From 28a024f01f0703bddf426de52980a004fef6b234 Mon Sep 17 00:00:00 2001
From: Michael Lin <mlzc@hey.com>
Date: Mon, 15 Dec 2025 22:46:27 -0800
Subject: [PATCH 1/3] fix(ci): helm unittest is broken

---
 scripts/ci/helm-unittest.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/ci/helm-unittest.sh b/scripts/ci/helm-unittest.sh
index c199e77a..32d544f0 100755
--- a/scripts/ci/helm-unittest.sh
+++ b/scripts/ci/helm-unittest.sh
@@ -2,8 +2,12 @@
 
 set -euf -o pipefail
 
+# 1.0.3 is broken now
+# https://github.com/helm-unittest/helm-unittest/issues/790
+HELM_UNITTEST_VERSION="v1.0.2"
+
 ### Install the helm-unittest plugin
-helm plugin install https://github.com/helm-unittest/helm-unittest
+helm plugin install https://github.com/helm-unittest/helm-unittest --version "$HELM_UNITTEST_VERSION"
 
 ### Run the helm tests
 helm unittest -q charts/sourcegraph

From b228fa62d02b0af6f736273e42df971ce1a45ba0 Mon Sep 17 00:00:00 2001
From: Michael Lin <mlzc@hey.com>
Date: Mon, 15 Dec 2025 22:42:02 -0800
Subject: [PATCH 2/3] fix(sourcegraph): incorrect rendering of redis conn env
 var

---
 charts/sourcegraph/templates/_helpers.tpl     | 40 +++++++++----
 .../tests/redisConnection_test.yaml           | 57 +++++++++++++++++++
 2 files changed, 86 insertions(+), 11 deletions(-)
 create mode 100644 charts/sourcegraph/tests/redisConnection_test.yaml

diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl
index c1671edd..ea9268fb 100644
--- a/charts/sourcegraph/templates/_helpers.tpl
+++ b/charts/sourcegraph/templates/_helpers.tpl
@@ -249,23 +249,41 @@ app.kubernetes.io/name: jaeger
 {{- end }}
 
 {{/*
-Set redisCache and redisStore endpoints
-So that customers can configure them any of these ways:
+Set redisCache and redisStore endpoints,
+so that customers can configure them any of these ways:
+
 1. Create a new Kubernetes secret, with default values (default, no override config required)
-2. Use an existing Kubernetes secret, by configuring .Values.redisCache.connection.existingSecret
-3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true
-4. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true, .Values.redisCache.connection.endpoint = "", .Values.redisStore.connection.endpoint = "", and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods
+
+2. Use an existing Kubernetes secret, by configuring:
+.Values.redisCache.connection.existingSecret: <secret name>,
+.Values.redisStore.connection.existingSecret: <secret name>,
+
+3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true
+
+4. Do not create or use Kubernetes secrets, but provide custom values (ex. external Redis) to have this function pass them into the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true,
+.Values.redisCache.connection.endpoint: <custom value for REDIS_CACHE_ENDPOINT>,
+.Values.redisStore.connection.endpoint: <custom value for REDIS_STORE_ENDPOINT>,
+
+5. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true,
+.Values.redisCache.connection.endpoint: "",
+.Values.redisStore.connection.endpoint: "",
+and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods
+
 */}}
 {{- define "sourcegraph.redisConnection" -}}
 {{- if .Values.sourcegraph.disableKubernetesSecrets -}}
-{{- if .Values.redisCache.connection.endpoint -}}
-- name: REDIS_CACHE_ENDPOINT
-  value: {{ .Values.redisCache.connection.endpoint }}
+{{- $cacheEndpoint := dig "connection" "endpoint" "" .Values.redisCache -}}
+{{- $storeEndpoint := dig "connection" "endpoint" "" .Values.redisStore -}}
+{{- if not (and $cacheEndpoint $storeEndpoint) -}}
+{{- fail ".Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!" -}}
 {{- end -}}
-{{- if .Values.redisStore.connection.endpoint -}}
+- name: REDIS_CACHE_ENDPOINT
+  value: {{ $cacheEndpoint }}
 - name: REDIS_STORE_ENDPOINT
-  value: {{ .Values.redisStore.connection.endpoint }}
-{{- end -}}
+  value: {{ $storeEndpoint }}
 {{- else -}}
 - name: REDIS_CACHE_ENDPOINT
   valueFrom:
diff --git a/charts/sourcegraph/tests/redisConnection_test.yaml b/charts/sourcegraph/tests/redisConnection_test.yaml
new file mode 100644
index 00000000..c387b8e6
--- /dev/null
+++ b/charts/sourcegraph/tests/redisConnection_test.yaml
@@ -0,0 +1,57 @@
+---
+suite: redisConnection
+templates:
+- frontend/sourcegraph-frontend.Deployment.yaml
+tests:
+- it: should reference the default secret
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_CACHE_ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              key: endpoint
+              name: redis-cache
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_STORE_ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              key: endpoint
+              name: redis-store
+- it: should not reference secret when .sourcegraph.disableKubernetesSecrets is true
+  set:
+    sourcegraph:
+      disableKubernetesSecrets: true
+    redisCache:
+      connection:
+        endpoint: redis-cache-svc
+    redisStore:
+      connection:
+        endpoint: redis-store-svc
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_CACHE_ENDPOINT
+          value: redis-cache-svc
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_STORE_ENDPOINT
+          value: redis-store-svc
+- it: should fail when .sourcegraph.disableKubernetesSecrets is true but .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint are not set
+  set:
+    sourcegraph:
+      disableKubernetesSecrets: true
+    redisCache:
+      connection:
+        endpoint: ""
+    redisStore:
+      connection:
+        endpoint: ""
+  asserts:
+    - failedTemplate: 
+        errorMessage: .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!

From 76a841593ebd7c20696409817b0e2287b2779009 Mon Sep 17 00:00:00 2001
From: Marc <7050295+marcleblanc2@users.noreply.github.com>
Date: Tue, 16 Dec 2025 03:12:16 -0700
Subject: [PATCH 3/3] Update Redis endpoint config comment _helpers.tpl

---
 charts/sourcegraph/templates/_helpers.tpl | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl
index ea9268fb..13d0ed52 100644
--- a/charts/sourcegraph/templates/_helpers.tpl
+++ b/charts/sourcegraph/templates/_helpers.tpl
@@ -252,25 +252,19 @@ app.kubernetes.io/name: jaeger
 Set redisCache and redisStore endpoints,
 so that customers can configure them any of these ways:
 
-1. Create a new Kubernetes secret, with default values (default, no override config required)
+1. Create new Kubernetes secrets, with default values (default, no override config required)
 
-2. Use an existing Kubernetes secret, by configuring:
-.Values.redisCache.connection.existingSecret: <secret name>,
-.Values.redisStore.connection.existingSecret: <secret name>,
+2. Use existing Kubernetes secrets, managed externally, by configuring:
+.Values.redisCache.connection.existingSecret: <secret name>
+.Values.redisStore.connection.existingSecret: <secret name>
 
 3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring:
 .Values.sourcegraph.disableKubernetesSecrets: true
 
 4. Do not create or use Kubernetes secrets, but provide custom values (ex. external Redis) to have this function pass them into the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods, by configuring:
-.Values.sourcegraph.disableKubernetesSecrets: true,
-.Values.redisCache.connection.endpoint: <custom value for REDIS_CACHE_ENDPOINT>,
-.Values.redisStore.connection.endpoint: <custom value for REDIS_STORE_ENDPOINT>,
-
-5. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring:
-.Values.sourcegraph.disableKubernetesSecrets: true,
-.Values.redisCache.connection.endpoint: "",
-.Values.redisStore.connection.endpoint: "",
-and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods
+.Values.sourcegraph.disableKubernetesSecrets: true
+.Values.redisCache.connection.endpoint: <custom value for REDIS_CACHE_ENDPOINT>
+.Values.redisStore.connection.endpoint: <custom value for REDIS_STORE_ENDPOINT>
 
 */}}
 {{- define "sourcegraph.redisConnection" -}}