feat(studio): add Helm chart for Studio

[BrieucCaillot]

Summary

• New Helm chart for the Formance Studio app (Next.js frontend + PostgreSQL)
• Follows the console-v3 pattern: core library dependency, same template structure
• Includes deployment, service, ingress, HPA, PDB, migration job, and AWS TGB
• Studio-specific config: OpenAI API key (secret), feature flags, cookie encryption
• Optional Bitnami PostgreSQL subchart (postgresql.enabled)

Companion PR: https://github.com/formancehq/platform-ui/pull/968

[coderabbitai]

Walkthrough

Adds five new Helm template helpers to charts/studio/templates/_helpers.tpl that define Studio environment configuration, including templates for cookie settings, OAuth client credentials, OpenAI API key, feature flags, and a main environment assembly orchestrator that composes all components.

Changes

Cohort / File(s)	Summary
Studio Environment Configuration Templates charts/studio/templates/_helpers.tpl	Introduces five new named templates: studio.cookie (COOKIE_SECRET and COOKIE_DOMAIN), studio.oauth.client (OAuth credentials and redirect URI), studio.openai (API key sourcing), studio.features (feature flags), and studio.env (orchestrates all environment variables with conditional secret handling).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A warren of secrets, arranged so neat,
Helm helpers dance in templated sweet,
Cookies and tokens and keys unified,
Studio's config—now crystallified! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a new Helm chart for the Studio application.
Description check	✅ Passed	The description is directly related to the changeset, providing context about the Helm chart additions, configuration options, and implementation patterns.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BrieucCaillot/studio-chart

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@charts/studio/templates/_helpers.tpl`:
- Line 26: The cookie encryption key value is rendered unquoted which can break
YAML if it contains special characters; update the template in
charts/studio/templates/_helpers.tpl to quote the
.Values.config.cookie.encryptionKey (use the same pattern used for the OAuth
client secret) by applying the Helm | quote function to
.Values.config.cookie.encryptionKey so the rendered manifest is always valid
YAML.
- Line 38: The template uses len on
.Values.global.platform.studio.oauth.client.existingSecret which will panic if
that key is nil; change the condition to a nil-safe truthiness check (e.g., use
the value directly like "if
.Values.global.platform.studio.oauth.client.existingSecret") to match how
studio.cookie and studio.openai are handled, ensuring the helper does not call
len on a possibly undefined value and preserves the same logical behavior.

🧹 Nitpick comments (1)

charts/studio/templates/_helpers.tpl (1)

70-84: Consider quoting NODE_ENV for consistency.

All other string values in this file use | quote (feature flags, secrets, etc.). NODE_ENV on line 72 is unquoted. While typical values like production are safe, quoting defensively keeps the pattern consistent.

Proposed fix

 - name: NODE_ENV
-  value: {{ .Values.config.environment }}
+  value: {{ .Values.config.environment | quote }}

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing | quote on cookie encryption key value.

Line 44 correctly quotes the OAuth client secret, but here the encryptionKey is unquoted. If the value contains YAML-special characters (e.g., #, :, {), the rendered manifest will be malformed.

Proposed fix

-  value: {{ .Values.config.cookie.encryptionKey }}
+  value: {{ .Values.config.cookie.encryptionKey | quote }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	value: {{ .Values.config.cookie.encryptionKey }}
	value: {{ .Values.config.cookie.encryptionKey | quote }}

🤖 Prompt for AI Agents

In `@charts/studio/templates/_helpers.tpl` at line 26, The cookie encryption key
value is rendered unquoted which can break YAML if it contains special
characters; update the template in charts/studio/templates/_helpers.tpl to quote
the .Values.config.cookie.encryptionKey (use the same pattern used for the OAuth
client secret) by applying the Helm | quote function to
.Values.config.cookie.encryptionKey so the rendered manifest is always valid
YAML.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

len on a potentially nil value will panic during template rendering.

If .Values.global.platform.studio.oauth.client.existingSecret is not defined (nil), len will error out. The studio.cookie (line 20) and studio.openai (line 51) templates safely use a simple truthiness check instead. Align for consistency and nil-safety.

Proposed fix

-  {{- if gt (len .Values.global.platform.studio.oauth.client.existingSecret) 0 }}
+  {{- if .Values.global.platform.studio.oauth.client.existingSecret }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if gt (len .Values.global.platform.studio.oauth.client.existingSecret) 0 }}
	{{- if .Values.global.platform.studio.oauth.client.existingSecret }}

🤖 Prompt for AI Agents

In `@charts/studio/templates/_helpers.tpl` at line 38, The template uses len on
.Values.global.platform.studio.oauth.client.existingSecret which will panic if
that key is nil; change the condition to a nil-safe truthiness check (e.g., use
the value directly like "if
.Values.global.platform.studio.oauth.client.existingSecret") to match how
studio.cookie and studio.openai are handled, ensuring the helper does not call
len on a possibly undefined value and preserves the same logical behavior.