Add automation service subchart

[malhotra5]

Summary

This PR adds the automation helm chart that was previously located in the deploy repo (deploy/automation/chart). This follows the same pattern as the openhands chart, centralizing helm charts in the OpenHands-Cloud repository.

Changes

New Automation Chart (charts/automation/)

• Chart.yaml: Defines the automation chart with PostgreSQL dependency
• values.yaml: Default values including:
  • Image configuration
  • Deployment resources and replicas
  • Service account settings
  • Probes (startup, liveness, readiness)
  • Ingress configuration
  • Database settings (SQLite or PostgreSQL)
  • GCP Cloud SQL support
  • Datadog integration
• Templates:
  • _env.yaml: Environment variable helper template
  • deployment.yaml: Kubernetes deployment with init containers for migrations
  • service.yaml: ClusterIP service exposing port 80
  • ingress.yaml: Optional ingress with TLS support
  • service-account.yaml: Optional service account creation

Workflow Updates

• publish-helm-charts.yml: Added automation chart to the publish matrix
• preview-helm-charts.yml: Added automation chart to detect-changes, publish-charts, and lint-and-test jobs
• validate-chart-versions.yml: Added automation-publishable output

Testing

After this PR is merged, the deploy repo will be updated to:

1. Reference the automation chart from oci://ghcr.io/all-hands-ai/helm-charts/automation
2. Use a shared CLOUD_CHART_SPEC environment variable for both openhands and automation charts
3. Add CI validation to ensure released versions are used on main branch

Related

Related to APP-1001

Related to ALL-5577

This is part of a larger effort to move helm charts from the deploy repo to the OpenHands-Cloud repo for better organization and version management.

[jpshackelford]

👋 Hi! This is OpenHands assisting @jpshackelford with reviewing this PR.

After analyzing the PR and discussing requirements, we'd like to share some considerations for the automation chart integration:

Helm-Based Install Requirements

For the standard helm-based install, we'd like the automation chart to follow the subchart pattern used by runtime-api rather than being a standalone chart. This means:

Changes Needed to charts/openhands/Chart.yaml

Add automation as a conditional dependency:

dependencies:
  # ... existing dependencies ...
  - name: automation
    repository: oci://ghcr.io/all-hands-ai/helm-charts
    version: 0.1.x
    condition: automation.enabled

Changes Needed to charts/openhands/values.yaml

Add a nested automation: configuration block (similar to runtime-api:):

automation:
  enabled: false  # Disabled by default, users enable via flag
  
  image:
    repository: ghcr.io/openhands/deploy-automation
    # tag: ...
  
  # Share parent's PostgreSQL instead of deploying separate instance
  postgresql:
    enabled: false
    postMigrate: false  # Set true when parent chart owns PostgreSQL
  
  database:
    host: oh-main-postgresql
    port: "5432"
    user: postgres
    name: automations
    secretName: postgres-password
    secretKey: password
  
  ingress:
    enabled: false
    class: traefik
  
  # ... other overridable values

Database Initialization

Add the automations database to the PostgreSQL init scripts ConfigMap so it's created alongside other databases.

Consolidate Service Key Configuration

The existing automationServiceKey section could be consolidated into the automation: subchart config block for cleaner organization.

---

Replicated Install Considerations

For Replicated deployments, there are additional constraints:

1. No values file access — Users cannot configure via a values file directly. Any configurable parameters must be surfaced either in:

   • A superadmin UI within the product, OR
   • The Replicated installer graphical UI

2. Identify configurable parameters — We should document which automation settings need to be user-configurable and ensure they're exposed through the appropriate UI.

3. Subdomain routing — Ideally, we'd avoid requiring a new subdomain for the automation service. If possible, route requests through the existing app server (e.g., /api/automations/*) rather than requiring automation.example.com.

4. Chart templatization — Additional work will be needed to templatize the chart and values file for the Replicated context.

---

Summary

Install Method	Requirement
Helm	Subchart of openhands chart with automation.enabled flag
Replicated	Config via UI, prefer app server routing over new subdomain

Happy to discuss further or help with implementation!

[xingyaoww]

LGTM - but would love a second eye from someone who has more expertise on helm chart

[jlav]

I left some blocking comments but if the goal of this PR is just to move the chart from one place to another, I'm totally happy with just creating issues that we can follow up on later.

[xingyaoww]

@OpenHands please read all @jlav's review comment above, then open a new PR, following https://docs.openhands.dev/openhands/usage/use-cases/code-review and add .agents/skills/code-review.md that encapsulate the core code review principles you can learn from jlav's comment for this repo.

Also in that PR, you should add the same workflow https://github.com/OpenHands/software-agent-sdk/blob/main/.github/workflows/pr-review-by-openhands.yml to this repo (expect env var to be already set).

[openhands-ai]

I'm on it! xingyaoww can track my progress at all-hands.dev

[openhands-ai]

Summary of Work Completed

I created PR #482 (Add code review skill and automated PR review workflow) on a new branch add-code-review-skill from main, as requested in the comment on PR #464.

Checklist — Was the request fully addressed?

• ✅ Read all of @jlav's review comments — Fetched and analyzed all 5 review comments from jlav on PR Add automation service subchart #464 (env var de-duplication, deployment scaling, storage abstraction, clear toggle naming, simplifying conditional logic)
• ✅ Created .agents/skills/code-review.md — Distilled jlav's feedback into 6 core Helm chart-specific code review principles, following the format from the OpenHands code review docs and using the /codereview trigger to override default review behavior
• ✅ Added .github/workflows/pr-review-by-openhands.yml — Copied the exact same workflow from software-agent-sdk, including the same trigger conditions, concurrency settings, composite action reference, and secret references (assuming env vars are already set as instructed)
• ✅ Opened a new PR (not modifying the existing PR Add automation service subchart #464) — PR Add code review skill and automated PR review workflow #482 targets main

Are the changes concise?

Yes — the PR contains exactly two new files with no extraneous changes:

1. .agents/skills/code-review.md — repo-specific review guidelines
2. .github/workflows/pr-review-by-openhands.yml — automated PR review workflow

No other files were modified, and no temporary or unnecessary files were created.

[jlav]

Thank you! Those updates look great 🎉