Update use of global annotations to not include empty line in output#815
Open
seppelucas wants to merge 1 commit intokubescape:mainfrom
Open
Update use of global annotations to not include empty line in output#815seppelucas wants to merge 1 commit intokubescape:mainfrom
seppelucas wants to merge 1 commit intokubescape:mainfrom
Conversation
No functional changes, only slightly cleaner helm output. Closes kubescape#814 Signed-off-by: J.M. Lucas <slucas@osso.nl>
📝 WalkthroughWalkthroughThis pull request systematically updates 65+ Helm template files in the kubescape-operator chart to conditionally render metadata annotations. Each file replaces a direct template include that produces empty lines with a Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~10 minutes This is a highly homogeneous change repeated identically across 65+ files. The pattern is simple and straightforward: wrapping existing includes in conditional Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (4)
charts/kubescape-operator/templates/grype-offline-db/deployment.yaml (1)
27-29:⚠️ Potential issue | 🟡 MinorInconsistent pattern: pod template annotations not wrapped in
withblock.Same issue as the kubescape deployment—the pod template metadata annotations on line 28 still use the old pattern and will produce empty indented lines when global annotations are not set.
Proposed fix
annotations: - {{- include "kubescape-operator.annotations" (dict "Values" .Values) | nindent 8 }} + {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} + {{ . | nindent 8 }} + {{- end }} {{- with .Values.grypeOfflineDB.podAnnotations }}{{- toYaml . | nindent 8 }}{{- end }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/kubescape-operator/templates/grype-offline-db/deployment.yaml` around lines 27 - 29, The pod template metadata annotations use the standalone include "kubescape-operator.annotations" which can emit empty indented lines when global annotations are absent; change this to the same guarded pattern used elsewhere by wrapping the include in a `with`/guard so the annotations block is only rendered if non-empty, and keep the existing fallback that still renders `.Values.grypeOfflineDB.podAnnotations` (reference: the include "kubescape-operator.annotations" invocation and the `.Values.grypeOfflineDB.podAnnotations` block in the pod template metadata).charts/kubescape-operator/templates/kubescape/deployment.yaml (1)
31-33:⚠️ Potential issue | 🟡 MinorInconsistent pattern: pod template annotations not wrapped in
withblock.The deployment metadata annotations (lines 12-14) use the new
withpattern, but the pod template metadata annotations on line 32 still use the old direct include pattern. If global annotations are empty, this will still produce an empty indented line in the rendered pod spec.Proposed fix
annotations: - {{- include "kubescape-operator.annotations" (dict "Values" .Values) | nindent 8 }} + {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} + {{ . | nindent 8 }} + {{- end }} {{- with .Values.kubescape.podAnnotations }}{{- toYaml . | nindent 8 }}{{- end }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/kubescape-operator/templates/kubescape/deployment.yaml` around lines 31 - 33, The pod template annotations block in deployment.yaml uses a direct include of the "kubescape-operator.annotations" template and .Values.kubescape.podAnnotations which can emit an empty indented line; change it to the same `with`-guard pattern used for deployment metadata so the block is omitted when empty: wrap the include "kubescape-operator.annotations" (dict "Values" .Values) and the .Values.kubescape.podAnnotations YAML in `with`/`end` guards around the nindent call so nothing is rendered if those values are empty, keeping the template names ("kubescape-operator.annotations") and the value key (.Values.kubescape.podAnnotations) intact.charts/kubescape-operator/templates/prometheus-exporter/deployment.yaml (1)
25-27:⚠️ Potential issue | 🟡 MinorInconsistent fix: pod template annotations still uses the old pattern.
The metadata annotations were updated to use the
withblock (lines 10-12), but the pod template's annotations at line 26 still use the old{{- include ... | nindent 8 }}pattern that can produce empty lines when annotations are unset.For consistency, apply the same fix here:
Proposed fix
metadata: annotations: - {{- include "kubescape-operator.annotations" (dict "Values" .Values) | nindent 8 }} + {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} + {{ . | nindent 8 }} + {{- end }} {{- with .Values.prometheusExporter.podAnnotations }}{{- toYaml . | nindent 8 }}{{- end }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/kubescape-operator/templates/prometheus-exporter/deployment.yaml` around lines 25 - 27, The pod template annotations still use the old include pattern ({{- include "kubescape-operator.annotations" ...) which can emit empty lines when no annotations exist; replace that include invocation with the same `with` pattern used for metadata (i.e., wrap the include and any podAnnotations merge inside a `{{- with ... }}` so you only render the block when annotations exist), updating the pod template annotations block that references include "kubescape-operator.annotations" and .Values.prometheusExporter.podAnnotations to use the `with` conditional merge used for metadata to avoid empty lines.charts/kubescape-operator/templates/grype-offline-db/cronjob.yaml (1)
26-28:⚠️ Potential issue | 🟡 MinorInconsistent fix: pod template annotations still uses the old pattern.
Same issue as other templates—the job template's pod annotations at line 27 still use the old pattern that can produce empty lines.
Proposed fix
metadata: annotations: - {{- include "kubescape-operator.annotations" (dict "Values" .Values) | nindent 12 }} + {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} + {{ . | nindent 12 }} + {{- end }} {{- with .Values.grypeOfflineDB.podAnnotations }}{{- toYaml . | nindent 12 }}{{- end }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/kubescape-operator/templates/grype-offline-db/cronjob.yaml` around lines 26 - 28, Replace the old pod-annotations block in cronjob.yaml so it conditionally renders without introducing blank lines: instead of the current {{- with .Values.grypeOfflineDB.podAnnotations }}{{- toYaml . | nindent 12 }}{{- end }}, use an explicit if that references .Values.grypeOfflineDB.podAnnotations (eg. {{- if .Values.grypeOfflineDB.podAnnotations }}{{ toYaml .Values.grypeOfflineDB.podAnnotations | nindent 12 }}{{- end }}) so the pod template annotations (the include "kubescape-operator.annotations" and the Values.grypeOfflineDB.podAnnotations rendering) do not produce empty lines when the value is absent.
🧹 Nitpick comments (2)
charts/kubescape-operator/templates/node-agent/template-configmap.yaml (1)
24-25: Consider applying the same pattern to the embedded DaemonSet template annotations.The embedded DaemonSet template at line 25 still uses the direct
include ... | nindent 8pattern. While this is stored as ConfigMap data and processed by the operator autoscaler at runtime, it will still produce empty indented lines in the rendered DaemonSet manifest when annotations are empty.For full consistency with the PR objective, consider applying the same
withblock pattern here.♻️ Suggested change for embedded template
annotations: - {{- include "kubescape-operator.annotations" (dict "Values" .Values) | nindent 8 }} + {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} + {{ . | nindent 8 }} + {{- end }} labels:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/kubescape-operator/templates/node-agent/template-configmap.yaml` around lines 24 - 25, The embedded DaemonSet annotations currently use the direct include pattern "{{ include "kubescape-operator.annotations" ... | nindent 8 }}" which generates empty indented lines when annotations are absent; update the embedded DaemonSet template to use the same "with" wrapper pattern used elsewhere (i.e., wrap the include in a "with" conditional so it only renders when .Values or the annotations dict is non-empty) to avoid empty lines — locate the embedded DaemonSet annotations in template-configmap.yaml and replace the direct include of "kubescape-operator.annotations" with the conditional "with" usage.charts/kubescape-operator/templates/kubevuln/deployment.yaml (1)
27-29: Consider applying the same pattern to pod template annotations for consistency.The pod template annotations at line 28 still use the direct
include ... | nindent 8pattern without awithblock. While this is less problematic here since there are subsequent annotations (podAnnotations, checksums), it may still produce an empty indented line whenadditionalAnnotationsis empty.If the goal is to eliminate all empty lines from annotations includes, consider applying the same
withblock pattern here as well.♻️ Suggested change for consistency
metadata: annotations: - {{- include "kubescape-operator.annotations" (dict "Values" .Values) | nindent 8 }} + {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} + {{ . | nindent 8 }} + {{- end }} {{- with .Values.kubevuln.podAnnotations }}{{- toYaml . | nindent 8 }}{{- end }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/kubescape-operator/templates/kubevuln/deployment.yaml` around lines 27 - 29, The pod template annotations use a direct include of "kubescape-operator.annotations" which can emit an empty indented line when the result is empty; wrap that include in a conditional `with` block (similar to the pattern used for `.Values.kubevuln.podAnnotations`) so the include is rendered only when it produces content, ensuring no blank indented lines; update the pod template annotations block to use `with` around the include "kubescape-operator.annotations" and keep the existing `.Values.kubevuln.podAnnotations` and checksum annotations intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@charts/kubescape-operator/templates/kubescape/scc-rolebinding.yaml`:
- Around line 9-11: The template opens the with block using '{{- with (include
"kubescape-operator.annotations" (dict "Values" .Values)) }}' which leaves a
trailing blank line; change the opening tag to include the trailing dash ('-}}')
so it becomes '{{- with (include "kubescape-operator.annotations" (dict "Values"
.Values)) -}}' to suppress the extra newline and keep formatting consistent with
other templates — update the with/opening tag for the annotations block (and
verify matching end blocks remain '{{- end }}') accordingly.
In `@charts/kubescape-operator/templates/kubevuln/serviceaccount.yaml`:
- Around line 7-9: The with block in the serviceaccount template preserves an
extra newline after rendering annotations; change the with closing delimiter to
trim the trailing newline by replacing the current `{{- with (include
"kubescape-operator.annotations" (dict "Values" .Values)) }}`/`{{- end }}`
pattern so the opening or closing tag uses a `-}}` (i.e., use `-}}` after the
with) to suppress the blank indented line; update the block that calls include
"kubescape-operator.annotations" (and any identical blocks in this template) to
use the trimmed delimiter so no extra blank line is emitted.
In `@charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml`:
- Around line 7-9: The extra blank line comes from the trailing newline after
the with block before nindent; in the templates using the with block around
include "kubescape-operator.annotations" change the closing delimiter from "}}"
to "-}}" so the trailing whitespace/newline is stripped (i.e. update the with
block that calls include "kubescape-operator.annotations" and the subsequent {{
. | nindent 4 }} usage) to prevent the extra blank line when annotations are
present.
In `@charts/kubescape-operator/templates/operator/serviceaccount.yaml`:
- Around line 7-9: The with-block in the template that wraps the include
"kubescape-operator.annotations" is leaving an extra blank line; update the with
tag to trim whitespace on the right by changing the opening tag to use a
trailing -}} (i.e., use {{- with (include "kubescape-operator.annotations" (dict
"Values" .Values)) -}}) so the rendered output doesn’t add an extra blank line
when annotations are present; leave the inner {{ . | nindent 4 }} and the
existing {{- end }} unchanged.
In `@charts/kubescape-operator/templates/storage/networkpolicy.yaml`:
- Around line 9-11: The template leaves an extra blank line because the `with`
action is not closed with a trimmed delimiter; update the Helm template block
that uses include "kubescape-operator.annotations" so the opening tag trims
following whitespace by changing `{{- with (include
"kubescape-operator.annotations" (dict "Values" .Values)) }}` to use a trailing
hyphen `-}}` (i.e., `{{- with (include "kubescape-operator.annotations" (dict
"Values" .Values)) -}}`), leaving the rest of the block (`{{ . | nindent 4 }}`
and `{{- end }}`) as-is to remove the extra blank line when annotations are
present.
---
Outside diff comments:
In `@charts/kubescape-operator/templates/grype-offline-db/cronjob.yaml`:
- Around line 26-28: Replace the old pod-annotations block in cronjob.yaml so it
conditionally renders without introducing blank lines: instead of the current
{{- with .Values.grypeOfflineDB.podAnnotations }}{{- toYaml . | nindent 12 }}{{-
end }}, use an explicit if that references .Values.grypeOfflineDB.podAnnotations
(eg. {{- if .Values.grypeOfflineDB.podAnnotations }}{{ toYaml
.Values.grypeOfflineDB.podAnnotations | nindent 12 }}{{- end }}) so the pod
template annotations (the include "kubescape-operator.annotations" and the
Values.grypeOfflineDB.podAnnotations rendering) do not produce empty lines when
the value is absent.
In `@charts/kubescape-operator/templates/grype-offline-db/deployment.yaml`:
- Around line 27-29: The pod template metadata annotations use the standalone
include "kubescape-operator.annotations" which can emit empty indented lines
when global annotations are absent; change this to the same guarded pattern used
elsewhere by wrapping the include in a `with`/guard so the annotations block is
only rendered if non-empty, and keep the existing fallback that still renders
`.Values.grypeOfflineDB.podAnnotations` (reference: the include
"kubescape-operator.annotations" invocation and the
`.Values.grypeOfflineDB.podAnnotations` block in the pod template metadata).
In `@charts/kubescape-operator/templates/kubescape/deployment.yaml`:
- Around line 31-33: The pod template annotations block in deployment.yaml uses
a direct include of the "kubescape-operator.annotations" template and
.Values.kubescape.podAnnotations which can emit an empty indented line; change
it to the same `with`-guard pattern used for deployment metadata so the block is
omitted when empty: wrap the include "kubescape-operator.annotations" (dict
"Values" .Values) and the .Values.kubescape.podAnnotations YAML in `with`/`end`
guards around the nindent call so nothing is rendered if those values are empty,
keeping the template names ("kubescape-operator.annotations") and the value key
(.Values.kubescape.podAnnotations) intact.
In `@charts/kubescape-operator/templates/prometheus-exporter/deployment.yaml`:
- Around line 25-27: The pod template annotations still use the old include
pattern ({{- include "kubescape-operator.annotations" ...) which can emit empty
lines when no annotations exist; replace that include invocation with the same
`with` pattern used for metadata (i.e., wrap the include and any podAnnotations
merge inside a `{{- with ... }}` so you only render the block when annotations
exist), updating the pod template annotations block that references include
"kubescape-operator.annotations" and .Values.prometheusExporter.podAnnotations
to use the `with` conditional merge used for metadata to avoid empty lines.
---
Nitpick comments:
In `@charts/kubescape-operator/templates/kubevuln/deployment.yaml`:
- Around line 27-29: The pod template annotations use a direct include of
"kubescape-operator.annotations" which can emit an empty indented line when the
result is empty; wrap that include in a conditional `with` block (similar to the
pattern used for `.Values.kubevuln.podAnnotations`) so the include is rendered
only when it produces content, ensuring no blank indented lines; update the pod
template annotations block to use `with` around the include
"kubescape-operator.annotations" and keep the existing
`.Values.kubevuln.podAnnotations` and checksum annotations intact.
In `@charts/kubescape-operator/templates/node-agent/template-configmap.yaml`:
- Around line 24-25: The embedded DaemonSet annotations currently use the direct
include pattern "{{ include "kubescape-operator.annotations" ... | nindent 8 }}"
which generates empty indented lines when annotations are absent; update the
embedded DaemonSet template to use the same "with" wrapper pattern used
elsewhere (i.e., wrap the include in a "with" conditional so it only renders
when .Values or the annotations dict is non-empty) to avoid empty lines — locate
the embedded DaemonSet annotations in template-configmap.yaml and replace the
direct include of "kubescape-operator.annotations" with the conditional "with"
usage.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: efbea9c3-efd0-41cf-b58d-b5d7c5157562
📒 Files selected for processing (85)
charts/kubescape-operator/assets/host-scanner-definition.yamlcharts/kubescape-operator/templates/autoupdater/cronjob.yamlcharts/kubescape-operator/templates/autoupdater/serviceaccount.yamlcharts/kubescape-operator/templates/configs/cloud-secret.yamlcharts/kubescape-operator/templates/configs/cloudapi-configmap.yamlcharts/kubescape-operator/templates/configs/components-configmap.yamlcharts/kubescape-operator/templates/configs/custom-ca-certificates.yamlcharts/kubescape-operator/templates/configs/matchingRules-configmap.yamlcharts/kubescape-operator/templates/configs/priority-class.yamlcharts/kubescape-operator/templates/configs/private-registries-creds-secret.yamlcharts/kubescape-operator/templates/grype-offline-db/cronjob.yamlcharts/kubescape-operator/templates/grype-offline-db/deployment.yamlcharts/kubescape-operator/templates/kubescape-scheduler/configmap.yamlcharts/kubescape-operator/templates/kubescape-scheduler/cronjob.yamlcharts/kubescape-operator/templates/kubescape/clusterrole.yamlcharts/kubescape-operator/templates/kubescape/clusterrolebinding.yamlcharts/kubescape-operator/templates/kubescape/deployment.yamlcharts/kubescape-operator/templates/kubescape/host-scanner-definition-configmap.yamlcharts/kubescape-operator/templates/kubescape/networkpolicy.yamlcharts/kubescape-operator/templates/kubescape/role.yamlcharts/kubescape-operator/templates/kubescape/rolebinding.yamlcharts/kubescape-operator/templates/kubescape/scc-rolebinding.yamlcharts/kubescape-operator/templates/kubescape/service.yamlcharts/kubescape-operator/templates/kubescape/serviceaccount.yamlcharts/kubescape-operator/templates/kubescape/servicemonitor.yamlcharts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yamlcharts/kubescape-operator/templates/kubevuln/clusterrole.yamlcharts/kubescape-operator/templates/kubevuln/clusterrolebinding.yamlcharts/kubescape-operator/templates/kubevuln/deployment.yamlcharts/kubescape-operator/templates/kubevuln/networkpolicy.yamlcharts/kubescape-operator/templates/kubevuln/pvc.yamlcharts/kubescape-operator/templates/kubevuln/scc-rolebinding.yamlcharts/kubescape-operator/templates/kubevuln/service.yamlcharts/kubescape-operator/templates/kubevuln/serviceaccount.yamlcharts/kubescape-operator/templates/node-agent/clusterrole.yamlcharts/kubescape-operator/templates/node-agent/clusterrolebinding.yamlcharts/kubescape-operator/templates/node-agent/configmap.yamlcharts/kubescape-operator/templates/node-agent/daemonset.yamlcharts/kubescape-operator/templates/node-agent/daemonsets.yamlcharts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yamlcharts/kubescape-operator/templates/node-agent/default-rule-binding.yamlcharts/kubescape-operator/templates/node-agent/default-rules.yamlcharts/kubescape-operator/templates/node-agent/networkpolicy.yamlcharts/kubescape-operator/templates/node-agent/scc-rolebinding.yamlcharts/kubescape-operator/templates/node-agent/service.yamlcharts/kubescape-operator/templates/node-agent/serviceaccount.yamlcharts/kubescape-operator/templates/node-agent/servicemonitor.yamlcharts/kubescape-operator/templates/node-agent/template-configmap.yamlcharts/kubescape-operator/templates/operator/admission-service.yamlcharts/kubescape-operator/templates/operator/admission-webhook.yamlcharts/kubescape-operator/templates/operator/clusterrole.yamlcharts/kubescape-operator/templates/operator/clusterrolebinding.yamlcharts/kubescape-operator/templates/operator/configmap.yamlcharts/kubescape-operator/templates/operator/deployment.yamlcharts/kubescape-operator/templates/operator/ks-recurring-cronjob-configmap.yamlcharts/kubescape-operator/templates/operator/kv-recurring-cronjob-configmap.yamlcharts/kubescape-operator/templates/operator/networkpolicy.yamlcharts/kubescape-operator/templates/operator/registry-scan-recurring-cronjob-configmap.yamlcharts/kubescape-operator/templates/operator/role.yamlcharts/kubescape-operator/templates/operator/rolebinding.yamlcharts/kubescape-operator/templates/operator/scc-rolebinding.yamlcharts/kubescape-operator/templates/operator/service.yamlcharts/kubescape-operator/templates/operator/serviceaccount.yamlcharts/kubescape-operator/templates/otel-collector/configmap.yamlcharts/kubescape-operator/templates/otel-collector/deployment.yamlcharts/kubescape-operator/templates/prometheus-exporter/deployment.yamlcharts/kubescape-operator/templates/prometheus-exporter/networkpolicy.yamlcharts/kubescape-operator/templates/prometheus-exporter/servicemonitor.yamlcharts/kubescape-operator/templates/storage/apiservice.yamlcharts/kubescape-operator/templates/storage/ca-secret.yamlcharts/kubescape-operator/templates/storage/clusterrole.yamlcharts/kubescape-operator/templates/storage/clusterrolebinding.yamlcharts/kubescape-operator/templates/storage/deployment.yamlcharts/kubescape-operator/templates/storage/networkpolicy.yamlcharts/kubescape-operator/templates/storage/pvc.yamlcharts/kubescape-operator/templates/storage/rolebinding.yamlcharts/kubescape-operator/templates/storage/scc-rolebinding.yamlcharts/kubescape-operator/templates/storage/seccompprofile-crd.yamlcharts/kubescape-operator/templates/storage/service.yamlcharts/kubescape-operator/templates/storage/serviceaccount.yamlcharts/kubescape-operator/templates/storage/tests/test-connection.yamlcharts/kubescape-operator/templates/synchronizer/clusterrole.yamlcharts/kubescape-operator/templates/synchronizer/configmap.yamlcharts/kubescape-operator/templates/synchronizer/deployment.yamlcharts/kubescape-operator/templates/synchronizer/networkpolicy.yaml
Comment on lines
+9
to
+11
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | ||
| {{ . | nindent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
Same whitespace issue: use -}} after with.
Consistent with the other templates — add -}} to avoid the extra blank line when annotations are present.
Proposed fix
- {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }}
+ {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}}
{{ . | nindent 4 }}
{{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | |
| {{ . | nindent 4 }} | |
| {{- end }} | |
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}} | |
| {{ . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@charts/kubescape-operator/templates/kubescape/scc-rolebinding.yaml` around
lines 9 - 11, The template opens the with block using '{{- with (include
"kubescape-operator.annotations" (dict "Values" .Values)) }}' which leaves a
trailing blank line; change the opening tag to include the trailing dash ('-}}')
so it becomes '{{- with (include "kubescape-operator.annotations" (dict "Values"
.Values)) -}}' to suppress the extra newline and keep formatting consistent with
other templates — update the with/opening tag for the annotations block (and
verify matching end blocks remain '{{- end }}') accordingly.
Comment on lines
+7
to
+9
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | ||
| {{ . | nindent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
Same whitespace issue: use -}} after with.
Same issue as the other templates — when annotations exist, an extra blank indented line is produced due to the preserved newline after }}.
Proposed fix
- {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }}
+ {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}}
{{ . | nindent 4 }}
{{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | |
| {{ . | nindent 4 }} | |
| {{- end }} | |
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}} | |
| {{ . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@charts/kubescape-operator/templates/kubevuln/serviceaccount.yaml` around
lines 7 - 9, The with block in the serviceaccount template preserves an extra
newline after rendering annotations; change the with closing delimiter to trim
the trailing newline by replacing the current `{{- with (include
"kubescape-operator.annotations" (dict "Values" .Values)) }}`/`{{- end }}`
pattern so the opening or closing tag uses a `-}}` (i.e., use `-}}` after the
with) to suppress the blank indented line; update the block that calls include
"kubescape-operator.annotations" (and any identical blocks in this template) to
use the trimmed delimiter so no extra blank line is emitted.
Comment on lines
+7
to
+9
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | ||
| {{ . | nindent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
Extra blank line produced when annotations are present.
The with block correctly suppresses output when annotations are empty. However, when annotations are set, the }} on line 7 preserves the trailing newline and indentation, and then nindent 4 prepends another newline. This produces:
annotations:
key: valueUse -}} to strip trailing whitespace after with:
Proposed fix
- {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }}
+ {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}}
{{ . | nindent 4 }}
{{- end }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml`
around lines 7 - 9, The extra blank line comes from the trailing newline after
the with block before nindent; in the templates using the with block around
include "kubescape-operator.annotations" change the closing delimiter from "}}"
to "-}}" so the trailing whitespace/newline is stripped (i.e. update the with
block that calls include "kubescape-operator.annotations" and the subsequent {{
. | nindent 4 }} usage) to prevent the extra blank line when annotations are
present.
Comment on lines
+7
to
+9
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | ||
| {{ . | nindent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
Same whitespace issue: use -}} after with.
Consistent with the other templates — add -}} to avoid the extra blank line when annotations are present.
Proposed fix
- {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }}
+ {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}}
{{ . | nindent 4 }}
{{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | |
| {{ . | nindent 4 }} | |
| {{- end }} | |
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}} | |
| {{ . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@charts/kubescape-operator/templates/operator/serviceaccount.yaml` around
lines 7 - 9, The with-block in the template that wraps the include
"kubescape-operator.annotations" is leaving an extra blank line; update the with
tag to trim whitespace on the right by changing the opening tag to use a
trailing -}} (i.e., use {{- with (include "kubescape-operator.annotations" (dict
"Values" .Values)) -}}) so the rendered output doesn’t add an extra blank line
when annotations are present; leave the inner {{ . | nindent 4 }} and the
existing {{- end }} unchanged.
Comment on lines
+9
to
+11
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | ||
| {{ . | nindent 4 }} | ||
| {{- end }} |
There was a problem hiding this comment.
Same whitespace issue: use -}} after with.
Consistent with the other templates — add -}} to avoid the extra blank line when annotations are present.
Proposed fix
- {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }}
+ {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}}
{{ . | nindent 4 }}
{{- end }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) }} | |
| {{ . | nindent 4 }} | |
| {{- end }} | |
| {{- with (include "kubescape-operator.annotations" (dict "Values" .Values)) -}} | |
| {{ . | nindent 4 }} | |
| {{- end }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@charts/kubescape-operator/templates/storage/networkpolicy.yaml` around lines
9 - 11, The template leaves an extra blank line because the `with` action is not
closed with a trimmed delimiter; update the Helm template block that uses
include "kubescape-operator.annotations" so the opening tag trims following
whitespace by changing `{{- with (include "kubescape-operator.annotations" (dict
"Values" .Values)) }}` to use a trailing hyphen `-}}` (i.e., `{{- with (include
"kubescape-operator.annotations" (dict "Values" .Values)) -}}`), leaving the
rest of the block (`{{ . | nindent 4 }}` and `{{- end }}`) as-is to remove the
extra blank line when annotations are present.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No functional changes, only slightly cleaner helm output. Closes #814
Overview
Update usage of global annotations to not include empty lines in output.
Additional Information
No functional changes, only cleaning up the helm output.
Would be even better to not add
annotations:is there are none. Maybe something to fix after #813, currently clashes.How to Test
With a local helm build.
Before:
After:
Already tested, annotations is now empty where before it included an empty line with indent 4.
Related issues/PRs:
Summary by CodeRabbit
Release Notes