fix yq version and filter the charts for patching

Author: sghosh23

default.nix

@@ -64,7 +64,7 @@ rec {
       skopeo
       sops
       opentofu
-      yq
+      yq-go  # Use yq-go (v4+) explicitly instead of python-yq for consistent YAML processing
       create-container-dump
       list-helm-containers
       mirror-apt-jammy

nix/scripts/list-helm-containers.sh

@@ -11,6 +11,12 @@ VALUES_DIR=""
 HELM_IMAGE_TREE_FILE=""
 VALUES_TYPE=""
 
+# Extract images using yq-go (v4+) syntax
+# Note: This requires yq-go to be in PATH (see default.nix)
+extract_images() {
+  yq eval '.. | select(has("image")) | .image' "$1" 2>/dev/null || true
+}
+
 # Parse the arguments
 for arg in "$@"
 do
@@ -96,12 +102,24 @@ while IFS= read -r chart; do
     secrets_file="${VALUES_DIR}/$(basename "${chart}")/demo-secrets.example.yaml"
   fi
 
-  raw_images=$(helm template "${chart}" \
+  # Separate helm stderr from stdout to avoid yq parsing errors
+  # Save helm output to temp file to capture exit code
+  temp_helm_output=$(mktemp)
+  helm template "${chart}" \
     $( [[ -n "$values_file" ]] && echo "-f $values_file" ) \
     $( [[ -n "$secrets_file" ]] && echo "-f $secrets_file" ) \
-    2>&1 | yq -r '..|.image?' | grep -v "^null$" | grep -v "^---$" | grep -v "^$" || true)
+    > "$temp_helm_output" 2>&1
 
   helm_exit_code=$?
+
+  # Extract images using version-appropriate yq syntax
+  if [[ $helm_exit_code -eq 0 ]]; then
+    raw_images=$(extract_images "$temp_helm_output" | grep -v "^null$" | grep -v "^---$" | grep -v "^$" || true)
+  else
+    raw_images=""
+  fi
+
+  rm -f "$temp_helm_output"
   set -e  # Re-enable exit on error
 
   if [[ $helm_exit_code -ne 0 ]]; then

offline/tasks/patch-chart-images.sh

@@ -11,10 +11,44 @@ if [[ -z "$CHARTS_DIR" ]]; then
     exit 1
 fi
 
+# Charts maintained by Wire (should not contain bitnami refs)
+# These charts are excluded from patching to avoid masking potential issues
+PATCH_EXCLUDE_LIST=(
+  "wire-server"
+  "wire-server-enterprise"
+  "backoffice"
+  "ldap-scim-bridge"
+  "account-pages"
+  "webapp"
+  "team-settings"
+  "sftd"
+  "calling-test"
+  "migrate-features"
+  "wire-utility"
+  "fake-aws"
+  "fake-aws-s3"
+  "fake-aws-sqs"
+  "demo-smtp"
+  "inbucket"
+)
+
 echo "Patching bitnami repository references in: $CHARTS_DIR"
+echo "Excluded charts: ${PATCH_EXCLUDE_LIST[*]}"
 
 patched_count=0
 file_count=0
+skipped_count=0
+
+# Function to check if chart should be excluded from patching
+is_excluded_chart() {
+    local chart_name="$1"
+    for excluded in "${PATCH_EXCLUDE_LIST[@]}"; do
+        if [[ "$chart_name" == "$excluded" ]]; then
+            return 0  # true - chart is excluded
+        fi
+    done
+    return 1  # false - chart should be patched
+}
 
 # Function to patch a single file
 patch_file() {
@@ -31,6 +65,12 @@ patch_file() {
         chart_name="unknown"
     fi
 
+    # Check if this chart should be excluded from patching
+    if is_excluded_chart "$chart_name"; then
+        rm "$temp_file"
+        return 2  # Special return code for skipped charts
+    fi
+
     # Apply sed replacements for various image reference patterns
     sed -e 's|repository: bitnami/|repository: bitnamilegacy/|g' \
         -e 's|repository: docker\.io/bitnami/|repository: docker.io/bitnamilegacy/|g' \
@@ -73,31 +113,45 @@ echo "Scanning and patching files..."
 # Process values.yaml files
 while IFS= read -r -d '' file; do
     file_count=$((file_count + 1))
-    if patch_file "$file"; then
+    patch_file "$file"
+    rc=$?
+    if [[ $rc -eq 0 ]]; then
         patched_count=$((patched_count + 1))
+    elif [[ $rc -eq 2 ]]; then
+        skipped_count=$((skipped_count + 1))
     fi
 done < <(find "$CHARTS_DIR" -name "values.yaml" -print0)
 
 # Process Chart.yaml files
 while IFS= read -r -d '' file; do
     file_count=$((file_count + 1))
-    if patch_file "$file"; then
+    patch_file "$file"
+    rc=$?
+    if [[ $rc -eq 0 ]]; then
         patched_count=$((patched_count + 1))
+    elif [[ $rc -eq 2 ]]; then
+        skipped_count=$((skipped_count + 1))
     fi
 done < <(find "$CHARTS_DIR" -name "Chart.yaml" -print0)
 
 # Process template files (for direct image references)
 while IFS= read -r -d '' file; do
     file_count=$((file_count + 1))
-    if patch_file "$file"; then
+    patch_file "$file"
+    rc=$?
+    if [[ $rc -eq 0 ]]; then
         patched_count=$((patched_count + 1))
+    elif [[ $rc -eq 2 ]]; then
+        skipped_count=$((skipped_count + 1))
     fi
 done < <(find "$CHARTS_DIR" -path "*/templates/*.yaml" -print0)
 
 echo
 echo "=== Patching Summary ==="
 echo "Files processed: $file_count"
+echo "Files skipped (excluded charts): $skipped_count"
 echo "Files modified: $patched_count"
+echo "Files unchanged: $((file_count - skipped_count - patched_count))"
 
 if [[ $patched_count -gt 0 ]]; then
     echo