The helm.sh/depends-on/resource-groups annotation contains multiple '/'
separators which fails Kubernetes annotation-key validation. The action
layer already strips it before SSA-applying via stripSequencingAnnotations,
but the template path emitted it verbatim, breaking
'helm template --wait=ordered | kubectl apply -f -'.
Lift the annotation list to pkg/release/v1/util.HelmInternalSequencingAnnotations
so both the action layer and the template renderer share one source of truth.
Add StripHelmInternalAnnotations as a line-based regex strip that preserves
surrounding byte order so 'helm template | diff' workflows stay stable.
Apply it in both ordered and flat template render paths and across hook
manifests for symmetry.
Refs HIP-0025.
Signed-off-by: Rohit Gudi <50377477+caretak3r@users.noreply.github.com>
Implements HIP-0025 to give chart authors first-class control over
deployment ordering of chart resources and subcharts. Helm operators
opt in via --wait=ordered (or WaitStrategy=ordered in the SDK); default
behavior for Chart v2 is unchanged.
== Foundations ==
- DAG abstraction (pkg/chart/v2/util/dag.go) with topological batch
output and cycle detection.
- Resource-group annotation parsing and dependency tracking
(pkg/release/v1/util/resource_group.go) for helm.sh/resource-group
and helm.sh/depends-on/resource-groups; resource IDs are
apiVersion/Kind/Namespace/Name to disambiguate cross-namespace.
- Subchart DAG (pkg/chart/v2/util/subchart_dag.go) reading depends-on
on Chart.yaml dependencies and the helm.sh/depends-on/subcharts
annotation. BuildSubchartDAG inspects c.Dependencies() (post
ProcessDependencies) so it correctly respects conditions, tags, and
aliases - addresses joejulian's review feedback on metadata
heuristics.
- DependsOn []string field on chart.Dependency (pkg/chart/v2/dependency.go).
- SequencingInfo metadata stored on the release object
(pkg/release/v1/release.go) so rollback knows whether a revision
was sequenced.
- Custom readiness via helm.sh/readiness-success and helm.sh/readiness-failure
JSONPath expressions (pkg/kube/readiness.go); falls back to kstatus
if either is missing. Failure conditions take precedence over success.
== Action integration ==
- pkg/action/sequencing.go: sequencedDeployment with per-batch deadline
via min(), context.Done() honored at build/create/wait phases, and
isolated/partial-readiness warnings emitted once per batch (not per
poll tick).
- Install, upgrade, rollback, and uninstall actions consume
WaitStrategy=ordered. Sequenced uninstall and rollback are gated on
the release's stored SequencingInfo to enforce the HIP "reverse
install order" semantic.
- ReadinessTimeout (default 1m) is capped by --timeout and applied
per batch.
- Manifest path recovery for nested subcharts on rollback/uninstall.
== CLI ==
- --wait=ordered on install, upgrade, rollback, AND uninstall. The
AddOrderedWaitFlag helper in pkg/cmd/flags.go is shared across all
four commands.
- --readiness-timeout flag with docstring clarifying that "ready" is
determined by kstatus signals or custom readiness annotations, and
that vanilla Jobs need --wait-for-jobs.
- helm template emits "## START resource-group: <chart> <name>" /
"## END resource-group: ..." delimiters when --wait=ordered. Falls
back to flat manifest output with a warning if YAML parsing fails.
== Lint ==
- pkg/chart/v2/lint/rules/sequencing.go: ErrorSev for circular subchart
deps, partial readiness annotations, and orphan
helm.sh/depends-on/resource-groups references. Empty annotation
values are treated as absent (matches runtime behavior).
== Tests + fixtures ==
- Unit tests for DAG, subchart DAG, lint rules, readiness JSONPath,
resource-group parsing, sequencing action, ordered template output,
and CLI flag wiring. Includes context-cancellation coverage for
sequencedDeployment per joejulian's request.
- Integration testchart at pkg/cmd/testdata/testcharts/sequenced-chart/
exercising parent->subchart and resource-group ordering.
== Backward compatibility ==
Sequencing is gated on WaitStrategy == OrderedWaitStrategy. Charts
without HIP-0025 annotations or --wait=ordered behave exactly as
before. The depends-on field on Chart.yaml dependencies is silently
accepted and unknown to upstream-stable lint (forward-compat fix
to be tracked separately once HIP is accepted).
Refs: HIP-0025
Addresses: joejulian and Copilot review feedback on PR #32038
Signed-off-by: Rohit Gudi <50377477+caretak3r@users.noreply.github.com>
Only user-supplied nils should survive coalescing. Chart-default nils
defaults, not just user overrides. This caused:
- %!s(<nil>) in templates using Bitnami common.secrets.key (#31919)
- pluck fallbacks returning nil instead of falling through to globals
(#31971)
Fixes#31919Fixes#31971
Signed-off-by: Johannes Lohmer <jojo.dev@lohmer.com>
This ensures that when `helm uninstall` is run with `--keep-history`
any release in a `deployed` state other than the last release (e.g.
due to a failed upgrade) is being marked as `superseded`.
As a by-effect, running `helm upgrade` on a release which has been
uninstalled after an upgrade failure now no longer works. But instead
fails with a `"<name>" has no deployed releases` error. Which is the
(likely) intended behavior, and prevents other side-effects like
rolling back to a release version which happened before the uninstall
if `--atomic` (or `--rollback-on-failure`) was provided.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This adds a --no-headers flag to the 'helm repo list' command,
allowing users to suppress table headers in the output.
Useful for scripting and automation.
Signed-off-by: Paul Van Laer <paul.van.laer1@gmail.com>
The test scripts hardcoded #!/bin/bash while they are not really
requiring bash. Use the more portable #!/usr/bin/env sh instead, so that
they use the default shell.
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
* Runtime abstraction to encapsulate subprocess code and enable future runtimes
Also fix race condition in TestPrepareCommandExtraArgs by replacing the shared variable modification with a local copy
Co-authored-by: George Jenkins <gvjenkins@gmail.com>
Signed-off-by: Scott Rigby <scott@r6by.com>
* Remove commented out code
Co-authored-by: Joe Julian <me@joejulian.name>
Signed-off-by: Scott Rigby <scott@r6by.com>
* Check test failure string
Co-authored-by: Jesse Simpson <jesse.simpson36@gmail.com>
Signed-off-by: Scott Rigby <scott@r6by.com>
---------
Signed-off-by: Scott Rigby <scott@r6by.com>
Co-authored-by: George Jenkins <gvjenkins@gmail.com>
Co-authored-by: Joe Julian <me@joejulian.name>
Co-authored-by: Jesse Simpson <jesse.simpson36@gmail.com>
The `vaildateTemplatesDir` function would still return `nil` if the directory doesn't exist,
so the early return that was documented never occurs.
Signed-off-by: Zach Burgess <zachburg@google.com>
This reverts #13533
This change has caused issues with numerous charts around things
unrelated to toml. This is because of functions like typeIs/typeOf
being used and acted upon.
The change caused a significant regression.
Note: This kind of change can be put into v3 charts, that are in
active development, without causing a regression.
Closes#30880
Signed-off-by: Matt Farina <matt@mattfarina.com>
Rohit Gudi
Matheus Pimenta
Terry Howe
Johannes Lohmer
George Jenkins
Evans Mungai
Branch Vincent
Matt Farina
tison
Hidde Beydals
Benoit Tigeot
Paul Van Laer
copilot-swe-agent[bot]
Tom Wieczorek
Kamil Swiechowski
Scott Rigby
Andreas Sommer
Joe Julian
Yuriy Losev
Zach Burgess
Zach Burgess
Ashmit Bhardwaj
Matt Farina