refactor(helm): Replace dependency waiting logic with waitFor helper leveraging new job-watcher service account privileges.

[junhaoliao]

Important

This PR is created address handling / styling issues found in reviewing #1749 . It should be merged:

1. AFTER refactor(helm): Refactor createLocalPv: #1771 so that the Helm chart development version numbers will be correctly incremented.
   1. and AFTER fix(helm): Improve chart test script (fixes #1782): #1784 because a bug in the test script was caused by refactor(helm): Refactor createLocalPv: #1771. See Update test.sh to use results_cache directory naming #1782 for details of the bug.
2. BEFORE feat(helm): Add compression & query job orchestration and the webui to the chart. #1749 because changes done in refactor(helm): Refactor createLocalPv: #1771 & refactor(helm): Replace dependency waiting logic with waitFor helper leveraging new job-watcher service account privileges. #1772 are incremental to reach the state in feat(helm): Add compression & query job orchestration and the webui to the chart. #1749

Description

Note

This PR is part of the ongoing work for #1309. More PRs will be submitted until the Helm chart is complete and fully functional.

• Add clp.waitFor helper template that creates an initContainer
    to wait for Kubernetes resources (services or jobs) to be ready.
    Uses kubectl wait instead of nc-based polling.

• Add RBAC resources for job-watcher:
    - job-watcher-serviceaccount.yaml: ServiceAccount for pods
    - job-watcher-role.yaml: Role with get/list/watch on jobs and pods
    - job-watcher-rolebinding.yaml: RoleBinding to connect the two

• Update all jobs to use:
    - serviceAccountName for RBAC permissions
    - waitFor helper for init containers

Checklist

• The PR satisfies the contribution guidelines.
• This is a breaking change and that has been indicated in the PR title, OR this isn't a
  breaking change.
• Necessary docs have been updated, OR no docs need to be updated.

Validation performed

same validation steps as done in #1698

Summary by CodeRabbit

• Chores

  • Bumped Helm chart version to 0.1.2-dev.6

• New Features

  • Added a reusable templated initContainer to wait for Kubernetes resources

• Security

  • Added dedicated service accounts plus RBAC Role and RoleBinding for job-watcher and init jobs

• Reliability

  • Replaced ad-hoc wait logic with the templated readiness initContainer and bound init jobs to specific service accounts

• Tests

  • Enhanced test script to wait for pod readiness and adjusted cleanup/install behaviour

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Bumps Helm chart version, adds a clp.waitFor Helm helper, replaces BusyBox initContainers in two Jobs with that helper, adds serviceAccountName to those Jobs, introduces RBAC manifests (ServiceAccount, Role, RoleBinding) for a job-watcher, and adds a test helper to wait for pods in test.sh.

Changes

Cohort / File(s)	Summary
Version Management tools/deployment/package-helm/Chart.yaml	Version bumped from 0.1.2-dev.4 to 0.1.2-dev.6.
Template Helpers tools/deployment/package-helm/templates/_helpers.tpl	Added define "clp.waitFor" helper that renders an initContainer using bitnami/kubectl to wait for either a service (pod readiness via selector) or a job (job completion) with a 300s timeout.
RBAC Resources tools/deployment/package-helm/templates/job-watcher-serviceaccount.yaml, tools/deployment/package-helm/templates/job-watcher-role.yaml, tools/deployment/package-helm/templates/job-watcher-rolebinding.yaml	Added ServiceAccount, Role (grants batch/jobs and pods get,list,watch), and RoleBinding binding the ServiceAccount to the Role.
Job Specs — DB table creator tools/deployment/package-helm/templates/db-table-creator-job.yaml	Added serviceAccountName and replaced the BusyBox initContainer with the templated clp.waitFor call (type: service, name: database).
Job Specs — Results cache indices creator tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml	Added serviceAccountName, replaced static initContainer with clp.waitFor (type: service, name: results-cache), and adjusted the Python invocation to pass --uri followed by a multi-line MongoDB URI.
Test script tools/deployment/package-helm/test.sh	Added wait_for_pods(...) function and invoked it after Helm deploy; renamed a results-cache directory to results_cache; changed helm uninstall to --ignore-not-found and minor ordering/formatting tweaks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Verify the results-cache Python invocation argument formatting matches the consumer's parsing (multi-line URI and --uri flag).
• Confirm serviceAccountName values in Job specs exactly match the created ServiceAccount and RoleBinding subject names.
• Inspect clp.waitFor output for correct kubectl wait commands, label selectors, timeout handling, and YAML indentation.
• Review test.sh wait loop for timeout semantics and impact on CI/test runs.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: refactoring Helm templates to replace dependency waiting logic with a new waitFor helper and job-watcher service account, which aligns perfectly with the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[junhaoliao]

these lines are unrelated to the main purpose of the PR. they're only updated to avoid code style violations (exceeding max 100 chars per line)

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml (1)

16-42: Fix MongoDB URI formatting to prevent whitespace injection in connection string

The multi-line double-quoted URI at lines 39–40 will have its newline folded into a space by YAML's parsing rules, producing an invalid MongoDB connection string like mongodb://...:27017 /db_name instead of the intended mongodb://...:27017/db_name.

Use a Helm template variable with printf to construct the URI as a single string:

       containers:
         - name: "results-cache-indices-creator"
           image: "{{ include "clp.image.ref" . }}"
           imagePullPolicy: "{{ .Values.image.clpPackage.pullPolicy }}"
+          {{- $resultsCacheUri := printf "mongodb://%s-results-cache:27017/%s" (include "clp.fullname" .) .Values.clpConfig.results_cache.db_name }}
           env:
             - name: "PYTHONPATH"
               value: "/opt/clp/lib/python3/site-packages"
           command: [
             "python3", "-u",
             "-m", "clp_py_utils.initialize-results-cache",
             "--uri",
-            "mongodb://{{ include "clp.fullname" . }}-results-cache:27017
-            /{{.Values.clpConfig.results_cache.db_name }}",
+            {{ $resultsCacheUri | quote }},
             "--stream-collection",
             {{ .Values.clpConfig.results_cache.stream_collection_name | quote }}
           ]

This approach preserves the URI semantics while respecting line-length constraints and is consistent with patterns already used elsewhere in this Helm chart.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 67e6831 and 0ca2a2c.

📒 Files selected for processing (7)

• tools/deployment/package-helm/Chart.yaml (1 hunks)
• tools/deployment/package-helm/templates/_helpers.tpl (1 hunks)
• tools/deployment/package-helm/templates/db-table-creator-job.yaml (1 hunks)
• tools/deployment/package-helm/templates/job-watcher-role.yaml (1 hunks)
• tools/deployment/package-helm/templates/job-watcher-rolebinding.yaml (1 hunks)
• tools/deployment/package-helm/templates/job-watcher-serviceaccount.yaml (1 hunks)
• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml (2 hunks)

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-07-08T17:20:02.560Z

Learnt from: junhaoliao
Repo: y-scope/clp PR: 1078
File: components/webui/server/src/plugins/MongoSocketIoServer/index.ts:105-108
Timestamp: 2025-07-08T17:20:02.560Z
Learning: The y-scope/clp codebase has a 100-character line length limit that takes precedence over other style preferences like template literals when they conflict.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

📚 Learning: 2024-10-24T14:25:17.978Z

Learnt from: haiqi96
Repo: y-scope/clp PR: 523
File: components/core/src/clp/clp/FileCompressor.hpp:58-78
Timestamp: 2024-10-24T14:25:17.978Z
Learning: When reviewing legacy code refactors, avoid suggesting changes that would extend the scope of the PR.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

📚 Learning: 2025-09-22T15:46:34.873Z

Learnt from: Bill-hbrhbr
Repo: y-scope/clp PR: 1311
File: integration-tests/tests/test_identity_transformation.py:93-97
Timestamp: 2025-09-22T15:46:34.873Z
Learning: In the CLP project, multi-line formatting is preferred over single-line ternary operators when the single line would exceed the project's line length limits, prioritizing code readability and adherence to coding standards.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

📚 Learning: 2025-03-18T07:27:54.738Z

Learnt from: Bill-hbrhbr
Repo: y-scope/clp PR: 0
File: :0-0
Timestamp: 2025-03-18T07:27:54.738Z
Learning: Double parentheses in the codebase are intentional and required for clang-tidy to pass. These should not be flagged as style issues in code reviews.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

🪛 YAMLlint (1.37.1)

tools/deployment/package-helm/templates/job-watcher-role.yaml

[error] 4-4: too many spaces inside braces

(braces)

---

[error] 4-4: too many spaces inside braces

(braces)

---

[error] 4-4: syntax error: expected , but found ''

(syntax)

tools/deployment/package-helm/templates/job-watcher-rolebinding.yaml

[error] 4-4: too many spaces inside braces

(braces)

---

[error] 4-4: too many spaces inside braces

(braces)

---

[error] 4-4: syntax error: expected , but found ''

(syntax)

---

[error] 9-9: too many spaces inside braces

(braces)

---

[error] 9-9: too many spaces inside braces

(braces)

---

[error] 10-10: too many spaces inside braces

(braces)

---

[error] 10-10: too many spaces inside braces

(braces)

---

[error] 13-13: too many spaces inside braces

(braces)

---

[error] 13-13: too many spaces inside braces

(braces)

tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

[error] 16-16: too many spaces inside braces

(braces)

---

[error] 16-16: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 20-20: too many spaces inside braces

(braces)

---

[error] 20-20: too many spaces inside braces

(braces)

---

[error] 21-21: too many spaces inside braces

(braces)

---

[error] 21-21: too many spaces inside braces

(braces)

---

[error] 27-27: too many spaces inside braces

(braces)

---

[error] 39-39: too many spaces inside braces

(braces)

---

[error] 40-40: too many spaces inside braces

(braces)

---

[error] 42-42: too many spaces inside braces

(braces)

---

[error] 42-42: too many spaces inside braces

(braces)

tools/deployment/package-helm/templates/job-watcher-serviceaccount.yaml

[error] 4-4: too many spaces inside braces

(braces)

---

[error] 4-4: too many spaces inside braces

(braces)

---

[error] 4-4: syntax error: expected , but found ''

(syntax)

tools/deployment/package-helm/templates/db-table-creator-job.yaml

[error] 16-16: too many spaces inside braces

(braces)

---

[error] 16-16: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 20-20: too many spaces inside braces

(braces)

---

[error] 20-20: too many spaces inside braces

(braces)

---

[error] 21-21: too many spaces inside braces

(braces)

---

[error] 21-21: too many spaces inside braces

(braces)

---

[error] 27-27: too many spaces inside braces

(braces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: package-image
• GitHub Check: lint-check (ubuntu-24.04)
• GitHub Check: lint-check (macos-15)
• GitHub Check: build (ubuntu-24.04)
• GitHub Check: build (macos-15)

🔇 Additional comments (5)

tools/deployment/package-helm/Chart.yaml (1)

3-3: Chart version bump looks appropriate

The version increment to 0.1.2-dev.5 is consistent with the added helpers/RBAC changes; just ensure it still matches your intended merge order with adjacent PRs before merging.

tools/deployment/package-helm/templates/job-watcher-serviceaccount.yaml (1)

1-6: ServiceAccount wiring and labelling look consistent

The job-watcher ServiceAccount name and labels align with clp.fullname/clp.labels usage and match the Role/RoleBinding subjects; no functional issues spotted.

tools/deployment/package-helm/templates/job-watcher-role.yaml (1)

1-13: RBAC scope for job-watcher is appropriately minimal

Granting only get, list, and watch on batch/jobs and pods is a good fit for the kubectl wait use case, without over-privileging the ServiceAccount.

tools/deployment/package-helm/templates/db-table-creator-job.yaml (1)

16-27: Job now correctly leverages job-watcher SA and clp.waitFor

Binding the Job to {{ include "clp.fullname" . }}-job-watcher and switching the initContainer to clp.waitFor for the database service is consistent with the new RBAC model; this should make readiness waiting more robust than the prior nc-based approach, assuming the database pods carry the app.kubernetes.io/component: "database" label.

tools/deployment/package-helm/templates/job-watcher-rolebinding.yaml (1)

1-14: RoleBinding correctly connects job-watcher SA and Role

The RoleBinding cleanly ties {{ include "clp.fullname" . }}-job-watcher to the corresponding Role in .Release.Namespace, with labels consistent with the rest of the chart.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Tighten clp.waitFor helper: avoid :latest image and fail fast on invalid types

The overall helper logic looks good, but two robustness tweaks would help:

• Avoid bitnami/kubectl:latest to reduce surprise breaks from upstream image changes; consider pinning a specific tag or making the image configurable via values.yaml.
• If .type is neither "service" nor "job", the template currently emits an incomplete kubectl wait command; it would be safer to surface this as a template error (e.g., via fail) rather than at runtime.

Example for the type handling:

-  {{- if eq .type "service" }}
+  {{- if eq .type "service" }}
   "--for=condition=ready",
   "pod", "--selector", "app.kubernetes.io/component={{ .name }}",
-  {{- else if eq .type "job" }}
+  {{- else if eq .type "job" }}
   "--for=condition=complete",
   "job/{{ include "clp.fullname" .root }}-{{ .name }}",
-  {{- end }}
+  {{- else }}
+  {{- fail (printf "clp.waitFor: unsupported type %q" .type) }}
+  {{- end }}

🤖 Prompt for AI Agents

In tools/deployment/package-helm/templates/_helpers.tpl around lines 138 to 160,
tighten the clp.waitFor helper by making the kubectl image configurable/pinned
instead of hardcoding "bitnami/kubectl:latest" (add a values.yaml key like
global.kubectlImage or default to a specific tag and reference it here) and add
an explicit template guard that fails for invalid .type (use sprig’s fail or
required to emit a template error when .type is not "service" or "job"),
ensuring the rendered command never becomes incomplete at runtime.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4ec9589 and 9dec650.

📒 Files selected for processing (1)

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml (2 hunks)

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-07-08T17:20:02.560Z

Learnt from: junhaoliao
Repo: y-scope/clp PR: 1078
File: components/webui/server/src/plugins/MongoSocketIoServer/index.ts:105-108
Timestamp: 2025-07-08T17:20:02.560Z
Learning: The y-scope/clp codebase has a 100-character line length limit that takes precedence over other style preferences like template literals when they conflict.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

📚 Learning: 2024-10-24T14:25:17.978Z

Learnt from: haiqi96
Repo: y-scope/clp PR: 523
File: components/core/src/clp/clp/FileCompressor.hpp:58-78
Timestamp: 2024-10-24T14:25:17.978Z
Learning: When reviewing legacy code refactors, avoid suggesting changes that would extend the scope of the PR.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

📚 Learning: 2025-09-22T15:46:34.873Z

Learnt from: Bill-hbrhbr
Repo: y-scope/clp PR: 1311
File: integration-tests/tests/test_identity_transformation.py:93-97
Timestamp: 2025-09-22T15:46:34.873Z
Learning: In the CLP project, multi-line formatting is preferred over single-line ternary operators when the single line would exceed the project's line length limits, prioritizing code readability and adherence to coding standards.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

📚 Learning: 2025-03-18T07:27:54.738Z

Learnt from: Bill-hbrhbr
Repo: y-scope/clp PR: 0
File: :0-0
Timestamp: 2025-03-18T07:27:54.738Z
Learning: Double parentheses in the codebase are intentional and required for clang-tidy to pass. These should not be flagged as style issues in code reviews.

Applied to files:

• tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

🪛 YAMLlint (1.37.1)

tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml

[error] 16-16: too many spaces inside braces

(braces)

---

[error] 16-16: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 19-19: too many spaces inside braces

(braces)

---

[error] 20-20: too many spaces inside braces

(braces)

---

[error] 20-20: too many spaces inside braces

(braces)

---

[error] 21-21: too many spaces inside braces

(braces)

---

[error] 21-21: too many spaces inside braces

(braces)

---

[error] 27-27: too many spaces inside braces

(braces)

---

[error] 39-39: too many spaces inside braces

(braces)

---

[error] 40-40: too many spaces inside braces

(braces)

---

[error] 40-40: too many spaces inside braces

(braces)

---

[error] 42-42: too many spaces inside braces

(braces)

---

[error] 42-42: too many spaces inside braces

(braces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: package-image
• GitHub Check: build (macos-15)
• GitHub Check: build (ubuntu-24.04)

🔇 Additional comments (1)

tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml (1)

16-27: ServiceAccount and clp.waitFor wiring looks good; double-check RBAC for services

The serviceAccountName pointing at {{ include "clp.fullname" . }}-job-watcher and the clp.waitFor initContainer invocation for the results-cache service both look consistent with the new helper and job-watcher concept.

One thing to verify: since clp.waitFor is used with type: "service", ensure the job-watcher Role (or another bound Role/ClusterRole) grants the necessary verbs on services (and any other resource kubectl wait touches for service readiness). The PR description mentions jobs and pods explicitly, so it’s worth confirming services are also covered to avoid kubectl wait failing with Forbidden.

Based on learnings, I’m not suggesting additional refactors here beyond this RBAC check.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Multi-line MongoDB URI introduces whitespace and will break the connection

The way the --uri value is currently split across lines will introduce whitespace between :27017 and /{{ .Values.clpConfig.results_cache.db_name }} at render time (either a space or a newline, depending on YAML parsing), yielding an invalid MongoDB URI and likely causing the job to fail to connect.

You need the URI to be rendered as a single, uninterrupted string.

A minimal fix is to put the URI back on a single line:

-            "--uri",
-            "mongodb://{{ include "clp.fullname" . }}-results-cache:27017
-            /{{ .Values.clpConfig.results_cache.db_name }}",
+            "--uri",
+            "mongodb://{{ include "clp.fullname" . }}-results-cache:27017/{{ .Values.clpConfig.results_cache.db_name }}",
             "--stream-collection",
             {{ .Values.clpConfig.results_cache.stream_collection_name | quote }}

This restores a valid MongoDB connection string; you can revisit line-wrapping separately if needed to satisfy the 100‑character limit without changing the rendered URI.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"--uri",
	"mongodb://{{ include "clp.fullname" . }}-results-cache:27017
	/{{ .Values.clpConfig.results_cache.db_name }}",
	"--stream-collection",
	{{ .Values.clpConfig.results_cache.stream_collection_name | quote }}
	"--uri",
	"mongodb://{{ include "clp.fullname" . }}-results-cache:27017/{{ .Values.clpConfig.results_cache.db_name }}",
	"--stream-collection",
	{{ .Values.clpConfig.results_cache.stream_collection_name | quote }}

🧰 Tools

🪛 YAMLlint (1.37.1)

[error] 39-39: too many spaces inside braces

(braces)

---

[error] 40-40: too many spaces inside braces

(braces)

---

[error] 40-40: too many spaces inside braces

(braces)

---

[error] 42-42: too many spaces inside braces

(braces)

---

[error] 42-42: too many spaces inside braces

(braces)

🤖 Prompt for AI Agents

In
tools/deployment/package-helm/templates/results-cache-indices-creator-job.yaml
around lines 38 to 42, the MongoDB URI argument is split across lines which
inserts whitespace/newline into the rendered string and breaks the connection;
fix by joining the URI into a single uninterrupted string (ensure "mongodb://{{
include "clp.fullname" . }}-results-cache:27017/{{
.Values.clpConfig.results_cache.db_name }}" is rendered on one line) so the
--uri value is a valid MongoDB connection string.

[junhaoliao]

tu as raison

[coderabbitai]

@junhaoliao Merci! Feel free to ping me once you've applied the fix. 👍

[junhaoliao]

changes in this file should be identical to the ones done in #1784

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 635090b and 5bcb474.

📒 Files selected for processing (2)

• tools/deployment/package-helm/Chart.yaml (1 hunks)
• tools/deployment/package-helm/test.sh (2 hunks)

🔇 Additional comments (4)

tools/deployment/package-helm/Chart.yaml (1)

3-3: Version bump looks good.

The version increment to 0.1.2-dev.6 aligns with the PR objectives and merge ordering requirements mentioned in the description.

tools/deployment/package-helm/test.sh (3)

56-56: Good fix for naming consistency.

The path change from results-cache to results_cache improves consistency with the directory naming convention.

---

75-75: Excellent improvement to error handling.

Using --ignore-not-found is more precise than || true, as it specifically handles the "not found" case rather than suppressing all errors.

---

79-79: LGTM! The wait parameters are reasonable.

The 300-second overall timeout with 5-second polling and wait intervals provides a good balance between responsiveness and avoiding excessive API calls.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider eliminating the initial sleep delay.

The function sleeps at the start of each iteration (line 28), which introduces a 5-second delay before the first readiness check. Consider restructuring to check immediately on the first iteration, then sleep only between subsequent checks.

Apply this diff to check immediately on first iteration:

     # Reset bash built-in SECONDS counter
     SECONDS=0
 
+    local first_iteration=true
     while true; do
-        sleep "${poll_interval_seconds}"
+        if [[ "${first_iteration}" == "true" ]]; then
+            first_iteration=false
+        else
+            sleep "${poll_interval_seconds}"
+        fi
         kubectl get pods

Overall, the wait logic is well-implemented.

The function correctly uses kubectl wait with appropriate timeouts for both jobs and pods, includes proper error handling, and has clear timeout logic using the SECONDS built-in.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	wait_for_pods() {
	local timeout_seconds=$1
	local poll_interval_seconds=$2
	local wait_timeout_seconds=$3
	echo "Waiting for all pods to be ready" \
	"(timeout=${timeout_seconds}s, poll=${poll_interval_seconds}s," \
	"wait=${wait_timeout_seconds}s)..."
	# Reset bash built-in SECONDS counter
	SECONDS=0
	while true; do
	sleep "${poll_interval_seconds}"
	kubectl get pods
	if kubectl wait job \
	--all \
	--for=condition=Complete \
	--timeout="${wait_timeout_seconds}s" 2>/dev/null \
	&& kubectl wait pods \
	--all \
	--selector='!job-name' \
	--for=condition=Ready \
	--timeout="${wait_timeout_seconds}s" 2>/dev/null
	then
	echo "All jobs completed and services are ready."
	return 0
	fi
	if [[ ${SECONDS} -ge ${timeout_seconds} ]]; then
	echo "ERROR: Timed out waiting for pods to be ready"
	return 1
	fi
	echo "---"
	done
	}
	wait_for_pods() {
	local timeout_seconds=$1
	local poll_interval_seconds=$2
	local wait_timeout_seconds=$3
	echo "Waiting for all pods to be ready" \
	"(timeout=${timeout_seconds}s, poll=${poll_interval_seconds}s," \
	"wait=${wait_timeout_seconds}s)..."
	# Reset bash built-in SECONDS counter
	SECONDS=0
	local first_iteration=true
	while true; do
	if [[ "${first_iteration}" == "true" ]]; then
	first_iteration=false
	else
	sleep "${poll_interval_seconds}"
	fi
	kubectl get pods
	if kubectl wait job \
	--all \
	--for=condition=Complete \
	--timeout="${wait_timeout_seconds}s" 2>/dev/null \
	&& kubectl wait pods \
	--all \
	--selector='!job-name' \
	--for=condition=Ready \
	--timeout="${wait_timeout_seconds}s" 2>/dev/null
	then
	echo "All jobs completed and services are ready."
	return 0
	fi
	if [[ ${SECONDS} -ge ${timeout_seconds} ]]; then
	echo "ERROR: Timed out waiting for pods to be ready"
	return 1
	fi
	echo "---"
	done
	}

🤖 Prompt for AI Agents

In tools/deployment/package-helm/test.sh around lines 15 to 52, the loop always
sleeps at the top causing an unnecessary initial delay before the first
readiness check; change the loop so it performs the kubectl checks immediately
on the first iteration and only sleeps between subsequent iterations (e.g., move
the sleep to the end of the loop or guard it with a first-iteration flag),
keeping all existing kubectl wait calls, timeout/return logic, and SECONDS-based
timeout unchanged.

[junhaoliao]

note in 635090b , a \ was added at the end of this line to properly escape the multiline string; otherwise, a space would show up in the URL.