ci: re-enable in-process Helm render in validate (revert --skip-helm-render)#2273
ci: re-enable in-process Helm render in validate (revert --skip-helm-render)#2273devantler wants to merge 5 commits into
Conversation
…render) Removes the --skip-helm-render workaround added in #2270 and restores full in-process rendering for `ksail workload validate`, so the actually-applied manifests are validated again. The non-determinism that forced the workaround was a buffer-aliasing data race in kubeconform's resource.FromStream (ksail#5362), fixed upstream in yannh/kubeconform#363 — not the Helm render itself. Merge only after ksail's kubeconform dependency is bumped to include that fix, or validate goes flaky again. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
📝 WalkthroughWalkthroughThe CI workflow’s manifest validation job removes ChangesCI Manifest Validation Update
Estimated code review effort: 1 (Trivial) | ~3 minutes Possibly related issues
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Why this PR's CI is red (documented so the failure is explained, per the open-PR hygiene sweep): This PR re-enables the in-process Helm render — which re-exposes the kubeconform#363
Re-running is a coin flip, not a fix. The root-cause fix is upstream (yannh/kubeconform#363, fix PR submitted); a ksail-side Side-observation from the render log: the in-process render also surfaces the |
Updated diagnosis (518th-run sweep): this revert is now blocked by two things, not just the kubeconform race —
Next actionable step for this PR: add the #2359-style schema-valid filler to the local actual-budget values (can ride in this branch — it only affects the render-enabled validation path), then wait out (1). |
Correction to yesterday's re-diagnosis — deeper local repro (6× The sole real blocker is the known kubeconform YAML-corruption race (kubeconform#363), and on this branch it consistently bites the largest rendered document — (Separately, making the base's schema-satisfaction offline-resolvable — I've re-run the failed check; expect ~coin-flip greens until the upstream fix lands. |
Status note on the promotion: this revert stays red by design until the root cause ships — the |
@coderabbitai review |
|
✅ Action performedReview finished.
|
|
@coderabbitai review |
✅ Action performedReview finished.
|
Why
We temporarily reduced manifest validation (#2270) to dodge a third-party tool bug; running with less validation means mistakes could reach the cluster unseen.
What
Restores full validation, staged so it can merge the moment the tool's fix ships.