update docs so chart version is optional on helm provisioner #159
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR updates the Helm provisioner documentation to clarify that the .chart.version configuration field is optional when using remote charts, with the provisioner defaulting to the latest version if not specified.
Changes:
- Updated the
.chart.versionfield description in the configuration table to indicate it's optional rather than required for remote charts
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| | `.chart.repo` | string | `null` | Specifies the URL of the chart repo (required if using [remote chart](#local-vs-remote-chart)) | | ||
| | `.chart.name` | string | `null` | Specifies the name of the chart from the repo to use (required if using [remote chart](#local-vs-remote-chart)) | | ||
| | `.chart.version` | string | `null` | Specifies the chart version to use (required if using [remote chart](#local-vs-remote-chart)) | | ||
| | `.chart.version` | string | `null` | Specifies the chart version to use (optional if using [remote chart](#local-vs-remote-chart), defaults to latest) | |
There was a problem hiding this comment.
The documentation on line 44 in the "Local vs Remote Chart" section still states "All 3 fields must be set, or none of them set" which contradicts this change making the chart version optional. Line 44 should be updated to reflect that only .chart.repo and .chart.name are required for remote charts, while .chart.version is optional and defaults to the latest version.
| | `.chart.repo` | string | `null` | Specifies the URL of the chart repo (required if using [remote chart](#local-vs-remote-chart)) | | ||
| | `.chart.name` | string | `null` | Specifies the name of the chart from the repo to use (required if using [remote chart](#local-vs-remote-chart)) | | ||
| | `.chart.version` | string | `null` | Specifies the chart version to use (required if using [remote chart](#local-vs-remote-chart)) | | ||
| | `.chart.version` | string | `null` | Specifies the chart version to use (optional if using [remote chart](#local-vs-remote-chart), defaults to latest) | |
There was a problem hiding this comment.
Making chart.version optional and defaulting to "latest" for remote charts means deployments will pull a mutable chart version rather than a pinned one, which introduces a supply-chain risk if the upstream chart repository is compromised or publishes a malicious update. An attacker who can tamper with the remote chart repo (or its DNS/transport) can cause future deployments to pick up altered manifests without any version change, potentially leading to cluster compromise. To mitigate this, require a specific chart.version for remote charts (or at least strongly enforce/recommend pinning to an immutable version) instead of implicitly defaulting to the latest.
No description provided.