fix: fix helm-docs and do various helm improvements#615
Conversation
7e95617 to
7a1c6e2
Compare
7a1c6e2 to
e27c601
Compare
There was a problem hiding this comment.
Pull request overview
This PR adds support for specifying additional values files for Helm chart templating and cleans up redundant flags in the Helm build pipeline. It also introduces a test Helm chart to validate the CI flow for Helm charts.
Changes:
- Added
valuesFilesoption to HelmTemplate configuration for passing additional values files to helm template command - Removed redundant
-f values.yamlflag from helm template (Helm automatically uses the chart's default values.yaml) - Removed
--template-filesflag with typo from helm-docs command (default behavior is correct) - Refactored SetupBuildxStep into a reusable function
- Optimized helm-toolchain Docker stage to use TOOLCHAIN directly instead of base stage
- Added a complete test Helm chart in
test/test-helm-chartwith templates, values, schema, and documentation
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| internal/project/auto/config.go | Added ValuesFiles field to HelmTemplate struct |
| internal/project/auto/helm.go | Implemented processing of valuesFiles to generate helm template flags |
| internal/project/helm/build.go | Removed redundant -f values.yaml flag, removed --template-files flag, optimized helm-toolchain stage |
| internal/output/ghworkflow/gh_workflow.go | Extracted SetupBuildxStep into reusable function |
| .kres.yaml | Added Helm configuration with valuesFiles pointing to ci-values.yaml |
| test/test-helm-chart/* | Added complete test Helm chart with Chart.yaml, values, templates, schema, and documentation |
| .github/workflows/helm.yaml | Generated workflow for Helm chart CI with lint, template, test, and release steps |
| Makefile | Added helm-related targets and updated all target to include helm |
| Dockerfile | Generated helm-toolchain and helm-docs-run stages |
| .dockerignore | Added test/test-helm-chart to allowed paths |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| -helm plugin install https://github.com/helm-unittest/helm-unittest.git --verify=false --version=v1.0.3 | ||
| -helm plugin install https://github.com/losisin/helm-values-schema-json.git --verify=false --version=v2.3.1 |
There was a problem hiding this comment.
The helm plugin install commands here download and execute third-party Helm plugins directly from GitHub using a mutable tag and --verify=false, which creates a supply chain risk if the upstream repositories or tags are compromised. An attacker controlling https://github.com/helm-unittest/helm-unittest.git or https://github.com/losisin/helm-values-schema-json.git at the specified versions could execute arbitrary code in your CI or developer environment (with access to kubeconfig, registry credentials, etc.). To reduce this risk, pin these plugins to immutable identifiers (e.g., specific commit SHAs or verified release artifacts) and enable integrity verification or vendor them into a trusted location instead of installing from a mutable remote Git repo.
There was a problem hiding this comment.
thanks for your opinion
- Add valuesFiles option to HelmTemplate config for passing additional values files to helm template command - Remove redundant -f values.yaml flag from helm template (chart's default values.yaml is used automatically) - Remove --template-files flag with typo from helm-docs (default README.md.gotmpl is correct) - Add buildx setup step to helm workflow to fix CI hang (was missing remote buildkit driver) - Extract SetupBuildxStep() to avoid code duplication - Add test helm chart to validate helm CI flow - Fix the workdir of helm-docs Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
e27c601 to
dc032d7
Compare
|
/m |
Signed-off-by: Utku Ozdemir utku.ozdemir@siderolabs.com