feat(charts): add dentalemon-seeder Helm chart

[jericho1050]

Summary

This PR adds the Helm chart and ArgoCD configuration for deploying the DENTALEMON demo data seeder. The seeder application code lives in monobase-mycure PR #35.

Why split across repos?

Following the team's convention:

• Application code (TypeScript, generators, seeders) → monobase-mycure
• K8s deployment (Helm charts, ArgoCD) → monobase-infra

What's included

charts/dentalemon-seeder/ - Helm chart with:

• Kubernetes Job template for one-time seeding
• ConfigMap for configuration (patient count, reset, dry-run)
• ExternalSecret support for MongoDB URI
• Resource limits and security context

argocd/applications/templates/dentalemon-seeder.yaml - ArgoCD app:

• Sync wave 4 (runs after MongoDB and services are ready)
• PostSync hook for automatic execution
• Auto-sync with prune and self-heal

Usage

Enable in deployment values (e.g., values/deployments/mycure-staging.yaml):

dentalemon-seeder:
  enabled: true
  config:
    patientCount: "20"
    resetData: "false"
  externalSecrets:
    enabled: true
    secretStore: "gcp-secret-store"
    mongoUriKey: "mycure-staging-mongodb-uri"

Configuration Options

Value	Default	Description
enabled	false	Enable/disable the seeder
config.patientCount	"20"	Number of patients to generate
config.resetData	"false"	Clear existing demo data first
config.dryRun	"false"	Validate without changes
config.demoOrgName	"Smile Bright Dental Clinic"	Demo organization name

Test plan

• Helm lint passes
• Helm template renders correctly
• Job deploys successfully in staging
• Seeder completes without errors
• Demo data visible in DENTALEMON app

Related: mycurelabs/monobase-mycure#20

---

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR adds infrastructure for deploying the DENTALEMON demo data seeder as a Kubernetes Job via Helm and ArgoCD. The PR also includes updates to the practice-staging deployment configuration, infrastructure settings (domain changes, cert-manager Gateway API support), bootstrap configurations (repository URL updates to a personal fork), and practice secret templates.

Changes:

• Added dentalemon-seeder Helm chart with Job, ConfigMap, and ExternalSecret templates
• Added ArgoCD application template for dentalemon-seeder with sync wave 4
• Updated practice-staging deployment with new domain (mediqueue.online) and dentalemon app configuration
• Updated infrastructure configuration with Gateway API support for cert-manager and new domain settings
• Updated bootstrap configurations to use personal fork repository
• Added practice deployment secrets templates

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
charts/dentalemon-seeder/*	Complete Helm chart for demo data seeding job with security contexts, resource limits, and configuration management
argocd/applications/templates/dentalemon-seeder.yaml	ArgoCD application definition with PostSync hook for automatic seeder execution
values/deployments/practice-staging.yaml	New practice deployment configuration with complete stack (frontend, backend, database, storage)
values/infrastructure/main.yaml	Updated domain to mediqueue.online and added Gateway API support for HTTP-01 challenges
infrastructure/secrets-template/*	Secret templates for practice deployment (MongoDB, MinIO, Cloudflare)
argocd/bootstrap/*	Updated repository URLs to personal fork (jericho1050)
argocd/infrastructure/templates/cert-manager.yaml	Added Gateway API experimental feature gate support

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Duplicate subdomain entry 'storage.stg' appears on line 97 and 98. This redundancy should be removed to keep the configuration clean.

Suggested change

- storage.stg

[Copilot]

Configuration inconsistency: The gateway.sectionName is set to 'http' (line 263), but the API_URL and HAPIHUB_URL are configured with 'https://' protocol (lines 266-267). This mismatch is consistent with the other services in this file and needs to be corrected.

[Copilot]

Weak passwords used in practice secrets file. The passwords 'practice-mongo-password-123' and 'practice-minio-password-123' are predictable and not secure. While this is marked as practice/development only, consider using stronger examples to encourage better security practices, even in development environments.

[Copilot]

Namespace mismatch in documentation: The usage instructions reference 'practice-staging' namespace (line 12), but the actual deployment configuration uses 'mediqueue-staging'. This inconsistency will confuse users following the instructions.

[Copilot]

The image tag is set to 'latest' with pullPolicy 'Always'. While this is acceptable for development, it's not a best practice as 'latest' tags can lead to unpredictable deployments and make rollbacks difficult. Consider using semantic versioning or commit SHAs for better deployment tracking and reproducibility.

Suggested change

	tag: "latest"
	tag: "1.0.0"

[Copilot]

Configuration inconsistency: The gateway.sectionName is set to 'http' (line 98), but the environment variables PUBLIC_URL and APP_URL are configured with 'https://' protocol (lines 122, 124). This mismatch could cause connectivity issues or unexpected behavior.

[Copilot]

Namespace mismatch: The secrets are configured for 'practice-staging' namespace (lines 23, 37), but the deployment configuration uses 'mediqueue-staging' namespace (practice-staging.yaml line 22). This will cause the secrets to be unavailable to the application pods.

[Copilot]

The targetRevision defaults to 'main' (line 20), but the infrastructure-root.yaml and applicationset-auto-discover.yaml use 'HEAD' as the targetRevision. This inconsistency could lead to confusion. Consider using 'HEAD' for consistency across all ArgoCD configurations, or document why different revisions are used.

Suggested change

	targetRevision: {{ .Values.argocd.targetRevision | default "main" }}
	targetRevision: {{ .Values.argocd.targetRevision | default "HEAD" }}

[Copilot]

The NOTES.txt hardcodes demo user credentials (password: demo123) and email addresses (lines 16-22). This information might be better suited for documentation rather than deployment notes, as it could expose sensitive information if these credentials are used in any real environment, even staging. Consider removing or conditionally displaying this based on environment type.

Suggested change

	Demo users created (password: demo123):
	- [email protected] (Dentist/Admin)
	- [email protected] (Dentist)
	- [email protected] (Orthodontist)
	- [email protected] (Dental Assistant)
	- [email protected] (Receptionist)
	- [email protected] (Admin)
	Demo users have been created for common roles (e.g., Dentist, Orthodontist, Assistant, Receptionist, Admin).
	Refer to the project documentation or your environment's configuration for details on demo accounts and credentials.

[Copilot]

Missing README.md file for the dentalemon-seeder chart. Other charts in the repository (e.g., charts/dentalemon) include README.md files with usage instructions, configuration examples, and documentation. Adding a README would help users understand how to configure and use the seeder.