feat: add @immutable annotation emitting CEL XValidation rule

[lexfrei]

Summary

A new ## @immutable flag annotation in values.yaml marks a field as immutable-after-creation.

## @param {string} storageClass - StorageClass used to store the data.
## @immutable
storageClass: ""

cozyvalues-gen now:

• Parses the annotation alongside the existing @minimum/@maxLength/etc. constraint family.
• Carries it on Raw and Node via a new Immutable bool field.
• Emits a kubebuilder validation marker on the generated Go field:

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="storageClass is immutable after creation"
StorageClass string `json:"storageClass"`

controller-gen translates that marker into the standard x-kubernetes-validations entry on the CRD; by passthrough it lands in the chart's values.schema.json as well.

Why

I want the Cozystack UI to be able to mark immutable resource fields as read-only on edit forms. The decision was to use the schema as the source of truth — specifically the standard K8s x-kubernetes-validations CEL rule self == oldSelf — rather than maintaining a hand-rolled mapping on the UI side. cozyvalues-gen is the canonical pipeline that produces that schema, so the annotation belongs here.

Tests

Four new tests pin the behaviour:

• TestParseImmutable / TestParseImmutable_AbsentByDefault for the parser path.
• TestGenerateImmutableMarker / TestGenerateImmutableMarker_NotEmittedByDefault for the Go-code emitter.

Full suite is green:

ok  github.com/cozystack/cozyvalues-gen
ok  github.com/cozystack/cozyvalues-gen/internal/openapi
ok  github.com/cozystack/cozyvalues-gen/internal/readme

Downstream

Two follow-up PRs depend on this:

• cozystack/cozystack#TBD — annotate MariaDB storageClass and regenerate.
• cozystack/cozystack-ui#TBD — consume the marker in edit forms.

[coderabbitai]

Warning

Rate limit exceeded

@lexfrei has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 59 minutes and 57 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 326946cf-948d-4334-a412-cad29b6d5c05

📥 Commits

Reviewing files that changed from the base of the PR and between af0052b and 0ce4f39.

📒 Files selected for processing (4)

• README.md
• internal/openapi/openapi.go
• internal/openapi/openapi_test.go
• internal/patterns/patterns.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/immutable-marker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces support for an @immutable annotation in OpenAPI definitions. It updates the parsing logic to recognize the tag, propagates the immutable state through the internal representation, and generates a Kubernetes XValidation marker (self == oldSelf) to enforce immutability during updates. Unit tests were added to verify both the parsing and the marker generation. I have no feedback to provide.