Chart.yaml files have an annotation field that allow a chart to
have custom information similar to the way Kubernetes annotations
work.
In an index.yaml file each chart version can have annotations in
a similar manner to the Chart.yaml file. It is derived from the
same underlying struct.
These enable extension points where people can add their own info.
One thing missing is the ability to extend the top level of an
index file. This change adds annotations to the top level of an
index.yaml file. This would provide top level support for vendors
to extent index.yaml files.
Closes#8767
Signed-off-by: Matt Farina <matt@mattfarina.com>
When #8779 was merged it introduced an issue with windows builds,
which we do not test for in PR CI. This change fixes that problem.
Signed-off-by: Matt Farina <matt@mattfarina.com>
Add size of labels and number of reviewers is listed twice, pointing
the area with less detail to the one with more detail.
Signed-off-by: Matt Farina <matt@mattfarina.com>
A security issue fixed in 3.3.2 caught repos with the same name
being added a second time and produced an error. This caused an
issue for tools, such as helmfile, that will add the same name
with the same configuration multiple times.
This fix checks that the configuration on the existing and new
repo are the same. If there is no change it notes it and exists
with a 0 exit code. If there is a change the existing error is
returned (for reverse compat). If --force-update is given the
user opts in to changing the config for the name.
Closes#8771
Signed-off-by: Matt Farina <matt@mattfarina.com>
A recent change merged into Helm fixes a number of security issues related to parsing malformed index files. Unfortunately, it also broke the ability for users to load index files from chartmuseum, which adds a "server info" field to add additional metadata.
This commit adds that field so that index files from chartmuseum can be validated. Since Helm does not use this field for anything, the information is discarded and unused.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
Previously, when there is no *.{gz,zip} files under _dist, the wildcard
will be expanded to 2 strings '_dist/*.gz' and '_dist/*.zip'(see below).
helm$ ls _dist
helm$ make checksum
for f in _dist/*.{gz,zip} ; do \
shasum -a 256 "${f}" | sed 's/_dist\///' > "${f}.sha256sum" ; \
shasum -a 256 "${f}" | awk '{print $1}' > "${f}.sha256" ; \
done
shasum: _dist/*.gz:
shasum: _dist/*.gz:
shasum: _dist/*.zip:
shasum: _dist/*.zip:
helm$ ls _dist
'*.gz.sha256' '*.gz.sha256sum' '*.zip.sha256' '*.zip.sha256sum'
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>