Release v0.19.0

[stacklokbot]

Release v0.19.0

Version Bump

minor release

Files Updated

• VERSION
• deploy/charts/operator-crds/Chart.yaml (path: version)
• deploy/charts/operator-crds/Chart.yaml (path: appVersion)
• deploy/charts/operator/Chart.yaml (path: version)
• deploy/charts/operator/Chart.yaml (path: appVersion)
• deploy/charts/operator/values.yaml (path: operator.image)
• deploy/charts/operator/values.yaml (path: operator.toolhiveRunnerImage)
• deploy/charts/operator/values.yaml (path: operator.vmcpImage)
• Helm chart docs (via helm-docs)

Next Steps

1. Review this PR
2. Merge to main
3. Release automation will handle the rest

Checklist

• Version bump is correct
• All CI checks pass

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.93%. Comparing base (e2927e4) to head (625c5f5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4772   +/-   ##
=======================================
  Coverage   68.93%   68.93%           
=======================================
  Files         517      517           
  Lines       54635    54635           
=======================================
+ Hits        37662    37665    +3     
+ Misses      14089    14084    -5     
- Partials     2884     2886    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

The inline comment covers the details, but merging this as-is will cause OpenShift users following the documented install path to silently deploy v0.15.0 images — please update values-openshift.yaml before merging.

Extended reasoning...

Overview

This is a standard release PR bumping ToolHive from v0.18.0 to v0.19.0. It updates VERSION, Chart.yaml versions/appVersions for both operator and operator-crds charts, image tags in values.yaml, and regenerated README docs via helm-docs. Six files are touched, all mechanical version bumps.

Bug: values-openshift.yaml not updated

The file deploy/charts/operator/values-openshift.yaml exists in the repo and pins image tags to v0.15.0. This PR's release automation did not include it in the files-to-update list. The README documents an OpenShift install path using --values values-openshift.yaml, and Helm's merge semantics mean those override values will shadow the correctly-updated defaults from values.yaml. This is a real, user-facing regression for OpenShift deployments.

Security risks

No security-sensitive code is touched. This is purely a version bump / release PR.

Level of scrutiny

Release PRs are normally low-risk and mechanical, but this one has a confirmed bug affecting a documented install path for a specific platform (OpenShift). The fix is straightforward (update three image tags and add the file to the release workflow's version_files list), but it needs to be made before merging.

Other factors

No prior reviews from me on this PR. The bug is well-evidenced by reading the file directly — values-openshift.yaml lines 29, 34, 37 still show v0.15.0.

[claude]

🔴 The file deploy/charts/operator/values-openshift.yaml was not updated by this release PR and still contains hardcoded image tags pinned at v0.15.0 (operator, proxyrunner, and vmcp). Users deploying on OpenShift following the documented workflow with --values values-openshift.yaml will have these stale tags override the v0.19.0 defaults from values.yaml, causing them to run images that are 4 minor versions behind. Two fixes are needed: (1) update values-openshift.yaml image tags to v0.19.0 in this PR, and (2) add values-openshift.yaml to the version_files list in .github/workflows/create-release-pr.yml so it is automatically updated in future releases.

Extended reasoning...

Bug: values-openshift.yaml image tags stuck at v0.15.0

What the bug is and how it manifests

The file deploy/charts/operator/values-openshift.yaml was introduced in PR #4713 (approximately 4 days before this release) and contains hardcoded image tags for three images: operator, proxyrunner, and vmcp. These tags are pinned at v0.15.0 and were not updated in this release PR. Meanwhile, deploy/charts/operator/values.yaml (the file that was updated) now correctly specifies v0.19.0 for all three images.

The specific code path that triggers it

The README.md for the operator chart explicitly documents using --values values-openshift.yaml when deploying on OpenShift:

helm upgrade -i toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --create-namespace --values values-openshift.yaml

When Helm merges values, values passed via --values override the chart's defaults. So the three image fields in values-openshift.yaml (operator.image, operator.toolhiveRunnerImage, operator.vmcpImage) will override the correctly updated values.yaml defaults, resulting in v0.15.0 images being deployed.

Why existing code doesn't prevent it

The release automation workflow .github/workflows/create-release-pr.yml only lists deploy/charts/operator/values.yaml in its version_files update targets. The values-openshift.yaml file was added to the repo after the workflow was last updated, so it was never included. This PR does not manually update values-openshift.yaml either, meaning the file is silently left behind at the old version.

Impact

Any OpenShift user who follows the documented installation instructions will deploy v0.15.0 images instead of v0.19.0, skipping 4 minor releases worth of changes. The operator, runner, and vMCP components will all be at the wrong version. This is a silent regression — the helm upgrade command will succeed without error but run stale images.

Step-by-step proof

1. User runs the documented command: helm upgrade -i toolhive-operator oci://... --values values-openshift.yaml
2. Helm loads chart defaults from values.yaml: operator.image: ghcr.io/stacklok/toolhive/operator:v0.19.0
3. Helm merges values-openshift.yaml on top, which contains: operator.image: ghcr.io/stacklok/toolhive/operator:v0.15.0
4. The merged value is v0.15.0 — the override wins.
5. Kubernetes pulls and runs operator:v0.15.0, proxyrunner:v0.15.0, and vmcp:v0.15.0 instead of v0.19.0.

How to fix

1. In this PR: update the three image tags in deploy/charts/operator/values-openshift.yaml from v0.15.0 to v0.19.0.
2. For future releases: add deploy/charts/operator/values-openshift.yaml to the version_files list in .github/workflows/create-release-pr.yml alongside the existing values.yaml entries (lines 88, 91, 94).