Fail to fetch OCI private Helm registry

Hello, I ran into an issue using your plugin when dealing with OCI private helm registries.

Context

I want to add an ArgoCD application that pull a repo containing a helmfile.yaml.
Within this helmfile.yaml I got some OCI private repositories I need to authenticate first before being able to pull.

I tried a few things that are not working:

Add the OCI registry in ArgoCD
Connect to the OCI registry within the helmfile-plugin sidecar using helm registry login
Put HARBOR_USERNAME and HARBOR_PASSWORD environment variables in the ArgoCD application directly (as per helmfile documentation)

Problem

I got a 401 Unauthorized response when fetching a private helm repository.
It tries to connect as an anonymous user in order to pull the chart (Harbor logs).

Current solution

Make the OCI registry public solves the issue in the meantime, the app can be deployed without any issue.
This is not a long term solution for me because sometimes we host docker repositories along helm ones and these cannot be public.

Configuration

# helmfile.yaml (redacted)

repositories:
  - name: harbor
    url: my.harbor.com/repo2/helm
    oci: true

releases:
  - name: "chart2"
    chart: "harbor/chart2"
    version: "1.0.2-9aef758b"

Logs

time="2024-01-09T08:27:46Z" level=error msg="`argo-cd-helmfile.sh generate` failed exit status 1: helm version v3.13.3+gc8b9489\nhelmfile version 0.159.0\nstarting generate\nDecrypting secret /tmp/_cmp_server/23d488cc-ed46-4a4d-a435-634cd856a856/int/secrets.yaml\nPulling my.harbor.com/repo1/helm/chart1:v0.2.5\nPulling my.harbor.com/repo2/helm/chart2:1.0.2-9aef758b\nin ./helmfile.yaml: [release \"chart2\": command \"/usr/local/bin/helm\" exited with non-zero status:\n\nPATH:\n  /usr/local/bin/helm\n\nARGS:\n  0: /usr/local/bin/helm (19 bytes)\n  1: pull (4 bytes)\n  2: oci://my.harbor.com/repo2/helm/chart2 (46 bytes)\n  3: --version (9 bytes)\n  4: 1.0.2-9aef758b (14 bytes)\n  5: --destination (13 bytes)\n  6: /tmp/helmfile4217612109/chart2-int/repo2/chart2/1.0.2-9aef758b (57 bytes)\n  7: --untar (7 bytes)\n\nERROR:\n  exit status 1\n\nEXIT STATUS\n  1\n\nSTDERR:\n  Error: unexpected status from HEAD request to https://my.harbor.com/v2/repo2/helm/repo2/manifests/1.0.2-9aef758b: 401 Unauthorized\n\nCOMBINED OUTPUT:\n  Error: unexpected status from HEAD request to https://my.harbor.com/v2/repo2/helm/repo2/manifests/1.0.2-9aef758b: 401 Unauthorized]" execID=fe3c4

time="2024-01-09T08:27:46Z" level=error msg="finished streaming call with code Unknown" error="error generating manifests: `argo-cd-helmfile.sh generate` failed exit status 1: helm version v3.13.3+gc8b9489\nhelmfile version 0.159.0\nstarting generate\nDecrypting secret /tmp/_cmp_server/23d488cc-ed46-4a4d-a435-634cd856a856/int/secrets.yaml\nPulling my.harbor.com/repo1/helm/chart1:v0.2.5\nPulling my.harbor.com/repo2/helm/chart2:1.0.2-9aef758b\nin ./helmfile.yaml: [release \"chart2\": command \"/usr/local/bin/helm\" exited with non-zero status:\n\nPATH:\n  /usr/local/bin/helm\n\nARGS:\n  0: /usr/local/bin/helm (19 bytes)\n  1: pull (4 bytes)\n  2: oci://my.harbor.com/repo2/helm/chart2 (46 bytes)\n  3: --version (9 bytes)\n  4: 1.0.2-9aef758b (14 bytes)\n  5: --destination (13 bytes)\n  6: /tmp/helmfile4217612109/chart2-int/repo2/chart2/1.0.2-9aef758b (57 bytes)\n  7: --untar (7 bytes)\n\nERROR:\n  exit status 1\n\nEXIT STATUS\n  1\n\nSTDERR:\n  Error: unexpected status from HEAD request to https://my.harbor.com/v2/repo2/helm/repo2/manifests/1.0.2-9aef758b: 401 Unauthorized\n\nCOMBINED OUTPUT:\n  Error: unexpected status from HEAD request to https://my.harbor.com/v2/repo2/helm/repo2/manifests/1.0.2-9aef758b: 401 Unauthorized]" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=plugin.ConfigManagementPluginService grpc.start_time="2024-01-09T08:27:40Z" grpc.time_ms=5794.475 span.kind=server system=grpc

Thanks for your awesome work on this plugin !

PS: If we cannot use private helm repos using this plugin, imo it should be stated in the README.md.

travisghansen / argo-cd-helmfile