Support for Helm chart dependencies #2237
Comments
|
I'm 👍 on this, and the implementation shouldn't be too tricky (parsing will be trivial, and there's no concept of version conflicts so the update checker should be simple, too). Thanks for the suggestion! |
|
Hi, Is there any progress on this feature? Is helm support still in the plans? |
|
Not yet - we have our work cut out with the GitHub integration and the associated increase in scale for Dependabot, but we'd like to get to this (and it's something the community can add, as the relevant addition would be in Dependabot Core. |
|
Any progress on this ? I'd really love to use dependabot for helm chart updates as well. |
|
Interestingly for some stuff I actually track the source repo and parse the version (e.g. out of the EDIT: I used the same workaround for e.g. kubernetes-dashboard, but it won't work if the Chart is not in its own git repo. |
|
I've started implementing this feature today. |
|
@siavashs how would that work? Using helmsman? |
|
@hazcod The logic I'm working on currently:
The above method allows updating dependencies without needing to run any external binaries. There are other things that I haven't looked into yet:
|
|
I have the initial implementation ready, the only problems are:
Now regarding the following items:
Let me know if you have any comments or suggestions. Otherwise expect a PR in coming weeks. |
|
@siavashs that already seems like a great starting point? Did you open a PR already? |
|
@hazcod not yet, unfortunately I was too busy. |
|
@siavashs In my experience in the past with adding features, the Dependabot team is helpful with this at their own pace. Also, I'm pretty sure enough of us are interested to have this out there to help out with feedback and core suggestions. |
|
Checkout the draft PR here: #3031 |
So regarding that specific point, is it only going to update when there are archives under |
|
I think dependency archives should be only updated and not added (if possible). |
|
Yeah I agree, hence asking. Well you have file access so you could compare before and after and only commit archives when existing files updated. |
|
We're currently not adding any new ecosystems, but Helm charts is something we would definitely love to support in the future. The best option if you'd like to build and use this, would be releasing it as a separate gem, using dependabot-core as a dependency and running it on CI (for example using a scheduled GH action). Once we open up support for new ecosystems again, we could then potentially upstream those changes into dependabot-core. |
|
consider that most of these updates are paired with tools like helm-docs or terraform-docs that update README files so just updating the manifest is not enough to have a green build |
|
For those who want to pick up automated dependencies quicker, it seems renovatebot supports helm and more. |
|
It would still be nice to have this feature in dependabot as well. |
|
Concrete use-case: The current bitnami mess in bitnami/charts#10539 would be more easily managed with dependabot being able to track charts dependencies |
|
It's unfortunate that expansion of ecosystems has been halted, but I understand and appreciate posting the decision. I'm adding my name to the list of people who would like to see this feature request realized, as it would add significant value to keeping up with some off our self-hosted resources that need to stay closer to the latest track. |
|
Hi, I don't know you, but I can't keep up with the ArgoCD helm chart updates 🤣 ... and I needed a quick, simple, maintainable, and very flexible solution because some of the versions are declared in the I documented as much as I could in the readme, and this is an example of how to use it
It's not feature-complete but for now, it does the job! If you have any suggestions or you want to contribute, you are more than welcome! I hope it helps 😊 |
|
Wouldn't Renovatebot solve this issue as well? It's FOSS, manages a lot of different types of deps and supports Argo including OCI. |
|
@onedr0p 👀 thanks for the link! It definitely covers way way more and it has nothing to compare! The gist of the action is nothing else than a curl request curl -sSL "https://artifacthub.io/api/v1/packages/helm/argo/argo-cd/feed/rss" | \
yq -p=xml '.rss.channel.item[0].title'
5.13.6and a |
|
Adding some breadcrumbs re: registries for Helm charts:
To be clear, no promise of supporting this, just adding breadcrumbs to help keep track of external developments in this ecosystem. |
|
@jurre, any updates on the possible integration of new packages? |
|
@abdulapopoola Any update on this? |
|
It's been a while. Are there any updates regarding this feature? |
|
This is a deal breaker for my employer, and we're willing to contribute a PR for supporting open helm repositories. Would such a PR be accepted? |
|
+1 ; willing to contribute |
|
+1; renovate has this already, I would expect less from Dependabot |
|
+1; would be helpful |
1 similar comment
|
+1; would be helpful |
|
Let's face it, this issue is opened for more than 6 years and given the looooong track of features being requested and never implemented by GitHub, I have personally lost hope anything would happen. |
Sorry for the late response, yes, such a contribution will be very welcome. We do apologize for the lack of responses and we are working hard on becoming more responsive in coming weeks. Tagging @AlexanderBrevig |
and others
Hi,
Just adding a request for support for Helm chart repositories. I realise you have a full roadmap/workload already, but just wanted to write the request down somewhere.
https://docs.helm.sh/developing_charts/#chart-dependencies
Thanks!
The text was updated successfully, but these errors were encountered: