3536 commits

Author	SHA1	Message	Date
Scott Rigby	99cd196435	Merge pull request #31435 from matheuscscp/cancel-health-checks ... Introduce a context for canceling wait operations	2025-11-03 13:56:13 -05:00
Matheus Pimenta	efc1702657	Introduce a context for canceling wait operations ... Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2025-11-01 17:55:33 +00:00
George Jenkins	bdc459d73c	Merge pull request #31389 from TerryHowe/chore-more-registry-clean-up ... chore: fix pkg/registry warnings to reduce noise	2025-10-30 10:43:42 -07:00
Matt Farina	15300549f0	When time not available, using time.Now ... Note, when time is not available, the builds are not reproducible. This problem would only happen when an SDK user is using parts of the API to build their own tooling. Helm will consistently inject the dates through the higher level APIs. Signed-off-by: Matt Farina <matt.farina@suse.com>	2025-10-29 15:11:20 -04:00
Matt Farina	ca8eae9361	Reproducible chart archive builds ... Building the same chart into an archive multiple times will have the same sha256 hash. Perviously, the time in the headers for a file was time.Now() which changed each time. The time is now collected from the operating system when the file is loaded and this time is used. Fixes: #3612 Signed-off-by: Matt Farina <matt.farina@suse.com>	2025-10-29 11:49:22 -04:00
Scott Rigby	f4c5220d99	Merge pull request #31411 from banjoh/em/reinstate-logger-param ... feat: reinstate logger parameter to actions package	2025-10-29 10:03:03 -04:00
Evans Mungai	2ddeb50fa6	Set default logger in Configuration constructor ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-23 18:09:58 +01:00
Evans Mungai	a112bf5aa6	Remove non-reachable code ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-23 09:53:25 +01:00
Matt Farina	1da2b0a6d4	Merge pull request #31204 from benoittgt/fix-31202 ... Avoid panic in helm.sh/helm/v3/pkg/chartutil.ValidateAgainstSchema	2025-10-22 15:47:14 -04:00
Robert Sirchia	25ad74f5a7	Merge pull request #31337 from rachelvweber/rawo/fixingWaitStrategy ... Fixing rollback and uninstall client WaitStrategy	2025-10-22 15:40:33 -04:00
Evans Mungai	aed687eaa1	Add config options to NewConfiguration() ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-22 19:18:32 +01:00
Evans Mungai	b6eca1c0f1	Refactor logging functionality to use slog.Handler ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-22 15:26:48 +01:00
Evans Mungai	5ab4ca5490	Embed logging functionality to DRY code ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-22 13:55:12 +01:00
Evans Mungai	9c32e34d60	Add logger to sql driver and ensure storage has logger ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-22 13:29:37 +01:00
Evans Mungai	50e43f4017	nil logger should be handled by discard handler ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-22 00:40:03 +01:00
Evans Mungai	7a5816b106	Self review changes ... Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-21 23:53:09 +01:00
Evans Mungai	0f90c83118	Merge remote-tracking branch 'upstream/main' into em/reinstate-logger-param	2025-10-21 23:43:10 +01:00
Evans Mungai	b1d4dc680d	feat: reinstate logger parameter to actions package ... Fixes: #31399 Signed-off-by: Evans Mungai <mbuevans@gmail.com>	2025-10-21 22:48:51 +01:00
Matt Farina	76e6b7a6fe	Merge pull request #31390 from TerryHowe/chore-increase-helm-list-test-coverage ... fix: improve pkg/cmd/list test coverage	2025-10-21 15:49:13 -04:00
Matt Farina	2cfd41ec28	Merge pull request #31351 from gjenkins8/gjenkins/helm_version_kubeversion ... feat: `helm version` print Kubernetes (client-go) version	2025-10-21 15:32:40 -04:00
Matt Farina	752354074c	Merge pull request #31393 from benoittgt/12299 ... Return errors during upgrade when the deletion of resources fails	2025-10-21 15:29:58 -04:00
Matt Farina	37de51428c	Merge pull request #31376 from benoittgt/accept-yaml-yml ... Do not ignore *.yml file on linting while accepting *.yaml	2025-10-21 15:23:40 -04:00
Matt Farina	b0247ce8bf	Merge pull request #31395 from wyrapeseed/main ... chore: fix some comment format	2025-10-21 15:20:09 -04:00
Terry Howe	0f6e14dfd3	chore: fix various warnings to reduce noise ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-18 07:21:00 -06:00
Jesse Simpson	3f860e83fb	fix: use empty results instead of nil ... Signed-off-by: Jesse Simpson <jesse.simpson36@gmail.com>	2025-10-18 09:12:58 -04:00
Jesse Simpson	96b4c363c8	fix: Update returns nil on error, test should reflect this ... Signed-off-by: Jesse Simpson <jesse.simpson36@gmail.com>	2025-10-17 23:25:21 -04:00
Terry Howe	917822cfca	refactor: remove unused err from pkg/registry/client.go ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-17 05:08:32 -06:00
wyrapeseed	b9eadd3186	chore: fix some comment format ... Signed-off-by: wyrapeseed <wyrapeseed@outlook.com>	2025-10-15 11:19:41 +08:00
Benoit Tigeot	7097c8e2e5	Replicate as unit test case where we fail once a resource deletion ... Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	2025-10-15 00:33:15 +02:00
Benoit Tigeot	054eabddd7	Return errors on upgrade when deletion fails ... This is a rebase of https://github.com/helm/helm/pull/12299 as the pull request was tagged for Helm v4. Closes: https://github.com/helm/helm/issues/11375 Related: https://github.com/helm/helm/pull/7929 It was a pain to reproduce, here is a script: ``` set -u NS=default RELEASE=test-release CHART=./test-chart SA=limited-helm-sa HELM=${HELM:-./bin/helm} echo "Helm: $($HELM version)" echo "Cleaning…" $HELM uninstall "$RELEASE" -n "$NS" >/dev/null 2>&1 || true kubectl -n "$NS" delete sa "$SA" role "${SA}-role" rolebinding "${SA}-rb" >/dev/null 2>&1 || true kubectl -n "$NS" delete cronjob "$RELEASE-test-chart-cronjob" >/dev/null 2>&1 || true rm -rf "$CHART" /tmp/limited-helm-kubeconfig echo "Create minimal chart with only a CronJob" $HELM create "$CHART" >/dev/null rm -f "$CHART"/templates/{deployment.yaml,service.yaml,hpa.yaml,tests/test-connection.yaml,serviceaccount.yaml} cat > "$CHART/templates/cronjob.yaml" <<'YAML' apiVersion: batch/v1 kind: CronJob metadata: name: {{ include "test-chart.fullname" . }}-cronjob spec: schedule: "*/5 * * * *" jobTemplate: spec: template: spec: restartPolicy: OnFailure containers: - name: hello image: busybox command: ["/bin/sh","-c","date; echo Hello from CronJob"] YAML echo "RBAC: allow Helm storage, basic reads/creates, but NO delete on cronjobs" kubectl -n "$NS" apply -f - >/dev/null <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: $SA --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ${SA}-role rules: - apiGroups: [""] resources: ["secrets","configmaps"] verbs: ["get","list","watch","create","patch","update","delete"] - apiGroups: [""] resources: ["pods","events"] verbs: ["get","list","watch"] - apiGroups: ["batch"] resources: ["cronjobs"] verbs: ["get","list","watch","create","patch","update"] EOF kubectl -n "$NS" apply -f - >/dev/null <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ${SA}-rb subjects: - kind: ServiceAccount name: $SA roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ${SA}-role EOF echo "Create kubeconfig for that SA" TOKEN=$(kubectl -n "$NS" create token "$SA") SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') CA_DATA=$(kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}') KCFG=/tmp/limited-helm-kubeconfig cat > "$KCFG" <<EOF apiVersion: v1 kind: Config clusters: - name: local cluster: server: $SERVER certificate-authority-data: $CA_DATA contexts: - name: limited context: cluster: local namespace: $NS user: $SA current-context: limited users: - name: $SA user: token: $TOKEN EOF set +e echo "Install (as limited SA)" KUBECONFIG="$KCFG" $HELM upgrade --install "$RELEASE" "$CHART" -n "$NS" --wait echo "CronJob after install:" kubectl -n "$NS" get cronjob "$RELEASE-test-chart-cronjob" || true echo "Remove CronJob from chart and add a small ConfigMap to force an upgrade" rm -f "$CHART/templates/cronjob.yaml" cat > "$CHART/templates/configmap.yaml" <<'YAML' apiVersion: v1 kind: ConfigMap metadata: name: {{ include "test-chart.fullname" . }}-config data: hello: world YAML echo "Upgrade without CronJob (as limited SA)" KUBECONFIG="$KCFG" $HELM upgrade --install "$RELEASE" "$CHART" -n "$NS" RC=$? echo "Post-upgrade verification" if kubectl -n "$NS" get cronjob "$RELEASE-test-chart-cronjob" >/dev/null 2>&1; then echo "OK: Stale CronJob still present: $RELEASE-test-chart-cronjob" else echo "NO_OK: CronJob deleted" fi echo "Helm exit code: $RC" exit 0 ``` With the current build: ```sh ./reproduce-helm-issue.sh Helm: version.BuildInfo{Version:"v4.0+unreleased", GitCommit:"f19bb9cd4c99943f7a4980d6670de44affe3e472", GitTreeState:"dirty", GoVersion:"go1.24.0"} Cleaning… Create minimal chart with CronJob + ConfigMap (we will remove both in v2) RBAC: allow Helm storage + delete for configmaps, but NO delete on cronjobs Create kubeconfig for that SA Install v1 (as limited SA) Release "test-release" does not exist. Installing it now. NAME: test-release LAST DEPLOYED: Tue Oct 14 18:55:57 2025 NAMESPACE: default STATUS: deployed REVISION: 1 DESCRIPTION: Install complete TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT Verify v1 objects exist NAME SCHEDULE TIMEZONE SUSPEND ACTIVE LAST SCHEDULE AGE test-release-test-chart-cronjob */5 * * * * <none> False 0 <none> 0s NAME DATA AGE test-release-test-chart-config 1 0s Prepare v2: remove BOTH CronJob and ConfigMap from the chart Upgrade to v2 (as limited SA) — expecting CronJob delete first, then ConfigMap - CronJob delete should FAIL (no delete permission) - ConfigMap delete should SUCCEED (delete allowed) — proves 'continue on error' and inverted order level=DEBUG msg="getting history for release" release=test-release level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="preparing upgrade" name=test-release level=DEBUG msg="getting last revision" name=test-release level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="number of dependencies in the chart" dependencies=0 level=DEBUG msg="determined release apply method" server_side_apply=true previous_release_apply_method=ssa level=DEBUG msg="performing update" name=test-release level=DEBUG msg="creating upgraded release" name=test-release level=DEBUG msg="creating release" key=sh.helm.release.v1.test-release.v2 level=DEBUG msg="getting release history" name=test-release level=DEBUG msg="using server-side apply for resource update" forceConflicts=false dryRun=false fieldValidationDirective=Strict upgradeClientSideFieldManager=false level=DEBUG msg="checking resources for changes" resources=0 level=DEBUG msg="deleting resource" namespace=default name=test-release-test-chart-config kind=ConfigMap level=DEBUG msg="deleting resource" namespace=default name=test-release-test-chart-cronjob kind=CronJob level=DEBUG msg="failed to delete resource" namespace=default name=test-release-test-chart-cronjob kind=CronJob error="cronjobs.batch \"test-release-test-chart-cronjob\" is forbidden: User \"system:serviceaccount:default:limited-helm-sa\" cannot delete resource \"cronjobs\" in API group \"batch\" in the namespace \"default\"" level=INFO msg="update completed" created=0 updated=0 deleted=1 level=WARN msg="update completed with errors" errors=1 level=DEBUG msg="updating release" key=sh.helm.release.v1.test-release.v1 level=WARN msg="upgrade failed" name=test-release error="failed to delete resource test-release-test-chart-cronjob: cronjobs.batch \"test-release-test-chart-cronjob\" is forbidden: User \"system:serviceaccount:default:limited-helm-sa\" cannot delete resource \"cronjobs\" in API group \"batch\" in the namespace \"default\"" level=DEBUG msg="updating release" key=sh.helm.release.v1.test-release.v2 Error: UPGRADE FAILED: failed to delete resource test-release-test-chart-cronjob: cronjobs.batch "test-release-test-chart-cronjob" is forbidden: User "system:serviceaccount:default:limited-helm-sa" cannot delete resource "cronjobs" in API group "batch" in the namespace "default" Post-upgrade verification Stale CronJob still present: test-release-test-chart-cronjob (expected if delete is forbidden) ConfigMap deleted as expected: test-release-test-chart-config (and after CronJob attempt) Helm exit code: 1 ``` With last version v3.19: ``` HELM=/usr/local/bin/helm ./reproduce-helm-issue.sh Helm: version.BuildInfo{Version:"v3.19.0", GitCommit:"3d8990f0836691f0229297773f3524598f46bda6", GitTreeState:"clean", GoVersion:"go1.24.7"} Cleaning… Create minimal chart with only a CronJob RBAC: allow Helm storage, basic reads/creates, but NO delete on cronjobs Create kubeconfig for that SA Install (as limited SA) Release "test-release" does not exist. Installing it now. NAME: test-release LAST DEPLOYED: Tue Oct 14 19:07:01 2025 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT CronJob after install: NAME SCHEDULE TIMEZONE SUSPEND ACTIVE LAST SCHEDULE AGE test-release-test-chart-cronjob */5 * * * * <none> False 0 <none> 0s Remove CronJob from chart and add a small ConfigMap to force an upgrade Upgrade without CronJob (as limited SA) Release "test-release" has been upgraded. Happy Helming! NAME: test-release LAST DEPLOYED: Tue Oct 14 19:07:01 2025 NAMESPACE: default STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: 1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=test-chart,app.kubernetes.io/instance=test-release" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT Post-upgrade verification OK: Stale CronJob still present: test-release-test-chart-cronjob Helm exit code: 0 ``` Co-authored-by: dayeguilaiye <979014041@qq.com> Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	2025-10-15 00:11:33 +02:00
Terry Howe	3b2fd17799	chore: rename test registry ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 16:43:18 -06:00
Terry Howe	379b0899b3	fix: increase helm list test coverage ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 16:16:50 -06:00
George Jenkins	7dd2484aed	Merge pull request #31295 from TerryHowe/fix-make-helm-list-show-all-by-default ... Fix make helm list show all by default	2025-10-13 20:04:19 +01:00
Scott Rigby	f0530309f0	Merge pull request #31302 from TerryHowe/fix-helm-verify-signature ... fix: helm verify Run signature	2025-10-13 14:38:21 -04:00
Scott Rigby	f9d4373ea4	Merge pull request #31270 from TerryHowe/chore-registry-clean-up ... chore: registry utils clean up	2025-10-13 14:36:59 -04:00
Terry Howe	abdf6603c0	fix test for rebase ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 11:15:26 -06:00
Matt Farina	a03e8c9541	Merge pull request #31375 from TerryHowe/fix-release-info-time ... fix: release info time parsing	2025-10-13 12:42:04 -04:00
Terry Howe	f6e60138e8	Update pkg/cmd/list.go ... Co-authored-by: George Jenkins <gvjenkins@gmail.com> Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 10:28:44 -06:00
Terry Howe	c3aa5c51e6	chore: clean up for comments ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 10:28:44 -06:00
copilot-swe-agent[bot]	b4f932a715	Fix test by making date sorting stable and updating golden files ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 10:28:43 -06:00
Terry Howe	8a73d97984	fix: make helm list show all by default ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-13 10:27:58 -06:00
Dirk Müller	9cd40c612a	Avoid accessing .Items on nil object ... When listing fails for whatever reason, the return value is nil, err. so handle err explicitly. Signed-off-by: Dirk Müller <dirk@dmllr.de>	2025-10-13 09:36:33 +02:00
Benoit Tigeot	06188f9dfe	Add test for isYamlFileExtension functions ... Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>	2025-10-11 13:28:36 +02:00
Terry Howe	20eb6e9b04	fix: empty time values ... Signed-off-by: Terry Howe <terrylhowe@gmail.com>	2025-10-10 16:44:19 -06:00
Matt Farina	fbf02e494e	Merge pull request #30980 from gjenkins8/gjenkins/cleanup_kubeclient_interfaces ... cleanup: Remove/consolidate redundant kube client Interfaces	2025-10-10 17:05:09 -04:00
Matt Farina	78cd44bd75	Merge pull request #30712 from gjenkins8/gjenkins/cleanup_lint_template ... cleanup: Remove extra lint/rules.Template functions	2025-10-10 16:55:17 -04:00
Matt Farina	24159ec8b6	Moving new default accessor functions to internal per feedback ... Signed-off-by: Matt Farina <matt.farina@suse.com>	2025-10-10 13:16:49 -04:00
Matt Farina	fb20e96a56	Adding a test/example for the release accessor ... Signed-off-by: Matt Farina <matt.farina@suse.com>	2025-10-10 12:53:00 -04:00
Matt Farina	ab6e7fa58b	Removing debug statement ... Signed-off-by: Matt Farina <matt.farina@suse.com>	2025-10-10 11:52:36 -04:00
Matt Farina	a229bf6529	Ensure the release interface is used in actions instead of the type ... Signed-off-by: Matt Farina <matt.farina@suse.com>	2025-10-10 11:52:33 -04:00