fix: sort provider secrets and weaviate env vars alphabetically for deterministic Helm rendering

[BearTS]

Summary

Helm chart templates that iterate over maps (provider secrets and Weaviate env vars) were producing non-deterministic ordering, which causes unnecessary diff noise and potential reconciliation churn in GitOps workflows. This change enforces alphabetical ordering when ranging over these maps.

Changes

• Provider secrets in deployment.yaml and stateful.yaml now iterate over providerSecrets keys sorted alphabetically before looking up each value
• Weaviate environment variables in weaviate-deployment.yaml now iterate over env keys sorted alphabetically before looking up each value

Type of change

• Bug fix
• Refactor
• Feature
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (React)
• Docs

How to test

Render the Helm templates and verify that environment variables appear in a consistent, alphabetically sorted order across multiple renders:

helm template bifrost ./helm-charts/bifrost --values your-values.yaml

Run the render multiple times and confirm the output is identical each time, with env vars appearing in alphabetical order.

Breaking changes

• Yes
• No

Related issues

Security considerations

No security implications. This change only affects the ordering of environment variable declarations in rendered Kubernetes manifests.

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[coderabbitai]

Warning

Rate limit exceeded

@BearTS has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minute and 40 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f82b8938-798e-499f-864d-33fd29321eac

📥 Commits

Reviewing files that changed from the base of the PR and between da12406 and 1f323bc.

📒 Files selected for processing (3)

• helm-charts/bifrost/templates/deployment.yaml
• helm-charts/bifrost/templates/stateful.yaml
• helm-charts/bifrost/templates/weaviate-deployment.yaml

📝 Walkthrough

Walkthrough

Three Helm deployment templates are updated to iterate over map keys in sorted alphabetical order rather than using direct map traversal. This ensures deterministic, consistent ordering of environment variables and provider secrets in rendered manifests across the deployment, stateful, and weaviate-deployment templates.

Changes

Deterministic Map Iteration for Environment Variables and Secrets

Layer / File(s)	Summary
Sorted map iteration across templates helm-charts/bifrost/templates/deployment.yaml, helm-charts/bifrost/templates/stateful.yaml, helm-charts/bifrost/templates/weaviate-deployment.yaml	Three templates update their environment variable and provider secrets loops from direct map iteration to sorting keys alphabetically and indexing into the maps. Deployment and StatefulSet templates iterate over sorted provider secret keys; Weaviate template sorts environment variable keys. The set of rendered variables remains unchanged; only the order is now deterministic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A rabbit hops through template maps so vast,
Sorting keys to make the order fast!
No more chaos, just alphabets aligned,
Determinism now is what we find. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: sorting provider secrets and Weaviate environment variables alphabetically for deterministic Helm rendering, which directly matches the code changes across all three templates.
Description check	✅ Passed	The description provides a clear summary, documents the specific changes made to three template files, includes testing instructions, and addresses breaking changes and security considerations as required by the template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 05-20-chore_sort_keys_to_avoid_unneccessary_kubernetes_rollouts_on_diff

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[BearTS]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• chore: bump Bifrost Helm chart to 2.1.18 with feature flags, model catalog URL, and bug fixes #3623
• fix: sort provider secrets and weaviate env vars alphabetically for deterministic Helm rendering #3621 👈 (View in Graphite)
• feat: add default password warnings for PostgreSQL and Redis in Helm chart NOTES.txt #3620
• fix: gate Weaviate PVC creation on persistence.enabled #3619
• fix: use REDISCLI_AUTH env var to avoid passing password via -a flag in Redis health checks #3618
• feat: add optional gRPC port to bifrost cluster deployment and service #3617
• feat: add timeout comments to guardrail rule and provider entries in values.yaml #3612
• dev

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Confidence Score: 5/5

Safe to merge — the change is a mechanical, well-scoped refactor of three Helm range loops with no functional side effects.

All three templates apply the standard keys | sortAlpha + root-context index $ pattern correctly. Iterating over an empty or nil map with keys is safe (returns an empty list), so there are no edge-case regressions. The fix is identical in structure across all changed files and does not touch any rendered values, only their order.

No files require special attention.

Important Files Changed

Filename	Overview
helm-charts/bifrost/templates/deployment.yaml	Switched provider-secrets range to iterate over alphabetically sorted keys using `keys
helm-charts/bifrost/templates/stateful.yaml	Identical provider-secrets sorting fix as deployment.yaml. Correct Helm pattern; no issues found.
helm-charts/bifrost/templates/weaviate-deployment.yaml	Weaviate env map now iterated over sorted keys via `keys

_{Reviews (4): Last reviewed commit: "chore: sort keys to avoid unneccessary k..." | Re-trigger Greptile}