Bump aws-kubectl to latest (based on Ubuntu 24.04)

[imnasnainaec]

Pairs with sillsdev/aws-kubectl#9

Devin review: https://app.devin.ai/review/sillsdev/TheCombine/pull/4262

---

This change is 

Summary by CodeRabbit

• Chores
  • Updated AWS credential helper container image version from 0.4.2 to 0.5.0 in Helm chart configurations
  • Updated kubectl tooling container image version from 0.4.2 to 0.5.0 across deployment configurations
  • Updated base container images used in maintenance and credential helper services

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates the aws-kubectl container image version from 0.4.2 to 0.5.0 across Helm chart values files and the maintenance Dockerfile. No other configurations, schedules, or references are modified.

Changes

Cohort / File(s)	Summary
Helm Chart Values deploy/helm/aws-login/values.yaml, deploy/helm/thecombine/charts/maintenance/values.yaml	Updated awsEcr.imageVersion from "0.4.2" to "0.5.0" to reflect the new aws-kubectl image version.
Dockerfile Base Image maintenance/Dockerfile	Updated base image tag from public.ecr.aws/thecombine/aws-kubectl:0.4.2-$TARGETARCH to public.ecr.aws/thecombine/aws-kubectl:0.5.0-$TARGETARCH.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• [deploy] Bump aws-kubectl to 0.4.1 #4228: Modifies the same aws-kubectl image version references in Helm values files and the maintenance Dockerfile.
• Bump aws-kubectl to 0.4.2 to nix useless variable #4242: Updates the same awsEcr.imageVersion settings and maintenance Dockerfile base image tag.

Suggested labels

deployment, docker

Suggested reviewers

• jasonleenaylor

Poem

🐰 A version hop from point-four-two,
To point-five-oh, all shiny and new!
Three files dressed in their latest attire,
The aws-kubectl tools now inspire! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Bump aws-kubectl to latest (based on Ubuntu 24.04)' directly and accurately describes the main change—updating the aws-kubectl image version from 0.4.2 to 0.5.0 across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch aws-kubectl-0.5.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

maintenance/Dockerfile (1)

19-19: Tag bump is correct; consider pinning by digest if available.

Line 19 correctly updates the base image tag. As an optional hardening step, pinning to an immutable digest would improve reproducibility and prevent tag mutation. If you have AWS credentials, retrieve the digest using:

aws ecr-public describe-images --repository-name thecombine/aws-kubectl --image-ids imageTag=0.5.0 --region us-east-1

Then apply the manifest digest syntax (for multi-arch support):

FROM public.ecr.aws/thecombine/aws-kubectl:0.5.0@sha256:<manifest-digest>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@maintenance/Dockerfile` at line 19, The FROM line currently uses a mutable
tag "public.ecr.aws/thecombine/aws-kubectl:0.5.0-$TARGETARCH"; to pin immutably,
fetch the repository's manifest digest for tag 0.5.0 (e.g. via AWS ECR Public
describe-images) and replace the base image reference with the multi-arch
manifest form that appends `@sha256`:<manifest-digest> while keeping the
$TARGETARCH qualifier as needed (i.e., change the FROM to include
:0.5.0@sha256:<manifest-digest> so the image is pinned to the specific digest).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@maintenance/Dockerfile`:
- Line 19: The FROM line currently uses a mutable tag
"public.ecr.aws/thecombine/aws-kubectl:0.5.0-$TARGETARCH"; to pin immutably,
fetch the repository's manifest digest for tag 0.5.0 (e.g. via AWS ECR Public
describe-images) and replace the base image reference with the multi-arch
manifest form that appends `@sha256`:<manifest-digest> while keeping the
$TARGETARCH qualifier as needed (i.e., change the FROM to include
:0.5.0@sha256:<manifest-digest> so the image is pinned to the specific digest).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0f2e1c3e-3e06-480e-b68b-2c0951efe084

📥 Commits

Reviewing files that changed from the base of the PR and between 89f76ce and 34ce2fb.

📒 Files selected for processing (3)

• deploy/helm/aws-login/values.yaml
• deploy/helm/thecombine/charts/maintenance/values.yaml
• maintenance/Dockerfile

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.94%. Comparing base (89f76ce) to head (0486e5e).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4262   +/-   ##
=======================================
  Coverage   75.94%   75.94%           
=======================================
  Files         303      303           
  Lines       11352    11352           
  Branches     1403     1403           
=======================================
  Hits         8621     8621           
  Misses       2330     2330           
  Partials      401      401           

Flag	Coverage Δ
backend	87.23% <ø> (ø)
frontend	66.79% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.