Directly query OCI repository for chart info

skkra0 · skkra0 · commit e6922c1fd598 · 2026-01-11T22:14:44.000-05:00
diff --git a/.github/workflows/build-publish-staging-anvilops.yml b/.github/workflows/build-publish-staging-anvilops.yml
diff --git a/Dockerfile b/Dockerfile
@@ -84,7 +84,6 @@ ENTRYPOINT ["/tini", "--", "/nodejs/bin/node", "--experimental-strip-types"]
 CMD ["/app/src/index.ts"]
 
 WORKDIR /app
-COPY --chown=65532:65532 --from=alpine/helm:3.19.0 /usr/bin/helm /usr/local/bin/helm
 COPY --chown=65532:65532 --from=regclient/regctl:v0.11.1-alpine /usr/local/bin/regctl /usr/local/bin/regctl
 COPY --chown=65532:65532 --from=swagger_build /app/dist ./public/openapi
 COPY --chown=65532:65532 --from=frontend_build /app/dist ./public
diff --git a/backend/src/lib/helm.ts b/backend/src/lib/helm.ts
@@ -1,68 +1,106 @@
 import { V1Pod } from "@kubernetes/client-node";
-import { spawn } from "child_process";
 import { randomBytes } from "node:crypto";
-import { parse as yamlParse } from "yaml";
 import type { App, Deployment, HelmConfig } from "../db/models.ts";
 import { svcK8s } from "./cluster/kubernetes.ts";
 import { shouldImpersonate } from "./cluster/rancher.ts";
 import { getNamespace } from "./cluster/resources.ts";
 import { wrapWithLogExporter } from "./cluster/resources/logs.ts";
 import { env } from "./env.ts";
 
-type Dependency = {
+type Chart = {
   name: string;
   version: string;
-  repository?: string;
-  condition?: string;
-  tags?: string[];
-  "import-values"?: string;
-  alias?: string;
+  description?: string;
+  note?: string;
+  values: Record<string, any>;
 };
 
-type Chart = {
-  apiVersion: string;
+type ChartTagList = {
   name: string;
-  version: string;
-  kubeVersion?: string;
-  description?: string;
-  type?: string;
-  keywords?: string[];
-  home?: string;
-  sources?: string[];
-  dependencies?: Dependency[];
-  maintainers?: { name: string; email: string; url: string }[];
-  icon?: string;
-  appVersion?: string;
-  deprecated?: boolean;
-  annotations?: Record<string, string>;
+  tags: string[];
 };
 
-const runHelm = (args: string[]) => {
-  return new Promise((resolve, reject) => {
-    const p = spawn("helm", args, { stdio: ["ignore", "pipe", "pipe"] });
-    let out = "",
-      err = "";
-    p.stdout.on("data", (d) => (out += d));
-    p.stderr.on("data", (d) => (err += d));
-    p.on("close", (code) =>
-      code === 0 ? resolve(out) : reject(new Error(err || `helm exit ${code}`)),
-    );
-  });
+export const getChartToken = async () => {
+  return fetch(
+    `${env.REGISTRY_PROTOCOL}://${env.REGISTRY_HOSTNAME}/v2/service/token?service=harbor-registry&scope=repository:${env.CHART_PROJECT_NAME}/charts:pull`,
+  )
+    .then((res) => {
+      if (!res.ok) {
+        console.error(res);
+        throw new Error(res.statusText);
+      }
+      return res;
+    })
+    .then((res) => res.text())
+    .then((res) => JSON.parse(res))
+    .then((res) => {
+      return res.token;
+    });
 };
 
-export const getChart = async (
-  url: string,
-  version?: string,
+const getChart = async (
+  repository: string,
+  version: string,
+  token: string,
 ): Promise<Chart> => {
-  const args = ["show", "chart"];
-  if (version) {
-    args.push("version", version);
-  }
-  args.push(url);
+  return fetch(
+    `${env.REGISTRY_PROTOCOL}://${env.REGISTRY_HOSTNAME}/v2/${repository}/manifests/${version}`,
+    {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/vnd.oci.image.manifest.v1+json",
+      },
+    },
+  )
+    .then((res) => {
+      if (!res.ok) {
+        throw new Error(res.statusText);
+      }
+      return res;
+    })
+    .then((res) => res.text())
+    .then((res) => JSON.parse(res))
+    .then((res) => {
+      const annotations = res.annotations;
+      if ("anvilops-values" in annotations) {
+        return {
+          name: annotations["org.opencontainers.image.title"],
+          version: annotations["org.opencontainers.image.version"],
+          description: annotations["org.opencontainers.image.description"],
+          note: annotations["anvilops-note"],
+          values: JSON.parse(annotations["anvilops-values"]),
+        };
+      } else {
+        return null;
+      }
+    });
+};
+
+export const getLatestChart = async (
+  repository: string,
+  token: string,
+): Promise<Chart | null> => {
+  const chartTagList = await fetch(
+    `${env.REGISTRY_PROTOCOL}://${env.REGISTRY_HOSTNAME}/v2/${repository}/tags/list`,
+    {
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    },
+  )
+    .then((res) => {
+      if (!res.ok) {
+        throw new Error(res.statusText);
+      }
+      return res;
+    })
+    .then((res) => res.json() as Promise<ChartTagList>);
 
-  const result = (await runHelm(args)) as string;
-  const chart = (await yamlParse(result)) as Chart;
-  return chart;
+  return await getChart(
+    chartTagList.name,
+    chartTagList.tags[chartTagList.tags.length - 1],
+    token,
+  );
 };
 
 export const upgrade = async (
diff --git a/backend/src/service/listCharts.ts b/backend/src/service/listCharts.ts
@@ -1,6 +1,6 @@
 import { getOrCreate } from "../lib/cache.ts";
 import { env } from "../lib/env.ts";
-import { getChart } from "../lib/helm.ts";
+import { getChartToken, getLatestChart } from "../lib/helm.ts";
 import { getRepositoriesByProject } from "../lib/registry.ts";
 import { ValidationError } from "./common/errors.ts";
 
@@ -16,28 +16,23 @@ export async function listCharts() {
 }
 
 const listChartsFromRegistry = async () => {
-  const repos = await getRepositoriesByProject(env.CHART_PROJECT_NAME);
+  const [repos, token] = await Promise.all([
+    getRepositoriesByProject(env.CHART_PROJECT_NAME),
+    getChartToken(),
+  ]);
+
   const charts = await Promise.all(
     repos.map(async (repo) => {
-      const url = `oci://${env.REGISTRY_HOSTNAME}/${repo.name}`;
-      return await getChart(url);
+      return await getLatestChart(repo.name, token);
     }),
   );
 
-  if (charts.some((chart) => chart === null)) {
-    throw new Error("Failed to get charts");
-  }
-
-  return charts
-    .filter(
-      (chart) => chart?.annotations && "anvilops-values" in chart?.annotations,
-    )
-    .map((chart) => ({
-      name: chart.name,
-      note: chart.annotations["anvilops-note"],
-      url: `oci://${env.REGISTRY_HOSTNAME}/${chart.name}`,
-      urlType: "oci",
-      version: chart.version,
-      valueSpec: JSON.parse(chart.annotations["anvilops-values"] ?? ""),
-    }));
+  return charts.filter(Boolean).map((chart) => ({
+    name: chart.name,
+    note: chart.note,
+    url: `oci://${env.REGISTRY_HOSTNAME}/${env.CHART_PROJECT_NAME}/${chart.name}`,
+    urlType: "oci",
+    version: chart.version,
+    valueSpec: chart.values,
+  }));
 };
diff --git a/frontend/src/components/diff/AppConfigDiff.tsx b/frontend/src/components/diff/AppConfigDiff.tsx
@@ -12,7 +12,6 @@ import type { CommonFormFields } from "@/lib/form.types";
 import { Cable } from "lucide-react";
 import { useContext } from "react";
 import type { App } from "../../pages/app/AppView";
-import { useAppConfig } from "../AppConfigProvider";
 import { DiffSelect } from "./DiffSelect";
 import { HelmConfigDiff } from "./helm/HelmConfigDiff";
 import { CommonWorkloadConfigDiff } from "./workload/CommonWorkloadConfigDiff";
@@ -33,7 +32,7 @@ export const AppConfigDiff = ({
   disabled?: boolean;
 }) => {
   const { user } = useContext(UserContext);
-  const appConfig = useAppConfig();
+  // const appConfig = useAppConfig();
   const selectedOrg = orgId
     ? user?.orgs?.find((it) => it.id === orgId)
     : undefined;
