Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package helm for openSUSE:Factory checked in at 2024-03-25 21:13:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/helm (Old) and /work/SRC/openSUSE:Factory/.helm.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "helm" Mon Mar 25 21:13:23 2024 rev:64 rq:1161469 version:3.14.3 Changes: -------- --- /work/SRC/openSUSE:Factory/helm/helm.changes 2024-02-26 19:46:58.325338558 +0100 +++ /work/SRC/openSUSE:Factory/.helm.new.1905/helm.changes 2024-03-25 21:20:36.480768848 +0100 @@ -1,0 +2,13 @@ +Sat Mar 16 16:49:46 UTC 2024 - opensuse_buildservice@ojkastl.de + +- Update to version 3.14.3: + * Add a note about --dry-run displaying secrets + * add error messages + * Fix: Ignore alias validation error for index load + * chore(deps): bump github.com/containerd/containerd from 1.7.11 + to 1.7.12 + * chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to + 1.5.2 + * Update architecture detection method + +------------------------------------------------------------------- Old: ---- helm-3.14.2.obscpio New: ---- helm-3.14.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ helm.spec ++++++ --- /var/tmp/diff_new_pack.3AAa0Q/_old 2024-03-25 21:20:40.464915379 +0100 +++ /var/tmp/diff_new_pack.3AAa0Q/_new 2024-03-25 21:20:40.464915379 +0100 @@ -19,7 +19,7 @@ %define goipath helm.sh/helm/v3 %define git_dirty clean Name: helm -Version: 3.14.2 +Version: 3.14.3 Release: 0 Summary: The Kubernetes Package Manager License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.3AAa0Q/_old 2024-03-25 21:20:40.492916409 +0100 +++ /var/tmp/diff_new_pack.3AAa0Q/_new 2024-03-25 21:20:40.496916556 +0100 @@ -5,7 +5,7 @@ <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> - <param name="revision">v3.14.2</param> + <param name="revision">v3.14.3</param> <param name="changesgenerate">enable</param> </service> <service name="set_version" mode="manual"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.3AAa0Q/_old 2024-03-25 21:20:40.512917144 +0100 +++ /var/tmp/diff_new_pack.3AAa0Q/_new 2024-03-25 21:20:40.516917292 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/helm/helm.git</param> - <param name="changesrevision">c309b6f0ff63856811846ce18f3bdc93d2b4d54b</param></service></servicedata> + <param name="changesrevision">f03cc04caaa8f6d7c3e67cf918929150cf6f3f12</param></service></servicedata> (No newline at EOF) ++++++ helm-3.14.2.obscpio -> helm-3.14.3.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/Makefile new/helm-3.14.3/Makefile --- old/helm-3.14.2/Makefile 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/Makefile 2024-03-13 19:48:13.000000000 +0100 @@ -11,7 +11,7 @@ endif GOX = $(GOBIN)/gox GOIMPORTS = $(GOBIN)/goimports -ARCH = $(shell uname -p) +ARCH = $(shell go env GOARCH) ACCEPTANCE_DIR:=../acceptance-testing # To specify the subset of acceptance tests to run. '.' means all tests diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/cmd/helm/install.go new/helm-3.14.3/cmd/helm/install.go --- old/helm-3.14.2/cmd/helm/install.go 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/cmd/helm/install.go 2024-03-13 19:48:13.000000000 +0100 @@ -94,7 +94,11 @@ $ helm install --set-json='foo={"key1":"value1","key2":"value2"}' --set-json='foo.key2="bar"' myredis ./redis To check the generated manifests of a release without installing the chart, -the '--debug' and '--dry-run' flags can be combined. +the --debug and --dry-run flags can be combined. + +The --dry-run flag will output all generated chart manifests, including Secrets +which can contain sensitive values. Please carefully consider how and when this +flag is used. If --verify is set, the chart MUST have a provenance file, and the provenance file MUST pass all verification steps. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/cmd/helm/upgrade.go new/helm-3.14.3/cmd/helm/upgrade.go --- old/helm-3.14.2/cmd/helm/upgrade.go 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/cmd/helm/upgrade.go 2024-03-13 19:48:13.000000000 +0100 @@ -72,6 +72,10 @@ or '--set' flags. Priority is given to new values. $ helm upgrade --reuse-values --set foo=bar --set foo=newbar redis ./redis + +The --dry-run flag will output all generated chart manifests, including Secrets +which can contain sensitive values. Please carefully consider how and when this +flag is used. ` func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/go.mod new/helm-3.14.3/go.mod --- old/helm-3.14.2/go.mod 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/go.mod 2024-03-13 19:48:13.000000000 +0100 @@ -4,13 +4,13 @@ require ( github.com/BurntSushi/toml v1.3.2 - github.com/DATA-DOG/go-sqlmock v1.5.0 + github.com/DATA-DOG/go-sqlmock v1.5.2 github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 github.com/Masterminds/squirrel v1.5.4 github.com/Masterminds/vcs v1.13.3 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 - github.com/containerd/containerd v1.7.11 + github.com/containerd/containerd v1.7.12 github.com/cyphar/filepath-securejoin v0.2.4 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 github.com/evanphx/json-patch v5.7.0+incompatible diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/go.sum new/helm-3.14.3/go.sum --- old/helm-3.14.2/go.sum 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/go.sum 2024-03-13 19:48:13.000000000 +0100 @@ -6,8 +6,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -58,8 +58,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= -github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= +github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= +github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= @@ -230,6 +230,7 @@ github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE= github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/pkg/repo/index.go new/helm-3.14.3/pkg/repo/index.go --- old/helm-3.14.2/pkg/repo/index.go 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/pkg/repo/index.go 2024-03-13 19:48:13.000000000 +0100 @@ -366,7 +366,7 @@ if cvs[idx].APIVersion == "" { cvs[idx].APIVersion = chart.APIVersionV1 } - if err := cvs[idx].Validate(); err != nil { + if err := cvs[idx].Validate(); ignoreSkippableChartValidationError(err) != nil { log.Printf("skipping loading invalid entry for chart %q %q from %s: %s", name, cvs[idx].Version, source, err) cvs = append(cvs[:idx], cvs[idx+1:]...) } @@ -392,3 +392,23 @@ } return yaml.UnmarshalStrict(b, i) } + +// ignoreSkippableChartValidationError inspect the given error and returns nil if +// the error isn't important for index loading +// +// In particular, charts may introduce validations that don't impact repository indexes +// And repository indexes may be generated by older/non-complient software, which doesn't +// conform to all validations. +func ignoreSkippableChartValidationError(err error) error { + verr, ok := err.(chart.ValidationError) + if !ok { + return err + } + + // https://github.com/helm/helm/issues/12748 (JFrog repository strips alias field) + if strings.HasPrefix(verr.Error(), "validation: more than one dependency with name or alias") { + return nil + } + + return err +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helm-3.14.2/pkg/repo/index_test.go new/helm-3.14.3/pkg/repo/index_test.go --- old/helm-3.14.2/pkg/repo/index_test.go 2024-02-21 21:16:14.000000000 +0100 +++ new/helm-3.14.3/pkg/repo/index_test.go 2024-03-13 19:48:13.000000000 +0100 @@ -20,6 +20,7 @@ "bufio" "bytes" "encoding/json" + "fmt" "net/http" "os" "path/filepath" @@ -596,3 +597,50 @@ } } } + +func TestIgnoreSkippableChartValidationError(t *testing.T) { + type TestCase struct { + Input error + ErrorSkipped bool + } + testCases := map[string]TestCase{ + "nil": { + Input: nil, + }, + "generic_error": { + Input: fmt.Errorf("foo"), + }, + "non_skipped_validation_error": { + Input: chart.ValidationError("chart.metadata.type must be application or library"), + }, + "skipped_validation_error": { + Input: chart.ValidationErrorf("more than one dependency with name or alias %q", "foo"), + ErrorSkipped: true, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + result := ignoreSkippableChartValidationError(tc.Input) + + if tc.Input == nil { + if result != nil { + t.Error("expected nil result for nil input") + } + return + } + + if tc.ErrorSkipped { + if result != nil { + t.Error("expected nil result for skipped error") + } + return + } + + if tc.Input != result { + t.Error("expected the result equal to input") + } + + }) + } +} ++++++ helm.obsinfo ++++++ --- /var/tmp/diff_new_pack.3AAa0Q/_old 2024-03-25 21:20:41.032936270 +0100 +++ /var/tmp/diff_new_pack.3AAa0Q/_new 2024-03-25 21:20:41.036936417 +0100 @@ -1,5 +1,5 @@ name: helm -version: 3.14.2 -mtime: 1708546574 -commit: c309b6f0ff63856811846ce18f3bdc93d2b4d54b +version: 3.14.3 +mtime: 1710355693 +commit: f03cc04caaa8f6d7c3e67cf918929150cf6f3f12 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/helm/vendor.tar.gz /work/SRC/openSUSE:Factory/.helm.new.1905/vendor.tar.gz differ: char 5, line 1