From 8096f09370e9f7b78f8129f9afc8036987c0a257 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20B=C3=BCrger?= Date: Fri, 11 Jul 2025 13:11:33 +0200 Subject: [PATCH 1/6] Pass credentials when either chart repo or repo dont specify a port but it matches the default port of that scheme MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Danilo Bürger --- pkg/action/install.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/pkg/action/install.go b/pkg/action/install.go index 440f41baa..ae50327fe 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -746,6 +746,21 @@ OUTER: return nil } +func portOrDefault(u *url.URL) string { + if p := u.Port(); p != "" { + return p + } + + switch u.Scheme { + case "http": + return "80" + case "https": + return "443" + default: + return "" + } +} + // LocateChart looks for a chart directory in known places, and returns either the full path or an error. // // This does not ensure that the chart is well-formed; only that the requested filename exists. @@ -833,7 +848,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( // Host on URL (returned from url.Parse) contains the port if present. // This check ensures credentials are not passed between different // services on different ports. - if c.PassCredentialsAll || (u1.Scheme == u2.Scheme && u1.Host == u2.Host) { + if c.PassCredentialsAll || (u1.Scheme == u2.Scheme && u1.Hostname() == u2.Hostname() && portOrDefault(u1) == portOrDefault(u2)) { dl.Options = append(dl.Options, getter.WithBasicAuth(c.Username, c.Password)) } else { dl.Options = append(dl.Options, getter.WithBasicAuth("", "")) From 055c4e2bec10895a50a9a0d8e3692120217835e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20B=C3=BCrger?= Date: Sun, 13 Jul 2025 15:38:54 +0200 Subject: [PATCH 2/6] Moved url comparison to own function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Danilo Bürger --- pkg/action/install.go | 6 +++- pkg/action/install_test.go | 66 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 1 deletion(-) diff --git a/pkg/action/install.go b/pkg/action/install.go index ae50327fe..d9da2f14f 100644 --- a/pkg/action/install.go +++ b/pkg/action/install.go @@ -761,6 +761,10 @@ func portOrDefault(u *url.URL) string { } } +func urlEqual(u1, u2 *url.URL) bool { + return u1.Scheme == u2.Scheme && u1.Hostname() == u2.Hostname() && portOrDefault(u1) == portOrDefault(u2) +} + // LocateChart looks for a chart directory in known places, and returns either the full path or an error. // // This does not ensure that the chart is well-formed; only that the requested filename exists. @@ -848,7 +852,7 @@ func (c *ChartPathOptions) LocateChart(name string, settings *cli.EnvSettings) ( // Host on URL (returned from url.Parse) contains the port if present. // This check ensures credentials are not passed between different // services on different ports. - if c.PassCredentialsAll || (u1.Scheme == u2.Scheme && u1.Hostname() == u2.Hostname() && portOrDefault(u1) == portOrDefault(u2)) { + if c.PassCredentialsAll || urlEqual(u1, u2) { dl.Options = append(dl.Options, getter.WithBasicAuth(c.Username, c.Password)) } else { dl.Options = append(dl.Options, getter.WithBasicAuth("", "")) diff --git a/pkg/action/install_test.go b/pkg/action/install_test.go index 6c2c91d0a..1882f19e7 100644 --- a/pkg/action/install_test.go +++ b/pkg/action/install_test.go @@ -24,6 +24,7 @@ import ( "io" "io/fs" "net/http" + "net/url" "os" "path/filepath" "regexp" @@ -933,3 +934,68 @@ func TestInstallWithSystemLabels(t *testing.T) { is.Equal(fmt.Errorf("user supplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels()), err) } + +func TestUrlEqual(t *testing.T) { + is := assert.New(t) + + tests := []struct { + name string + url1 string + url2 string + expected bool + }{ + { + name: "identical URLs", + url1: "https://example.com:443", + url2: "https://example.com:443", + expected: true, + }, + { + name: "same host, scheme, default HTTPS port vs explicit", + url1: "https://example.com", + url2: "https://example.com:443", + expected: true, + }, + { + name: "same host, scheme, default HTTP port vs explicit", + url1: "http://example.com", + url2: "http://example.com:80", + expected: true, + }, + { + name: "different schemes", + url1: "http://example.com", + url2: "https://example.com", + expected: false, + }, + { + name: "different hosts", + url1: "https://example.com", + url2: "https://www.example.com", + expected: false, + }, + { + name: "different ports", + url1: "https://example.com:8080", + url2: "https://example.com:9090", + expected: false, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + u1, err := url.Parse(tc.url1) + if err != nil { + t.Fatalf("Failed to parse URL1 %s: %v", tc.url1, err) + } + u2, err := url.Parse(tc.url2) + if err != nil { + t.Fatalf("Failed to parse URL2 %s: %v", tc.url2, err) + } + + is.Equal(tc.expected, urlEqual(u1, u2)) + }) + } +} From 8c22fbfe4a06b86eaf5296b93487aabcc83659fb Mon Sep 17 00:00:00 2001 From: yumeiyin Date: Mon, 14 Jul 2025 16:21:15 +0800 Subject: [PATCH 3/6] refactor: replace Split in loops with more efficient SplitSeq Signed-off-by: yumeiyin --- pkg/chart/v2/util/dependencies.go | 2 +- pkg/cmd/load_plugins.go | 2 +- pkg/release/util/manifest_sorter.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/chart/v2/util/dependencies.go b/pkg/chart/v2/util/dependencies.go index e2cce6f2f..f34144526 100644 --- a/pkg/chart/v2/util/dependencies.go +++ b/pkg/chart/v2/util/dependencies.go @@ -38,7 +38,7 @@ func processDependencyConditions(reqs []*chart.Dependency, cvals Values, cpath s return } for _, r := range reqs { - for _, c := range strings.Split(strings.TrimSpace(r.Condition), ",") { + for c := range strings.SplitSeq(strings.TrimSpace(r.Condition), ",") { if len(c) > 0 { // retrieve value vv, err := cvals.PathValue(cpath + c) diff --git a/pkg/cmd/load_plugins.go b/pkg/cmd/load_plugins.go index 385990d82..5c7f618eb 100644 --- a/pkg/cmd/load_plugins.go +++ b/pkg/cmd/load_plugins.go @@ -350,7 +350,7 @@ func pluginDynamicComp(plug *plugin.Plugin, cmd *cobra.Command, args []string, t } var completions []string - for _, comp := range strings.Split(buf.String(), "\n") { + for comp := range strings.SplitSeq(buf.String(), "\n") { // Remove any empty lines if len(comp) > 0 { completions = append(completions, comp) diff --git a/pkg/release/util/manifest_sorter.go b/pkg/release/util/manifest_sorter.go index be93ad1ed..21fdec7c6 100644 --- a/pkg/release/util/manifest_sorter.go +++ b/pkg/release/util/manifest_sorter.go @@ -185,7 +185,7 @@ func (file *manifestFile) sort(result *result) error { } isUnknownHook := false - for _, hookType := range strings.Split(hookTypes, ",") { + for hookType := range strings.SplitSeq(hookTypes, ",") { hookType = strings.ToLower(strings.TrimSpace(hookType)) e, ok := events[hookType] if !ok { @@ -236,7 +236,7 @@ func calculateHookWeight(entry SimpleHead) int { // operateAnnotationValues finds the given annotation and runs the operate function with the value of that annotation func operateAnnotationValues(entry SimpleHead, annotation string, operate func(p string)) { if dps, ok := entry.Metadata.Annotations[annotation]; ok { - for _, dp := range strings.Split(dps, ",") { + for dp := range strings.SplitSeq(dps, ",") { dp = strings.ToLower(strings.TrimSpace(dp)) operate(dp) } From 7f4eb407c69efd00a4a345a75e826260aa2f70d1 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Thu, 17 Jul 2025 13:04:25 -0700 Subject: [PATCH 4/6] add missing template directory to badcrdfile testdata Signed-off-by: Joe Julian --- pkg/lint/rules/testdata/badcrdfile/templates/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 pkg/lint/rules/testdata/badcrdfile/templates/.gitkeep diff --git a/pkg/lint/rules/testdata/badcrdfile/templates/.gitkeep b/pkg/lint/rules/testdata/badcrdfile/templates/.gitkeep new file mode 100644 index 000000000..e69de29bb From cf06c6d418c109dcbfd23e4e9ebda2c3655210b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C5=A1per=20Grom?= Date: Sat, 19 Jul 2025 08:17:54 +0200 Subject: [PATCH 5/6] fix: LFX health score badge link MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Gašper Grom --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef994e742..66fdab041 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ [![GoDoc](https://img.shields.io/static/v1?label=godoc&message=reference&color=blue)](https://pkg.go.dev/helm.sh/helm/v4) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3131/badge)](https://bestpractices.coreinfrastructure.org/projects/3131) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/helm/helm/badge)](https://scorecard.dev/viewer/?uri=github.com/helm/helm) -[![LFX Health Score](https://img.shields.io/static/v1?label=Health%20Score&message=Healthy&color=A7F3D0&logo=linuxfoundation&logoColor=white&style=flat)](https://insights.linuxfoundation.org/project/helm) +[![LFX Health Score](https://insights.production.lfx.dev/api/badge/health-score?project=helm)](https://insights.linuxfoundation.org/project/helm) Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. From f3065ff1ba131a84bee61ef54e4d5c81a2ed3763 Mon Sep 17 00:00:00 2001 From: George Jenkins Date: Mon, 21 Jul 2025 18:03:16 -0700 Subject: [PATCH 6/6] Remove plugin deprecated 'UseTunnelDeprecated' Signed-off-by: George Jenkins --- pkg/plugin/plugin.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/pkg/plugin/plugin.go b/pkg/plugin/plugin.go index 9d79ab4fc..930bf3664 100644 --- a/pkg/plugin/plugin.go +++ b/pkg/plugin/plugin.go @@ -132,12 +132,6 @@ type Metadata struct { // Downloaders field is used if the plugin supply downloader mechanism // for special protocols. Downloaders []Downloaders `json:"downloaders"` - - // UseTunnelDeprecated indicates that this command needs a tunnel. - // Setting this will cause a number of side effects, such as the - // automatic setting of HELM_HOST. - // DEPRECATED and unused, but retained for backwards compatibility with Helm 2 plugins. Remove in Helm 4 - UseTunnelDeprecated bool `json:"useTunnel,omitempty"` } // Plugin represents a plugin.