upstream/helm
1
0
Fork 0
mirror of https://github.com/helm/helm.git synced 2026-02-10 14:23:18 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 35
9293 commits 66 branches 244 tags 130 MiB
Commit graph

139 commits

Author SHA1 Message Date
George Jenkins
dfa1e3c3c5
Merge pull request #31562 from atombrella/feature/modernize
Some checks are pending
build-test / build (push) Waiting to run
Details
CodeQL / Analyze (push) Waiting to run
Details
golangci-lint / golangci-lint (push) Waiting to run
Details
release / release (push) Waiting to run
Details
release / canary-release (push) Waiting to run
Details
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details 
Use modernize to use newer Golang features.
 2025-11-30 06:04:31 -08:00
Mads Jensen
6cceead399 Use modernize to use newer Golang features. 
The rangeint suggestion is faster.
The maps.Copy and slices.Contains are just syntatic sugar.

Signed-off-by: Mads Jensen <atombrella@users.noreply.github.com>
 2025-11-22 18:52:40 +01:00
Terry Howe
5f3c617940
chore: add warning for registry login with namespace 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-11-16 11:10:54 -07:00
Terry Howe
0f6e14dfd3
chore: fix various warnings to reduce noise 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-10-18 07:21:00 -06:00
Terry Howe
917822cfca
refactor: remove unused err from pkg/registry/client.go 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-10-17 05:08:32 -06:00
Terry Howe
3b2fd17799
chore: rename test registry 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-10-13 16:43:18 -06:00
Terry Howe
cf811bb11f
chore: registry utils clean up 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-09-23 09:57:06 -06:00
Terry Howe
3e1dd9a5dc
chore: remove pkg/time which is no longer needed 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-09-15 12:29:35 -06:00
Scott Rigby
78cf5470d1
Merge pull request #31199 from TerryHowe/fix-flaky-registry-data-race 
fix: flaky registry data race on mockdns close
 2025-09-04 22:39:45 -04:00
Matt Farina
fc22b6df31
Merge pull request #31222 from benoittgt/30987-ghcr-io 
Prevent failing `helm push` on ghcr.io using standard GET auth token flow
 2025-09-03 13:59:37 -06:00
Matt Farina
52267ee74b Move repo package to versioned directory 
The repo package is internally versioned at v1. Repos were designed
to be versioned. This change moves it to a versioned directory the
same way other packages are now being handled.

Signed-off-by: Matt Farina <matt.farina@suse.com>
 2025-09-02 10:19:48 -04:00
Benoit Tigeot
5595c0d005
Prevent failing helm push on ghcr.io using standard GET auth token flow 
Fix GHCR auth by not forcing OAuth2 POST but also reset
ForceAttemptOAuth2 after login.

- Remove ForceAttemptOAuth2 in NewClient and only enable during Login
ping and always restore to false.
- Aligns with OCI Distribution auth (token via GET), avoiding GHCR 405
on POST /token.
- Some tests

Failures logs:

```sh
~/p/lifen/test/helm-f/quicktest ❯ ../../../helm/bin/helm push quicktest-0.1.0.tgz oci://ghcr.io/benoittgt/helm-charts --debug
level=DEBUG msg=HEAD id=0 url=https://ghcr.io/v2/benoittgt/helm-charts/quicktest/manifests/sha256:af359fd8fb968ec1097afbd6e8e1dac9ee130861082e54dc2340d0c019407873 header="   \"Accept\": \"application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json\"\n   \"User-Agent\": \"Helm/4.0+unreleased\""
level=DEBUG msg=Resp id=0 status="401 Unauthorized" header="   \"Www-Authenticate\": \"Bearer realm=\\\"https://ghcr.io/token\\\",service=\\\"ghcr.io\\\",scope=\\\"repository:benoittgt/helm-charts/quicktest:pull\\\"\"\n   \"Date\": \"Mon, 01 Sep 2025 13:56:35 GMT\"\n   \"Content-Length\": \"73\"\n   \"X-Github-Request-Id\": \"DC73:115F:2B40F2C:2BAB567:68B5A613\"\n   \"Content-Type\": \"application/json\"" body="   Response body is empty"
level=DEBUG msg=POST id=1 url=https://ghcr.io/token header="   \"Content-Type\": \"application/x-www-form-urlencoded\"\n   \"User-Agent\": \"Helm/4.0+unreleased\""
level=DEBUG msg=Resp id=1 status="405 Method Not Allowed" header="   \"Docker-Distribution-Api-Version\": \"registry/2.0\"\n   \"Strict-Transport-Security\": \"max-age=63072000; includeSubDomains; preload\"\n   \"Date\": \"Mon, 01 Sep 2025 13:56:35 GMT\"\n   \"Content-Length\": \"78\"\n   \"X-Github-Request-Id\": \"DC73:115F:2B40F75:2BAB5C2:68B5A613\"\n   \"Content-Type\": \"application/json\"" body="{\"errors\":[{\"code\":\"UNSUPPORTED\",\"message\":\"The operation is unsupported.\"}]}\n"
Error: failed to perform "Exists" on destination: HEAD "https://ghcr.io/v2/benoittgt/helm-charts/quicktest/manifests/sha256:af359fd8fb968ec1097afbd6e8e1dac9ee130861082e54dc2340d0c019407873": POST "https://ghcr.io/token": response status code 405: unsupported: The operation is unsupported.
```

Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
 2025-09-01 18:07:39 +02:00
Scott Rigby
9ea35da0d0
[HIP-0026] Plugin packaging, signing, and verification (#31176) 
* Plugin packaging, signing and verification

Signed-off-by: Scott Rigby <scott@r6by.com>

* wrap keyring read error with more explicit message

Co-authored-by: Jesse Simpson <jesse.simpson36@gmail.com>
Signed-off-by: Scott Rigby <scott@r6by.com>

* skip unnecessary check

Co-authored-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Scott Rigby <scott@r6by.com>

* Change behavior for installing plugin with missing .prov file (now warns and continues instead of failing)

Signed-off-by: Scott Rigby <scott@r6by.com>

* Add comprehensive plugin verification tests

- Test missing .prov files (warns but continues)
- Test invalid .prov file formats (fails verification)
- Test hash mismatches in .prov files (fails verification)
- Test .prov file access errors (fails appropriately)
- Test directory plugins don't support verification
- Test installation without verification enabled (succeeds)
- Test with valid .prov files (fails on empty keyring as expected)

---------

Signed-off-by: Scott Rigby <scott@r6by.com>
Co-authored-by: Jesse Simpson <jesse.simpson36@gmail.com>
Co-authored-by: Evans Mungai <mbuevans@gmail.com>
 2025-08-30 13:25:28 -04:00
Terry Howe
ce97a2449e
fix: move mockdns to packge level 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-08-27 10:46:17 -06:00
Terry Howe
6273f9b38e
fix: flaky registry data race on mockdns close 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-08-27 10:45:57 -06:00
Scott Rigby
fd41fdd9c9 New registry plugin func GetPluginName. Re-use regsitry.reference 
Signed-off-by: Scott Rigby <scott@r6by.com>
 2025-08-25 23:04:01 -04:00
Scott Rigby
7d22bb25fa Plugin OCI installer 
Signed-off-by: Scott Rigby <scott@r6by.com>
 2025-08-25 23:04:01 -04:00
Matt Farina
0f1b410f14
Merge pull request #31165 from mattfarina/content-cache 
Initial addition of content based cache
 2025-08-22 15:04:25 -04:00
Scott Rigby
29d12ba09e
Merge pull request #31156 from estroz/fix-resolve-client 
fix: set repo authorizer in registry.Client.Resolve()
 2025-08-21 23:20:20 -04:00
cuiweixie
04cb1bad67 pkg/register: refactor to use atomic.Uint64 
Signed-off-by: cuiweixie <cuiweixie@gmail.com>
 2025-08-21 20:41:35 +08:00
Matt Farina
6ac2c34689
Initial addition of content based cache 
The previous cache was based on chart name and version. If 2 charts
with different content had the same name and version they would collide.
Helm did not trust the cache because of this and always downloaded
content. It was a short lived cache.

This commit introduces a content based cache which is based on the
content rather than file name. Charts with the same name but different
content are no longer an issue.

While the system assumes a file based interface, the cache system
is pluggable. In the future, it should return bytes for the content
instead of paths to it. That would requie a larger change for Helm 5
or later.

Signed-off-by: Matt Farina <matt.farina@suse.com>
 2025-08-19 14:00:36 -04:00
Matt Farina
3726d01c5c
Merge pull request #31132 from joemicky/main 
refactor: replace []byte(fmt.Sprintf) with fmt.Appendf
 2025-08-19 10:51:00 -04:00
Eric Stroczynski
e1e23d2af1 fix: set repo authorizer in registry.Client.Resolve() 
Signed-off-by: Eric Stroczynski <estroczynski@nvidia.com>
 2025-08-18 12:35:30 -07:00
Matt Farina
de9ea4d1e3
Merge pull request #30992 from TerryHowe/force-oath-v4 
fix: force bearer oauth for if registry requests bearer auth
 2025-08-18 13:42:02 -04:00
Evans Mungai
0943d032a7
Merge branch 'main' into em/fix-username-password 
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
 2025-08-18 02:16:32 -06:00
joemicky
fab70472af refactor: replace []byte(fmt.Sprintf) with fmt.Appendf 
Signed-off-by: joemicky <joemickychang@outlook.com>
 2025-08-14 19:21:52 +08:00
Matt Farina
523d0b305e
Merge pull request #31076 from matheuscscp/registry-tls-memory 
pkg/registry: Login option for passing TLS config in memory
 2025-08-11 10:24:10 -04:00
Evans Mungai
9e1cbbebcb
fix linting warning 
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
 2025-08-07 12:50:54 +01:00
Evans Mungai
5e6a411c1f
fix: use username and password if provided 
Ref: #31114

Signed-off-by: Evans Mungai <mbuevans@gmail.com>
 2025-08-07 12:23:20 +01:00
Mikel Olasagasti Uranga
7007d4d485 chore(deps): remove phayes/freeport module 
Replaces the `phayes/freeport` module with the standard library's
`net.Listen("tcp", "127.0.0.1:0")` idiom. This removes an unnecessary
dependency and simplifies the codebase.

Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
 2025-07-25 22:23:15 +02:00
Matheus Pimenta
802e09038c
pkg/registry: Login option for passing TLS config in memory 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2025-07-25 10:57:54 +01:00
Terry Howe
250ce7b5dc
chore: improve OCI debug logging 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-07-15 11:08:33 -06:00
Terry Howe
82bc9adcc2
fix: test teardown dns data race 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-07-09 12:59:19 -06:00
Terry Howe
f55c462a79
fix: force bearer oauth for everything 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-06-19 19:42:45 -06:00
Terry Howe
47980159b3
fix: user username password for login 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-06-13 11:27:34 -06:00
Scott Rigby
e8c1acf228
Merge pull request #30809 from mmorel-35/usetesting 
chore: enable usetesting linter
 2025-06-03 14:57:06 -04:00
Scott Rigby
4023c3b5ff
Merge pull request #30917 from TerryHowe/oci-transport-debugging 
fix: add debug logging to oci transport
 2025-06-01 18:12:15 -04:00
Matthieu MOREL
56a2bb4188 chore: enable usetesting linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2025-05-30 08:12:11 +02:00
Terry Howe
6ab7aa3612 fix: legacy docker support broken for login 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
 2025-05-29 19:32:55 -04:00
Terry Howe
5fe7a87138 fix: add debug logging to oci transport 
Signed-off-by: Terry Howe <terrylhowe@gmail.com>
Co-authored-by: Billy Zha <jinzha1@microsoft.com>
 2025-05-29 07:12:06 -04:00
Robert Sirchia
b7e127dd6b
amending missed line to delete 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2025-05-23 16:22:39 -04:00
Robert Sirchia
937c533e37
forward porting 30902 
Signed-off-by: Robert Sirchia <rsirchia@outlook.com>
 2025-05-23 16:19:03 -04:00
Benoit Tigeot
f939f6145f
Prevent fetching newReference again as we have in calling method 
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
 2025-05-23 11:49:55 +02:00
Benoit Tigeot
875e149d6b
Prevent failure when resolving version tags in oras memory store 
- The newReference() function transforms version tags by replacing + with _ for OCI compatibility
- But the code was using the original ref (with +) for TagBytes()
- Then it tries to find the tagged reference using parsedRef.String() (with _)
- This mismatch causes the Resolve method to fail with "not found"
- By using parsedRef.String() consistently in both places, the references will match and the lookup will succeed.

I extracted the TagBytes function to improve testability.
Push() includes several external calls that are hard to mock,
so isolating this logic makes testing more manageable.

Close: #30881
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
 2025-05-21 21:38:44 +02:00
Matt Farina
0c91649ec8
Merge pull request #30871 from gjenkins8/gjenkins/test_registry_localhost 
Run test OCI registry localhost
 2025-05-20 18:57:13 +01:00
George Jenkins
8ba181c343 Run test OCI registry localhost 
Signed-off-by: George Jenkins <gvjenkins@gmail.com>
 2025-05-16 17:59:07 -07:00
Matthieu MOREL
157f0ba10a chore: enable thelper 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2025-05-16 10:25:08 +02:00
Robert Sirchia
4d580c6b95
Merge pull request #30810 from mmorel-35/usestdlibvars 
chore: enable usestdlibvars linter
 2025-05-08 10:35:10 -04:00
findnature
ac8d2f9aed refactor: use slices.Contains to simplify code 
Signed-off-by: findnature <cricis@aliyun.com>
 2025-05-02 09:43:25 +08:00
Matthieu MOREL
77a267dacf chore: enable usestdlibvars linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2025-04-27 22:44:46 +02:00