Upgrading Helm Chart Dependencies

This skill automates the upgrade process for Helm chart dependencies in the Chainloop project. Supports PostgreSQL and Vault (both Bitnami charts).

CRITICAL RESTRICTIONS

Version Upgrade Rules:

• Patch upgrades (1.2.3 → 1.2.4): ALLOWED

• Minor upgrades (1.2.x → 1.3.x): ALLOWED

• Major upgrades (1.x.x → 2.x.x): FORBIDDEN - STOP IMMEDIATELY

MANDATORY: If major version upgrade is detected, STOP the process and inform the user that manual review is required.

Upgrade Types

The skill supports two upgrade types:

• Specific Image Upgrade: Update container image to specific version (chart unchanged)

• Chart Minor Version Upgrade: Update chart to latest minor version (may include image updates)

IMPORTANT: Container images are ONLY updated as part of chart upgrades, never independently (unless Type 1).

Process

1. Identify Upgrade Type

Ask the user which type of upgrade they want:

• Type 1: Specific image version upgrade

• Type 2: Latest minor chart version upgrade

Also ask which chart: postgresql or vault

2. Pre-Upgrade Validation

Check current state:

cat deployment/chainloop/charts/<chart-name>/Chart.yaml | grep "^version:" cat deployment/chainloop/charts/<chart-name>/Chart.yaml | grep "^appVersion:"

3. Version Compatibility Check

For any version change, validate that major version remains the same:

CURRENT_MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1) TARGET_MAJOR=$(echo "$TARGET_VERSION" | cut -d. -f1)

if [ "$CURRENT_MAJOR" != "$TARGET_MAJOR" ]; then echo "FORBIDDEN: Major version upgrade detected" exit 1 fi

If major version upgrade detected, STOP and escalate.

Type 1: Specific Image Upgrade

See image-upgrade-process.md for detailed steps.

Summary:

• Locate target container image in Bitnami Containers

• Find commit with release message pattern

• Extract APP_VERSION from Dockerfile

• Update deployment/charts/<chart-name>/Chart.yaml appVersion

• Update .github/workflows/build_external_container_images.yaml commit hash

Type 2: Chart Minor Version Upgrade

See chart-upgrade-process.md for detailed steps.

Summary:

• Locate target chart version in Bitnami Charts CHANGELOG.md

• Validate minor version upgrade only

• Download and extract target chart

• Check for image changes (compare Chart.yaml)

• If images changed, update container image references

• Vendorize chart update (copy files)

• Update dependencies in correct order

• Update main chart dependency version

• Clean up temporary files

Verification

After any upgrade type, run:

Lint charts

helm lint deployment/charts/<chart-name> helm lint deployment/chainloop

Template validation

helm template deployment/charts/<chart-name> helm template deployment/chainloop

Local testing

cd devel && docker compose up

Verify image consistency

grep -r "appVersion|image.*tag" deployment/charts/<chart-name>/

Files Modified

See files-modified.md for complete list.

Troubleshooting

Common issues:

• Image Version Mismatch: Verify APP_VERSION matches Chart.yaml appVersion

• Build Failures: Check commit reference in build workflow

• Dependency Conflicts: Verify dependencies updated in correct order (vendorized first, then main chart)

Rollback

If issues occur:

git checkout HEAD -- deployment/ find deployment/ -name "Chart.lock" -delete cd deployment/chainloop && helm dependency build cd ../../devel && docker compose down && docker compose up

Important Notes

• Dex is self-managed and follows a separate process (not covered by this skill)

• Always use commit hashes for reproducibility

• Dependencies must be updated in correct order: vendorized chart first, then main chart

• Container images are found in Bitnami Containers repo, charts in Bitnami Charts repo