build(deps): update Helm v4 to 4.0.1 and helm-secrets to 4.7.4 (#2304)
* build(deps): update Helm v4 from 4.0.0 to 4.0.1
Update Helm v4 binary and Go library dependency to version 4.0.1.
Changes:
- Update helm.sh/helm/v4 Go module from v4.0.0 to v4.0.1
- Update Helm binary version in all Dockerfiles (alpine, ubuntu, debian)
- Update SHA256 checksums for linux/amd64 and linux/arm64
- Update CI workflow matrix to test against v4.0.1
- Update HelmRecommendedVersion constant in pkg/app/init.go
- Update test mocks to return v4.0.1 version string
- Update test plugin fixture version
Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
* build(deps): update helm-secrets from 4.7.0 to 4.7.4
Update helm-secrets plugin version across all configurations:
- Docker images (all 3 variants) - use ARG variable for version
- CI test matrix
- Integration test defaults
- Unit test fixtures and expectations
- HelmSecretsRecommendedVersion constant
- Dynamic plugin installation in exec.go
Also update plugin filename format from helm-secrets-*.tgz to
secrets-{version}.tgz to match the new release naming convention.
Update suppress-output-line-regex test expected output for Helm 4.0.1
which now suppresses Service diff after ipFamily normalization.
Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
---------
Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
This commit is contained in:
Aditya Menon
GitHub
parent
9c70adc038
commit
534d0b618c
|
|
@ -1,4 +1,4 @@
|
|||
HELM_VERSION ?= v4.0.0
|
||||
HELM_VERSION ?= v4.0.1
|
||||
KUSTOMIZE_VERSION ?= v5.8.0
|
||||
K8S_VERSION ?= v1.34.0
|
||||
MINIKUBE_VERSION ?= v1.37.0
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
helm-version: [v3.18.6, v3.19.2, v4.0.0]
|
||||
helm-version: [v3.18.6, v3.19.2, v4.0.1]
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
|
|
@ -67,16 +67,16 @@ jobs:
|
|||
env:
|
||||
HELMFILE_HELM4: ${{ startsWith(matrix.helm-version, 'v4') && '1' || '0' }}
|
||||
- name: Archive built binaries
|
||||
if: matrix.helm-version == 'v4.0.0'
|
||||
if: matrix.helm-version == 'v4.0.1'
|
||||
run: tar -cvf built-binaries.tar helmfile diff-yamls dyff
|
||||
- uses: actions/upload-artifact@v5
|
||||
if: matrix.helm-version == 'v4.0.0'
|
||||
if: matrix.helm-version == 'v4.0.1'
|
||||
with:
|
||||
name: built-binaries-${{ github.run_id }}
|
||||
path: built-binaries.tar
|
||||
retention-days: 1
|
||||
- name: Display built binaries
|
||||
if: matrix.helm-version == 'v4.0.0'
|
||||
if: matrix.helm-version == 'v4.0.1'
|
||||
run: ls -l helmfile diff-yamls dyff
|
||||
|
||||
integration_tests:
|
||||
|
|
@ -95,35 +95,35 @@ jobs:
|
|||
# and instruct users to upgrade helm and helm-secrets at once.
|
||||
- helm-version: v3.18.6
|
||||
kustomize-version: v5.8.0
|
||||
plugin-secrets-version: 4.7.0
|
||||
plugin-secrets-version: 4.7.4
|
||||
plugin-diff-version: 3.14.1
|
||||
extra-helmfile-flags: ''
|
||||
# In case you need to test some optional helmfile features,
|
||||
# enable it via extra-helmfile-flags below.
|
||||
- helm-version: v3.18.6
|
||||
kustomize-version: v5.8.0
|
||||
plugin-secrets-version: 4.7.0
|
||||
plugin-secrets-version: 4.7.4
|
||||
plugin-diff-version: 3.14.1
|
||||
extra-helmfile-flags: '--enable-live-output'
|
||||
- helm-version: v3.19.2
|
||||
kustomize-version: v5.8.0
|
||||
plugin-secrets-version: 4.7.0
|
||||
plugin-secrets-version: 4.7.4
|
||||
plugin-diff-version: 3.14.1
|
||||
extra-helmfile-flags: ''
|
||||
- helm-version: v3.19.2
|
||||
kustomize-version: v5.8.0
|
||||
plugin-secrets-version: 4.7.0
|
||||
plugin-secrets-version: 4.7.4
|
||||
plugin-diff-version: 3.14.1
|
||||
extra-helmfile-flags: '--enable-live-output'
|
||||
# Helmfile now supports both Helm 3.x and Helm 4.x
|
||||
- helm-version: v4.0.0
|
||||
- helm-version: v4.0.1
|
||||
kustomize-version: v5.8.0
|
||||
plugin-secrets-version: 4.7.0
|
||||
plugin-secrets-version: 4.7.4
|
||||
plugin-diff-version: 3.14.1
|
||||
extra-helmfile-flags: ''
|
||||
- helm-version: v4.0.0
|
||||
- helm-version: v4.0.1
|
||||
kustomize-version: v5.8.0
|
||||
plugin-secrets-version: 4.7.0
|
||||
plugin-secrets-version: 4.7.4
|
||||
plugin-diff-version: 3.14.1
|
||||
extra-helmfile-flags: '--enable-live-output'
|
||||
steps:
|
||||
|
|
|
|||
13
Dockerfile
13
Dockerfile
|
|
@ -30,7 +30,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
|||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||
|
||||
ARG HELM_VERSION="v4.0.0"
|
||||
ARG HELM_VERSION="v4.0.1"
|
||||
ENV HELM_VERSION="${HELM_VERSION}"
|
||||
ENV HELM_BIN="/usr/local/bin/helm"
|
||||
ARG HELM_LOCATION="https://get.helm.sh"
|
||||
|
|
@ -39,8 +39,8 @@ RUN set -x && \
|
|||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||
echo Verifying ${HELM_FILENAME}... && \
|
||||
case ${TARGETPLATFORM} in \
|
||||
"linux/amd64") HELM_SHA256="c77e9e7c1cc96e066bd240d190d1beed9a6b08060b2043ef0862c4f865eca08f" ;; \
|
||||
"linux/arm64") HELM_SHA256="8c5c77e20cc29509d640e208a6a7d2b7e9f99bb04e5b5fbe22707b72a5235245" ;; \
|
||||
"linux/amd64") HELM_SHA256="e0365548f01ed52a58a1181ad310b604a3244f59257425bb1739499372bdff60" ;; \
|
||||
"linux/arm64") HELM_SHA256="959fa52d34e2e1f0154e3220ed5f22263c8593447647a43af07890bba4b004d1" ;; \
|
||||
esac && \
|
||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||
echo Extracting ${HELM_FILENAME}... && \
|
||||
|
|
@ -94,10 +94,11 @@ RUN set -x && \
|
|||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||
|
||||
ARG HELM_SECRETS_VERSION="4.7.4"
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.14.1 --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets-getter.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets-post-renderer.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-getter-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-post-renderer-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.17.0 --verify=false && \
|
||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.4.1 --verify=false && \
|
||||
rm -rf ${HELM_CACHE_HOME}/plugins
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
|||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||
|
||||
ARG HELM_VERSION="v4.0.0"
|
||||
ARG HELM_VERSION="v4.0.1"
|
||||
ENV HELM_VERSION="${HELM_VERSION}"
|
||||
ENV HELM_BIN="/usr/local/bin/helm"
|
||||
ARG HELM_LOCATION="https://get.helm.sh"
|
||||
|
|
@ -47,8 +47,8 @@ RUN set -x && \
|
|||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||
echo Verifying ${HELM_FILENAME}... && \
|
||||
case ${TARGETPLATFORM} in \
|
||||
"linux/amd64") HELM_SHA256="c77e9e7c1cc96e066bd240d190d1beed9a6b08060b2043ef0862c4f865eca08f" ;; \
|
||||
"linux/arm64") HELM_SHA256="8c5c77e20cc29509d640e208a6a7d2b7e9f99bb04e5b5fbe22707b72a5235245" ;; \
|
||||
"linux/amd64") HELM_SHA256="e0365548f01ed52a58a1181ad310b604a3244f59257425bb1739499372bdff60" ;; \
|
||||
"linux/arm64") HELM_SHA256="959fa52d34e2e1f0154e3220ed5f22263c8593447647a43af07890bba4b004d1" ;; \
|
||||
esac && \
|
||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||
echo Extracting ${HELM_FILENAME}... && \
|
||||
|
|
@ -103,10 +103,11 @@ RUN set -x && \
|
|||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||
|
||||
ARG HELM_SECRETS_VERSION="4.7.4"
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.14.1 --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets-getter.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets-post-renderer.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-getter-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-post-renderer-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.17.0 --verify=false && \
|
||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.4.1 --verify=false && \
|
||||
rm -rf ${HELM_CACHE_HOME}/plugins
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ ENV HELM_CONFIG_HOME="${HELM_CONFIG_HOME}"
|
|||
ARG HELM_DATA_HOME="${HOME}/.local/share/helm"
|
||||
ENV HELM_DATA_HOME="${HELM_DATA_HOME}"
|
||||
|
||||
ARG HELM_VERSION="v4.0.0"
|
||||
ARG HELM_VERSION="v4.0.1"
|
||||
ENV HELM_VERSION="${HELM_VERSION}"
|
||||
ENV HELM_BIN="/usr/local/bin/helm"
|
||||
ARG HELM_LOCATION="https://get.helm.sh"
|
||||
|
|
@ -47,8 +47,8 @@ RUN set -x && \
|
|||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||
echo Verifying ${HELM_FILENAME}... && \
|
||||
case ${TARGETPLATFORM} in \
|
||||
"linux/amd64") HELM_SHA256="c77e9e7c1cc96e066bd240d190d1beed9a6b08060b2043ef0862c4f865eca08f" ;; \
|
||||
"linux/arm64") HELM_SHA256="8c5c77e20cc29509d640e208a6a7d2b7e9f99bb04e5b5fbe22707b72a5235245" ;; \
|
||||
"linux/amd64") HELM_SHA256="e0365548f01ed52a58a1181ad310b604a3244f59257425bb1739499372bdff60" ;; \
|
||||
"linux/arm64") HELM_SHA256="959fa52d34e2e1f0154e3220ed5f22263c8593447647a43af07890bba4b004d1" ;; \
|
||||
esac && \
|
||||
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||
echo Extracting ${HELM_FILENAME}... && \
|
||||
|
|
@ -103,10 +103,11 @@ RUN set -x && \
|
|||
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||
|
||||
ARG HELM_SECRETS_VERSION="4.7.4"
|
||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.14.1 --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets-getter.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v4.7.0/helm-secrets-post-renderer.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-getter-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-post-renderer-${HELM_SECRETS_VERSION}.tgz --verify=false && \
|
||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.17.0 --verify=false && \
|
||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v1.4.1 --verify=false && \
|
||||
rm -rf ${HELM_CACHE_HOME}/plugins
|
||||
|
|
|
|||
2
go.mod
2
go.mod
|
|
@ -33,7 +33,7 @@ require (
|
|||
golang.org/x/sync v0.18.0
|
||||
golang.org/x/term v0.37.0
|
||||
helm.sh/helm/v3 v3.19.2
|
||||
helm.sh/helm/v4 v4.0.0
|
||||
helm.sh/helm/v4 v4.0.1
|
||||
k8s.io/apimachinery v0.34.2
|
||||
k8s.io/client-go v0.34.2
|
||||
)
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -942,8 +942,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
|||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
helm.sh/helm/v3 v3.19.2 h1:psQjaM8aIWrSVEly6PgYtLu/y6MRSmok4ERiGhZmtUY=
|
||||
helm.sh/helm/v3 v3.19.2/go.mod h1:gX10tB5ErM+8fr7bglUUS/UfTOO8UUTYWIBH1IYNnpE=
|
||||
helm.sh/helm/v4 v4.0.0 h1:Ppai7cygdmyxSR+JR9djUoVrRmyMI/yY5P5TBd25oHs=
|
||||
helm.sh/helm/v4 v4.0.0/go.mod h1:G1Y5AE+lJPQSAjh7nbXnhZrtGtxo+I6POSu9DruYiGI=
|
||||
helm.sh/helm/v4 v4.0.1 h1:WAfnyQEaEnTgaIPJssN+sPx0k1pkKldro8tE4q3c51A=
|
||||
helm.sh/helm/v4 v4.0.1/go.mod h1:G1Y5AE+lJPQSAjh7nbXnhZrtGtxo+I6POSu9DruYiGI=
|
||||
k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY=
|
||||
k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw=
|
||||
k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI=
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ import (
|
|||
const (
|
||||
HelmRequiredVersion = "v3.18.6" // Minimum required version (supports Helm 3.x and 4.x)
|
||||
HelmDiffRecommendedVersion = "v3.14.1"
|
||||
HelmRecommendedVersion = "v4.0.0" // Recommended to use latest Helm 4
|
||||
HelmSecretsRecommendedVersion = "v4.7.0" // v4.7.0+ works with both Helm 3 (single plugin) and Helm 4 (split plugin architecture)
|
||||
HelmRecommendedVersion = "v4.0.1" // Recommended to use latest Helm 4
|
||||
HelmSecretsRecommendedVersion = "v4.7.4" // v4.7.0+ works with both Helm 3 (single plugin) and Helm 4 (split plugin architecture)
|
||||
HelmGitRecommendedVersion = "v1.3.0"
|
||||
HelmS3RecommendedVersion = "v0.16.3"
|
||||
HelmInstallCommand = "https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3" // Default to Helm 3 script for compatibility
|
||||
|
|
|
|||
|
|
@ -831,7 +831,13 @@ func (helm *execer) installHelmSecretsV4(version string) error {
|
|||
helm.logger.Infof("Installing helm-secrets %s (split plugin architecture for Helm 4)", version)
|
||||
|
||||
baseURL := fmt.Sprintf("https://github.com/jkroepke/helm-secrets/releases/download/%s", version)
|
||||
plugins := []string{"helm-secrets.tgz", "helm-secrets-getter.tgz", "helm-secrets-post-renderer.tgz"}
|
||||
// Strip "v" prefix for filename (e.g., "v4.7.4" -> "4.7.4")
|
||||
versionNum := strings.TrimPrefix(version, "v")
|
||||
plugins := []string{
|
||||
fmt.Sprintf("secrets-%s.tgz", versionNum),
|
||||
fmt.Sprintf("secrets-getter-%s.tgz", versionNum),
|
||||
fmt.Sprintf("secrets-post-renderer-%s.tgz", versionNum),
|
||||
}
|
||||
|
||||
verifyFlag := ""
|
||||
if !helm.options.EnforcePluginVerification {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ func (mock *mockRunner) ExecuteStdIn(cmd string, args []string, env map[string]s
|
|||
|
||||
func (mock *mockRunner) Execute(cmd string, args []string, env map[string]string, enableLiveOutput bool) ([]byte, error) {
|
||||
if len(mock.output) == 0 && strings.Join(args, " ") == "version --short" {
|
||||
return []byte("v4.0.0+g99cd196"), nil
|
||||
return []byte("v4.0.1+g12500dd"), nil
|
||||
}
|
||||
return mock.output, mock.err
|
||||
}
|
||||
|
|
@ -147,8 +147,8 @@ exec: helm --kubeconfig config --kube-context dev repo add myRepo https://repo.e
|
|||
`,
|
||||
},
|
||||
{
|
||||
name: "Helm 4.0.0 (force-update is default)",
|
||||
version: "4.0.0",
|
||||
name: "Helm 4.0.1 (force-update is default)",
|
||||
version: "4.0.1",
|
||||
expected: `Adding repo myRepo https://repo.example.com/
|
||||
exec: helm --kubeconfig config --kube-context dev repo add myRepo https://repo.example.com/ --cert-file cert.pem --key-file key.pem
|
||||
`,
|
||||
|
|
@ -558,8 +558,8 @@ v3.2.4+ge29ce2a
|
|||
}
|
||||
|
||||
func Test_DecryptSecret(t *testing.T) {
|
||||
// Set secrets plugin version to 4.0.0
|
||||
if err := os.Setenv("HELM_PLUGINS", "../../test/plugins/secrets/4.0.0"); err != nil {
|
||||
// Set secrets plugin version to 4.7.4
|
||||
if err := os.Setenv("HELM_PLUGINS", "../../test/plugins/secrets/4.7.4"); err != nil {
|
||||
t.Errorf("failed to set environment HELM_PLUGINS error: %s", err)
|
||||
}
|
||||
defer func() {
|
||||
|
|
@ -610,8 +610,8 @@ Decrypted %s/secretName into %s
|
|||
}
|
||||
|
||||
func Test_DecryptSecretWithGotmpl(t *testing.T) {
|
||||
// Set secrets plugin version to 4.0.0
|
||||
if err := os.Setenv("HELM_PLUGINS", "../../test/plugins/secrets/4.0.0"); err != nil {
|
||||
// Set secrets plugin version to 4.7.4
|
||||
if err := os.Setenv("HELM_PLUGINS", "../../test/plugins/secrets/4.7.4"); err != nil {
|
||||
t.Errorf("failed to set environment HELM_PLUGINS error: %s", err)
|
||||
}
|
||||
defer func() {
|
||||
|
|
@ -705,7 +705,7 @@ func Test_DiffRelease_ColorFlagHelm4(t *testing.T) {
|
|||
var buffer bytes.Buffer
|
||||
logger := NewLogger(&buffer, "debug")
|
||||
|
||||
// MockExecer creates a Helm 4 execer by default (returns v4.0.0)
|
||||
// MockExecer creates a Helm 4 execer by default (returns v4.0.1)
|
||||
helm, err := MockExecer(logger, "config", "dev")
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
|
|
@ -1256,7 +1256,7 @@ func Test_IsHelm3(t *testing.T) {
|
|||
t.Error("helmexec.IsHelm3() - Failed to detect Helm 3")
|
||||
}
|
||||
|
||||
helm4Runner := mockRunner{output: []byte("v4.0.0+ge29ce2a\n")}
|
||||
helm4Runner := mockRunner{output: []byte("v4.0.1+g12500dd\n")}
|
||||
helm, err = New("helm", HelmExecOptions{}, NewLogger(os.Stdout, "info"), "", "dev", &helm4Runner)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
|
|
@ -1276,7 +1276,7 @@ func Test_IsHelm4(t *testing.T) {
|
|||
t.Error("helmexec.IsHelm4() - Detected Helm 4 with Helm 3 version")
|
||||
}
|
||||
|
||||
helm4Runner := mockRunner{output: []byte("v4.0.0+ge29ce2a\n")}
|
||||
helm4Runner := mockRunner{output: []byte("v4.0.1+g12500dd\n")}
|
||||
helm, err = New("helm", HelmExecOptions{}, NewLogger(os.Stdout, "info"), "", "dev", &helm4Runner)
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error: %v", err)
|
||||
|
|
@ -1288,9 +1288,9 @@ func Test_IsHelm4(t *testing.T) {
|
|||
|
||||
func Test_GetPluginVersion(t *testing.T) {
|
||||
v3ExpectedVersion := "3.15.0"
|
||||
v4ExpectedVersion := "4.0.0"
|
||||
v4ExpectedVersion := "4.7.4"
|
||||
v3PluginDirPath := "../../test/plugins/secrets/3.15.0"
|
||||
v4PluginDirPath := "../../test/plugins/secrets/4.0.0"
|
||||
v4PluginDirPath := "../../test/plugins/secrets/4.7.4"
|
||||
|
||||
v3SecretPluginVersion, err := GetPluginVersion("secrets", v3PluginDirPath)
|
||||
require.NoError(t, err)
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ export HELM_PLUGINS="${HELM_DATA_HOME}/plugins"
|
|||
export HELM_CONFIG_HOME="${helm_dir}/config"
|
||||
HELM_DIFF_VERSION="${HELM_DIFF_VERSION:-3.14.1}"
|
||||
HELM_GIT_VERSION="${HELM_GIT_VERSION:-1.4.1}"
|
||||
HELM_SECRETS_VERSION="${HELM_SECRETS_VERSION:-4.7.0}"
|
||||
HELM_SECRETS_VERSION="${HELM_SECRETS_VERSION:-4.7.4}"
|
||||
export GNUPGHOME="${PWD}/${dir}/.gnupg"
|
||||
export SOPS_PGP_FP="B2D6D7BBEC03B2E66571C8C00AD18E16CFDEF700"
|
||||
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ info "Ensure helm-secrets is installed"
|
|||
# Helm 3 always uses single plugin installation regardless of helm-secrets version
|
||||
if [[ "${HELMFILE_HELM4}" == "1" ]] && [[ "$(printf '%s\n' "4.7.0" "${HELM_SECRETS_VERSION}" | sort -V | head -n1)" == "4.7.0" ]]; then
|
||||
info "Installing helm-secrets v${HELM_SECRETS_VERSION} (split plugin architecture for Helm 4)"
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tgz ${PLUGIN_INSTALL_FLAGS} || true
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets-getter.tgz ${PLUGIN_INSTALL_FLAGS} || true
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets-post-renderer.tgz ${PLUGIN_INSTALL_FLAGS} || true
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-${HELM_SECRETS_VERSION}.tgz ${PLUGIN_INSTALL_FLAGS} || true
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-getter-${HELM_SECRETS_VERSION}.tgz ${PLUGIN_INSTALL_FLAGS} || true
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-post-renderer-${HELM_SECRETS_VERSION}.tgz ${PLUGIN_INSTALL_FLAGS} || true
|
||||
else
|
||||
info "Installing helm-secrets v${HELM_SECRETS_VERSION} (single plugin)"
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets --version v${HELM_SECRETS_VERSION} ${PLUGIN_INSTALL_FLAGS} || true
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ info "Ensure helm-secrets is installed"
|
|||
# Helm 3 always uses single plugin installation regardless of helm-secrets version
|
||||
if [[ "${HELMFILE_HELM4}" == "1" ]] && [[ "$(printf '%s\n' "4.7.0" "${HELM_SECRETS_VERSION}" | sort -V | head -n1)" == "4.7.0" ]]; then
|
||||
info "Installing helm-secrets v${HELM_SECRETS_VERSION} (split plugin architecture for Helm 4)"
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tgz ${PLUGIN_INSTALL_FLAGS}
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets-getter.tgz ${PLUGIN_INSTALL_FLAGS}
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets-post-renderer.tgz ${PLUGIN_INSTALL_FLAGS}
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-${HELM_SECRETS_VERSION}.tgz ${PLUGIN_INSTALL_FLAGS}
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-getter-${HELM_SECRETS_VERSION}.tgz ${PLUGIN_INSTALL_FLAGS}
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/secrets-post-renderer-${HELM_SECRETS_VERSION}.tgz ${PLUGIN_INSTALL_FLAGS}
|
||||
else
|
||||
info "Installing helm-secrets v${HELM_SECRETS_VERSION} (single plugin)"
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets --version v${HELM_SECRETS_VERSION} ${PLUGIN_INSTALL_FLAGS}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,6 @@ helmDefaults:
|
|||
suppressOutputLineRegex:
|
||||
- "helm.sh/chart"
|
||||
- "app.kubernetes.io/version"
|
||||
# Disable auto-detected kubeVersion to prevent helm-diff from normalizing server-side defaults
|
||||
# which would hide changes like ipFamilyPolicy and ipFamilies being removed
|
||||
disableAutoDetectedKubeVersionForDiff: true
|
||||
|
||||
repositories:
|
||||
- name: ingress-nginx
|
||||
|
|
|
|||
|
|
@ -496,40 +496,7 @@ helmfile-tests, ingress-nginx-controller, Deployment (apps) has changed:
|
|||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: ingress-nginx-admission
|
||||
helmfile-tests, ingress-nginx-controller, Service (v1) has changed:
|
||||
# Source: ingress-nginx/templates/controller-service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: helmfile-tests
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
- ipFamilyPolicy: SingleStack
|
||||
- ipFamilies:
|
||||
- - IPv4
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
appProtocol: http
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
targetPort: https
|
||||
appProtocol: https
|
||||
selector:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/component: controller
|
||||
helmfile-tests, ingress-nginx-controller, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-controller-admission, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, nginx, IngressClass (networking.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, NetworkPolicy (networking.k8s.io) has been removed:
|
||||
|
|
|
|||
|
|
@ -496,40 +496,7 @@ helmfile-tests, ingress-nginx-controller, Deployment (apps) has changed:
|
|||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: ingress-nginx-admission
|
||||
helmfile-tests, ingress-nginx-controller, Service (v1) has changed:
|
||||
# Source: ingress-nginx/templates/controller-service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/component: controller
|
||||
name: ingress-nginx-controller
|
||||
namespace: helmfile-tests
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
- ipFamilyPolicy: SingleStack
|
||||
- ipFamilies:
|
||||
- - IPv4
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
appProtocol: http
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
targetPort: https
|
||||
appProtocol: https
|
||||
selector:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/component: controller
|
||||
helmfile-tests, ingress-nginx-controller, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-controller-admission, Service (v1) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, nginx, IngressClass (networking.k8s.io) has changed, but diff is empty after suppression.
|
||||
helmfile-tests, ingress-nginx-admission, NetworkPolicy (networking.k8s.io) has been removed:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: "secrets"
|
||||
version: "4.0.0"
|
||||
version: "4.7.4"
|
||||
usage: "Secrets encryption in Helm for Git storing"
|
||||
description: |-
|
||||
This plugin provides secrets values encryption for Helm charts secure storing
|
||||
Loading…
Reference in New Issue