Skip to content

fix: allow docker dhi helm charts to be used #25835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
blakepettersson wants to merge 4 commits into
base: master
Choose a base branch
from
Open

fix: allow docker dhi helm charts to be used #25835

blakepettersson wants to merge 4 commits into from

Conversation

@blakepettersson
Copy link
Member

@blakepettersson blakepettersson commented Jan 1, 2026
edited
Loading

Docker has a set of OCI Helm charts used as a part of their Hardened Images offering, which doesn't work with our OCI support 😢

Previously for Helm charts we checked for the presence of only one content layer (=a layer media type ending with tar or tar+gzip). The problem with that is that DHI Helm charts have two content layers, one with the actual Helm content, and another with SBOM content, failing the check.

Now we instead check to see if the image's config.mediaType is application/vnd.cncf.helm.config.v1+json, if so then only lookup a single layer == application/vnd.cncf.helm.chart.content.v1.tar+gzip, ignoring all others.

Fixes #25811.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Title of the PR
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@blakepettersson
fix: allow docker dhi helm charts to be used
6e409fb 
Docker has a set of oci Helm charts used as a part of their Hardened
Images offering. The issue with that is that these Helm charts have two
content layers.

Previously for Helm charts we checked for the prescence of only one
content layer (=a layer media type ending with `tar` or `tar+gzip`). The
problem with that is that DHI has two content layers, one with the
actual Helm content, and another with the SBOM content, failing the
check.

Now we instead check to see if the image's `config.mediaType` is
`application/vnd.cncf.helm.config.v1+json`, if so then only lookup a
single layer == `application/vnd.cncf.helm.chart.content.v1.tar+gzip`,
ignoring all others.

Fixes argoproj#25811.

Signed-off-by: Blake Pettersson <[email protected]>
@blakepettersson blakepettersson requested a review from a team as a code owner January 1, 2026 21:22
@bunnyshell
Copy link

bunnyshell bot commented Jan 1, 2026
edited
Loading

🔴 Preview Environment stopped on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

  • 🔵 /bns:start to start the environment
  • 🚀 /bns:deploy to redeploy the environment
  • /bns:delete to remove the environment

@blakepettersson blakepettersson added cherry-pick/3.1 Candidate for cherry picking into the 3.1 release branch cherry-pick/3.2 Candidate for cherry picking into the 3.2 release branch cherry-pick/3.3 Candidate for cherry picking into the 3.3 release labels Jan 1, 2026
@blakepettersson
chore: please linter
5aeb00d 
Signed-off-by: Blake Pettersson <[email protected]>
choejwoo
choejwoo reviewed Jan 3, 2026
View reviewed changes
chansuke
chansuke approved these changes Jan 5, 2026
View reviewed changes
Copy link
Member

@chansuke chansuke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@blakepettersson
chore: address pr comment
283e713 
Signed-off-by: Blake Pettersson <[email protected]>
@blakepettersson
chore: please the linter
0d1c902 
Signed-off-by: Blake Pettersson <[email protected]>
choejwoo
choejwoo approved these changes Jan 9, 2026
View reviewed changes
Copy link
Member

@choejwoo choejwoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing my comment, LGTM!

@blakepettersson blakepettersson enabled auto-merge (squash) January 12, 2026 08:07
christianh814
christianh814 approved these changes Jan 12, 2026
View reviewed changes
Copy link
Member

@christianh814 christianh814 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nitishfy nitishfy nitishfy approved these changes

+3 more reviewers

@chansuke chansuke chansuke approved these changes

@christianh814 christianh814 christianh814 approved these changes

@choejwoo choejwoo choejwoo approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cherry-pick/3.1 Candidate for cherry picking into the 3.1 release branch cherry-pick/3.2 Candidate for cherry picking into the 3.2 release branch cherry-pick/3.3 Candidate for cherry picking into the 3.3 release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Docker Hardened Images (dhi.io) Helm Charts not able to be used with ArgoCD

5 participants

@blakepettersson @chansuke @christianh814 @choejwoo @nitishfy