bug: Helm chart electric service doesn't use DATABASE_URL from secret

[sljeff]

Provide environment information

Helm Chart Version: 4.0.0-beta.17
Kubernetes Version: v1.33.1-eks-595af52

Describe the bug

The Helm chart's electric service doesn't support reading DATABASE_URL from Kubernetes secrets, forcing plaintext credentials in values.yaml. This is a security risk and inconsistent with other services.

1. Missing Secret Support for DATABASE_URL

The template only uses the trigger-v4.postgres.connectionString helper, ignoring postgres.external.existingSecret and secretKeys.databaseUrlKey. This results in empty DATABASE_URL when using external PostgreSQL without plaintext URL.

From templates/electric.yaml#L40-L41:

- name: DATABASE_URL
  value: {{ include "trigger-v4.postgres.connectionString" . | quote }}

2. Inconsistent Implementation Across Services

Other services like webapp correctly use conditional logic to read from secrets.

From webapp.yaml#L183-L196:

{{- if include "trigger-v4.postgres.useSecretUrl" . }}
- name: DATABASE_URL
  valueFrom:
    secretKeyRef:
      name: {{ include "trigger-v4.postgres.external.secretName" . }}
      key: {{ include "trigger-v4.postgres.external.databaseUrlKey" . }}
{{- else }}
- name: DATABASE_URL
  value: {{ include "trigger-v4.postgres.connectionString" . | quote }}
{{- end }}

Reproduction repo

https://github.com/triggerdotdev/trigger.dev/tree/main/hosting/k8s/helm

To reproduce

1. Use values.yaml with external PostgreSQL via secret (no plaintext URL):

postgres:
  deploy: false
  external:
    existingSecret: "trigger-dev-secrets"
    secretKeys:
      databaseUrlKey: "DATABASE_URL"

electric:
  deploy: true

2. Run helm template trigger-dev ./trigger-4.0.0-beta.17/trigger -f values.yaml

3. Observe empty value:

- name: DATABASE_URL
  value: ""

Additional information

@nicktrn

[nicktrn]

Hey @sljeff - thanks once again! New chart version 4.0.0-beta.18 should be out shortly, no need to wait for merge.