values.schema.json missing images.ingestor entry

[saadqbal]

Problem

client/values.yaml defines images.ingestor.digest (added in PR #126 and bumped in #134) and the template in jobs-manager-deployment.yaml reads it via the INGESTOR_IMAGE_DIGEST env. But client/values.schema.json doesn't have an images.ingestor property entry — every other image (jobsManager, podsMonitor, resourceMonitor, requestsProxy, mysqlClient, busybox) has one.

Effect: an operator setting --set images.ingestor.digest=foo (without the canonical sha256:<64-hex> format) bypasses schema validation and the error surfaces only later in submit_ingestion_run.py's digest regex. The schema's job is to catch this at chart-template time.

Fix

Add an ingestor entry to the images properties block mirroring jobsManager:

"ingestor": {
  "type": "object",
  "properties": {
    "digest": {
      "type": "string",
      "pattern": "^(sha256:[a-f0-9]{64})?$",
      "description": "Optional canonical image digest (sha256:<64-hex>) for the ingestor image used by jobs-manager when spawning ingestion runs. Empty means jobs-manager doesn't get a default digest, and customers must --set image.digest on each tracebloc/ingestor install."
    }
  }
}

Acceptance criteria

• --set images.ingestor.digest=sha256:<64-hex> validates cleanly.
• --set images.ingestor.digest=foo fails schema validation at chart-template time, not at runtime.
• helm-unittest covers both cases.

Severity

Low. Downstream validation in submit_ingestion_run.py catches malformed digests, so the failure mode is delayed-but-correct rather than silent-and-wrong. This is hygiene to match the other image entries and surface bad input earlier.

Found by

cursor[bot] on PR #137 review, 2026-05-20.