From ec160621bfc8bcda95ef6046f11743747f05eee7 Mon Sep 17 00:00:00 2001 From: Daniel Vaskivaara Date: Fri, 8 May 2026 12:20:22 +0300 Subject: [PATCH 1/5] Partially revert EAI-5893: Remove valuesFiles from single-source apps This commit selectively reverts parts of PR #692 (EAI-5893) that added support for multiple helm value files. Changes: - Removed valuesFiles support from single-source app definitions in cluster-apps.yaml - Modified bootstrap.sh render_actual_helm_manifests() to use valuesFile (singular) instead of valuesFiles - Reverted SBOM validation script to pre-EAI-5893 version - Removed sources/kaiwo/values.yaml Kept unchanged: - root/values.yaml (kaiwo OCI configuration - newer functionality depends on this) - sbom/components.yaml (current kaiwo metadata is correct) - sbom/generate-compare-components.sh (already updated for OCI support in commit 089da0c4) - OCI multi-source support in cluster-apps.yaml (valuesFiles retained for OCI functionality) - bootstrap.sh render_actual_helm_manifests() function (modified to remove valuesFiles, kept the function) Co-Authored-By: Claude Opus 4.6 --- root/templates/cluster-apps.yaml | 15 ++----------- sbom/SBOM-QUICK-GUIDE.md | 5 ++--- sbom/validate-components-sync.sh | 37 +++++--------------------------- scripts/bootstrap.sh | 22 ++++++++----------- sources/kaiwo/values.yaml | 3 --- 5 files changed, 18 insertions(+), 64 deletions(-) mode change 100755 => 100644 sbom/validate-components-sync.sh delete mode 100644 sources/kaiwo/values.yaml diff --git a/root/templates/cluster-apps.yaml b/root/templates/cluster-apps.yaml index 575aad34..4e44c9bb 100644 --- a/root/templates/cluster-apps.yaml +++ b/root/templates/cluster-apps.yaml @@ -85,23 +85,12 @@ spec: {{- else }} path: sources/{{ .path }} {{- end }} - {{- if or .valuesFile .valuesFiles .valuesObject .helmParameters }} + {{- if or .valuesFile .valuesObject .helmParameters }} helm: - {{- if or .valuesFile .valuesFiles }} - valueFiles: - {{- end }} {{- if .valuesFile }} + valueFiles: - {{ .valuesFile }} {{- end }} - {{- if .valuesFiles }} - {{- if kindIs "slice" .valuesFiles }} - {{- range .valuesFiles }} - - {{ . }} - {{- end }} - {{- else }} - - {{ .valuesFiles }} - {{- end }} - {{- end }} {{- if .valuesObject }} values: | {{ .valuesObject | toYaml | nindent 8 }} diff --git a/sbom/SBOM-QUICK-GUIDE.md b/sbom/SBOM-QUICK-GUIDE.md index bf487293..322d31bd 100644 --- a/sbom/SBOM-QUICK-GUIDE.md +++ b/sbom/SBOM-QUICK-GUIDE.md @@ -70,7 +70,7 @@ The new modular validation system ensures data consistency: 2. Components Sync Check ├── Verifies components.yaml matches enabledApps from all cluster configurations ├── Checks for missing/extra components - └── Validates path/valuesFile/valuesFiles consistency across cluster files + └── Validates path/valuesFile consistency across cluster files 3. Metadata Completeness Check ├── Ensures sourceUrl and projectUrl are populated @@ -83,8 +83,7 @@ The new modular validation system ensures data consistency: - **projectUrl**: Main project repository (⚠️ Manual entry required - use GitHub for auto-license detection) - **license/licenseUrl**: Auto-populated from GitHub by `update_licenses.sh` - **path**: Auto-synced from values.yaml by generation script -- **valuesFile**: Auto-synced from values.yaml when present (single file) -- **valuesFiles**: Auto-synced from values.yaml when present (multiple files array) +- **valuesFile**: Auto-synced from values.yaml when present ## CI/CD Integration diff --git a/sbom/validate-components-sync.sh b/sbom/validate-components-sync.sh old mode 100755 new mode 100644 index 3a2c6c7f..4d39c706 --- a/sbom/validate-components-sync.sh +++ b/sbom/validate-components-sync.sh @@ -112,54 +112,27 @@ while IFS= read -r app; do done component_path=$(yq eval ".components.\"$app\".path" "$COMPONENTS_FILE" 2>/dev/null || echo "null") - - # Normalize empty string and null for comparison - [[ -z "$values_path" || "$values_path" == "null" ]] && values_path="null" - [[ -z "$component_path" || "$component_path" == "null" ]] && component_path="null" - + if [[ "$values_path" != "$component_path" ]]; then path_mismatches+=("$app: cluster-configs='$values_path' vs components.yaml='$component_path'") echo "❌ Path mismatch for '$app': cluster-configs='$values_path' vs components.yaml='$component_path'" fi - # Check valuesFile/valuesFiles consistency + # Check valuesFile consistency values_file_values="null" - values_files_values="null" - config_file_source="" for config_file in "$BASE_VALUES_FILE" "$SMALL_VALUES_FILE" "$MEDIUM_VALUES_FILE" "$LARGE_VALUES_FILE"; do if [[ -f "$config_file" ]]; then app_path_check=$(yq eval ".apps.\"$app\".path // \"null\"" "$config_file" 2>/dev/null || echo "null") if [[ "$app_path_check" != "null" ]]; then values_file_values=$(yq eval ".apps.\"$app\".valuesFile // \"null\"" "$config_file" 2>/dev/null || echo "null") - values_files_values=$(yq eval ".apps.\"$app\".valuesFiles // \"null\"" "$config_file" 2>/dev/null || echo "null") - config_file_source="$config_file" break fi fi done - + values_file_components=$(yq eval ".components.\"$app\".valuesFile // \"null\"" "$COMPONENTS_FILE" 2>/dev/null || echo "null") - values_files_components=$(yq eval ".components.\"$app\".valuesFiles // \"null\"" "$COMPONENTS_FILE" 2>/dev/null || echo "null") - - # Compare - prefer valuesFiles if present, otherwise fall back to valuesFile - if [[ "$values_files_values" != "null" ]] || [[ "$values_files_components" != "null" ]]; then - # At least one side uses valuesFiles (array) - compare as JSON to normalize formatting - if [[ "$values_files_values" != "null" ]] && [[ "$values_files_components" != "null" ]]; then - # Both have valuesFiles - convert to JSON for comparison - values_files_values_json=$(yq eval ".apps.\"$app\".valuesFiles" "$config_file_source" -o=json 2>/dev/null || echo "null") - values_files_components_json=$(yq eval ".components.\"$app\".valuesFiles" "$COMPONENTS_FILE" -o=json 2>/dev/null || echo "null") - - if [[ "$values_files_values_json" != "$values_files_components_json" ]]; then - path_mismatches+=("$app valuesFiles: cluster-configs='$values_files_values_json' vs components.yaml='$values_files_components_json'") - echo "❌ ValuesFiles mismatch for '$app': cluster-configs='$values_files_values_json' vs components.yaml='$values_files_components_json'" - fi - else - # Only one side has valuesFiles - they don't match - path_mismatches+=("$app valuesFiles: cluster-configs='$values_files_values' vs components.yaml='$values_files_components'") - echo "❌ ValuesFiles mismatch for '$app': cluster-configs='$values_files_values' vs components.yaml='$values_files_components'" - fi - elif [[ "$values_file_values" != "$values_file_components" ]]; then - # Both sides use valuesFile (singular) + + if [[ "$values_file_values" != "$values_file_components" ]]; then path_mismatches+=("$app valuesFile: cluster-configs='$values_file_values' vs components.yaml='$values_file_components'") echo "❌ ValuesFile mismatch for '$app': cluster-configs='$values_file_values' vs components.yaml='$values_file_components'" fi diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 324906ed..99b71853 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -822,22 +822,18 @@ render_actual_helm_manifests() { echo "{}" > "${temp_dir}/size_values.yaml" fi - # Get additional valuesFiles if specified - # Use yq to output as JSON array, then iterate to avoid bash array syntax issues + # Get additional valuesFile if specified local helm_value_args=() - local values_files_json - values_files_json=$(yq eval -o=json ".apps.\"$app_name\".valuesFiles // []" "${SOURCE_ROOT}/root/${VALUES_FILE}" 2>/dev/null || echo "[]") + local values_file + values_file=$(yq eval ".apps.\"$app_name\".valuesFile // \"null\"" "${SOURCE_ROOT}/root/${VALUES_FILE}" 2>/dev/null || echo "null") - # Read each value file from the JSON array - while IFS= read -r value_file; do - if [ -n "$value_file" ] && [ "$value_file" != "null" ]; then - # Resolve the path relative to the chart directory - local resolved_path="${chart_path}/${value_file}" - if [ -f "$resolved_path" ]; then - helm_value_args+=("-f" "$resolved_path") - fi + if [ -n "$values_file" ] && [ "$values_file" != "null" ]; then + # Resolve the path relative to the chart directory + local resolved_path="${chart_path}/${values_file}" + if [ -f "$resolved_path" ]; then + helm_value_args+=("-f" "$resolved_path") fi - done < <(echo "$values_files_json" | yq eval '.[]' - 2>/dev/null || true) + fi # Determine namespace local namespace=$(yq eval ".apps.\"$app_name\".namespace // \"default\"" "${SOURCE_ROOT}/root/${VALUES_FILE}") diff --git a/sources/kaiwo/values.yaml b/sources/kaiwo/values.yaml deleted file mode 100644 index 81f7bb71..00000000 --- a/sources/kaiwo/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -gpuPreemption: - enabled: true - metricsEndpoint: "http://lgtm-stack.otel-lgtm-stack.svc.cluster.local:9090/federate?match[]=gpu_gfx_activity" \ No newline at end of file From 1d98ed801f71d090eb42ed4561d4f874bf22b188 Mon Sep 17 00:00:00 2001 From: Daniel Vaskivaara Date: Fri, 8 May 2026 12:26:18 +0300 Subject: [PATCH 2/5] fix(sbom): handle OCI apps without path in validation OCI-based apps like kaiwo use repoURL instead of path. The validation script needs to check for app existence (not just non-null path) and normalize empty/null values for proper comparison. This fixes the CI failure where kaiwo showed as: cluster-configs='' vs components.yaml='null' --- sbom/validate-components-sync.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/sbom/validate-components-sync.sh b/sbom/validate-components-sync.sh index 4d39c706..f1d11cdb 100644 --- a/sbom/validate-components-sync.sh +++ b/sbom/validate-components-sync.sh @@ -103,16 +103,22 @@ while IFS= read -r app; do values_path="" for config_file in "$BASE_VALUES_FILE" "$SMALL_VALUES_FILE" "$MEDIUM_VALUES_FILE" "$LARGE_VALUES_FILE"; do if [[ -f "$config_file" ]]; then - app_path=$(yq eval ".apps.\"$app\".path // \"null\"" "$config_file" 2>/dev/null || echo "null") - if [[ "$app_path" != "null" ]]; then + # Check if app exists by looking for any field (path, repoURL, namespace, etc.) + app_exists=$(yq eval ".apps.\"$app\" // \"null\"" "$config_file" 2>/dev/null || echo "null") + if [[ "$app_exists" != "null" ]]; then + app_path=$(yq eval ".apps.\"$app\".path // \"null\"" "$config_file" 2>/dev/null || echo "null") values_path="$app_path" break fi fi done - + component_path=$(yq eval ".components.\"$app\".path" "$COMPONENTS_FILE" 2>/dev/null || echo "null") - + + # Normalize empty string and null for comparison + [[ -z "$values_path" || "$values_path" == "null" ]] && values_path="null" + [[ -z "$component_path" || "$component_path" == "null" ]] && component_path="null" + if [[ "$values_path" != "$component_path" ]]; then path_mismatches+=("$app: cluster-configs='$values_path' vs components.yaml='$component_path'") echo "❌ Path mismatch for '$app': cluster-configs='$values_path' vs components.yaml='$component_path'" @@ -122,8 +128,9 @@ while IFS= read -r app; do values_file_values="null" for config_file in "$BASE_VALUES_FILE" "$SMALL_VALUES_FILE" "$MEDIUM_VALUES_FILE" "$LARGE_VALUES_FILE"; do if [[ -f "$config_file" ]]; then - app_path_check=$(yq eval ".apps.\"$app\".path // \"null\"" "$config_file" 2>/dev/null || echo "null") - if [[ "$app_path_check" != "null" ]]; then + # Check if app exists by looking for any field (not just path) + app_exists=$(yq eval ".apps.\"$app\" // \"null\"" "$config_file" 2>/dev/null || echo "null") + if [[ "$app_exists" != "null" ]]; then values_file_values=$(yq eval ".apps.\"$app\".valuesFile // \"null\"" "$config_file" 2>/dev/null || echo "null") break fi From ea9367b13a5a61d43f782453a2e31d0f98bf5600 Mon Sep 17 00:00:00 2001 From: Daniel Vaskivaara Date: Fri, 8 May 2026 15:15:03 +0300 Subject: [PATCH 3/5] fix: strip v from version --- root/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/values.yaml b/root/values.yaml index 53b843b2..b326e952 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -16,7 +16,7 @@ ociRegistry: apps: aim-engine: repoURL: "oci://{{ .Values.ociRegistry.dockerHub }}/aim-engine-chart" - repoVersion: "v0.2.2" + repoVersion: "0.2.2" path: "." namespace: aim-system valuesFile: values.yaml From b69094fad3ae2f3a6fc3e34bb3ce91fefb4e6f5f Mon Sep 17 00:00:00 2001 From: Daniel Vaskivaara Date: Fri, 8 May 2026 15:24:54 +0300 Subject: [PATCH 4/5] fix: use path instead of chart for OCI Helm repositories Replace the chart field with path for OCI repositories in ArgoCD Application specs, aligning with modern ArgoCD OCI support. Defaults to "." when path is not explicitly defined. Co-Authored-By: Claude Opus 4.6 --- root/templates/cluster-apps.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/root/templates/cluster-apps.yaml b/root/templates/cluster-apps.yaml index 4e44c9bb..26708539 100644 --- a/root/templates/cluster-apps.yaml +++ b/root/templates/cluster-apps.yaml @@ -74,11 +74,7 @@ spec: targetRevision: {{ .repoVersion | default $clusterForgeTargetRevision | quote }} {{- if .repoURL }} {{- if hasPrefix "oci://" $renderedRepoURL }} - {{- if or (eq .path ".") (not .path) }} - chart: {{ trimPrefix "oci://" $renderedRepoURL | base }} - {{- else }} - chart: {{ .path }} - {{- end }} + path: {{ .path | default "." }} {{- else }} path: {{ .path }} {{- end }} From 23868b09c7448a3e37cc84697ef347fad5488b6a Mon Sep 17 00:00:00 2001 From: Daniel Vaskivaara Date: Fri, 8 May 2026 15:28:25 +0300 Subject: [PATCH 5/5] fix: aim-engine-crds stip v from version --- root/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/values.yaml b/root/values.yaml index b326e952..526bdb17 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -23,7 +23,7 @@ apps: syncWave: 0 aim-engine-crds: repoURL: "oci://{{ .Values.ociRegistry.dockerHub }}/aim-engine-crds-chart" - repoVersion: "v0.2.2" + repoVersion: "0.2.2" path: "." namespace: aim-system syncWave: 0