291 - Refactor values.dev.yaml to contain only dev overrides

[alexbottenberg]

Summary

• apps/api/helm/values.dev.yaml: replaced duplicated pip-ss-kv-stg secrets block (identical to values.yaml) with cath: null to correctly suppress the production vault in local dev via Helm merge semantics
• apps/web/helm/values.dev.yaml: removed all settings duplicated from values.yaml (applicationPort, aadIdentityName, ingressHost, image, REDIS_HOST, BASE_URL, SSO_ALLOW_HTTP_REDIRECT, all GOVUK_NOTIFY_TEMPLATE_ID_*), keeping only genuine dev overrides (CFT_IDAM_URL and the full pip-ss-kv-stg.secrets array with dev-specific secret names)

Closes #291

Test plan

• Run helm template cath-api apps/api/helm -f apps/api/helm/values.yaml -f apps/api/helm/values.dev.yaml and confirm cath vault is absent from rendered output
• Run helm template cath-web apps/web/helm -f apps/web/helm/values.yaml -f apps/web/helm/values.dev.yaml and confirm dev SSO secret names and CFT_IDAM_URL are present
• Confirm E2E tests pass locally
• GitHub pipeline passes

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores

  • Simplified local Helm overrides to exclude a production vault and streamline key‑vault secret mappings.
  • Development startup and seed scripts updated to explicitly load local environment files.

• Tests

  • GOV.UK Notify email test now skips unless both API key and template ID environment variables are present.

• Documentation

  • Added planning, tasks and ticket docs describing the dev config refactor and verification steps.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b7e52114-ad67-4692-86f1-f14cd763a0db

📥 Commits

Reviewing files that changed from the base of the PR and between e28f527 and b2c2b36.

📒 Files selected for processing (1)

• apps/web/package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/web/package.json

---

📝 Walkthrough

Walkthrough

Refactors Helm values.dev.yaml overlays for API and web to remove redundant/local-only settings and explicitly disable the production cath vault, adds documentation (ticket, plan, tasks) describing the refactor and verification steps, adjusts dev startup scripts to load a shared .env, and tightens an e2e test skip to require two GOV.UK Notify-related env vars.

Changes

Cohort / File(s)	Summary
Helm configuration overrides apps/api/helm/values.dev.yaml, apps/web/helm/values.dev.yaml	API: removes pip-ss-kv-stg.secrets block and sets nodejs.keyVaults.cath: null to exclude the production vault. Web: removes local-specific nodejs settings (ports, image, some envs) and retains only nodejs.environment plus nodejs.keyVaults with expanded pip-ss-kv-stg.secrets mappings (GOV.UK Notify and Azure B2C keys).
Documentation for refactor docs/tickets/291/ticket.md, docs/tickets/291/plan.md, docs/tickets/291/tasks.md	Adds ticket metadata, a detailed plan describing Helm merge behaviour and the intended changes, verification steps (including helm template), and an implementation task checklist for the values.dev.yaml refactor.
End-to-end tests e2e-tests/tests/api/blob-ingestion-notifications.spec.ts	Tightens skip condition: the GOV.UK Notify email-content test runs only when both GOVUK_NOTIFY_API_KEY and GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION are set.
Dev scripts / env loading apps/web/package.json, package.json	Passes explicit env files to dev/startup scripts: apps/web dev scripts use --env-file-if-exists=../../.env; root db:seed adds --env-file=.env so local runs load the repo .env.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately reflects the main change: refactoring values.dev.yaml files to contain only dev-specific overrides rather than duplicated production values.
Linked Issues check	✅ Passed	All coding objectives from #291 are met: values.dev.yaml files contain only dev overrides, production vaults are suppressed via Helm merge semantics (cath: null), and environment variable handling is improved for local development.
Out of Scope Changes check	✅ Passed	Changes to e2e-tests and package.json scripts are directly related to enabling the refactor to function correctly in local development and CI environments.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/291-refactor-values-dev-yaml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/tickets/291/plan.md (1)

193-200: Open questions are valuable — ensure they're resolved before merging.

These questions correctly identify risks:

1. Chart null-handling behaviour needs verification via helm template.
2. Current local dev behaviour should be confirmed to understand if changes have observable effect.
3. Local tooling invocation order should be verified.

Consider converting these to explicit checkboxes in tasks.md to track resolution.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 092e9939-a3d6-4edd-b766-96453afe2a83

📥 Commits

Reviewing files that changed from the base of the PR and between b88bf95 and 774de2b.

📒 Files selected for processing (5)

• apps/api/helm/values.dev.yaml
• apps/web/helm/values.dev.yaml
• docs/tickets/291/plan.md
• docs/tickets/291/tasks.md
• docs/tickets/291/ticket.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor text quality issues in acceptance criteria.

• Line 15: "End to end" should be hyphenated as "End-to-end".
• Line 16: "Github" should be "GitHub" (capital H).

📝 Proposed fix

- * End to end tests are passing on local
- * Github pipeline is passing
+ * End-to-end tests are passing on local
+ * GitHub pipeline is passing

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	* End to end tests are passing on local
	* Github pipeline is passing
	* End-to-end tests are passing on local
	* GitHub pipeline is passing

🧰 Tools

🪛 LanguageTool

[grammar] ~15-~15: Did you mean the adjective “End-to-end” (spelled with hyphens)?
Context: ...en needed. Acceptance criteria: * End to end tests are passing on local * Github pi...

(END_TO_END_HYPHEN)

---

[uncategorized] ~16-~16: The official name of this software platform is spelled with a capital “H”.
Context: ...nd to end tests are passing on local * Github pipeline is passing ## Comments ### C...

(GITHUB)

[github-actions]

🎭 Playwright E2E Test Results

257 tests   257 ✅  24m 58s ⏱️
 34 suites    0 💤
  1 files      0 ❌

Results for commit b2c2b36.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 2

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0edc160d-410b-43b4-84e3-0e8c7d401523

📥 Commits

Reviewing files that changed from the base of the PR and between 774de2b and ecd89b1.

📒 Files selected for processing (3)

• biome.json
• e2e-tests/tests/api/blob-ingestion-notifications.spec.ts
• e2e-tests/tests/subscription-notifications.spec.ts

✅ Files skipped from review due to trivial changes (1)

• biome.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Guard CFT_VALID_TEST_ACCOUNT in the same skip condition.

This test still hard-fails at Line 74 if CFT_VALID_TEST_ACCOUNT is unset, even when the new skip condition passes.

Suggested patch

     test.skip(
-      !process.env.GOVUK_NOTIFY_API_KEY || !process.env.GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION,
-      "Skipping: GOVUK_NOTIFY_API_KEY or GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION not set"
+      !process.env.GOVUK_NOTIFY_API_KEY ||
+        !process.env.GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION ||
+        !process.env.CFT_VALID_TEST_ACCOUNT,
+      "Skipping: GOVUK_NOTIFY_API_KEY, GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION, or CFT_VALID_TEST_ACCOUNT not set"
     );

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	test.skip(
	!process.env.GOVUK_NOTIFY_API_KEY || !process.env.GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION,
	"Skipping: GOVUK_NOTIFY_API_KEY or GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION not set"
	);
	test.skip(
	!process.env.GOVUK_NOTIFY_API_KEY ||
	!process.env.GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION ||
	!process.env.CFT_VALID_TEST_ACCOUNT,
	"Skipping: GOVUK_NOTIFY_API_KEY, GOVUK_NOTIFY_TEMPLATE_ID_SUBSCRIPTION, or CFT_VALID_TEST_ACCOUNT not set"
	);

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Please consolidate into one complete journey test with inline Welsh/a11y checks.

This spec currently splits the flow into multiple tests and does not include inline Welsh translation and accessibility validation in the journey itself.

As per coding guidelines, "E2E tests in Playwright should minimize test count with one test per complete user journey, including validations, Welsh translations, and accessibility checks inline rather than in separate tests" and "Use AxeBuilder with Playwright to test accessibility inline within journey tests, not as separate tests."

[coderabbitai]

🧹 Nitpick comments (1)

apps/web/package.json (1)

8-9: Redundant env loading with existing dotenv call.

The --env-file=../../.env flag loads environment variables at Node startup. However, apps/web/src/server.ts (lines 8-15) already calls dotenv.config({ path: path.join(__dirname, "../../../.env") }) targeting the same file.

This works correctly (dotenv won't override already-set variables), but it's redundant. Consider removing the dotenv.config() call in server.ts to avoid maintaining two paths to the same file.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6fde2c02-92a8-4efc-9696-c9df35bbcbf8

📥 Commits

Reviewing files that changed from the base of the PR and between 3a796fe and e28f527.

📒 Files selected for processing (2)

• apps/web/package.json
• package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud