ApplySourceDateEpoch previously only stamped entries with a zero ModTime,
but charts loaded from disk (via loader.LoadDir) already have non-zero
ModTimes populated from the filesystem. This made the function a no-op
in the common helm-package path, defeating reproducible builds.
The function now unconditionally overrides every ModTime to the
SOURCE_DATE_EPOCH value, which is the correct behaviour for producing
bit-for-bit identical archives regardless of filesystem metadata.
Additionally, tarFromLocalDir in pkg/downloader/manager.go was writing
its SOURCE_DATE_EPOCH warning directly to os.Stderr, which is
inconsistent with the rest of Manager that routes user-facing output
through m.Out. The function now accepts an io.Writer parameter and the
call site passes m.Out.
Tests updated to verify that existing (non-zero) timestamps are
overridden rather than preserved.
Signed-off-by: Maxime Kawawa-Beaudan <maxkawab@gmail.com>
Signed-off-by: Maxime Grenu <maxime.grenu@gmail.com>
Add TestSaveWithSourceDateEpoch to both v2 and v3 util packages to
verify the full pipeline: parse the epoch, stamp the chart tree, save
to a tar archive, then assert that every tar entry carries exactly the
expected timestamp. This catches any regression where writeToTar might
silently fall back to time.Now().
Also add TestApplySourceDateEpochDependencies to confirm that the
recursive walk correctly stamps sub-chart entries while preserving
non-zero ModTimes on the parent chart.
Signed-off-by: Maxime Grenu <maxime.grenu@gmail.com>
Add ParseSourceDateEpoch and ApplySourceDateEpoch helpers to the v2
and v3 chart util packages. The caller (helm package, dependency
build) now reads the environment variable, stamps every zero-valued
ModTime field on the chart tree, and lets the existing tar writer
pick up those times.
This keeps Save() free from environment side effects: the epoch is
parsed and applied at the call site. Entries that already carry a
non-zero ModTime are left untouched.
Signed-off-by: Maxime Wojtczak <maxime@cluster2600.com>
Signed-off-by: Maxime Grenu <maxime.grenu@gmail.com>
In GoLang, using the == operator to check for a certain error will not
unwrap the error chain, and therefore may hide the problem.
Signed-off-by: Mads Jensen <atombrella@users.noreply.github.com>
Note, when time is not available, the builds are not reproducible.
This problem would only happen when an SDK user is using parts of
the API to build their own tooling. Helm will consistently inject
the dates through the higher level APIs.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Building the same chart into an archive multiple times will have
the same sha256 hash.
Perviously, the time in the headers for a file was time.Now() which
changed each time. The time is now collected from the operating
system when the file is loaded and this time is used.
Fixes: #3612
Signed-off-by: Matt Farina <matt.farina@suse.com>
This change is about handling the interfaces to public functions for
different chart apiVersions. The internals are still focused on v2.
This enables v3 to be layered in layer.
Signed-off-by: Matt Farina <matt.farina@suse.com>
When --skip-schema-validation is enabled, the lint command will now skip
JSON schema validation for values.yaml files, allowing charts with schema
validation errors to pass linting when the flag is used.
This addresses the gap where --skip-schema-validation only applied to
templates but not to values files, providing complete schema validation
bypass when needed.
Fixes: #13413
Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Linting is specific to the chart versions. A v2 and v3 chart will
lint differently.
To accomplish this, packages like engine need to be able to handle
different chart versions. This was accomplished by some changes:
1. The introduction of a Charter interface for charts
2. The ChartAccessor which is able to accept a chart and then
provide access to its data via an interface. There is an
interface, factory, and implementation for each version of
chart.
3. Common packages were moved to a common and util packages.
Due to some package loops, there are 2 packages which may
get some consolidation in the future.
The new interfaces provide the foundation to move the actions
and cmd packages to be able to handle multiple apiVersions of
charts.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Maxime Grenu
George Jenkins
Matthieu MOREL
Mads Jensen
Matt Farina
Joe Julian
Branch Vincent
Robert Sirchia
wangjingcun
Benoit Tigeot
Scott Rigby
Terry Howe
Kamil Swiechowski
Isaiah Lewis
joemicky
Borys Hulii
yumeiyin