From d8c388581dcb72a37bf815b5c03d20dd7745a3d4 Mon Sep 17 00:00:00 2001 From: jp-ayyappan Date: Thu, 11 Jun 2026 12:46:12 -0400 Subject: [PATCH 1/2] ci(platform): add helm-docs freshness check to lint workflow After chart-testing lint passes, run helm-docs and fail the PR if any README.md is stale with respect to values.yaml. The check is gated on list-changed so it only runs when chart files are modified. Installs helm-docs 1.14.2 from the official GitHub release. Co-Authored-By: Claude Sonnet 4.6 (1M context) --- .github/workflows/lint.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 9cf18397..5107ad66 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -49,3 +49,26 @@ jobs: - name: Run chart-testing (lint) if: steps.list-changed.outputs.changed == 'true' run: ls -la && ct lint --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }} --lint-conf ./.lintconf.yaml + + - name: Install helm-docs + if: steps.list-changed.outputs.changed == 'true' + env: + HELM_DOCS_VERSION: '1.14.2' + run: | + curl -sSLO "https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" + tar -xzf "helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" -C /tmp helm-docs + rm "helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" + + - name: Run helm-docs + if: steps.list-changed.outputs.changed == 'true' + run: /tmp/helm-docs + + - name: Fail if docs are not up-to-date + if: steps.list-changed.outputs.changed == 'true' + run: | + if ! git diff --quiet; then + echo "::error::Helm docs are not up-to-date. Run 'helm-docs' locally and commit the changes." + git diff --stat + git diff + exit 1 + fi From d1bd649e0af7b0e0d7a0412c64761df98b029556 Mon Sep 17 00:00:00 2001 From: jp-ayyappan Date: Thu, 11 Jun 2026 12:54:15 -0400 Subject: [PATCH 2/2] ci(platform): address review comments on helm-docs lint step - Pin helm-docs to v1.13.1 to match .pre-commit-config.yaml so local pre-commit and CI produce identical output - Add SHA256 checksum verification for the helm-docs tarball, matching the pattern used for Helm itself (lines 22-25) - Pass --chart-search-root=charts to match pre-commit args - Scope git diff check to 'charts/*/README.md' to avoid false positives from unrelated file changes Co-Authored-By: Claude Sonnet 4.6 (1M context) --- .github/workflows/lint.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5107ad66..9bb9a931 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -53,22 +53,26 @@ jobs: - name: Install helm-docs if: steps.list-changed.outputs.changed == 'true' env: - HELM_DOCS_VERSION: '1.14.2' + # Keep in sync with .pre-commit-config.yaml + HELM_DOCS_VERSION: '1.13.1' + HELM_DOCS_SHA256: 'df8d803506933ceb92bc2996d8a432059a35fc19a308ac37a141971ffdf7aa33' run: | curl -sSLO "https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" + echo "${HELM_DOCS_SHA256} helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" | sha256sum -c --quiet --strict tar -xzf "helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" -C /tmp helm-docs rm "helm-docs_${HELM_DOCS_VERSION}_Linux_x86_64.tar.gz" - name: Run helm-docs if: steps.list-changed.outputs.changed == 'true' - run: /tmp/helm-docs + # --chart-search-root=charts matches .pre-commit-config.yaml so local and CI behaviour are identical + run: /tmp/helm-docs --chart-search-root=charts - name: Fail if docs are not up-to-date if: steps.list-changed.outputs.changed == 'true' run: | - if ! git diff --quiet; then + if ! git diff --quiet -- 'charts/*/README.md'; then echo "::error::Helm docs are not up-to-date. Run 'helm-docs' locally and commit the changes." - git diff --stat - git diff + git diff --stat -- 'charts/*/README.md' + git diff -- 'charts/*/README.md' exit 1 fi