Skip to content

update docs so chart version is optional on helm provisioner #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chrisghill wants to merge 1 commit into
base: main
Choose a base branch
from
Open

update docs so chart version is optional on helm provisioner #159

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/provisioners/04-helm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ The following configuration options are available:
| `release_name` | string | (package name) | Specifies the release name for the helm chart. Defaults to the Massdriver package name if not specified. |
| `.chart.repo` | string | `null` | Specifies the URL of the chart repo (required if using [remote chart](#local-vs-remote-chart)) |
| `.chart.name` | string | `null` | Specifies the name of the chart from the repo to use (required if using [remote chart](#local-vs-remote-chart)) |
| `.chart.version` | string | `null` | Specifies the chart version to use (required if using [remote chart](#local-vs-remote-chart)) |
| `.chart.version` | string | `null` | Specifies the chart version to use (optional if using [remote chart](#local-vs-remote-chart), defaults to latest) |
Copy link

Copilot AI Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The documentation on line 44 in the "Local vs Remote Chart" section still states "All 3 fields must be set, or none of them set" which contradicts this change making the chart version optional. Line 44 should be updated to reflect that only .chart.repo and .chart.name are required for remote charts, while .chart.version is optional and defaults to the latest version.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making chart.version optional and defaulting to "latest" for remote charts means deployments will pull a mutable chart version rather than a pinned one, which introduces a supply-chain risk if the upstream chart repository is compromised or publishes a malicious update. An attacker who can tamper with the remote chart repo (or its DNS/transport) can cause future deployments to pick up altered manifests without any version change, potentially leading to cluster compromise. To mitigate this, require a specific chart.version for remote charts (or at least strongly enforce/recommend pinning to an immutable version) instead of implicitly defaulting to the latest.

Copilot uses AI. Check for mistakes.
| `debug` | boolean | `true` | Enables the `--debug` flag for Helm (verbose output) |
| `wait` | boolean | `true` | Enables the `--wait` flag for Helm (waits for pods, PVCs, services, etc. to be ready before marking the release as successful) |
| `wait_for_jobs` | string | `true` | Enables the `--wait-for-jobs` flag for Helm (waits for jobs to complete before marking the release as successful) |
Expand Down