upgrading-chart

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Upgrading Helm Chart Dependencies

升级Helm Chart依赖

This skill automates the upgrade process for Helm chart dependencies in the Chainloop project. Supports PostgreSQL and Vault (both Bitnami charts).

本Skill可自动完成Chainloop项目中Helm chart依赖的升级流程，支持PostgreSQL和Vault（均为Bitnami charts）。

CRITICAL RESTRICTIONS

重要限制

Version Upgrade Rules:

Patch upgrades (1.2.3 → 1.2.4): ALLOWED
Minor upgrades (1.2.x → 1.3.x): ALLOWED
Major upgrades (1.x.x → 2.x.x): FORBIDDEN - STOP IMMEDIATELY

MANDATORY: If major version upgrade is detected, STOP the process and inform the user that manual review is required.

版本升级规则:

补丁版本升级（1.2.3 → 1.2.4）：允许
小版本升级（1.2.x → 1.3.x）：允许
大版本升级（1.x.x → 2.x.x）：禁止 - 立即停止

强制要求：如果检测到大版本升级，需立即停止流程并告知用户需要人工审核。

Upgrade Types

升级类型

The skill supports two upgrade types:

Specific Image Upgrade: Update container image to specific version (chart unchanged)
Chart Minor Version Upgrade: Update chart to latest minor version (may include image updates)

IMPORTANT: Container images are ONLY updated as part of chart upgrades, never independently (unless Type 1).

本Skill支持两种升级类型：

特定镜像升级：将容器镜像更新至指定版本（chart保持不变）
Chart小版本升级：将chart更新至最新小版本（可能包含镜像更新）

注意：容器镜像仅会作为chart升级的一部分进行更新，不会独立更新（除非是类型1的情况）。

Process

流程

1. Identify Upgrade Type

1. 确认升级类型

Ask the user which type of upgrade they want:

Type 1: Specific image version upgrade
Type 2: Latest minor chart version upgrade

Also ask which chart:

postgresql

vault

询问用户需要哪种升级类型：

类型1：特定镜像版本升级
类型2：最新小版本chart升级

同时询问目标chart：

postgresql

或

vault

2. Pre-Upgrade Validation

2. 升级前验证

Check current state:

bash

cat deployment/chainloop/charts/<chart-name>/Chart.yaml | grep "^version:"
cat deployment/chainloop/charts/<chart-name>/Chart.yaml | grep "^appVersion:"

检查当前状态：

bash

cat deployment/chainloop/charts/<chart-name>/Chart.yaml | grep "^version:"
cat deployment/chainloop/charts/<chart-name>/Chart.yaml | grep "^appVersion:"

3. Version Compatibility Check

3. 版本兼容性检查

For any version change, validate that major version remains the same:

bash

CURRENT_MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1)
TARGET_MAJOR=$(echo "$TARGET_VERSION" | cut -d. -f1)

if [ "$CURRENT_MAJOR" != "$TARGET_MAJOR" ]; then
    echo "FORBIDDEN: Major version upgrade detected"
    exit 1
fi

If major version upgrade detected, STOP and escalate.

对于任何版本变更，需验证主版本号保持一致：

bash

CURRENT_MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1)
TARGET_MAJOR=$(echo "$TARGET_VERSION" | cut -d. -f1)

if [ "$CURRENT_MAJOR" != "$TARGET_MAJOR" ]; then
    echo "FORBIDDEN: Major version upgrade detected"
    exit 1
fi

如果检测到大版本升级，停止流程并上报。

Type 1: Specific Image Upgrade

类型1：特定镜像升级

See image-upgrade-process.md for detailed steps.

Summary:

Locate target container image in Bitnami Containers
Find commit with release message pattern
Extract APP_VERSION from Dockerfile

Update

deployment/charts/<chart-name>/Chart.yaml

appVersion

Update

.github/workflows/build_external_container_images.yaml

commit hash

详细步骤请参考 image-upgrade-process.md。

概述:

在 Bitnami Containers 中找到目标容器镜像
查找带有发布消息格式的提交记录
从Dockerfile中提取APP_VERSION

更新

deployment/charts/<chart-name>/Chart.yaml

中的appVersion

更新

.github/workflows/build_external_container_images.yaml

中的提交哈希

Type 2: Chart Minor Version Upgrade

类型2：Chart小版本升级

See chart-upgrade-process.md for detailed steps.

Summary:

Locate target chart version in Bitnami Charts CHANGELOG.md
Validate minor version upgrade only
Download and extract target chart
Check for image changes (compare Chart.yaml)
If images changed, update container image references
Vendorize chart update (copy files)
Update dependencies in correct order
Update main chart dependency version
Clean up temporary files

详细步骤请参考 chart-upgrade-process.md。

概述:

在 Bitnami Charts 的CHANGELOG.md中找到目标chart版本
验证仅为小版本升级
下载并解压目标chart
检查镜像变更（对比Chart.yaml）
如果镜像有变更，更新容器镜像引用
供应商化chart更新（复制文件）
按正确顺序更新依赖
更新主chart的依赖版本
清理临时文件

Verification

验证

After any upgrade type, run:

bash

undefined

完成任何类型的升级后，执行以下操作：

bash

undefined

Lint charts

检查charts语法

helm lint deployment/charts/<chart-name> helm lint deployment/chainloop

Template validation

模板验证

helm template deployment/charts/<chart-name> helm template deployment/chainloop

Local testing

本地测试

cd devel && docker compose up

Verify image consistency

验证镜像一致性

grep -r "appVersion|image.*tag" deployment/charts/<chart-name>/

undefined

grep -r "appVersion|image.*tag" deployment/charts/<chart-name>/

undefined

Files Modified

修改的文件

See files-modified.md for complete list.

完整文件列表请参考 files-modified.md。

Troubleshooting

故障排除

Common issues:

Image Version Mismatch: Verify APP_VERSION matches Chart.yaml appVersion
Build Failures: Check commit reference in build workflow
Dependency Conflicts: Verify dependencies updated in correct order (vendorized first, then main chart)

常见问题：

镜像版本不匹配：验证APP_VERSION与Chart.yaml中的appVersion是否一致
构建失败：检查构建工作流中的提交引用
依赖冲突：验证依赖是否按正确顺序更新（先供应商化chart，再主chart）

Rollback

回滚

If issues occur:

bash

git checkout HEAD -- deployment/
find deployment/ -name "Chart.lock" -delete
cd deployment/chainloop && helm dependency build
cd ../../devel && docker compose down && docker compose up

如果出现问题：

bash

git checkout HEAD -- deployment/
find deployment/ -name "Chart.lock" -delete
cd deployment/chainloop && helm dependency build
cd ../../devel && docker compose down && docker compose up

Important Notes

重要说明

Dex is self-managed and follows a separate process (not covered by this skill)
Always use commit hashes for reproducibility
Dependencies must be updated in correct order: vendorized chart first, then main chart
Container images are found in Bitnami Containers repo, charts in Bitnami Charts repo

Dex为自管理组件，遵循独立的流程（本Skill不覆盖）
始终使用提交哈希以确保可复现性
必须按正确顺序更新依赖：先供应商化chart，再主chart
容器镜像可在Bitnami Containers仓库中找到，charts可在Bitnami Charts仓库中找到