[release] v0.100.3#4451
Merged
Merged
Conversation
- secrets.yaml: split `{{- if .clientId }}KEY:` onto separate lines so
identity OAuth keys keep their two-space indent under stringData and
never collapse onto the previous line (renders invalid YAML otherwise).
- values.yaml: pin Bitnami `postgresql.image.tag` to "18" so the chart
matches the compose pin instead of floating to `bitnami/postgresql:latest`.
- CONFIG_MAPPING + migration docs: legacy SDK aliases are
AGENTA_SERVICE_* (singular), not AGENTA_SERVICES_* (plural). Document
the AUTH_ENABLED alias alongside CACHE_ENABLED.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- run.sh: parse existing license with awk on yaml output instead of piping JSON through python3 (was failing on minimal hosts). - 03-upgrading.mdx: drop duplicate `-n agenta` in kubectl logs. - 03-deploy-to-kubernetes.mdx: chmod example now references the edition-specific values file the guide actually uses. - design/research.md + status.md: chart path now points to `hosting/kubernetes/helm` (not `hosting/kubernetes`). - pr-description.md: resource naming claim now reflects helm's fullname collapse (when release == chart name "agenta", resources render as `agenta-api`; otherwise `<release>-agenta-api`). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds _compat.tpl which folds legacy keys (`global.*`, `secrets.*`, `accessControl.*`, `email.*`, `integrations.*`, `observability.*`, `captcha.*`) into their v0.100.2 canonical positions at render time. Helpers and templates that touch renamed paths bind `$values := include "agenta.values" . | fromYaml` and read from that compat-resolved dict; per-component infra keys (api, web, redisVolatile, …) never changed shape and stay on `.Values.*`. When user-set legacy keys are present they override canonical defaults shipped in values.yaml — passing a legacy key signals explicit intent. values.schema.json relaxed to accept legacy top-level keys via `additionalProperties: true`; the chart-level catch is enough. NOTES.txt prints a one-line callout when legacy keys are detected so the deprecation stays visible. Migration guide and QA plan now document two upgrade paths: A — reuse legacy values file as-is (fast) B — rewrite into canonical shape (long-term clean) Tested: pure v0.100.2, pure pre-v0.100.2, mixed shape — all render with correct env vars across api/web/services/workers. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…applies uniformly Templates were reading renamed value paths directly off .Values, bypassing the agenta.values compat translation. Pure-legacy renders showed two real regressions: web pod URL env vars fell back to chart defaults instead of legacy global.webUrl, and the chart-managed pgauth Secret held the default password instead of legacy secrets.postgresPassword. Change line 1 of every yaml template that reads $values from default dict .Values to include "agenta.values" . | fromYaml. Verified end-to-end against canonical OSS, canonical EE, pure-legacy, and mixed values shapes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Switched compat-layer gates and two boolean defaults from truthy `if`
checks to `hasKey`, so an explicit `false`/`""`/`0` from a legacy values
file (or canonical `alembic.autoMigrations: false`,
`redisDurable.persistence.enabled: false`) is honored instead of being
silently dropped or flipped to the default. Extended NOTES.txt's legacy
detector to also cover global.{apiUrl,servicesUrl,posthogApiKey} and
documented accessControl.{emailDisabled,defaultPlanOverlay} in the
migration table.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
§4 now states explicitly that legacy falsy values (e.g. accessControl.emailDisabled: false) are preserved by the compat fold. §5's redis-durable claim was stale post falsy-fix. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…word requirement Address copilot review feedback on PR #4416: - serviceAccount.create now defaults to true (templates/serviceaccount.yaml, agenta.serviceAccountName helper) so pods use the chart-managed SA instead of the cluster default — matches the "token automount disabled by default" intent. - validateRequiredSecrets and the rendered Secret now agree on when postgres.password is required: only when the bundled Bitnami subchart is enabled OR at least one of the three postgres URIs is not fully overridden. With full external URIs for core/tracing/supertokens, POSTGRES_PASSWORD is never substituted, so external-Postgres installs no longer have to set an unused password. POSTGRES_PASSWORD is still emitted (empty when unused) so Deployments that mount it via secretKeyRef stay schedulable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…-AI/agenta into chore/update-deployment-artifacts
`default true $sa.create` treats an explicit false as unset and still creates the ServiceAccount. Switch both serviceaccount.yaml and the agenta.serviceAccountName helper to a hasKey check so the values default to true only when the key is omitted — keeping the template and helper in agreement so pods don't reference a SA name the chart never created. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- helm: agenta.initContainers helper + per-deployment guard so an
all-external config doesn't render an empty initContainers: list
(api, services, workers x4).
- helm: ingress guards on api/services/web enablement so disabling
all three doesn't emit an Ingress with an empty paths: list.
- helm: redis-durable storageClass uses hasKey so an explicit "" is
honored (canonical "use cluster default StorageClass").
- supertokens config: replace `assert env.identity.*.X is not None`
with explicit raise so checks survive `python -O`.
- run.sh: only append --wait/--timeout when not in --dry-run, since
those flags aren't valid for `helm template`.
- sdk handlers: recognize the canonical AGENTA_WEBHOOKS_ALLOW_INSECURE
alongside the legacy AGENTA_WEBHOOK_ALLOW_INSECURE.
- docker-compose: drop bogus :0 tag from otel-collector image
(404 on Docker Hub); revert to unpinned.
- docker-compose: dev env examples default to agenta-{ee,oss}-dev
COMPOSE_PROJECT_NAME so the dev stack doesn't share the gh
namespace and collide on networks/volumes.
- docs: deploy-to-kubernetes troubleshooting bullet says "Public URLs
incorrect" (the keys listed are webUrl/apiUrl/servicesUrl, not DB).
- docs: v0.100.2 migration Path A says `helm upgrade` will print the
compat NOTE (Path A is an upgrade workflow).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
dosubot
Bot
added
the
size:XS
The v0.100.2 env reshape moved blocked/allowed domain config from env.agenta.* to env.agenta.access.*, but the SimpleNamespace monkeypatch in test_get_blocked_domains_* was never updated. The tests crashed with AttributeError on access in CI. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…-AI/agenta into chore/update-deployment-artifacts
Base advanced from release/v0.100.2 to release/v0.100.3, but the chart, migration guide, and surrounding documentation still referenced .2. Updated: - Chart.yaml: version 0.100.2 → 0.100.3, appVersion v0.100.2 → v0.100.3 - Renamed v0.100.2-migration.mdx → v0.100.3-migration.mdx - NOTES.txt, _compatibility.tpl, _helpers.tpl, secrets.yaml, hosting/kubernetes/run.sh, registry.py — comment/string updates - 03-upgrading.mdx callout retargeted - pr-description.md + qa-plan.md retargeted - v0.102 (compat-layer removal target) → v0.103 All "pre-v0.100.x → v0.100.x" boundary labels in docs/comments also shifted to the new release. Chart lints and renders 30 resources clean under the OSS example values. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- hosting/kubernetes/run.sh: require kubectl only when --nuke is set; plain helm upgrade --install (and --dry-run) no longer need it. - docs/03-upgrading.mdx: add -T to docker compose exec pg_dumpall so the logical backup is a clean SQL stream without TTY control chars. - docs/blog: anchor link rename #redis-caching -> #redis. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…acts [chore] Update deployment artifacts (docker-compose/, kubernetes/, etc)
dosubot
Bot
added
size:XXL
Contributor
Author
Railway Preview Environment
Updated at 2026-05-27T00:44:55.497Z |
junaway
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New version v0.100.3 in