* Add GPG signature verification to install script
The script fetches the KEYS file from GitHub, as well
as the .asc files on the release and verifies the
release artifacts are signed by a valid key.
Added new boolean config options in the install script
which allow for fine-grained control over verification
and output:
- DEBUG: sets -x in the bash script (default: false)
- VERIFY_CHECKSUM: verifies checksum (default: true)
- VERIFY_SIGNATURE: verifies signature (default: true)
Also reduced check for curl/wget to only one time.
Resolves#7943.
Resolves#7838.
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* disable signature verification by default
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* remove repeated line
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* fix typo
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* do not auto-import GPG keys
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* silence errors about missing commands
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* use a temporary gpg keyring
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
* Fix wget commands for VERIFY_SIGNATURES=true
Signed-off-by: jdolitsky <393494+jdolitsky@users.noreply.github.com>
When helm template is called with `--skip-tests` no manifests
in tests directories are rendered. No matter if they have a
`"helm.sh/hook": test` annotation or not.
This helps to avoid rendering manifests which are only used for test
execution.
Closes#8691
Signed-off-by: Torsten Walter <mail@torstenwalter.de>
Variable values `helm.sh/resource-policy` and `keep` are duplicately
defined in resource_policy.go (`resourcePolicyAnno` `keepPolicy`) and
resource_policy.go (`ResourcePolicyAnno` `KeepPolicy`), remove the
varibales in resource_policy.go to keep the code clean.
Signed-off-by: Liu Ming <hit_oak_tree@126.com>
* add output to get debug info on linter failing
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* trap cases where the YAML indent is incorrect.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
A fix introduced in #8631 caused a bug in Windows builds due to
a type difference between POSIX and Windows environments. This
change corrects that problem and provides a code comment to warn
others.
Signed-off-by: Matt Farina <matt@mattfarina.com>
When the engine stored templates in the map the keys were generated
based on path and not filepath. filepath was being used in the linter
when retrieving content from the keys. On Windows the keys ended up
being different.
This change is to use path joins to create the lookup key. Since the
name path was used in the code it needed to be changed in order to
import the package.
Tests already exist and were failing on windows. This got in because
CI is not run on Windows.
Closes#6418
Signed-off-by: Matt Farina <matt@mattfarina.com>
With Cobra 1.0, it is now possible to control when file completion
should or should not be done. For example:
helm list <TAB>
should not trigger file completion since 'helm list' does not accept
any arguments.
This commit disables file completion when appropriate and adds tests to
verify that file completion is properly disabled.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
With the release of go 1.15, the test-suite doesn't pass as `go test` got
a new warning for improper `string(x)` usage.
https://golang.org/doc/go1.15#vet
$ make test-unit
# helm.sh/helm/v3/pkg/release
pkg/release/mock.go:56:27: conversion from int to string yields a string of one rune, not a string of digits (did you mean fmt.Sprint(x)?)
[snip]
make: *** [Makefile:82: test-unit] Error 2
This patch changes ensures we are utilizing `fmt.Sprint` instead as
recommended.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Have update the Common Labels template in the starter chart so that the
value for the `app.kubernetes.io/version` is set to the same value as
the image tag used in the deployment.
Signed-off-by: Thomas O'Donnell <andy.tom@gmail.com>