Schema validation with $ref cross-file references only works when charts
are available as directories on the filesystem. The install, template, and
upgrade commands may work with archived charts (.tgz) that are loaded
directly into memory without filesystem extraction.
This change limits ChartDir setting to the lint command only. The lint
command already extracts archived charts to temporary directories before
validation, so $ref resolution works for both directory and archived charts
when linting.
For install/template/upgrade commands:
- Main schema validation continues to work
- Charts without $ref validate successfully
- Charts with $ref will fail .. maybe we could add a warning about $ref not being supported in these commands?
Changes:
- Remove ChartDir assignment from install and upgrade commands
- Update schema validation to use synthetic path when chartDir is empty
- Add test for linting archived chart with $ref
- Remove install/template/upgrade tests for $ref (not supported)
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
The error message trimming logic was hardcoded to remove the prefix
"jsonschema validation failed with 'file:///values.schema.json#'",
which broke when we switched to using absolute paths for $ref resolution.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Extends JSON schema validation to support relative $ref imports
across helm lint, install, template, and upgrade commands.
Addresses George's review comments:
- Pass chartDir directly instead of deriving from valuesPath
- Create new functions instead of changing public API signatures
- Use absolute file paths for proper URL-based $ref resolution
Implementation:
- Added ValidateAgainstSchemaWithPath to resolve $ref using
absolute file paths instead of root-relative URLs
- Thread chartDir through Install/Upgrade structs and all
validation functions
- Updated both v2 (public) and v3 (internal) lint rules
Fixes relative $ref resolution when running commands like:
helm lint ../sample-chart
helm install release ../sample-chart
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Previously, the error trimming was hardcoded to remove only:
'jsonschema validation failed with 'file:///values.schema.json#''
After the fix for relative schema references (issue #31260), schema URLs
now include the full absolute path, making error messages look like:
'jsonschema validation failed with 'file:///full/absolute/path/values.schema.json#''
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
When validating values against JSON schemas, relative file references
in the schema (like "$ref": "./other-schema.json") were failing because
in some cases. The JSON schema validator couldn't resolve the correct
base directory.
This change passes the absolute base directory to the schema validator,
allowing it to properly resolve relative JSON schema references by
constructing the correct file:// URLs with the proper path context.
Tested with:
- `helm lint .`
- `helm lint subfolder`
Fixes#31260
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Add test
In GoLang, using the == operator to check for a certain error will not
unwrap the error chain, and therefore may hide the problem.
Signed-off-by: Mads Jensen <atombrella@users.noreply.github.com>
Only delete nil user values when overriding a non-nil chart default.
When chart has empty map or no default for a key, preserve user's nil.
| Scenario | Result |
|----------|--------|
| User sets `baz: ~`, chart has `baz: "value"` | Key deleted |
| User sets `baz: ~`, chart has empty map `{}` | Nil preserved |
| User sets `baz: ~`, chart has `baz: ~` | Nil preserved |
Fixes#31643
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
The rangeint suggestion is faster.
The maps.Copy and slices.Contains are just syntatic sugar.
Signed-off-by: Mads Jensen <atombrella@users.noreply.github.com>
Adds chart name to dependency logs, namespace to resource waiting logs,
and confirmation message when all resources are ready.
Addresses #31520
Signed-off-by: shuv0id <110290476+shuv0id@users.noreply.github.com>
Helm 3.19.0 introduced a regression where vendor-specific suffixes
(e.g., -gke.1245000, -eks-4096722, +) are stripped from
.Capabilities.KubeVersion.GitVersion, breaking charts that detect
managed Kubernetes platforms.
The root cause was using k8sversion.ParseGeneric().String() which
intentionally discards vendor suffixes. The fix stores both the full
version (with vendor suffix) and a normalized version. String() returns
the normalized version for constraint checking (e.g., ">= 1.21.0"),
while Version/GitVersion preserve the full string for template access.
Fixes#31423
Related to #31063, #31078
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
LoadArchive is in the individual loaders for the chart versions.
It is used by SDK users to load a stream rather than a file on
the filesystem. Adding to support SDK users like Flux.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Note, when time is not available, the builds are not reproducible.
This problem would only happen when an SDK user is using parts of
the API to build their own tooling. Helm will consistently inject
the dates through the higher level APIs.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Building the same chart into an archive multiple times will have
the same sha256 hash.
Perviously, the time in the headers for a file was time.Now() which
changed each time. The time is now collected from the operating
system when the file is loaded and this time is used.
Fixes: #3612
Signed-off-by: Matt Farina <matt.farina@suse.com>
Benoit Tigeot
George Jenkins
Evans Mungai
Matt Farina
Joe Julian
Matthieu MOREL
Mads Jensen
Branch Vincent
Robert Sirchia
Terry Howe
wangjingcun
shuv0id
Scott Rigby
Benoit Tigeot