Update postgres version, infra creation failing error throwing is enabled and enabled monitoring

[vinothrallapalli-eGov]

Summary by CodeRabbit

• Chores
  • Enhanced deployment workflow error handling to ensure infrastructure failures are immediately reported rather than continuing silently
  • Re-enabled monitoring infrastructure for improved system observability
  • Updated PostgreSQL database version to 15.12 for stability and performance improvements

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Three infrastructure and deployment configuration updates: CI/CD workflow error handling modified to fail on Terraform errors, monitoring Helmfile re-enabled via uncomment, and PostgreSQL version dependency upgraded from 15.8 to 15.12.

Changes

Cohort / File(s)	Change Summary
CI/CD Workflow Error Handling .github/workflows/digit_install.yml	Modified Terraform Apply step for remotestate to fail on error by setting continue-on-error from true to false
Helmfile Configuration devops/deploy-as-code/digit-helmfile.yaml	Re-enabled monitoring Helmfile by uncommenting ./charts/monitoring/monitoring-helmfile.yaml in active helmfiles list
Terraform Infrastructure Variables devops/infra-as-code/terraform/sample-aws/variables.tf	Updated PostgreSQL version default from 15.8 to 15.12 for db_version variable

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Review workflow logic change for potential impact on deployment continuity
• Verify monitoring re-enablement doesn't conflict with existing configurations
• Confirm PostgreSQL 15.12 compatibility with existing infrastructure

Poem

🐰 Workflows now fail when they should, a noble stance!
Monitoring charts awakened from their sleep's trance,
Postgres grows wiser with version's advance—
Three little changes to improve our stance! 🚀

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title covers all three main changes: postgres version update, error-handling workflow change, and monitoring enablement, though with awkward phrasing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch i-click-issues-fix

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d8a4d6c and 7eeab35.

📒 Files selected for processing (3)

• .github/workflows/digit_install.yml (1 hunks)
• devops/deploy-as-code/digit-helmfile.yaml (1 hunks)
• devops/infra-as-code/terraform/sample-aws/variables.tf (1 hunks)

🔇 Additional comments (2)

devops/deploy-as-code/digit-helmfile.yaml (1)

18-18: Monitoring helmfile configuration verified—no issues found.

All referenced files exist and are properly configured:

• ./charts/monitoring/monitoring-helmfile.yaml ✓
• Environment files (env-secrets.yaml, env.yaml) ✓
• Values file (loki-stack.yaml) ✓

The helmfile structure is valid with proper Helm repositories and release definitions. No conflicts or missing dependencies detected.

devops/infra-as-code/terraform/sample-aws/variables.tf (1)

57-60: Verify application compatibility with PostgreSQL 15.12 libpq security fix before deployment.

The upgrade from 15.8 to 15.12 is a safe in-place patch-level migration within the same 15.x minor version. However, PostgreSQL 15.12 includes a libpq security fix (CVE-2025-1094) that changes quoting function behavior: PQescapeLiteral(), PQescapeIdentifier(), and related functions now correctly honor the string-length parameter, whereas they previously ignored it.

Before proceeding with the upgrade:

• Audit the application code and any dependencies for direct usage of these libpq quoting functions.
• Applications that called these functions expecting the old broken behavior or that passed truncated buffers should be reviewed and tested.
• Confirm that the deployment strategy (blue-green, rolling, etc.) is appropriate for this patch and that rollback is available if needed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Inconsistent error handling between remotestate and main infra apply steps.

Line 158 sets continue-on-error: false to fail on remotestate Terraform errors, but line 179 sets continue-on-error: true for main infra apply. This asymmetry could mask real infrastructure failures during main apply, allowing the workflow to proceed with incomplete infrastructure and potentially fail silently in downstream steps.

Clarify the intent: Should both steps use the same error handling strategy? If main infra apply errors are acceptable to ignore, add explicit checks in subsequent steps to verify infrastructure readiness before proceeding to deployment.

Consider aligning error handling:

  - name: Terraform Apply - Infra creation
    id: apply-Infra
    run: terraform apply -no-color -input=false -auto-approve -var db_password=$db_password
-   continue-on-error: true
+   continue-on-error: false
    working-directory: devops/infra-as-code/terraform/sample-aws

Or, if continuing on error is intentional, add a verification step:

  - name: Verify Terraform Apply succeeded
    run: |
      if [ "${{ steps.apply-Infra.outcome }}" != "success" ]; then
        echo "WARNING: Infra apply failed but continuing. Verify infrastructure state."
      fi

🤖 Prompt for AI Agents

.github/workflows/digit_install.yml lines 155-159: the Terraform remotestate
apply step uses continue-on-error: false while the main infra apply later uses
continue-on-error: true, creating inconsistent error handling that can mask real
failures; either make both steps use the same policy (set continue-on-error:
false for main infra apply to fail fast) or, if continuing on main apply is
intentional, add an explicit verification step immediately after the main infra
apply that checks the apply step outcome (using the main apply step id/outcome
or exit code) and fails or alerts if it did not succeed so downstream steps only
run when infra is verified.