || { echo "helm is required but not installed. Please install Helm."; exit 1; }
+	@command -v kubeconform >/dev/null 2>&1 || { echo "kubeconform is required but not installed. Install it with: go install github.com/yannh/kubeconform/cmd/kubeconform@latest"; exit 1; }
+	@helm template cert-manager-sync ./deploy/cert-manager-sync | kubeconform -strict -verbose
+
+.PHONY: helm-validate-schema
+helm-validate-schema:
+	@echo "Validating Helm chart values against JSON schema..."
+	@command -v helm >/dev/null 2>&1 || { echo "helm is required but not installed. Please install Helm."; exit 1; }
+	@command -v yq >/dev/null 2>&1 || { echo "yq is required but not installed. Install it with: go install github.com/mikefarah/yq/v4@latest"; exit 1; }
+	@command -v ajv >/dev/null 2>&1 || { echo "ajv-cli is required but not installed. Install it with: npm install -g ajv-cli"; exit 1; }
+	@helm show values ./deploy/cert-manager-sync | yq eval -o=json | ajv validate -s ./deploy/cert-manager-sync/values.schema.json
+
+.PHONY: helm-validate-custom-values
+helm-validate-custom-values:
+	@echo "Comprehensive validation of custom values file..."
+	@if [ -z "$(VALUES_FILE)" ]; then echo "Usage: make helm-validate-custom-values VALUES_FILE=path/to/values.yaml"; exit 1; fi
+	@command -v helm >/dev/null 2>&1 || { echo "helm is required but not installed. Please install Helm."; exit 1; }
+	@command -v kubeconform >/dev/null 2>&1 || { echo "kubeconform is required but not installed. Install it with: go install github.com/yannh/kubeconform/cmd/kubeconform@latest"; exit 1; }
+	@command -v yq >/dev/null 2>&1 || { echo "yq is required but not installed. Install it with: go install github.com/mikefarah/yq/v4@latest"; exit 1; }
+	@command -v ajv >/dev/null 2>&1 || { echo "ajv-cli is required but not installed. Install it with: npm install -g ajv-cli"; exit 1; }
+	@echo "Validating values schema..."
+	@yq eval -o=json $(VALUES_FILE) | ajv validate -s ./deploy/cert-manager-sync/values.schema.json
+	@echo "Validating generated templates..."
+	@helm template cert-manager-sync ./deploy/cert-manager-sync --values $(VALUES_FILE) | kubeconform -strict -verbose
+	@echo "Custom values validation passed!"
+
+.PHONY: helm-validate-all
+helm-validate-all: helm-validate-template helm-validate-schema
+	@echo "Running comprehensive Helm chart validation..."
+	@echo "Note: To validate custom values, run: make helm-validate-custom-values VALUES_FILE=your-values.yaml"
+
+.PHONY: helm-update-schema
+helm-update-schema:
+	@echo "Generating Helm chart values schema..."
+	@command -v helm >/dev/null 2>&1 || { echo "helm is required but not installed. Please install Helm."; exit 1; }
+	@helm plugin list | grep -q "schema" || { echo "Installing helm-values-schema-json plugin..."; helm plugin install https://github.com/losisin/helm-values-schema-json; }
+	@cd deploy/cert-manager-sync && helm schema -f values.yaml -o values.schema.json
+	@echo "Schema updated successfully at deploy/cert-manager-sync/values.schema.json"
diff --git a/deploy/cert-manager-sync/values.schema.json b/deploy/cert-manager-sync/values.schema.json
new file mode 100644
index 0000000..997e04b
--- /dev/null
+++ b/deploy/cert-manager-sync/values.schema.json
@@ -0,0 +1,132 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "type": "object",
+    "properties": {
+        "affinity": {
+            "type": "object"
+        },
+        "autoscaling": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "maxReplicas": {
+                    "type": "integer"
+                },
+                "minReplicas": {
+                    "type": "integer"
+                },
+                "targetCPUUtilizationPercentage": {
+                    "type": "integer"
+                }
+            }
+        },
+        "clusterRole": {
+            "type": "object",
+            "properties": {
+                "create": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "config": {
+            "type": "object",
+            "properties": {
+                "disableCache": {
+                    "type": "string"
+                },
+                "disabledNamespaces": {
+                    "type": "string"
+                },
+                "enabledNamespaces": {
+                    "type": "string"
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "operatorName": {
+                    "type": "string"
+                },
+                "secretsNamespace": {
+                    "type": "string"
+                }
+            }
+        },
+        "env": {
+            "type": "array"
+        },
+        "fullnameOverride": {
+            "type": "string"
+        },
+        "image": {
+            "type": "object",
+            "properties": {
+                "pullPolicy": {
+                    "type": "string"
+                },
+                "repository": {
+                    "type": "string"
+                },
+                "tag": {
+                    "type": "string"
+                }
+            }
+        },
+        "imagePullSecrets": {
+            "type": "array"
+        },
+        "metrics": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "port": {
+                    "type": "integer"
+                }
+            }
+        },
+        "nameOverride": {
+            "type": "string"
+        },
+        "nodeSelector": {
+            "type": "object"
+        },
+        "podAnnotations": {
+            "type": "object"
+        },
+        "podSecurityContext": {
+            "type": "object"
+        },
+        "replicaCount": {
+            "type": "integer"
+        },
+        "resources": {
+            "type": "object"
+        },
+        "securityContext": {
+            "type": "object"
+        },
+        "serviceAccount": {
+            "type": "object",
+            "properties": {
+                "annotations": {
+                    "type": "object"
+                },
+                "create": {
+                    "type": "boolean"
+                },
+                "name": {
+                    "type": "string"
+                }
+            }
+        },
+        "tolerations": {
+            "type": "array"
+        }
+    }
+}