feat(helm): adding `helm-diff` target #470

hjoshi123 · 2025-11-03T04:16:49Z

Motivation: cert-manager/cert-manager#8183

CyberArk tracker: VC-46541

mladen-rusev-cyberark · 2025-11-03T10:12:31Z

/cybr

inteon · 2025-11-04T14:11:26Z

modules/helm/helm.mk

+	@TMP_NEW=$$(mktemp -d);
+	@OUTPUT_DIR=$$(mktemp -d);
+
+	$(HELM) template cert-manager --repo "oci://$(helm_chart_image_registry)" --version "$(helm_chart_old_version)" > $${TMP_OLD}/old.yaml;


helm_chart_image_registry probably also needs to be defined.

https://github.com/hjoshi123/makefile-modules/blob/1dcfe9cc44ee5b1240b21962db3da06c64e1378a/modules/helm/helm.mk#L41 I think it is defined already here

Is cert-manager the chart name? could you use a variable for that too?

Oh right.. yes I can do that

maelvls · 2025-11-06T11:34:37Z

I struggled a little with trying to run this PR from within cert-manager. I found that the helm-diff target isn't reachable from within the cert-manager project:

# From the cert-manager project:
yq -i '(.targets["make/_shared"][] , .targets["make/_shared_new"][]) |= (.repo_ref = "refs/pull/470/head")' klone.yaml
make upgrade-klone

$ make helm-diff
make: *** No rule to make target `helm-diff'.  Stop.

That's because we only import crds.mk in the cert-manager project since we don't use the helm makefile-modules for release the helm chart yet.

In trust-manager, I had the following:

# From the trust-manager project:
yq -i '(.targets["make/_shared"][] , .targets["make/_shared_new"][]) |= (.repo_ref = "refs/pull/470/head")' klone.yaml
make upgrade-klone

$ make helm-diff    
make/_shared/helm///helm.mk:193: *** missing separator.  Stop.

Looks like this new target won't work in cert-manager until we are done with cert-manager/cert-manager#7718.

But it will work for all of the other projects such as trust-manager, so I'm in favor of adding it once the above error is fixed.

Great work!

maelvls · 2025-11-14T12:04:39Z

@hjoshi123 Hey, do you need any help on this?

hjoshi123 · 2025-11-14T15:17:37Z

@maelvls sorry was traveling for kubecon and then the conference so got distracted. Will fix it this weekend.

hjoshi123 · 2025-11-14T17:59:56Z

@maelvls can you try running it now? I missed a : in the PHONY which would cause that error

modules/helm/helm.mk

maelvls · 2025-11-20T09:43:59Z

modules/helm/helm.mk

+	@TMP_OLD=$$(mktemp -d);
+	@TMP_NEW=$$(mktemp -d);
+	@OUTPUT_DIR=$$(mktemp -d);


In make, each command is run in its own sub-shell, so these variables won't be set in the $(HELM) template below. For example, in trust-manager, I'm seeing:

# From the trust-manager project: $ yq -i '(.targets["make/_shared"][] , .targets["make/_shared_new"][]) |= (.repo_ref = "refs/pull/470/head")' klone.yaml $ make upgrade-klone $ make helm-diff make/_shared/helm///helm.mk:196: warning: undefined variable `OUTPUT_DIR'

One way is to continue the command with backslashes:

target: @TMP_OLD=$$(mktemp -d); \ @TMP_NEW=$$(mktemp -d); \ @OUTPUT_DIR=$$(mktemp -d); \ $(HELM) template $(helm_chart_oci_name) ...

Another way is to use $(eval export ...). It is a little more convenient as this method allows you to keep set that var for all subsequent commands:

target: $(eval export TMP_OLD=$$(mktemp -d)) $(eval export TMP_NEW=$$(mktemp -d)) $(eval export OUTPUT_DIR=$$(mktemp -d)) $(HELM) template $(helm_chart_oci_name) ...

Ah I didnt know this.. Thank you for pointing that out @maelvls.. still learning to write proper makefiles 😅

hjoshi123 · 2025-11-20T14:51:10Z

Also @maelvls had a thought should we somehow set the old version i.e. helm_chart_old_version to latest release? Currently its user driven

maelvls · 2025-11-24T10:19:43Z

modules/helm/helm.mk

+
+	$(eval export TMP_OLD=$$(mktemp -d))
+	$(eval export TMP_NEW=$$(mktemp -d))
+	$(eval export OUTPUT_DIR=$$(mktemp -d))


Oops, i might have given you the wrong command, I'm now getting:

$ make helm-diff make/_shared/helm///helm.mk:196: warning: undefined variable `mktemp -d' make/_shared/helm///helm.mk:196: warning: undefined variable `mktemp -d' make/_shared/helm///helm.mk:196: warning: undefined variable `mktemp -d' make/_shared/helm///helm.mk:196: warning: undefined variable `mktemp -d' Usage: make helm-diff helm_chart_old_version=<version> make: *** [helm-diff] Error 1

I guess it could be:

Suggested change

$(eval export OUTPUT_DIR=$$(mktemp -d))

$(eval export TMP_OLD=$(shell mktemp -d))

$(eval export TMP_NEW=$(shell mktemp -d))

$(eval export OUTPUT_DIR=$(shell mktemp -d))

maelvls · 2025-11-24T10:20:59Z

we could somehow set the old version i.e. helm_chart_old_version to latest release? Currently its user driven

I agree, having helm_chart_old_version automatically be figured out would be great!

maelvls · 2025-11-27T08:43:56Z

@hjoshi123 I'll unassign myself from this PR for now as I get asked "what's the progress on this" every day in our internal standups 😅 But I can continue helping you on this one 👍

hjoshi123 · 2025-11-27T14:28:59Z

@maelvls sorry for the delay. With holidays this week, I couldn't get to it. But yes I will try to make the changes and work with you to get this merged. Thank you for helping me out on this.

Signed-off-by: hjoshi123 <mail@hjoshi.me> Signed-off-by: Hemant Joshi <mail@hjoshi.me>

cert-manager-prow · 2025-11-28T07:22:47Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign inteon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

hjoshi123 · 2025-12-05T05:30:46Z

@maelvls how does this look now? I did ponder on the helm old release and its not straight forward to fetch those.. I did come up with a shell script which could do that (pinged you on slack with it) but I feel that would make this PR polluted. We could do that as a follow-up. WDYT?

cert-manager-prow bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 3, 2025

mladen-rusev-cyberark added the ok-to-test label Nov 3, 2025

maelvls self-assigned this Nov 3, 2025

maelvls added the cybr Used by CyberArk-employed maintainers to report to line management what's being worked on. label Nov 3, 2025

inteon reviewed Nov 4, 2025

View reviewed changes

hjoshi123 force-pushed the feat/helm-diff-target branch from 1dcfe9c to 4684693 Compare November 14, 2025 17:59

maelvls reviewed Nov 20, 2025

View reviewed changes

modules/helm/helm.mk Outdated Show resolved Hide resolved

maelvls reviewed Nov 20, 2025

View reviewed changes

hjoshi123 force-pushed the feat/helm-diff-target branch from 4684693 to 1a2056b Compare November 20, 2025 14:51

maelvls reviewed Nov 24, 2025

View reviewed changes

maelvls removed their assignment Nov 27, 2025

adding helm-diff target

a8ec8c0

Signed-off-by: hjoshi123 <mail@hjoshi.me> Signed-off-by: Hemant Joshi <mail@hjoshi.me>

hjoshi123 force-pushed the feat/helm-diff-target branch from 1a2056b to a8ec8c0 Compare November 28, 2025 07:22

-	$(eval export OUTPUT_DIR=$$(mktemp -d))
+	$(eval export TMP_OLD=$(shell mktemp -d))
+	$(eval export TMP_NEW=$(shell mktemp -d))
+	$(eval export OUTPUT_DIR=$(shell mktemp -d))

feat(helm): adding helm-diff target #470

Are you sure you want to change the base?

feat(helm): adding helm-diff target #470

Uh oh!

Conversation

hjoshi123 commented Nov 3, 2025 • edited by maelvls Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mladen-rusev-cyberark commented Nov 3, 2025

Uh oh!

inteon Nov 4, 2025

Choose a reason for hiding this comment

Uh oh!

hjoshi123 Nov 4, 2025

Choose a reason for hiding this comment

Uh oh!

inteon Nov 4, 2025

Choose a reason for hiding this comment

Uh oh!

hjoshi123 Nov 4, 2025

Choose a reason for hiding this comment

Uh oh!

maelvls commented Nov 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

maelvls commented Nov 14, 2025

Uh oh!

hjoshi123 commented Nov 14, 2025

Uh oh!

hjoshi123 commented Nov 14, 2025

Uh oh!

Uh oh!

maelvls Nov 20, 2025

Choose a reason for hiding this comment

Uh oh!

hjoshi123 Nov 20, 2025

Choose a reason for hiding this comment

Uh oh!

hjoshi123 commented Nov 20, 2025

Uh oh!

maelvls Nov 24, 2025

Choose a reason for hiding this comment

Uh oh!

maelvls commented Nov 24, 2025

Uh oh!

maelvls commented Nov 27, 2025

Uh oh!

hjoshi123 commented Nov 27, 2025

Uh oh!

cert-manager-prow bot commented Nov 28, 2025

Uh oh!

hjoshi123 commented Dec 5, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

feat(helm): adding `helm-diff` target #470

feat(helm): adding `helm-diff` target #470

hjoshi123 commented Nov 3, 2025 •

edited by maelvls

Loading

maelvls commented Nov 6, 2025 •

edited

Loading