Properly lock chart dependencies #326

Merged
luhahn merged 2 commits from justusbunsi/helm-chart:dependency-hardening into master 2022-06-15 07:37:25 +00:00
Member

As mentioned in the Bitnami chart issue, they've created a git tag to
represent the latest full content index.yaml. This should be used
instead of a commit that could be changed.

https://github.com/bitnami/charts/issues/10539#issuecomment-1152641771

I've also removed the Chart.lock file from the ignore list. This file
ensures correct dependency retrieval when using helm dependency build.

https://helm.sh/docs/helm/helm_dependency_build/#helm-dependency-build

Signed-off-by: justusbunsi sk.bunsenbrenner@gmail.com

As mentioned in the Bitnami chart issue, they've created a git tag to represent the latest full content `index.yaml`. This should be used instead of a commit that could be changed. https://github.com/bitnami/charts/issues/10539#issuecomment-1152641771 I've also removed the `Chart.lock` file from the ignore list. This file ensures correct dependency retrieval when using `helm dependency build`. https://helm.sh/docs/helm/helm_dependency_build/#helm-dependency-build Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
justusbunsi added 1 commit 2022-06-11 10:53:16 +00:00
All checks were successful
continuous-integration/drone/pr Build is passing
20c727a5a0
Properly lock chart dependencies
As mentioned in the Bitnami chart issue, they've created a git tag to
represent the latest full content `index.yaml`. This should be used
instead of a commit that could be changed.

https://github.com/bitnami/charts/issues/10539#issuecomment-1152641771

I've also removed the `Chart.lock` file from the ignore list. This file
ensures correct dependency retrieval when using `helm dependency build`.

https://helm.sh/docs/helm/helm_dependency_build/#helm-dependency-build

Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
techknowlogick approved these changes 2022-06-12 19:35:48 +00:00
justusbunsi added 1 commit 2022-06-13 11:09:48 +00:00
All checks were successful
continuous-integration/drone/pr Build is passing
4aa52169c3
Merge remote-tracking branch 'upstream/master' into dependency-hardening
luhahn approved these changes 2022-06-15 07:34:42 +00:00
luhahn left a comment
Member

LGTM

LGTM
luhahn merged commit 0172a59889 into master 2022-06-15 07:37:25 +00:00
justusbunsi deleted branch dependency-hardening 2022-06-25 16:52:11 +00:00
Sign in to join this conversation.
No description provided.