Chart dependency with version range cannot be sorted

Question

Chart dependency with version range cannot be sorted

Closed this issue 4 months ago · 4 comments

Chart dependencies specified using the recommended version range method are unable to be sorted.

Chart.yaml

apiVersion: v2
description: Example umbrella chart
type: application
name: example-umbrella-chart
version: "0.0.1"
maintainers:
  - name: Someone
    email: someone@someplace.com
dependencies: 
- name: node-problem-detector
  repository: https://charts.deliveryhero.io
  version: "^2.3.11"

values.yaml

foo: bar

% helm-schema --version        
helm-schema version 0.11.5

% helm-schema --log-level trace                                   
WARN[2024-07-18T20:31:12+01:00] Could not sort results: circular or missing dependency found: map[example-umbrella-chart-0.0.1:Set{node-problem-detector-^2.3.11}] - Please build and untar all your helm dependencies: helm dep build && ls charts/*.tgz |xargs -n1 tar -C charts/ -xzf 
DEBU[2024-07-18T20:31:12+01:00] Processing result for chart: example-umbrella-chart (Chart.yaml) 
WARN[2024-07-18T20:31:12+01:00] Dependency (example-umbrella-chart->node-problem-detector) specified but no schema found. If you want to create jsonschemas for external dependencies, you need to run helm dependency build & untar the charts. 

% helm dep build && ls charts/*.tgz |xargs -n1 tar -C charts/ -xzf
Getting updates for unmanaged Helm repositories...
...Successfully got an update from the "https://charts.deliveryhero.io" chart repository
...
Update Complete. ⎈Happy Helming!⎈
Saving 1 charts
Downloading node-problem-detector from repo https://charts.deliveryhero.io
Deleting outdated charts

% helm-schema --log-level trace                                   
WARN[2024-07-18T20:32:01+01:00] Could not sort results: circular or missing dependency found: map[example-umbrella-chart-0.0.1:Set{node-problem-detector-^2.3.11}] - Please build and untar all your helm dependencies: helm dep build && ls charts/*.tgz |xargs -n1 tar -C charts/ -xzf 
DEBU[2024-07-18T20:32:01+01:00] Processing result for chart: node-problem-detector (charts/node-problem-detector/Chart.yaml) 
DEBU[2024-07-18T20:32:01+01:00] Processing result for chart: example-umbrella-chart (Chart.yaml) 
DEBU[2024-07-18T20:32:01+01:00] Found chart of dependency node-problem-detector (charts/node-problem-detector/Chart.yaml)

Switching the version: constraint to a specific version resolves the issue.

Possibly relates to #30

Answer 1 · 2024-07-19T16:53:23.000Z

This happens because it's using the version to identify the chart. This was necessary to fix #27. I need to find a way to identify a chart without the version field..

Answer 2 · 2024-07-19T17:10:40.000Z

This happens because it's using the version to identify the chart. This was necessary to fix #27. I need to find a way to identify a chart without the version field..

Hm, this is tricky, especially given the expectation is that helm dep build has already been run out-of-band so the version-range resolution process is opaque. With a Chart.yaml like

apiVersion: v2
description: Example umbrella chart
type: application
name: example-umbrella-chart
version: "0.0.1"
maintainers:
  - name: Someone
    email: someone@someplace.com
dependencies: 
- name: node-problem-detector
  alias: dep-a
  repository: https://charts.deliveryhero.io
  version: "^2.3.11"
- name: node-problem-detector
  alias: dep-b
  repository: https://charts.deliveryhero.io
  version: "^1"

we end up with a Chart.lock like

dependencies:
- name: node-problem-detector
  repository: https://charts.deliveryhero.io
  version: 2.3.13
- name: node-problem-detector
  repository: https://charts.deliveryhero.io
  version: 1.8.7
digest: sha256:41dba0e364f30a9fa06247870f8d4fcb76f83a677ac4f8266ff5d3c43655c2de
generated: "2024-07-19T18:08:02.243846+01:00"

and it's unclear how exactly to tie the version-range dependency to the version-locked dependency. I wonder if we can rely on list position? If so we could perhaps parse the Chart.lock and use the version there as the resolved version for sorting/identification purposes?

Answer 3 · 2024-07-19T17:13:31.000Z

Looks like Chart.lock dependencies are 1:1 with Chart.yaml dependencies, even if the resolved version is the same:

Chart.yaml

apiVersion: v2
description: Example umbrella chart
type: application
name: example-umbrella-chart
version: "0.0.1"
maintainers:
  - name: Someone
    email: someone@someplace.com
dependencies: 
- name: node-problem-detector
  alias: dep-a
  repository: https://charts.deliveryhero.io
  version: "^2.3.11"
- name: node-problem-detector
  alias: dep-b
  repository: https://charts.deliveryhero.io
  version: "^1"
- name: node-problem-detector
  alias: dep-c
  repository: https://charts.deliveryhero.io
  version: "*"

Chart.lock:

dependencies:
- name: node-problem-detector
  repository: https://charts.deliveryhero.io
  version: 2.3.13
- name: node-problem-detector
  repository: https://charts.deliveryhero.io
  version: 1.8.7
- name: node-problem-detector
  repository: https://charts.deliveryhero.io
  version: 2.3.13
digest: sha256:a5eefbb0b6c38b3d2220e30ef8ee093e6b01d7fef8073a140145744b3162de6f
generated: "2024-07-19T18:12:06.434356+01:00"

Answer 4 · 2024-07-22T08:08:03.000Z

Thanks for the quick fix (also for #34)!