chore: add env vars- AGENTIC_CODING_DEPLOY_ROTATE_ENABLED and AGENTIC…

[hassimnaseef]

…_CODING_BUILD_TOKEN

Summary by CodeRabbit

• New Features

  • Added new deployment and build-related configuration options to the Helm chart, including a build token and a rotation toggle.
  • These settings are now available in the default values file for easier customization.

• Chores

  • Updated the chart and app versions to 0.97.0.

[linear]

INFRA-2569

[coderabbitai]

📝 Walkthrough

Walkthrough

The Helm chart adds two new agentic coding configuration entries (agenticCodingBuildToken and agenticCodingDeployRotateEnabled) to values.yaml and exposes them as AGENTIC_CODING_BUILD_TOKEN and AGENTIC_CODING_DEPLOY_ROTATE_ENABLED in the ConfigMap template. Chart and app versions are bumped from 0.96.0 to 0.97.0.

Changes

Agentic Coding Config Vars and Chart Version Bump

Layer / File(s)	Summary
New agentic coding env vars in values and ConfigMap charts/multiwoven/values.yaml, charts/multiwoven/templates/multiwoven-config.yaml	Adds agenticCodingBuildToken (empty string) and agenticCodingDeployRotateEnabled ("false") to sandboxConfig, and wires them as AGENTIC_CODING_BUILD_TOKEN and AGENTIC_CODING_DEPLOY_ROTATE_ENABLED in the ConfigMap data block alongside the existing agentic coding entries.
Chart version bump to 0.97.0 charts/multiwoven/Chart.yaml	Bumps both version and appVersion from 0.96.0 to 0.97.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Multiwoven/helm-charts#116: Also extends sandboxConfig in values.yaml and the ConfigMap template with agentic coding deploy-related env vars, including AGENTIC_CODING_DEPLOY_CPU, sharing the same wiring pattern.

Poem

🐇 A token to build and a flag to rotate,
Two new little keys that the sandbox awaits.
The version ticks up from six to seven-oh,
The chart hops along with each config we sow.
This bunny approves — off to deploy we go! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title matches the PR’s main change: adding agentic coding environment variables.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hassimnaseef/infra-2569-set-agentic_coding_deploy_rotate_enabled-env-variable

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/multiwoven/templates/multiwoven-config.yaml`:
- Line 11: `AGENTIC_CODING_BUILD_TOKEN` is being rendered in the ConfigMap
template, but it is secret-bearing and should not live in config data. Update
the `multiwoven-config.yaml` template so this value is removed from the
ConfigMap and instead wired through a Kubernetes Secret or secrets-store
reference, and adjust any related Helm values usage so the workload still reads
it via the secret-backed path. Use the `AGENTIC_CODING_BUILD_TOKEN` key in
`multiwoven-config.yaml` as the place to relocate this handling.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 93f5ca58-abb4-4d36-aa6d-7fd33a97833d

📥 Commits

Reviewing files that changed from the base of the PR and between 2a86f7f and 7baf06c.

📒 Files selected for processing (3)

• charts/multiwoven/Chart.yaml
• charts/multiwoven/templates/multiwoven-config.yaml
• charts/multiwoven/values.yaml

[coderabbitai]

🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

Move AGENTIC_CODING_BUILD_TOKEN out of ConfigMap data.

AGENTIC_CODING_BUILD_TOKEN is a secret-bearing value and should be sourced from a Kubernetes Secret (or secrets store path), not stored in a ConfigMap.

Suggested change in this template

 data:
   ACTIVE_STORAGE_SERVICE: {{ .Values.multiwovenConfig.activeStorageService | quote }}
-  AGENTIC_CODING_BUILD_TOKEN: {{ .Values.sandboxConfig.agenticCodingBuildToken | quote }}
   AGENTIC_CODING_DB_PROVIDER: {{ .Values.sandboxConfig.agenticCodingDbProvider | quote }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

AGENTIC_CODING_BUILD_TOKEN: {{ .Values.sandboxConfig.agenticCodingBuildToken | quote }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/multiwoven/templates/multiwoven-config.yaml` at line 11,
`AGENTIC_CODING_BUILD_TOKEN` is being rendered in the ConfigMap template, but it
is secret-bearing and should not live in config data. Update the
`multiwoven-config.yaml` template so this value is removed from the ConfigMap
and instead wired through a Kubernetes Secret or secrets-store reference, and
adjust any related Helm values usage so the workload still reads it via the
secret-backed path. Use the `AGENTIC_CODING_BUILD_TOKEN` key in
`multiwoven-config.yaml` as the place to relocate this handling.