fixes: #1888 Documentation — eSignet standalone multi-namespace deployment (esignet standalone + MOSIP platform profiles)

[bhumi46]

fixes: #1888 Documentation — eSignet standalone multi-namespace deployment (esignet standalone + MOSIP platform profiles)

Summary

• Add eSignet standalone deployment guide covering multi-namespace setup (esignet, esignet-cre, esignet-qa11, esignet-sunbird)
• Update Complete Deployment Flow diagram with profile-based flows and dark theme support
• Expand GH_INFRA_PAT section with permissions table and signup auto-trigger context
• Add INFRA_PROFILE section with Terraform profile values and cluster sizes
• Update WORKFLOW_GUIDE with profile info
• Add new guides: HELMSMAN_EXTERNAL_GUIDE, HELMSMAN_MOSIP_GUIDE, HELMSMAN_TESTRIGS_GUIDE
• Update docs/_images with new and revised screenshots

Summary by CodeRabbit

Release Notes

• Documentation
  • Expanded deployment documentation for MOSIP and eSignet standalone, with clearer profile-based DSF structure and deploy-time ${...} configuration guidance
  • Added new Helmsman guides for MOSIP core services, external services, eSignet standalone, test rigs, and Helmsman destroy workflows
  • Updated workflow and Terraform instructions with profile selection, environment variables alignment, and “apply mode” emphasis
  • Strengthened secret-generation/setup guidance (including the new GH_INFRA_PAT requirement) and updated environment destruction for profile-isolated state
  • Refreshed architecture and state isolation diagrams to match profile-based backends

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a0a10870-a55b-4d37-b664-3bbd1212b0f3

📥 Commits

Reviewing files that changed from the base of the PR and between 3532611 and 1ffc9ba.

📒 Files selected for processing (1)

• README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• README.md

---

Walkthrough

Documentation across README, DSF configuration guide, and a suite of new and revised Helmsman guides is updated to reflect profile-based deployment (esignet/mosip), runtime DSF ${VAR} substitution replacing manual placeholder edits, the addition of GH_INFRA_PAT as a required repository secret with GitHub Actions permissions, and four new comprehensive Helmsman operational guides for external services, MOSIP core, testrigs, and eSignet standalone deployment.

Changes

MOSIP profile-based deployment documentation overhaul

Layer / File(s)	Summary
GH_INFRA_PAT secret and Terraform profile documentation README.md, docs/SECRET_GENERATION_GUIDE.md, docs/TERRAFORM_WORKFLOW_GUIDE.md, docs/_images/ARCHITECTURE_DIAGRAMS.md	README adds GH_INFRA_PAT under Terraform Secrets with required GitHub permissions (Actions and Environments read/write) and updates the secret checklist; SECRET_GENERATION_GUIDE inserts a full section 4 for PAT generation and renumbers subsequent sections; TERRAFORM_WORKFLOW_GUIDE documents INFRA_PROFILE with a tfvars/cluster-size mapping table; architecture diagrams add <profile> placeholder to infra Terraform state filenames across AWS, Azure, and GCP backends.
Profile-based DSF structure and environment-variable substitution docs/DSF_CONFIGURATION_GUIDE.md	Guide is rewritten to show the profile-directory DSF layout, replace manual placeholder edits with ${domain_name}, ${env_name}, ${clusterid}, and database-port GitHub environment-variable substitution throughout prereq, external, mosip, and testrigs DSFs; quick-reference section adds a GitHub variables mapping table; validation checklist and troubleshooting sections updated to reference environment-variable workflow rather than DSF file edits.
README deployment flow diagram and Step 4 Helmsman guidance README.md	Mermaid "Complete Deployment Flow" diagram rewritten with observability yes/no branching and explicit esignet-standalone vs mosip profile paths; Step 4a rewritten to center on deploy-time ${VAR} resolution (no per-environment DSF edits), specify required variables (DOMAIN_NAME, ENV_NAME, CLUSTER_ID, Slack, DB ports), and document the remaining manual DSF decision for postgres.enabled; Step 4c condensed to "always apply mode" with a profile-specific workflow sequence table; docs index and Helmsman documentation reference table expanded to link new guides.
New Helmsman operational guides docs/HELMSMAN_EXTERNAL_GUIDE.md, docs/HELMSMAN_MOSIP_GUIDE.md, docs/HELMSMAN_TESTRIGS_GUIDE.md, docs/ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md	Four new guides added: HELMSMAN_EXTERNAL_GUIDE (parallel prereq-dsf + external-dsf deployment with profile routing rules, required secrets, and verification commands); HELMSMAN_MOSIP_GUIDE (MOSIP core services deployment, auto vs manual triggering, partner onboarding verification); HELMSMAN_TESTRIGS_GUIDE (API/UI/DSL testrigs with eSignet-specific CRE/QA11 domain inputs and post-deploy CronJob scheduling); ESIGNET_STANDALONE_DEPLOYMENT_GUIDE (eSignet-only setup with secrets, environment variables, workflow steps, and expected post-deployment URLs).
WORKFLOW_GUIDE comprehensive parameter and flow update docs/WORKFLOW_GUIDE.md	Adds Terraform Profile input table for esignet/mosip mapping; introduces eSignet standalone vs MOSIP platform Helmsman flow descriptions with DSF directory selection guidance; rewrites all four workflow parameter tables (adding domain_name, env_name, DB ports, cre_domain_name, qa11_domain_name, skip_mosip_dsf_check, delete_existing_jobs inputs) with GitHub vars.* fallback behavior; refreshes visual workflow summary diagrams showing deployment steps, auto-trigger/pause points, and component lists per profile.
Existing guide alignment and diagram updates docs/esignet_README.md, docs/HELMSMAN_DESTROY_GUIDE.md, docs/ONBOARDING_GUIDE.md, docs/ENVIRONMENT_DESTRUCTION_GUIDE.md, docs/profile-based-deployment.drawio	esignet_README updated to use profile-specific DSF paths for MOSIP platform Java 11 and Java 21, state ${domain_name} substitution is automatic, and expand GitHub Actions deployment walkthrough; HELMSMAN_DESTROY_GUIDE adds eSignet destruction workflow row and Branch input description; ONBOARDING_GUIDE provides two explicit mosip-dsf.yaml paths tied to MOSIP platform versions; ENVIRONMENT_DESTRUCTION_GUIDE adds Profile parameter and updates state file backup/cleanup paths to profile-scoped locations; drawio updates MOSIP platform node labels to mosip-platform-1.2.0.x and mosip-platform-1.2.1.x.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant helmsman_external_yml
  participant helmsman_mosip_yml
  participant helmsman_esignet_yml
  participant helmsman_testrigs_yml

  User->>helmsman_external_yml: run workflow (select profile)
  helmsman_external_yml->>helmsman_external_yml: deploy prereq-dsf + external-dsf<br/>in parallel (${VAR} substitution)
  helmsman_external_yml-->>User: external services ready
  
  alt profile = mosip-platform-1.2.0.x or 1.2.1.x
    helmsman_external_yml->>helmsman_mosip_yml: auto-trigger via GH_INFRA_PAT
    helmsman_mosip_yml->>helmsman_mosip_yml: deploy MOSIP core services DSF
    helmsman_mosip_yml-->>User: MOSIP pods running<br/>+ partner onboarding confirmed
    User->>helmsman_esignet_yml: manual trigger
  else profile = esignet
    User->>helmsman_esignet_yml: manual trigger (required)
  end
  
  helmsman_esignet_yml->>helmsman_esignet_yml: deploy eSignet instances
  helmsman_esignet_yml-->>User: eSignet services running
  
  User->>helmsman_testrigs_yml: manual trigger (optional)
  helmsman_testrigs_yml->>helmsman_testrigs_yml: deploy testrigs<br/>+ update CronJob schedules
  helmsman_testrigs_yml-->>User: API/UI/DSL testrigs ready

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• [MOSIP-44613] Documentation — eSignet multi-namespace deployment (esignet standalone + MOSIP platform profiles) mosip-infra#1888: This PR directly implements the documentation updates for eSignet multi-namespace deployment, profile-based DSF structure, Helmsman workflow guides, GH_INFRA_PAT secrets integration, and deployment architecture diagrams.

Possibly related PRs

• mosip/infra#246: Updates Terraform profile-based state isolation and documentation including INFRA_PROFILE parameter, profiles/<profile>/... directory scoping, and corresponding state filename changes that this PR documents comprehensively.

Poem

🐇 Hoppity-hop through the docs I go,
Profiles and secrets all in a row!
${domain_name} substitutes with flair,
eSignet and MOSIP—a most balanced pair.
Apply mode always, dry-run be gone,
The rabbit has read every guide—and hops on! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: adding comprehensive documentation for eSignet standalone multi-namespace deployment with profile-based guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (6)

docs/WORKFLOW_GUIDE.md (1)

250-250: 💤 Low value

Add language identifiers to fenced code blocks containing ASCII diagrams.

Multiple fenced code blocks in the workflow summary sections lack language identifiers (Markdown rule MD040). While these are text-based flowcharts and not code, adding text or plaintext as the language specifier improves consistency and validation:

-```
+```text
 eSignet standalone profile (profile=esignet):
 ...
-```
+```text

This applies to lines 250, 255, 332, 396, 406, 453, 519, 589, 759, and 783. Consider running a markdown linter (markdownlint-cli2) to identify and auto-fix all instances.

Also applies to: 255-255, 332-332, 396-396, 406-406, 453-453, 519-519, 589-589, 759-759, 783-783

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/WORKFLOW_GUIDE.md` at line 250, Fenced code blocks containing ASCII
diagrams throughout the document lack language identifiers, violating Markdown
rule MD040. Add a language identifier (text or plaintext) to all opening fenced
code blocks by modifying the triple backticks from ``` to ```text on lines 250,
255, 332, 396, 406, 453, 519, 589, 759, and 783. This improves markdown
validation consistency without changing the content of these ASCII workflow
diagrams.

Source: Linters/SAST tools

docs/HELMSMAN_TESTRIGS_GUIDE.md (1)

37-55: ⚡ Quick win

eSignet testrigs "no additional secrets required" claim needs context.

Line 51 states: "No additional secrets required for testrigs — captcha and keycloak secrets were already created during eSignet deployment and are available in each namespace."

This assumes users have already run the eSignet DSF deployment (helmsman_esignet.yml). However, a reader jumping directly to the testrigs guide might miss this dependency. Consider:

• Cross-linking to the deployment prerequisite (the eSignet guide that creates these secrets)
• Or explicitly stating in the Prerequisites section (line 31) that "eSignet DSF must have completed first (captcha/keycloak secrets created in namespace)"

This would align with the standalone guide's clear sequencing (ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md Step 1 → Step 2 → Step 4).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/HELMSMAN_TESTRIGS_GUIDE.md` around lines 37 - 55, The eSignet standalone
profile section states that no additional secrets are required for testrigs
because captcha and keycloak secrets were already created during eSignet
deployment, but this assumes readers have completed the eSignet DSF deployment
prerequisite. Add a cross-link to the eSignet deployment guide
(helmsman_esignet.yml or ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md) in the
Prerequisites section around line 31, or explicitly state there that eSignet DSF
deployment must be completed first to create these secrets in the namespace.
This clarifies the sequencing dependency for readers who jump directly to the
testrigs guide.

docs/HELMSMAN_EXTERNAL_GUIDE.md (1)

73-80: 💤 Low value

Clarify db_port vs esignet_db_port in the parameter table header.

Line 73 introduces the parameter as "db_port | External postgres port — MOSIP platform only" but line 80 follows with "esignet_db_port | eSignet container postgres port". The table context at line 71 says "Workflow Inputs," making it ambiguous whether these are both always available (which they are) or profile-specific.

Amend the table header or add a note clarifying: "Both fields appear in the workflow form regardless of profile; fill only the port that matches your selected profile."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/HELMSMAN_EXTERNAL_GUIDE.md` around lines 73 - 80, The parameter
descriptions for db_port and esignet_db_port in the Workflow Inputs table are
ambiguous about availability across profiles. Currently, db_port is described as
"External postgres port — MOSIP platform only" and esignet_db_port as "eSignet
container postgres port," which doesn't clarify that both fields always appear
in the workflow form regardless of profile. Update the table header or add a
clarifying note stating that both fields are always available in the workflow
form but users should only fill the port that matches their selected profile
(db_port for mosip-platform profiles and esignet_db_port for esignet profile).

docs/ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md (2)

227-227: ⚡ Quick win

Emphasize skip_mosip_dsf_check requirement more prominently in Step 2 instructions.

Line 227 flags the importance of ticking skip_mosip_dsf_check for standalone eSignet, explaining that without it the workflow waits for a mosip-dsf=completed label that will never appear, causing the workflow to fail. This is a critical user error point.

Consider adding a visual callout (e.g., ⚠️ or CRITICAL) above the form field table at line 215, or repeating the warning at line 225 to ensure it stands out and catches the eye before the user runs the workflow.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md` at line 227, The critical
requirement about ticking `skip_mosip_dsf_check` for standalone eSignet
deployment needs stronger visual emphasis to prevent user errors. Add a
prominent warning callout using visual markers (such as ⚠️ or **CRITICAL**)
above the form field table in Step 2 where configuration options are presented,
and consider repeating the core warning about the `mosip-dsf=completed`
namespace label prerequisite near the end of Step 2 instructions. This will
ensure the warning about `skip_mosip_dsf_check` stands out visually and catches
users' attention before they proceed with running the workflow, preventing
workflow failures from this critical misconfiguration.

---

114-119: ⚡ Quick win

Warn that CRE/QA11 Keycloak credentials are for remote admin access, not local.

Line 119 correctly notes that CRE_KEYCLOAK_ADMIN_PASSWORD and QA11_KEYCLOAK_ADMIN_PASSWORD are for remote CRE and QA11 Keycloak instances, and a wrong password will cause the preinstall hook to fail with a curl error. However, this critical detail is buried in a footnote.

Consider promoting this to a highlighted callout box or separate subsection (e.g., "⚠️ Remote Keycloak Credentials") so users understand these are not for the local Keycloak deployed in Step 1, but for external CRE/QA11 environments that the hook queries.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md` around lines 114 - 119, The
critical distinction that CRE_KEYCLOAK_ADMIN_PASSWORD and
QA11_KEYCLOAK_ADMIN_PASSWORD are for remote CRE and QA11 Keycloak instances (not
the local Keycloak deployed by this stack) is currently buried in a warning
footnote, which users may easily overlook. Extract this important warning from
the footnote and create a separate, more prominent callout section with a clear
heading such as "⚠️ Remote Keycloak Credentials" that explicitly explains these
environment variables are for external admin access to remote Keycloak instances
and emphasizes that misconfiguration will cause the preinstall hook to fail with
curl errors. This ensures users understand the distinction between local and
remote credentials before they configure these variables.

docs/ENVIRONMENT_DESTRUCTION_GUIDE.md (1)

48-48: ⚡ Quick win

Clarify Terraform profile naming vs. Helmsman profile naming to prevent user confusion.

The ENVIRONMENT_DESTRUCTION_GUIDE references Terraform profiles as mosip/esignet, but the esignet_README.md references Helmsman profiles as mosip-platform-1.2.0.x and mosip-platform-1.2.1.x. This inconsistency may confuse users who need to coordinate infrastructure destruction with Helmsman service destruction.

Guidance needed:

1. Document the relationship between Terraform Profile parameter values (e.g., mosip/esignet) and Helmsman profile values (e.g., mosip-platform-1.2.0.x)
2. If the naming formats are intentionally different, add a "profile mapping" table in README or a dedicated section explaining the distinction
3. Ensure workflow documentation clearly states which profile name format to use for each tool

Also applies to: 176-176, 411-411

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/ENVIRONMENT_DESTRUCTION_GUIDE.md` at line 48, The
ENVIRONMENT_DESTRUCTION_GUIDE uses Terraform profile naming format
(mosip/esignet) while esignet_README.md uses Helmsman profile naming format
(mosip-platform-1.2.0.x, mosip-platform-1.2.1.x), creating confusion about which
format applies to each tool. Add a clarification section early in the
ENVIRONMENT_DESTRUCTION_GUIDE that explains the relationship between Terraform
and Helmsman profile naming conventions, either by documenting how one format
maps to the other or by creating a profile mapping table. Additionally, ensure
all profile references in the guide (including those at lines 176 and 411) are
clearly annotated with which tool they apply to and which naming format should
be used for that specific tool.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/esignet_README.md`:
- Around line 156-158: The documentation in esignet_README.md contains incorrect
deployment profile names that do not match the actual workflow and directory
structure. Replace all occurrences of `mosip-platform-1.2.0.x` with
`mosip-platform-java11` and `mosip-platform-1.2.1.x` with
`mosip-platform-java21` across the entire document. This includes the DSF file
paths section (lines 156-158), the GitHub Actions walkthrough section (line
230), and the workflow inputs table (lines 256-262). Ensure consistency
throughout by using the actual Java version suffix format that matches the real
directory structure in Helmsman/dsf/ and the actual workflow profile options
available to users.

---

Nitpick comments:
In `@docs/ENVIRONMENT_DESTRUCTION_GUIDE.md`:
- Line 48: The ENVIRONMENT_DESTRUCTION_GUIDE uses Terraform profile naming
format (mosip/esignet) while esignet_README.md uses Helmsman profile naming
format (mosip-platform-1.2.0.x, mosip-platform-1.2.1.x), creating confusion
about which format applies to each tool. Add a clarification section early in
the ENVIRONMENT_DESTRUCTION_GUIDE that explains the relationship between
Terraform and Helmsman profile naming conventions, either by documenting how one
format maps to the other or by creating a profile mapping table. Additionally,
ensure all profile references in the guide (including those at lines 176 and
411) are clearly annotated with which tool they apply to and which naming format
should be used for that specific tool.

In `@docs/ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md`:
- Line 227: The critical requirement about ticking `skip_mosip_dsf_check` for
standalone eSignet deployment needs stronger visual emphasis to prevent user
errors. Add a prominent warning callout using visual markers (such as ⚠️ or
**CRITICAL**) above the form field table in Step 2 where configuration options
are presented, and consider repeating the core warning about the
`mosip-dsf=completed` namespace label prerequisite near the end of Step 2
instructions. This will ensure the warning about `skip_mosip_dsf_check` stands
out visually and catches users' attention before they proceed with running the
workflow, preventing workflow failures from this critical misconfiguration.
- Around line 114-119: The critical distinction that CRE_KEYCLOAK_ADMIN_PASSWORD
and QA11_KEYCLOAK_ADMIN_PASSWORD are for remote CRE and QA11 Keycloak instances
(not the local Keycloak deployed by this stack) is currently buried in a warning
footnote, which users may easily overlook. Extract this important warning from
the footnote and create a separate, more prominent callout section with a clear
heading such as "⚠️ Remote Keycloak Credentials" that explicitly explains these
environment variables are for external admin access to remote Keycloak instances
and emphasizes that misconfiguration will cause the preinstall hook to fail with
curl errors. This ensures users understand the distinction between local and
remote credentials before they configure these variables.

In `@docs/HELMSMAN_EXTERNAL_GUIDE.md`:
- Around line 73-80: The parameter descriptions for db_port and esignet_db_port
in the Workflow Inputs table are ambiguous about availability across profiles.
Currently, db_port is described as "External postgres port — MOSIP platform
only" and esignet_db_port as "eSignet container postgres port," which doesn't
clarify that both fields always appear in the workflow form regardless of
profile. Update the table header or add a clarifying note stating that both
fields are always available in the workflow form but users should only fill the
port that matches their selected profile (db_port for mosip-platform profiles
and esignet_db_port for esignet profile).

In `@docs/HELMSMAN_TESTRIGS_GUIDE.md`:
- Around line 37-55: The eSignet standalone profile section states that no
additional secrets are required for testrigs because captcha and keycloak
secrets were already created during eSignet deployment, but this assumes readers
have completed the eSignet DSF deployment prerequisite. Add a cross-link to the
eSignet deployment guide (helmsman_esignet.yml or
ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md) in the Prerequisites section around line
31, or explicitly state there that eSignet DSF deployment must be completed
first to create these secrets in the namespace. This clarifies the sequencing
dependency for readers who jump directly to the testrigs guide.

In `@docs/WORKFLOW_GUIDE.md`:
- Line 250: Fenced code blocks containing ASCII diagrams throughout the document
lack language identifiers, violating Markdown rule MD040. Add a language
identifier (text or plaintext) to all opening fenced code blocks by modifying
the triple backticks from ``` to ```text on lines 250, 255, 332, 396, 406, 453,
519, 589, 759, and 783. This improves markdown validation consistency without
changing the content of these ASCII workflow diagrams.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 193eb5cc-2795-4055-98c7-53749bbdb86f

📥 Commits

Reviewing files that changed from the base of the PR and between be1c242 and 3532611.

⛔ Files ignored due to path filters (6)

• docs/_images/esignet.png is excluded by !**/*.png
• docs/_images/helmsman-external-services.png is excluded by !**/*.png
• docs/_images/helmsman-mosip.png is excluded by !**/*.png
• docs/_images/helmsman-testrigs.png is excluded by !**/*.png
• docs/_images/infra-terraform-apply.png is excluded by !**/*.png
• docs/_images/infra-terraform-destroy.png is excluded by !**/*.png

📒 Files selected for processing (15)

• README.md
• docs/DSF_CONFIGURATION_GUIDE.md
• docs/ENVIRONMENT_DESTRUCTION_GUIDE.md
• docs/ESIGNET_STANDALONE_DEPLOYMENT_GUIDE.md
• docs/HELMSMAN_DESTROY_GUIDE.md
• docs/HELMSMAN_EXTERNAL_GUIDE.md
• docs/HELMSMAN_MOSIP_GUIDE.md
• docs/HELMSMAN_TESTRIGS_GUIDE.md
• docs/ONBOARDING_GUIDE.md
• docs/SECRET_GENERATION_GUIDE.md
• docs/TERRAFORM_WORKFLOW_GUIDE.md
• docs/WORKFLOW_GUIDE.md
• docs/_images/ARCHITECTURE_DIAGRAMS.md
• docs/esignet_README.md
• docs/profile-based-deployment.drawio

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check workflow profile choices
grep -A 10 "profile:" .github/workflows/helmsman_esignet.yml | grep -A 6 "options:"

# Check if DSF directories match the profile choices
find Helmsman/dsf -type d -maxdepth 1 | sort

Repository: mosip/infra

Length of output: 341

---

🏁 Script executed:

# Check the actual content of the documentation file at the mentioned lines
head -260 docs/esignet_README.md | tail -110 | cat -n

Repository: mosip/infra

Length of output: 5698

---

Profile names in documentation do not match actual workflow or directory structure.

The documentation references deployment profiles as mosip-platform-1.2.0.x and mosip-platform-1.2.1.x, but the actual workflow and directory structure use mosip-platform-java11 and mosip-platform-java21.

Affected locations:

• Lines 156–158: DSF file paths document mosip-platform-1.2.0.x and mosip-platform-1.2.1.x
• Line 230: GitHub Actions walkthrough references mosip-platform-1.2.0.x
• Lines 256–262: Workflow inputs table lists mosip-platform-1.2.0.x, mosip-platform-1.2.1.x

Actual values:

• Workflow profile options: mosip-platform-java11, mosip-platform-java21, esignet
• DSF directories: Helmsman/dsf/mosip-platform-java11, Helmsman/dsf/mosip-platform-java21

Users following the documented profile names will fail when submitting the GitHub Actions form. Update all profile name references to use the Java version suffix format.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/esignet_README.md` around lines 156 - 158, The documentation in
esignet_README.md contains incorrect deployment profile names that do not match
the actual workflow and directory structure. Replace all occurrences of
`mosip-platform-1.2.0.x` with `mosip-platform-java11` and
`mosip-platform-1.2.1.x` with `mosip-platform-java21` across the entire
document. This includes the DSF file paths section (lines 156-158), the GitHub
Actions walkthrough section (line 230), and the workflow inputs table (lines
256-262). Ensure consistency throughout by using the actual Java version suffix
format that matches the real directory structure in Helmsman/dsf/ and the actual
workflow profile options available to users.