Skip to content

Another chart fix#3396

Merged
michaeljguarino merged 1 commit intomasterfrom
another-chart-fix
Apr 9, 2026
Merged

Another chart fix#3396
michaeljguarino merged 1 commit intomasterfrom
another-chart-fix

Conversation

@michaeljguarino
Copy link
Copy Markdown
Member

@michaeljguarino michaeljguarino commented Apr 9, 2026

bump

Test Plan

Checklist

  • If required, I have updated the Plural documentation accordingly.
  • I have added tests to cover my changes.
  • I have added a meaningful title and summary to convey the impact of this PR to a user.

Plural Flow: console

@michaeljguarino michaeljguarino requested a review from a team April 9, 2026 03:23
@michaeljguarino michaeljguarino added bug-fix This pull request fixes a bug hotfix labels Apr 9, 2026
@michaeljguarino michaeljguarino merged commit 2d5af20 into master Apr 9, 2026
11 of 12 checks passed
@michaeljguarino michaeljguarino deleted the another-chart-fix branch April 9, 2026 03:23
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 9, 2026
edited
Loading

Greptile Summary

This PR is a follow-up to #3394 ("Add plural chart to main repo"), adding the ory and plural Helm repo entries to the chart publish workflow so that helm/chart-releaser-action can resolve the plural chart's dependencies (hydra from ory, test-base from plural module-library), along with a version bump of charts/plural/Chart.yaml to 0.10.108.

Confidence Score: 5/5

Safe to merge — the functional fix (adding missing Helm repos) is correct and the only remaining finding is a P2 security hygiene suggestion.

All changes are narrowly scoped: adding two Helm repo entries to unblock chart publishing and bumping the chart version. The sole finding (mutable @master action pin) is a pre-existing P2 hygiene issue, not introduced by this PR.

No files require special attention.

Vulnerabilities
  • .github/workflows/chart.yaml line 45: uses: mikefarah/yq@master pins to a mutable branch, creating a supply-chain risk if the upstream repo is compromised or force-pushed. Should be pinned to a specific version tag or commit SHA.

Important Files Changed
Filename Overview
.github/workflows/chart.yaml Adds ory and plural helm repos required for the new plural chart's dependencies (hydra, test-base); minor security concern with mikefarah/yq@master pinning.
charts/plural/Chart.yaml Version bump to 0.10.108; chart metadata and dependencies look correct and align with the repos added in the workflow.

Comments Outside Diff (1)

  1. .github/workflows/chart.yaml, line 45 (link)

    P2 security Mutable @master reference for mikefarah/yq

    Pinning a GitHub Action to @master means any push to that branch silently changes the code executed in CI. If the upstream repo is compromised or accidentally broken, it will affect this workflow immediately. Pin to a specific released version tag or commit SHA instead.

Reviews (1): Last reviewed commit: "Another chart fix" | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug-fix This pull request fixes a bug hotfix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@michaeljguarino