Update imagePullPolicy...

[trispera]

...to pull latest mongo:noble version (v8.2.3) and fix cve-2025-14847

IMPORTANT: Please create an issue before filing a pull request! Changes need to be discussed before proceeding. Please read the contribution guidelines.

Details

Please provide enough information so that others can review your pull request. Give a brief summary of the motivation. Refer to the corresponding issue/s with #XXXX for more information.

Testing

Write the appropriate unit and integration tests, if applicable. Make sure these and all other tests pass.

Documentation

Please document your changes and test cases in the appropriate places, if applicable.

Style

Make sure your changes adhere to the coding/documentation style used throughout the project.

Closing issues

If your changes fix any issue/s, put closes #XXXX in your comment to auto-close it/them.

Credit

Add your credentials to the list of contributors once your pull request was merged.

Summary by Sourcery

Bump the Helm chart and application versions and adjust deployment settings for MongoDB and the Celery worker image.

Enhancements:

• Update Helm chart and application versions from 2.0.0 to 2.0.1.
• Change MongoDB deployment to always pull the container image on pod startup.
• Switch the Celery worker image to use a specific tagged image instead of the previous default.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Helm chart version is bumped, MongoDB deployment is configured to always pull its image (ensuring the latest patched image is used), and the Celery worker image reference is updated to a specific tagged image.

File-Level Changes

Change	Details	Files
Bump Helm chart and application version to reflect deployment changes.	Update chart version from 2.0.0 to 2.0.1 Update appVersion from 2.0.0 to 2.0.1	deployment/Chart.yaml
Ensure MongoDB pods always pull the latest image on deploy.	Change imagePullPolicy from IfNotPresent to Always for the MongoDB container	deployment/templates/mongodb/mongodb-deployment.yaml
Update Celery worker image to a specific tagged image instead of latest.	Change Celery worker image from elixircloud/cwl-wes:latest to lvarin/cwl-wes:20220325	deployment/values.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• Switching imagePullPolicy to Always will force pulls on every restart and can cause unnecessary load or failures in air‑gapped/limited environments; consider making this configurable via values.yaml instead of hard‑coding it.
• The celeryWorker.image value now points to a personal/alternate repository (lvarin/cwl-wes:20220325); if this is intentional, consider making the registry/repository configurable and avoid hard‑coding a user‑specific image.
• The PR description mentions updating to mongo:noble and fixing CVE-2025-14847, but the diff only changes the pull policy, not the MongoDB image itself; consider aligning the description and changes or explicitly updating the image tag in values.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Switching `imagePullPolicy` to `Always` will force pulls on every restart and can cause unnecessary load or failures in air‑gapped/limited environments; consider making this configurable via values.yaml instead of hard‑coding it.
- The `celeryWorker.image` value now points to a personal/alternate repository (`lvarin/cwl-wes:20220325`); if this is intentional, consider making the registry/repository configurable and avoid hard‑coding a user‑specific image.
- The PR description mentions updating to `mongo:noble` and fixing CVE-2025-14847, but the diff only changes the pull policy, not the MongoDB image itself; consider aligning the description and changes or explicitly updating the image tag in values.

## Individual Comments

### Comment 1
<location> `deployment/values.yaml:167` </location>
<code_context>
 celeryWorker:
   appName: celery-worker
-  image: elixircloud/cwl-wes:latest
+  image: lvarin/cwl-wes:20220325
   initResources:
     limits:
</code_context>

<issue_to_address>
**suggestion:** Using a personal Docker Hub namespace and dated tag for `celeryWorker` image may complicate maintenance and provenance.

While pinning avoids `latest`, relying on a user-specific repo and a date-based tag may hurt maintainability. If the tag is meant to track the chart/app version, consider aligning it with `appVersion`, or make the repo and tag configurable (e.g. `celeryWorker.image.repository` / `celeryWorker.image.tag`) to ease future updates and avoid drift.

Suggested implementation:

```
celeryWorker:
  appName: celery-worker
  image:
    # Default to the official repository; can be overridden per environment
    repository: elixircloud/cwl-wes
    # Leave empty to allow templates to default to .Chart.AppVersion if desired
    tag: ""
  initResources:
    limits:
      memory: 16Mi

```

1. Update the corresponding Deployment/Job template(s) for the celery worker to use the new structure, e.g.:
   - `image: "{{ .Values.celeryWorker.image.repository }}:{{ default .Chart.AppVersion .Values.celeryWorker.image.tag }}"`.
2. If you had previously referenced `.Values.celeryWorker.image` as a single string in any other templates (e.g. in CronJobs or tests), update those references to use `.Values.celeryWorker.image.repository` and `.Values.celeryWorker.image.tag` with the same defaulting behavior.
3. Optionally document the new `celeryWorker.image.repository` and `celeryWorker.image.tag` values in the chart README so users know how to override them.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: Using a personal Docker Hub namespace and dated tag for celeryWorker image may complicate maintenance and provenance.

While pinning avoids latest, relying on a user-specific repo and a date-based tag may hurt maintainability. If the tag is meant to track the chart/app version, consider aligning it with appVersion, or make the repo and tag configurable (e.g. celeryWorker.image.repository / celeryWorker.image.tag) to ease future updates and avoid drift.

Suggested implementation:

celeryWorker:
  appName: celery-worker
  image:
    # Default to the official repository; can be overridden per environment
    repository: elixircloud/cwl-wes
    # Leave empty to allow templates to default to .Chart.AppVersion if desired
    tag: ""
  initResources:
    limits:
      memory: 16Mi

1. Update the corresponding Deployment/Job template(s) for the celery worker to use the new structure, e.g.:
   • image: "{{ .Values.celeryWorker.image.repository }}:{{ default .Chart.AppVersion .Values.celeryWorker.image.tag }}".
2. If you had previously referenced .Values.celeryWorker.image as a single string in any other templates (e.g. in CronJobs or tests), update those references to use .Values.celeryWorker.image.repository and .Values.celeryWorker.image.tag with the same defaulting behavior.
3. Optionally document the new celeryWorker.image.repository and celeryWorker.image.tag values in the chart README so users know how to override them.

[jemaltahir]

LGTM