feat: support external artifact sourcing

[roderik]

Summary

• add values schema for selecting generated vs external bootstrap artifacts
• disable bootstrapper job when external artifacts are supplied
• render ConfigMaps/Secrets from provided genesis, validators, static nodes, and faucet assets
• require global validator replica count alignment and default network-node replicas from it
• document auto-generated, Conjur-backed, and Docker offline workflows in README template

Testing

• bun run check
• bun run typecheck
• bun test
• helm template charts/network/charts/network-bootstrapper
• helm template charts/network/charts/network-bootstrapper -f
• helm template charts/network/charts/network-nodes --set global.validatorReplicaCount=2
• bun run docs:cli

[gemini-code-assist]

Summary of Changes

Hello @roderik, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant feature allowing users to provide pre-existing Besu network artifacts instead of relying on the chart's bootstrapper job to generate them. This enhances flexibility for deploying Besu networks by enabling the use of custom or externally managed network configurations, thereby streamlining deployments where artifact generation is handled outside the Helm chart.

Highlights

• External Artifact Sourcing: Introduced a new configuration option (artifacts.source) to allow users to choose between generating network artifacts or providing them externally.
• Kubernetes Resource Generation: Added support for supplying external Besu network artifacts (genesis, static nodes, validator keys, faucet details) via Helm values, which are then rendered into Kubernetes ConfigMaps and Secrets.
• Conditional Bootstrapper Job: Modified the bootstrapper job to be conditionally disabled when external artifacts are provided, preventing redundant generation and streamlining deployments.
• Documentation and Configuration Updates: Updated the README.md and values.yaml files to clearly document the new artifacts.source and artifacts.external configuration options and their usage.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

To view in Slack, search for: 1758125345.705619

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `charts/network/charts/network-bootstrapper/templates/external-artifacts.yaml:10` </location>
<code_context>
+{{- $validators := get $external "validators" -}}
+{{- $faucet := get $external "faucet" -}}
+{{- if not $genesis }}{{ fail "artifacts.external.genesis must be provided when artifacts.source is 'external'." }}{{- end }}
+{{- if not $staticNodes }}{{ fail "artifacts.external.staticNodes must include at least one enode when artifacts.source is 'external'." }}{{- end }}
+{{- if not $validators }}{{ fail "artifacts.external.validators must include at least one entry when artifacts.source is 'external'." }}{{- end }}
+{{- if not ($faucet.address) }}{{ fail "artifacts.external.faucet.address must be set when artifacts.source is 'external'." }}{{- end }}
</code_context>

<issue_to_address>
**issue:** The staticNodes check will fail if the value is an empty list.

Since an empty list is considered falsy, the current check may fail even when staticNodes is present but empty. Use a length check to ensure the list contains at least one enode.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue: The staticNodes check will fail if the value is an empty list.

Since an empty list is considered falsy, the current check may fail even when staticNodes is present but empty. Use a length check to ensure the list contains at least one enode.

[gemini-code-assist]

Code Review

This pull request introduces a valuable feature to allow sourcing Besu network artifacts externally, which increases the flexibility of the Helm chart. The changes are well-structured, with a new template for external artifacts, conditional rendering of the bootstrapper job, and corresponding updates to values.yaml and the README.md.

My review focuses on the new external-artifacts.yaml template. I've identified a couple of issues in the validation logic that could lead to incorrect behavior or template rendering errors. Specifically, the checks for empty lists/objects are not effective, and there's a risk of a nil pointer error when handling the faucet configuration. I've provided suggestions to make the validation more robust.

Once these points are addressed, the implementation will be solid.

[gemini-code-assist]

Accessing properties on $faucet can cause a template execution error if artifacts.external.faucet is not defined in the user's values. In that case, $faucet would be nil, and any attempt like $faucet.address on line 12 would cause a nil pointer error. To make this more robust, you can ensure $faucet is always a dictionary by providing a default.

{{- $faucet := get $external "faucet" | default dict -}}

[gemini-code-assist]

These validation checks for genesis, staticNodes, and validators are not robust. The if not ... check only fails if the value is nil, but it passes for an empty map ({}) or an empty list ([]). However, the failure messages state that these should not be empty, which could lead to the chart rendering with incomplete configuration when artifacts.source is external. You should check the length of these values to ensure they are not empty.

{{- if le (len $genesis) 0 }}{{ fail "artifacts.external.genesis must be a non-empty object when artifacts.source is 'external'." }}{{- end }}
{{- if le (len $staticNodes) 0 }}{{ fail "artifacts.external.staticNodes must include at least one enode when artifacts.source is 'external'." }}{{- end }}
{{- if le (len $validators) 0 }}{{ fail "artifacts.external.validators must include at least one entry when artifacts.source is 'external'." }}{{- end }}

[seer-by-sentry]

Potential bug: The template accesses fields on the $faucet variable without verifying the faucet key exists, which can cause a template rendering crash if the key is omitted from user configuration.

• Description: When artifacts.source is set to 'external', the Helm template retrieves the faucet configuration using get $external "faucet". If a user provides an artifacts.external object in their values but omits the faucet key, the get function returns an empty string. The subsequent code then attempts to access fields like .address on this empty string ($faucet.address). In Go templates, which Helm uses, accessing a field on a non-map/non-struct type like a string results in a template rendering error, which will cause the Helm deployment to fail.

• Suggested fix: Modify the variable assignment to provide a default empty dictionary if the faucet key is missing. Change {{- $faucet := get $external "faucet" -}} to {{- $faucet := get $external "faucet" | default (dict) -}}. This ensures $faucet is always a dictionary, allowing the subsequent validation if not ($faucet.address) to execute safely without causing a rendering error.
  _{severity: 0.75, confidence: 0.9}

_{Did we get this right? 👍 / 👎 to inform future reviews.}