fix: update chart downloading logic and improve digest handling in im…#3080
fix: update chart downloading logic and improve digest handling in im…#3080redscholar merged 1 commit intokubesphere:mainfrom
Conversation
…age repository Signed-off-by: redscholar <blacktiledhouse@gmail.com>
kubesphere-prow
Bot
added
release-note-none
kind/bug
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: redscholar The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubesphere-prow
Bot
added
approved
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the Helm chart download process to support both OCI and standard HTTP repositories using helm pull and updates the image repository module to resolve manifest digests from tags using a local layout file. Feedback focuses on improving the robustness of these changes, specifically by handling missing tags in the layout file to avoid 500 errors, correcting log paths, quoting shell variables in Ansible tasks, and restoring idempotency checks to prevent redundant chart downloads.
| actualDigest = tagDigest[requestDigest] | ||
| } |
There was a problem hiding this comment.
If the requestDigest (the tag) is not found in the layout file, actualDigest will be an empty string. This causes actualFilename to point to the directory itself. os.Stat will succeed on the directory, but os.ReadFile will subsequently fail with an error (e.g., "is a directory"), leading to a 500 Internal Server Error. It is more appropriate to return responseNotFound (404) when the tag cannot be resolved.
actualDigest = tagDigest[requestDigest]
if actualDigest == "" {
return responseNotFound
}
}| file, err := os.ReadFile(filename) | ||
| file, err := os.ReadFile(actualFilename) | ||
| if err != nil { | ||
| klog.V(4).ErrorS(err, "failed to read file", "filename", filename) |
There was a problem hiding this comment.
The error log should reference actualFilename instead of filename, as actualFilename is the path that the code attempted to read and failed.
| klog.V(4).ErrorS(err, "failed to read file", "filename", filename) | |
| klog.V(4).ErrorS(err, "failed to read file", "filename", actualFilename) |
| url={{ .item.url }} | ||
| version={{ .item.version }} |
There was a problem hiding this comment.
Shell variables should be double-quoted to ensure the script handles URLs or versions containing spaces or special characters correctly.
url="{{ .item.url }}"
version="{{ .item.version }}"| copy: | ||
| src: "{{ .work_dir }}/charts/{{ base .item }}" | ||
| dest: "{{ .artifact_dir }}/charts/{{ base .item }}" No newline at end of file | ||
| command: | |
There was a problem hiding this comment.
The transition from a copy task with a when condition to a command task has removed the idempotency check. helm pull will now be executed on every run, regardless of whether the chart already exists in the artifact directory. Consider adding a shell-level check to skip the download if the target file is already present to improve efficiency.
1 participant
…age repository
What type of PR is this?
/kind bug
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for reviewers:
Does this PR introduced a user-facing change?
Additional documentation, usage docs, etc.: