Robot Upgrade: wordpress chart upgrade from 15.2.39 to 28.0.0

[weizhoublue]

I am robot, upgrade: project wordpress chart upgrade from 15.2.39 to 28.0.0

[gemini-code-assist]

Summary of Changes

Hello @weizhoublue, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a significant upgrade of the WordPress Helm chart to version 28.0.0, bringing it up to date with the latest application version and incorporating numerous enhancements from the Bitnami common library. Key changes include the adoption of OCI registries for dependencies, the introduction of FIPS compliance options, and a comprehensive overhaul of security and operational configurations across all subcharts. These updates aim to improve the chart's security posture, compatibility with modern Kubernetes environments, and overall maintainability.

Highlights

• Chart Version Upgrade: The WordPress Helm chart has been upgraded from version 15.2.39 to 28.0.0, aligning with the latest Bitnami chart standards.
• Application Version Update: The underlying WordPress application version has been updated from 6.1.1 to 6.8.3.
• Dependency Updates: The MariaDB subchart has been updated from version 11.4.6 to 24.0.0, and the Memcached subchart from 6.3.5 to 7.9.11. The common library chart has also been updated from 2.2.3 to 2.33.2.
• OCI Registry Adoption: The chart now uses OCI (Open Container Initiative) registries for dependencies, replacing the traditional Helm chart repositories. This is reflected in Chart.yaml files and NOTES.txt instructions.
• Enhanced Security Features: Introduced FIPS (Federal Information Processing Standards) configuration options for various components (WordPress, MariaDB, Memcached) and added image verification to prevent the use of unrecognized container images. Security context configurations have been refined for better compatibility with platforms like OpenShift.
• Kubernetes and Helm Prerequisite Updates: The minimum required Kubernetes version has been raised from 1.19+ to 1.23+, and Helm from 3.2.0+ to 3.8.0+.
• New Ingress and Routing Options: Added support for Gateway API HTTPRoute resources and introduced a secondary Ingress option for more flexible traffic management and security configurations (e.g., for /wp-admin).
• Password Management Job: A new password update job has been introduced for MariaDB, allowing for more robust handling of password changes during upgrades.
• Transparent Data Encryption (TDE) Support: MariaDB now includes support for Transparent Data Encryption (TDE) with options for secrets store providers like Vault.
• Container Configuration Refinements: Updated container security contexts, resource presets, liveness/readiness probes, and volume mounts across WordPress, MariaDB, and Memcached components for improved stability and adherence to best practices.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades the WordPress Helm chart from version 15.2.39 to 28.0.0. This is a major upgrade that introduces a wide range of improvements, including updates to dependencies like MariaDB and Memcached, a shift to OCI-based repositories, and significant enhancements to the underlying common library chart. Key new features include improved security contexts, FIPS support, Gateway API integration, and more robust configuration options. The changes align the chart with modern Helm best practices and improve its security and flexibility. My review includes a few suggestions for improving documentation clarity in the common chart's README and for enhancing the reliability of the liveness probe in the main WordPress deployment.

[gemini-code-assist]

The description for pullPolicy seems to have been truncated and contains a typo. The previous, more descriptive text was clearer for users. Consider restoring the original description to improve documentation clarity.

Suggested change

	description: Specify a imagePullPolicy.'
	description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

[gemini-code-assist]

The description for pullPolicy seems to have been truncated and contains a typo. The previous, more descriptive text was clearer for users. Consider restoring the original description to improve documentation clarity.

Suggested change

	description: Specify a imagePullPolicy.'
	description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

[gemini-code-assist]

The description for pullPolicy seems to have been truncated and contains a typo. The previous, more descriptive text was clearer for users. Consider restoring the original description to improve documentation clarity.

Suggested change

	description: Specify a imagePullPolicy.'
	description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

[gemini-code-assist]

The liveness probe was changed from an httpGet probe to a tcpSocket probe. A TCP probe only verifies that the port is open but doesn't confirm if the application is actually responsive. This is a less reliable health check, as the web server could be running but unable to serve pages.

Consider using an httpGet probe on a stable endpoint like / to ensure both the web server and the WordPress application are functioning correctly.

    httpGet:
      path: /
      port: http

[weizhoublue]

robot: found newer version 28.0.1