Add baseline values

[ZIJ]

No description provided.

[greptile-apps]

Greptile Summary

This PR adds a minimal baseline values.yaml configuration example to the Helm deployment documentation for Digger. The change introduces a "Minimal Configuration for Initial Setup" section that provides a working template users can use to quickly deploy Digger in a testing environment.

The new configuration includes:

• Disabled ingress (avoiding complex domain/TLS setup initially)
• Built-in PostgreSQL with basic credentials
• Simple HTTP basic auth settings with placeholder passwords
• Local hostname configuration

This addition addresses a common documentation pain point where users struggle to create their first working deployment because the existing documentation jumps into advanced configuration options without providing a simple starting point. The minimal config allows users to get Digger running locally first, then progressively add more sophisticated features like external databases and ingress as they become more familiar with the system.

The change integrates well with the existing documentation structure, appearing early in the deployment steps to provide immediate value while maintaining all existing comprehensive configuration examples for production use.

Confidence score: 5/5

• This documentation change is extremely safe to merge and will improve user experience without any risk to production systems.
• The score is 5/5 because this is purely additive documentation that doesn't modify any code, deployment scripts, or existing configuration examples - it only adds helpful guidance.
• No files need additional attention as this is a straightforward documentation enhancement.

_{1 file reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[bismuthdev]

Summary of Bugs Found in Codebase

A total of 4 bugs were identified in the codebase, primarily in the Helm deployment documentation:

Critical Bugs

1. Default Credentials Security Risk - The example configuration contains predictable default passwords like "changeme123" that could lead to security vulnerabilities if users deploy with these defaults and forget to change them.

2. Missing PostgreSQL Persistence Warning - Documentation fails to explicitly warn users that the built-in PostgreSQL has no persistence configuration, meaning all data will be lost if the PostgreSQL pod restarts.

3. Insufficient PostgreSQL Limitations Details - The documentation recommends built-in PostgreSQL for testing without adequately explaining its limitations (no persistence, no backups, limited performance, no HA).

4. Missing Ingress Path Parameter - The full values.yaml example in the Advanced Configuration section is missing the path parameter for ingress configuration, which is inconsistent with the actual Helm chart's values.yaml file.

These issues primarily affect the deployment documentation and could lead to security vulnerabilities or unexpected data loss for users deploying the application.

[bismuthdev]

The example configuration includes predictable default passwords like "changeme123" that could lead to security vulnerabilities if users deploy with these defaults. Despite the warning to change these passwords, some users might overlook this warning or deploy the configuration as-is for testing and forget to change it later.

This is a security issue because:

1. Predictable default credentials are a common security vulnerability that can lead to unauthorized access
2. The current format with "changeme123" might encourage users to deploy with these credentials for testing
3. The current comment style ("# CHANGE THIS!") may not be prominent enough to ensure users actually change the passwords

The fix replaces the default passwords with placeholder text that:

1. Makes it impossible to deploy without changing the values (forcing users to make a conscious choice)
2. Uses a more prominent format that clearly indicates these values must be changed
3. Adds an explicit warning at the top about not using default passwords in any environment

Suggested change

	# Basic authentication settings
	secret:
	httpBasicAuthUsername: "admin"
	httpBasicAuthPassword: "changeme123" # CHANGE THIS!
	bearerAuthToken: "changeme456" # CHANGE THIS!
	hostname: "localhost" # Will be updated later
	# Enable built-in PostgreSQL for testing
	postgres:
	enabled: true
	secret:
	useExistingSecret: false
	postgresPassword: "changeme789" # CHANGE THIS!
	# Basic authentication settings
	secret:
	httpBasicAuthUsername: "admin"
	# DO NOT use these default passwords in any environment
	httpBasicAuthPassword: "<REQUIRED-CHANGE-THIS>"
	bearerAuthToken: "<REQUIRED-CHANGE-THIS>"
	hostname: "localhost" # Will be updated later
	# Enable built-in PostgreSQL for testing
	postgres:
	enabled: true
	secret:
	useExistingSecret: false
	postgresPassword: "<REQUIRED-CHANGE-THIS>"