redhat-certification · skattoju · Mar 31, 2025 · Aug 14, 2025 · Aug 14, 2025 · Aug 14, 2025
diff --git a/docs/helm-chart-checks.md b/docs/helm-chart-checks.md
@@ -50,22 +50,23 @@ The following table lists the set of checks for each profile version with detail
 
 #### Table 2: Helm chart default checks
 
-| Profile v1.3 | Profile v1.2 | Profile v1.1 | Profile v1.0 | Description |
-|---|---|---|---|---|
-| [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | Checks that the given `uri` points to a Helm v3 chart. |
-| [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | Checks that the Helm chart contains the `README.md` file. |
-| [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test v1.0](helm-chart-troubleshooting.md#contains-test-v10) | Checks that the Helm chart contains at least one test file. |
-| [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.0](helm-chart-troubleshooting.md#has-kubeversion-v10) | Checks that the `Chart.yaml` file of the Helm chart includes the `kubeVersion` field (v1.0) and is a valid semantic version (v1.1). |
-| [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | Checks that the Helm chart contains a JSON schema file (`values.schema.json`) to validate the `values.yaml` file in the chart. |
-| [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | Checks that the Helm chart does not include custom resource definitions (CRDs). |
-| [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | Checks that the Helm chart does not include Container Storage Interface (CSI) objects. |
-| [images-are-certified v1.1](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.1](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.0](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.0](helm-chart-troubleshooting.md#images-are-certified-v10) | Checks that the images referenced by the Helm chart are Red Hat-certified. |
-| [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | Checks that the chart is well formed by running the `helm lint` command. |
-| [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | Installs the chart and verifies it on a Red Hat OpenShift Container Platform cluster. |
-| [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values  v1.0](helm-chart-troubleshooting.md#contains-values-v10) | Checks that the Helm chart contains the `values`[¹](https://github.com/redhat-certification/chart-verifier/blob/main/docs/helm-chart-checks.md#-for-more-information-on-the-values-file-see-values-and-best-practices-for-using-values) file. |
-| [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | - | Checks that the Helm chart contains the annotation: ```charts.openshift.io/name```. |
-| [signature-is-valid v1.0](helm-chart-troubleshooting.md#signature-is-valid-v10) | [signature-is-valid v1.0](helm-chart-troubleshooting.md#signature-is-valid-v10) | - | - | Verifies a signed chart based on a provided public key. |
-| [has-notes v1.0](helm-chart-troubleshooting.md#has-notes-v10) | - | - | - | Checks that the Helm chart contains the `NOTES.txt` file in the templates directory. |
+| Profile v1.4| Profile v1.3 | Profile v1.2 | Profile v1.1 | Profile v1.0 | Description |
+|---|---|---|---|---|---|
+| [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | [is-helm-v3 v1.0](helm-chart-troubleshooting.md#is-helm-v3-v10) | Checks that the given `uri` points to a Helm v3 chart. |
+| [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | [has-readme v1.0](helm-chart-troubleshooting.md#has-readme-v10) | Checks that the Helm chart contains the `README.md` file. |
+| [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test V1.0](helm-chart-troubleshooting.md#contains-test-v10) | [contains-test v1.0](helm-chart-troubleshooting.md#contains-test-v10) | Checks that the Helm chart contains at least one test file. |
+| [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.1](helm-chart-troubleshooting.md#has-kubeversion-v11) | [has-kubeversion v1.0](helm-chart-troubleshooting.md#has-kubeversion-v10) | Checks that the `Chart.yaml` file of the Helm chart includes the `kubeVersion` field (v1.0) and is a valid semantic version (v1.1). |
+| [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | [contains-values-schema v1.0](helm-chart-troubleshooting.md#contains-values-schema-v10) | Checks that the Helm chart contains a JSON schema file (`values.schema.json`) to validate the `values.yaml` file in the chart. |
+| [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | [not-contains-crds v1.0](helm-chart-troubleshooting.md#not-contains-crds-v10) | Checks that the Helm chart does not include custom resource definitions (CRDs). |
+| [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | [not-contain-csi-objects v1.0](helm-chart-troubleshooting.md#not-contain-csi-objects-v10) | Checks that the Helm chart does not include Container Storage Interface (CSI) objects. |
+| [images-are-certified v1.1](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.1](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.1](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.0](helm-chart-troubleshooting.md#images-are-certified-v10) | [images-are-certified v1.0](helm-chart-troubleshooting.md#images-are-certified-v10) | Checks that the images referenced by the Helm chart are Red Hat-certified. |
+| [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | [helm-lint v1.0](helm-chart-troubleshooting.md#helm-lint-v10) | Checks that the chart is well formed by running the `helm lint` command. |
+| [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | [chart-testing v1.0](helm-chart-troubleshooting.md#chart-testing-v10) | Installs the chart and verifies it on a Red Hat OpenShift Container Platform cluster. |
+| [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values v1.0](helm-chart-troubleshooting.md#contains-values-v10) | [contains-values  v1.0](helm-chart-troubleshooting.md#contains-values-v10) | Checks that the Helm chart contains the `values`[¹](https://github.com/redhat-certification/chart-verifier/blob/main/docs/helm-chart-checks.md#-for-more-information-on-the-values-file-see-values-and-best-practices-for-using-values) file. |
+| [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | [required-annotations-present v1.0](helm-chart-troubleshooting.md#required-annotations-present-v10) | - | Checks that the Helm chart contains the annotation: ```charts.openshift.io/name```. |
+| [signature-is-valid v1.0](helm-chart-troubleshooting.md#signature-is-valid-v10) | [signature-is-valid v1.0](helm-chart-troubleshooting.md#signature-is-valid-v10) | [signature-is-valid v1.0](helm-chart-troubleshooting.md#signature-is-valid-v10) | - | - | Verifies a signed chart based on a provided public key. |
+| [has-notes v1.0](helm-chart-troubleshooting.md#has-notes-v10) | [has-notes v1.0](helm-chart-troubleshooting.md#has-notes-v10) | - | - | - | Checks that the Helm chart contains the `NOTES.txt` file in the templates directory. |
+| [cluster-is-not-eol v1.0](helm-chart-troubleshooting.md#cluster-is-not-eol-v10) | - | - | - | - | Checks that Helm chart was tested on a non EOL cluster. |
 #
 ###### ¹ For more information on the `values` file, see [`values`](https://helm.sh/docs/chart_template_guide/values_files/) and [Best Practices for using values](https://helm.sh/docs/chart_best_practices/values/).
 
@@ -319,7 +320,15 @@ A profile defines a set of checks to run and an indication of whether each check
   - The default is the same as the partner profile and is used if a specific one is not specified.
   - All checks are mandatory.
 
-Each profile also has a version and currently there are four profile versions: v1.0, v1.1, v1.2, and v1.3. The `developer-console` just has one profile version v1.0.
+Each profile also has a version and currently there are five profile versions: v1.0, v1.1, v1.2, v1.3 and v1.4. The `developer-console` just has one profile version v1.0.
+
+### Profile v1.4
+
+Compared to profile v1.3, adds a new check:
+
+| check                                                                           | partner | RedHat | community | default |
+|---------------------------------------------------------------------------------|---------|--------|-----------|---------
+| [cluster-is-not-eol v1.0](helm-chart-troubleshooting.md#cluster-is-not-eol-v10) | optional | optional | optional | optional
 
 ### Profile v1.3
 

diff --git a/docs/helm-chart-troubleshooting.md b/docs/helm-chart-troubleshooting.md
@@ -180,6 +180,10 @@ This check requires that the public key provided to the chart verifier is from a
 Requires a "NOTES.txt" file to exist in the templates directory of the chart. Any other spelling or
 capitialisation of letters will result in the check failing.
 
+### `cluster-is-not-eol` v1.0
+
+Requires that helm charts be tested on a non EOL cluster. It will fail if the lifecycle status of the cluster is EOL.
+
 ## Report related submission failures
 
 ### One or more mandatory checks have failed or are missing from the report.

diff --git a/internal/chartverifier/checks/charttesting.go b/internal/chartverifier/checks/charttesting.go
@@ -26,7 +26,7 @@ const (
 // Versioner provides OpenShift version
 type Versioner func(envSettings *cli.EnvSettings) (string, error)
 
-func getVersion(envSettings *cli.EnvSettings) (string, error) {
+func GetVersion(envSettings *cli.EnvSettings) (string, error) {
 	kubeConfig := tool.GetClientConfig(envSettings)
 	kubectl, err := tool.NewKubectl(kubeConfig)
 	if err != nil {
@@ -174,7 +174,7 @@ func ChartTesting(opts *CheckOptions) (Result, error) {
 		}
 	}
 
-	if versionError := setOCVersion(opts.AnnotationHolder, opts.HelmEnvSettings, getVersion); versionError != nil {
+	if versionError := setOCVersion(opts.AnnotationHolder, opts.HelmEnvSettings, GetVersion); versionError != nil {
 		if versionError != nil {
 			utils.LogWarning(fmt.Sprintf("End chart install and test check with version error: %v", versionError))
 		}

diff --git a/internal/chartverifier/checks/checks.go b/internal/chartverifier/checks/checks.go
@@ -64,6 +64,8 @@ const (
 	ImageCertified               = "Image is Red Hat certified"
 	ImageNotCertified            = "Image is not Red Hat certified"
 	ChartTestingSuccess          = "Chart tests have passed"
+	ClusterNotEOL                = "Chart tests ran on a non EOL cluster"
+	ClusterIsEOL                 = "Chart tests ran on an EOL cluster"
 	MetadataFailure              = "Empty metadata in chart"
 	RequiredAnnotationsSuccess   = "All required annotations present"
 	RequiredAnnotationsFailure   = "Missing required annotations"
@@ -553,3 +555,41 @@ func certifyImages(r Result, opts *CheckOptions, registry string) Result {
 
 	return r
 }
+
+func ClusterIsNotEOL(opt *CheckOptions) (Result, error) {
+	// Populating version client if not set
+	if opt.versionClient == nil {
+		opt.versionClient = GetVersion
+	}
+	// Populating lifecycle client if not set
+	if opt.lifecycleClient == nil {
+		lcd := LifecycleData{}
+		opt.lifecycleClient = lcd.GetLifecycleStatus
+	}
+	// Get version
+	version, err := opt.versionClient(opt.HelmEnvSettings)
+	if err != nil {
+		return Result{}, err
+	}
+	// Get lifecycle status for version
+	lifecycleStatus, err := opt.lifecycleClient(version)
+	if err != nil {
+		return Result{}, err
+	}
+
+	// Default to false
+	result := NewResult(false, ClusterIsEOL)
+
+	// Supported
+	if strings.Contains(lifecycleStatus, "Support") {
+		result.SetResult(true, ClusterNotEOL)
+		return result, nil
+	}
+	// End of life
+	if lifecycleStatus == "End of life" {
+		result.SetResult(false, ClusterIsEOL)
+		return result, nil
+	}
+
+	return result, nil
+}
diff --git a/internal/chartverifier/checks/checks_test.go b/internal/chartverifier/checks/checks_test.go
@@ -21,12 +21,11 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/redhat-certification/chart-verifier/internal/chartverifier/pyxis"
+	"github.com/redhat-certification/chart-verifier/internal/tool"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 	"helm.sh/helm/v3/pkg/cli"
-
-	"github.com/redhat-certification/chart-verifier/internal/chartverifier/pyxis"
-	"github.com/redhat-certification/chart-verifier/internal/tool"
 )
 
 func TestIsHelmV3(t *testing.T) {
@@ -290,6 +289,83 @@ func TestHasMinKubeVersion(t *testing.T) {
 	}
 }
 
+func GetVersionEOL(env *cli.EnvSettings) (string, error) {
+	return "4.11", nil
+}
+
+func GetVersionSupported(env *cli.EnvSettings) (string, error) {
+	return "4.17", nil
+}
+
+func GetVersionUnknown(env *cli.EnvSettings) (string, error) {
+	return "99", nil
+}
+
+func GetTestLifecycleStatus(clusterVersion string) (string, error) {
+	if clusterVersion == "4.11" {
+		return "End of life", nil
+	}
+	if clusterVersion == "4.17" {
+		return "Full Support", nil
+	}
+	return "Unknown", nil
+}
+
+func TestClusterIsNotEOL(t *testing.T) {
+	type testCase struct {
+		description     string
+		versionClient   Versioner
+		lifecycleClient LifecycleDataGetter
+	}
+
+	positiveTestCases := []testCase{
+		{
+			description:     "Cluster is not EOL",
+			versionClient:   GetVersionSupported,
+			lifecycleClient: GetTestLifecycleStatus,
+		},
+	}
+
+	for _, tc := range positiveTestCases {
+		t.Run(tc.description, func(t *testing.T) {
+			options := &CheckOptions{}
+			options.versionClient = tc.versionClient
+			options.lifecycleClient = tc.lifecycleClient
+			r, err := ClusterIsNotEOL(options)
+			require.NoError(t, err)
+			require.NotNil(t, r)
+			require.True(t, r.Ok)
+			require.Equal(t, ClusterNotEOL, r.Reason)
+		})
+	}
+
+	negativeTestCases := []testCase{
+		{
+			description:     "Cluster is EOL",
+			versionClient:   GetVersionEOL,
+			lifecycleClient: GetTestLifecycleStatus,
+		},
+		{
+			description:     "Cluster version is unknown",
+			versionClient:   GetVersionUnknown,
+			lifecycleClient: GetTestLifecycleStatus,
+		},
+	}
+
+	for _, tc := range negativeTestCases {
+		t.Run(tc.description, func(t *testing.T) {
+			options := &CheckOptions{}
+			options.versionClient = tc.versionClient
+			options.lifecycleClient = tc.lifecycleClient
+			r, err := ClusterIsNotEOL(options)
+			require.NoError(t, err)
+			require.NotNil(t, r)
+			require.False(t, r.Ok)
+			require.Equal(t, ClusterIsEOL, r.Reason)
+		})
+	}
+}
+
 func TestNotContainCRDs(t *testing.T) {
 	type testCase struct {
 		description string