feat: Add Helm 4 support alongside Helm 3 #158
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
@yxxhero Could you review my PR? |
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
This change migrates helmfile from Helm 3 to Helm 4, following Helm 3's end-of-life announcement and the stable release of Helm 4.0.0. Changes: - Update go.mod dependency from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4) - Update error messages to require "helm 4.x or later" - Fix --force-update flag to only apply to Helm 3.x (>= 3.3.2, < 4.0.0) as it became default behavior in Helm 4 - Reimplement GetPluginVersion() to avoid Helm 4 internal packages Infrastructure updates: - CI: Update to Helm v4.0.0, kubectl v1.34.2, kustomize v5.8.0 - CI: Update helm-secrets to v4.6.11, helm-diff to v3.13.2 - Dockerfiles: Update all three variants (alpine, debian, ubuntu) with latest tool versions and SHA256 checksums - Documentation: Update to reflect Helm 4.x requirement Breaking changes: - Helmfile now requires Helm 4.x or later - Helm 3.x is no longer supported Dependencies: - Requires chartify Helm 4 support: helmfile/chartify#158 Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
27 tasks
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
This change migrates helmfile from Helm 3 to Helm 4, following Helm 3's end-of-life announcement and the stable release of Helm 4.0.0. Changes: - Update go.mod dependency from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4) - Update error messages to require "helm 4.x or later" - Fix --force-update flag to only apply to Helm 3.x (>= 3.3.2, < 4.0.0) as it became default behavior in Helm 4 - Reimplement GetPluginVersion() to avoid Helm 4 internal packages - Handle missing plugins directory gracefully in GetPluginVersion() - Fix azcli debug output to avoid trailing space Infrastructure updates: - CI: Update to Helm v4.0.0, kubectl v1.34.2, kustomize v5.8.0 - CI: Update helm-secrets to v4.6.11, helm-diff to v3.13.2 - Dockerfiles: Update all three variants (alpine, debian, ubuntu) with latest tool versions and SHA256 checksums - Dockerfiles: Add --verify=false flag for Helm 4 plugin installation - Plugins: Update helm-s3 to v0.17.0, helm-git to v1.4.1 - Documentation: Update to reflect Helm 4.x requirement Breaking changes: - Helmfile now requires Helm 4.x or later - Helm 3.x is no longer supported Dependencies: - Requires chartify Helm 4 support: helmfile/chartify#158 Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
force-pushed
the
feat/helm-4-support
branch
from
874ee31 to
a0cf3be
Compare
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
force-pushed
the
feat/helm-4-support
branch
from
048a964 to
56b3a39
Compare
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
force-pushed
the
feat/helm-4-support
branch
from
56b3a39 to
e8db50a
Compare
aditmeno
added a commit
to aditmeno/helmfile
that referenced
this pull request
Nov 15, 2025
BREAKING CHANGE: This release migrates from Helm 3 to Helm 4. Helm 3 has reached end-of-life, and this migration ensures continued support and security updates. This is a breaking change that requires Helm 4.x or later to be installed. Changes: - Update go.mod from helm.sh/helm/v3 to helm.sh/helm/v4 v4.0.0 - Update all imports to use Helm 4 versioned packages (e.g., pkg/chart/v2) - Rename IsHelm3() to IsHelm4() with exact version check (== 4, not >=) - Update CI workflows to use Helm v4.0.0 - Update all Dockerfiles with latest tool versions and SHA256 checksums: - Helm v4.0.0 - kubectl v1.34.2 - kustomize v5.8.0 - minikube v1.37.0 - Update documentation to require "helm 4.x or later" - Disable Go build cache in CI to prevent disk space issues - Implement smart plugin verification with security enforcement option: - Try verification first, fall back to --verify=false if unsupported - Add --enforce-plugin-verification flag for security-sensitive environments - Remove force-update logic since it's the default behavior in Helm 4: - Remove DisableForceUpdate field from App struct - Remove DisableForceUpdate from ConfigProvider interface - Remove --disable-force-update CLI flag - Update tests to reflect Helm 4 behavior - Update Go version to 1.25.4 - Fix golangci-lint to v2.6.2 for Go 1.25.4 compatibility Migration notes: - Users must upgrade to Helm 4.x or later - The --disable-force-update flag has been removed (force-update is now default) - Plugin verification is attempted by default, with automatic fallback to --verify=false - Use --enforce-plugin-verification flag to require signed plugins for security Related PRs: - Depends on chartify PR: helmfile/chartify#158 Files changed: 40 files with +291/-271 lines Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
Member
|
@aditmeno why remove helm v3? we should suport helm v3 and helm v4. maybe we can remove helm v3 when helm v4 is stable. |
aditmeno
changed the title
Contributor
Author
I had only seen this - https://helm.sh/docs/topics/version_skew/ where it seemed like 3.19 was dropped, adding back the helm 3 config |
Member
|
@aditmeno please fix ci. |
Contributor
Author
The CI error comes from kustomize not supporting helm v4 yet, I've marked the test to be skipped for helm 4 We can add it back after a new kustomize version has been released |
aditmeno
force-pushed
the
feat/helm-4-support
branch
from
20e0936 to
1ad2b51
Compare
This commit introduces comprehensive support for both Helm 3 and Helm 4: - Added version-specific handling in chartify and chartrepo server - Implemented OCIPlainHTTP option for Helm 4 OCI support - Updated CI to run matrix tests for both Helm versions - Removed hardcoded Helm version references from tests and CLI - Updated Helm 3 version to 3.19.2 in CI - Skipped kustomize test for Helm 4 due to incompatibility - Updated documentation with latest version references Signed-off-by: Aditya Menon <amenon@canarytechnologies.com>
aditmeno
force-pushed
the
feat/helm-4-support
branch
from
1ad2b51 to
21771a3
Compare
Member
Member
|
@aditmeno v0.26.0 released. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds Helm 4.0.0 support to chartify while maintaining Helm 3 compatibility. Users can now use either Helm 3 or Helm 4, with automatic detection or explicit configuration.
Key Features
✅ Dual Helm Version Support
helm version --template={{.Version}}+g{{.GitCommit}}UseHelm3(true)orUseHelm4(true)HELM_X_HELM3orHELM_X_HELM4✅ CI Matrix Testing
Changes Made
Dependency Updates
helm.sh/helm/v3 v3.19.2alongsidehelm.sh/helm/v4 v4.0.0in go.modCore Implementation
runner.go:
isHelm3field back alongsideisHelm4UseHelm3()andIsHelm3()functionsDetectHelmVersion()to use--template={{.Version}}+g{{.GitCommit}}(compatible with both versions)chartify.go:
registryv3,registryv4)patch.go, replace.go, requirements.go:
if r.IsHelm3() || r.IsHelm4()chartrepo/server.go:
detectHelmVersion(),IsHelm3(),IsHelm4()Run()intorunHelm3()andrunHelm4()for version-specific logicaddToIndexFileHelm3()andaddToIndexFileHelm4()functionsstartHTTPServer()methodHELM_X_HELM3andHELM_X_HELM4environment variableschartrepo/server_test.gocmd/chartify/main.go, tests:
UseHelm4(true)callsCI/CD Improvements
GitHub Actions:
API Compatibility
No Breaking Changes - All existing APIs are maintained:
UseHelm3(bool)UseHelm4(bool)IsHelm3()IsHelm4()HELM_X_HELM3env varHELM_X_HELM4env varUsage Examples
Auto-detection (Recommended - Default)
Explicit Helm 3
Explicit Helm 4
Environment Variable
Testing
helm version --template={{.Version}}+g{{.GitCommit}}Migration Guide
For Current Users
No action required! The library will auto-detect your Helm version and work accordingly.
For Users Wanting to Upgrade to Helm 4
UseHelm4(true)for explicit Helm 4 modeFor Users Wanting to Stay on Helm 3
UseHelm3(true)for explicit Helm 3 modeCommits
e683599- feat: Add Helm 3 support alongside Helm 48d986ac- ci: Add matrix testing for both Helm 3 and Helm 4f0783a2- fix: Remove hardcoded Helm version from tests and CLIed0a35b- feat: Add Helm 3 and Helm 4 support to chartrepo serverRelated
Signed-off-by: Aditya Menon amenon@canarytechnologies.com