✨ Add support for deploying OCI helm charts in OLM v1

[OchiengEd]

• added support for deploying OCI helm charts which sits behind the HelmChartSupport feature gate
• extend the Cache Store() method to allow storing of Helm charts alongside OCI images
• inspect chart archive contents for chart contents

Description

This pull request aims to add logic to OLM v1 for handling OCI Helm chart support. We expect more work to go into this feature as further discussion on this occurs on issue #962 and the Arbitrary Configuration RFC which may inform how values.yml would be passed to Helm charts.

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	f33fe5c
🔍 Latest deploy log	https://app.netlify.com/projects/olmv1/deploys/6840ac10cd529d00084bcd8e
😎 Deploy Preview	https://deploy-preview-1971--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign thetechnick for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Attention: Patch coverage is 69.71429% with 53 lines in your changes missing coverage. Please review.

Project coverage is 69.17%. Comparing base (8f81c23) to head (f33fe5c).

Files with missing lines	Patch %	Lines
internal/shared/util/image/helm.go	75.75%	21 Missing and 11 partials ⚠️
internal/shared/util/image/cache.go	60.00%	8 Missing and 4 partials ⚠️
internal/operator-controller/applier/helm.go	0.00%	8 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1971      +/-   ##
==========================================
- Coverage   69.17%   69.17%   -0.01%     
==========================================
  Files          79       80       +1     
  Lines        7037     7208     +171     
==========================================
+ Hits         4868     4986     +118     
- Misses       1887     1924      +37     
- Partials      282      298      +16     

Flag	Coverage Δ
e2e	41.77% <3.42%> (-1.23%)	⬇️
unit	60.28% <69.71%> (+0.22%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joelanford]

This tells me that our cache Store interface method is too specific. We need to make that generic enough to accommodate registry+v1 bundles and OCI helm charts as a first step, and rebase the feature-gated helm support on top.

[OchiengEd]

Making the Cache interface generic enough to be able to store both Helm charts and OCI images is inevitable. Will be looking at that at some point

[OchiengEd]

This is should be resolved. As can be seen in the code block below specifically on line 72, we are no longer using the StoreChart() method.

operator-controller/internal/shared/util/image/helm.go

Lines 35 to 73 in 059008d

	func pullChart(ctx context.Context, ownerID string, srcRef reference.Named, canonicalRef reference.Canonical, imgSrc types.ImageSource, imgRef types.ImageReference, cache Cache) (fs.FS, time.Time, error) {
	imgDigest := canonicalRef.Digest()
	raw, _, err := imgSrc.GetManifest(ctx, &imgDigest)
	if err != nil {
	return nil, time.Time{}, fmt.Errorf("get OCI helm chart manifest; %w", err)
	}
	chartManifest := ocispecv1.Manifest{}
	if err := json.Unmarshal(raw, &chartManifest); err != nil {
	return nil, time.Time{}, fmt.Errorf("unmarshaling chart manifest; %w", err)
	}
	if len(chartManifest.Layers) == 0 {
	return nil, time.Time{}, fmt.Errorf("manifest has no layers; expected at least one chart layer")
	}
	layerIter := iter.Seq[LayerData](func(yield func(LayerData) bool) {
	for i, layer := range chartManifest.Layers {
	ld := LayerData{Index: i, MediaType: layer.MediaType}
	if layer.MediaType == registry.ChartLayerMediaType {
	var contents []byte
	contents, ld.Err = os.ReadFile(filepath.Join(
	imgRef.PolicyConfigurationIdentity(), "blobs",
	"sha256", chartManifest.Layers[i].Digest.Encoded()),
	)
	ld.Reader = bytes.NewBuffer(contents)
	}
	// Ignore the Helm provenance data layer
	if layer.MediaType == registry.ProvLayerMediaType {
	continue
	}
	if !yield(ld) {
	return
	}
	}
	})
	return cache.Store(ctx, ownerID, srcRef, canonicalRef, ocispecv1.Image{}, layerIter)
	}

[camilamacedo86]

OH. Great work 🥇

[OchiengEd]

When pulling a Helm chart with a provenance file, at this time we have chosen to skip pulling the layer to the cache filesystem since we have no logic in place at this time to verify the chart integrity.

operator-controller/internal/shared/util/image/helm.go

Lines 62 to 65 in 059008d

	// Ignore the Helm provenance data layer
	if layer.MediaType == registry.ProvLayerMediaType {
	continue
	}