OCI Specify Digest in Version Parameter

[Ka0o0]

Hi,

I was wondering what your thoughts towards specifying the digest for an OCI Chart is. It would be useful in cases where you want to be sure that a very specific Chart is used, e.g. in cases where you want to perform a rollback.

A suggestion has already been made here. Currently, there is a strong need to have the Chart version match the OCI tag and I think that this can still stay valid. My suggestion would be to add an optional --digest parameter to all commands that download the remote OCI manifest. The digest will be added to the final download tag, e.g. helm install ... oci://registry.com/chart --version 1.0.0 --digest sha256:1f2d257aacc56f95650049a2c077790e37365ddff9ad2370ab153a310baa90a1 yields a full reference of registry.com/test:1.0.0@sha256:1f2d257aacc56f95650049a2c077790e37365ddff9ad2370ab153a310baa90a1.

[jdolitsky]

@Ka0o0 - I think its a great idea, and something people have been asking for

[github-actions[bot]]

This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs.

[marccampbell]

@jdolitsky based on the current OCI implementation (helm install oci://... --version x.y.z), would the preferred solution here be to implement a --digest flag instead of the @sha:... notation you linked to?

This is a feature that I'd love to see in a future version of Helm with OCI, and would be up for creating this PR.

[jdolitsky]

Hey @marccampbell - please see https://github.com/helm/helm/pull/10799

[github-actions[bot]]

This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs.

[yxxhero]

ping