Reproducible chart dependency archives

[MOZGIII]

Currently (as of 3.3.4), helm dependency build doesn't produce reproducible .tgz archives at charts/ dir.

We're using file:// only dependencies, and expect two runs of the helm dependency build to generate the same charts/*.tgz files, however the sha256 sums are different.

This prevents us from using git lfs to store the charts/*.tgz dir.

[bacongobbler]

This may be a symptom of #3612 as helm dependency build calls the same APIs as helm package to package the file::// dependencies.

[MOZGIII]

Sounds very much like it.

I'm thinking about a workaround - if we copy-over/symlink the contents of the file:// dependencies to charts/, unarchived - this should allow us to both omit the lfs and work around this issue.

Does this sound like a good idea? Any hidden issues with this approach?

[mattfarina]

If someone wants to fix this issue... we would be happy to look at it.

[bacongobbler]

I'm thinking about a workaround - if we copy-over/symlink the contents of the file:// dependencies to charts/, unarchived - this should allow us to both omit the lfs and work around this issue.

Does this sound like a good idea? Any hidden issues with this approach?

I don't see any issues with that approach. The charts do not have to be in archived form to be used. Let us know what you find out.

Closing this issue as a duplicate of #3612, as the symptoms and the solution is identical.