The helm.sh/depends-on/resource-groups annotation contains multiple '/'
separators which fails Kubernetes annotation-key validation. The action
layer already strips it before SSA-applying via stripSequencingAnnotations,
but the template path emitted it verbatim, breaking
'helm template --wait=ordered | kubectl apply -f -'.
Lift the annotation list to pkg/release/v1/util.HelmInternalSequencingAnnotations
so both the action layer and the template renderer share one source of truth.
Add StripHelmInternalAnnotations as a line-based regex strip that preserves
surrounding byte order so 'helm template | diff' workflows stay stable.
Apply it in both ordered and flat template render paths and across hook
manifests for symmetry.
Refs HIP-0025.
Signed-off-by: Rohit Gudi <50377477+caretak3r@users.noreply.github.com>
Two more findings from Copilot's review of the consolidated commit:
- batchHasCustomReadiness returned true when a single resource had only ONE
of the two readiness annotations. That triggered the custom-readiness status
reader for the whole batch, redundant with warnIfPartialReadinessAnnotations
(which already warns) and with EvaluateCustomReadiness (which falls back to
kstatus when only one is set). Require both annotations to be non-empty
before swapping in the custom reader.
- helm template --wait=ordered hard-failed on YAML parse errors, breaking the
--debug contract that "we always want to print the YAML, even if it is not
valid." Fall back to the flat output path with a stderr warning when ordered
rendering fails, so --debug investigation flows still surface the manifests.
Signed-off-by: Rohit Gudi <50377477+caretak3r@users.noreply.github.com>
Implements HIP-0025 to give chart authors first-class control over
deployment ordering of chart resources and subcharts. Helm operators
opt in via --wait=ordered (or WaitStrategy=ordered in the SDK); default
behavior for Chart v2 is unchanged.
== Foundations ==
- DAG abstraction (pkg/chart/v2/util/dag.go) with topological batch
output and cycle detection.
- Resource-group annotation parsing and dependency tracking
(pkg/release/v1/util/resource_group.go) for helm.sh/resource-group
and helm.sh/depends-on/resource-groups; resource IDs are
apiVersion/Kind/Namespace/Name to disambiguate cross-namespace.
- Subchart DAG (pkg/chart/v2/util/subchart_dag.go) reading depends-on
on Chart.yaml dependencies and the helm.sh/depends-on/subcharts
annotation. BuildSubchartDAG inspects c.Dependencies() (post
ProcessDependencies) so it correctly respects conditions, tags, and
aliases - addresses joejulian's review feedback on metadata
heuristics.
- DependsOn []string field on chart.Dependency (pkg/chart/v2/dependency.go).
- SequencingInfo metadata stored on the release object
(pkg/release/v1/release.go) so rollback knows whether a revision
was sequenced.
- Custom readiness via helm.sh/readiness-success and helm.sh/readiness-failure
JSONPath expressions (pkg/kube/readiness.go); falls back to kstatus
if either is missing. Failure conditions take precedence over success.
== Action integration ==
- pkg/action/sequencing.go: sequencedDeployment with per-batch deadline
via min(), context.Done() honored at build/create/wait phases, and
isolated/partial-readiness warnings emitted once per batch (not per
poll tick).
- Install, upgrade, rollback, and uninstall actions consume
WaitStrategy=ordered. Sequenced uninstall and rollback are gated on
the release's stored SequencingInfo to enforce the HIP "reverse
install order" semantic.
- ReadinessTimeout (default 1m) is capped by --timeout and applied
per batch.
- Manifest path recovery for nested subcharts on rollback/uninstall.
== CLI ==
- --wait=ordered on install, upgrade, rollback, AND uninstall. The
AddOrderedWaitFlag helper in pkg/cmd/flags.go is shared across all
four commands.
- --readiness-timeout flag with docstring clarifying that "ready" is
determined by kstatus signals or custom readiness annotations, and
that vanilla Jobs need --wait-for-jobs.
- helm template emits "## START resource-group: <chart> <name>" /
"## END resource-group: ..." delimiters when --wait=ordered. Falls
back to flat manifest output with a warning if YAML parsing fails.
== Lint ==
- pkg/chart/v2/lint/rules/sequencing.go: ErrorSev for circular subchart
deps, partial readiness annotations, and orphan
helm.sh/depends-on/resource-groups references. Empty annotation
values are treated as absent (matches runtime behavior).
== Tests + fixtures ==
- Unit tests for DAG, subchart DAG, lint rules, readiness JSONPath,
resource-group parsing, sequencing action, ordered template output,
and CLI flag wiring. Includes context-cancellation coverage for
sequencedDeployment per joejulian's request.
- Integration testchart at pkg/cmd/testdata/testcharts/sequenced-chart/
exercising parent->subchart and resource-group ordering.
== Backward compatibility ==
Sequencing is gated on WaitStrategy == OrderedWaitStrategy. Charts
without HIP-0025 annotations or --wait=ordered behave exactly as
before. The depends-on field on Chart.yaml dependencies is silently
accepted and unknown to upstream-stable lint (forward-compat fix
to be tracked separately once HIP is accepted).
Refs: HIP-0025
Addresses: joejulian and Copilot review feedback on PR #32038
Signed-off-by: Rohit Gudi <50377477+caretak3r@users.noreply.github.com>
Only user-supplied nils should survive coalescing. Chart-default nils
defaults, not just user overrides. This caused:
- %!s(<nil>) in templates using Bitnami common.secrets.key (#31919)
- pluck fallbacks returning nil instead of falling through to globals
(#31971)
Fixes#31919Fixes#31971
Signed-off-by: Johannes Lohmer <jojo.dev@lohmer.com>
* feat(create): add hidden --chart-api-version flag
Add --chart-api-version flag to helm create command to allow selecting
chart API version (v2 or v3) when creating a new chart.
- Default is v2 (existing behavior unchanged)
- v3 uses internal/chart/v3 scaffold generator
- Invalid versions return clear error message
- Works with --starter flag
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
* Add HELM_EXPERIMENTAL_CHART_V3 feature gate to create command
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
* make chartv3 private and use loader to load the chart
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
* Hide chart-api-version flag until chart v3 is officially released
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
* Conditionally hide the --chart-api-version flag if chart v3 is not enabled
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
* Add internal gates package for internal feature gates
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
* Add doc for internal/gates package
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
---------
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
The --hide-notes and --render-subchart-notes flags have no effect for
`helm template` since template output never includes notes. Mark these
flags as deprecated and hide them from help output.
The flags are preserved for backwards compatibility in Helm 4 and will
be removed in Helm 5.
Fixes#31752
Signed-off-by: Scott Rigby <scott@r6by.com>
Improve the description to explain the three usage scenarios:
- --wait alone defaults to 'watcher' strategy
- --wait=<value> uses the specified strategy
- flag omitted defaults to 'hookOnly'
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
The --api-versions flag was undocumented in the template command's
help text. This adds usage documentation and examples showing both
comma-separated and multiple flag usage patterns.
Fixes#13198
Signed-off-by: majiayu000 <1835304752@qq.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
Rohit Gudi
Terry Howe
Matheus Pimenta
Johannes Lohmer
George Jenkins
Matthieu MOREL
Travis Leeden
Mads Jensen
Evans Mungai
Matt Farina
Joe Julian
Scott Rigby
Manuel Alonso
majiayu000