refactor(helm): extract metricsPort/healthPort helpers#504
Merged
Conversation
7 tasks
trilamsr
added a commit
that referenced
this pull request
Jun 3, 2026
## Summary Bumps the Go toolchain pin from **1.26.3 -> 1.26.4** to pick up the stdlib fix for [GO-2026-5037](https://pkg.go.dev/vuln/GO-2026-5037) (`crypto/x509.HostnameError.Error`), which `govulncheck` flags via `tools/pyspy-lint/main.go:106:14` (reachable through `fmt.Fprintln` on an error path). This was failing the `verify-static` job on every recent PR. ## Root cause `crypto/x509.HostnameError.Error` shipped vulnerable in Go 1.26.3. Patched in Go 1.26.4. There is no in-repo workaround — the call site in `tools/pyspy-lint` is legitimate error formatting; the only correct fix is bumping the toolchain pin. Confirmed locally: ``` $ govulncheck ./tools/pyspy-lint/... # with GOTOOLCHAIN=go1.26.4 No vulnerabilities found. ``` ## Files touched (5) - `go.mod` — `go 1.26.3` -> `go 1.26.4` - `go.work` — `go 1.26.3` -> `go 1.26.4` (+ updated header comments) - `.go-version` — `1.26.3` -> `1.26.4` (drives `actions/setup-go` via `go-version-file`) - `install/kubernetes/tracecore/Dockerfile` — base image bumped to `golang:1.26.4-alpine` with refreshed sha256 digest (`f23e8b22…2a17f`, fetched via `crane digest`) - `docs/SUPPORT-MATRIX.md` — Go-toolchain row updated to `1.26.4` `module/go.mod` is intentionally untouched — it pins `go 1.22.0` to track the OTel collector v0.110.0 OCB-distribution baseline (see existing comment), and the workspace `go` directive (`1.26.4`) remains `>=` the member-module floor (`1.22.0`), so workspace mode is unaffected. ## Test plan - [x] `govulncheck ./tools/pyspy-lint/...` -> No vulnerabilities found - [x] `go build ./...` (root, GOTOOLCHAIN=go1.26.4) -> clean - [x] `go test ./tools/... ./internal/...` -> all green (incl. `tools/pyspy-lint`, the file containing the flagged call site) - [x] `module/` `go test ./...` -> matches `main` (one pre-existing failure in `processor/patterndetectorprocessor` `TestPatternDetector_NegativeFixturesEmitNoVerdicts/synthetic-2026-06-multi-rank-disk-pressure`, reproducible on `main` at the same SHA — unrelated to this bump, out-of-scope here) - [x] `make lint` -> 0 issues - [ ] CI `verify-static` job passes (the gate this PR exists to fix) - [ ] CI `build` / kind install bench builds against new pinned-digest golang base image ## Unblocks Should clear `verify-static` for PRs #504, #505, #507 (and #506 once its own `action.yml` fix lands). ```release-notes chore: bump Go toolchain pin to 1.26.4 to pick up the stdlib fix for GO-2026-5037 (crypto/x509.HostnameError.Error). No behavior change. ``` Signed-off-by: Tri Lam <tree@lumalabs.ai>
9761d8c to
2782d79
Compare
Replace 7 inline regexReplaceAll callsites with named templates tracecore.metricsPort and tracecore.healthPort. Single point of parsing for telemetry.metricsListen / telemetry.healthListen, so a future schema change (e.g. uri:// prefix, IPv6 brackets) touches one helper instead of five manifests. Render is byte-identical across default values, all-features-enabled, and all three ci/ value files. helm lint green. Signed-off-by: Tri Lam <tree@lumalabs.ai>
2782d79 to
4a3bcd4
Compare
5 tasks
trilamsr
added a commit
that referenced
this pull request
Jun 3, 2026
## Summary Wave 2 PR-B per Lane H followups-dir recon. Two doc-only edits trim ~643 net LoC of stale carry-forward backlog from `docs/followups/`: 1. **`M13.md` stubbed** (446 → 13 lines, -433). Pyspy receiver work is DEFERRED to v0.4.0+ per [#222](#222) (`external-clock` label) and RFC-0009. The receiver still ships in `components/receivers/pyspy/`, but the carry-forward queue is paused. File kept in place as a load-bearing marker — sibling issue #335 tracks re-evaluation preconditions. 2. **`M8.md` DCGM section removed** (318 → 108 lines, -210). RFC-0013 §7 STRIKE'd the in-tree DCGM receiver in favor of `dcgm-exporter` + `prometheusreceiver` in the bundled recipe; the cgo stub never shipped real code. All DCGM-specific bullets (`pkg/dcgm`, `client_cgo`, `kindWatch`/`kindMIG`, AST resolver, libdcgm SIGSEGV subprocess, `dcgm_info` join-target, `pkg/vendorsdk-template`, perf-gate, HARDWARE-TESTING shipped marker) are gone. Surviving items: `tracecore debug dump` `[AUDIT]`, `validate --explain` closed marker, prometheus-alerts federation labels `[KEEP]`, grafana-dashboard per receiver `[KEEP]`, OTel `hw.*` semconv upstream PR `[UPSTREAM]`, build-tags CI closed marker, M8↔M9 Option-pattern consistency review `[AUDIT]`. `M3.md` and `M15.md` strikethrough sweep was a no-op — `rg '^~~'` returned zero matches in both files (the spec's "if 5+ matches, collapse" predicate did not fire). ## Pre-flight grep `rg DCGM docs/` cross-confirmed no inbound anchor refs into the deleted M8 bullets — DCGM mentions in `MILESTONES.md`, `v1-rc1-cut-criteria.md`, `FOLLOWUPS.md`, etc. are about the milestone definitions and the RFC-0013 strike table, not specific M8 line anchors. `M11.md` already documents that DCGM lives under M8 and is `[STRIKE]` per RFC-0013 §7 — that pointer remains valid. ## LoC delta - Net delete: **643 lines** (701 deletions − 58 insertions). - M13.md: -433. M8.md: -210. ## Conflict check Different files than Wave 2 PR-A (`docs/v1-rc1-*`), Lane F (`module/**/*.go`), and #504/#506. No overlap with any in-flight PR touching `docs/followups/`. ## Test plan - [x] `git diff --stat` confirms 2 files, 58 insertions, 701 deletions - [x] `wc -l docs/followups/M13.md` = 13 lines (target ≤25) - [x] `grep -ic dcgm docs/followups/M8.md` = 6 (down from 32) - [x] Pre-commit hooks pass (golangci-lint, go vet, attribute-namespace-check) - [x] DCO sign-off present ```release-notes NONE ``` Signed-off-by: Tri Lam <tree@lumalabs.ai>
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extract two named templates —
tracecore.metricsPortandtracecore.healthPort— fromtemplates/_helpers.tpl, and route the 7 inlineregexReplaceAll ".*:" .Values.telemetry.*Listen ""callsites through them.Why: listener-string parsing was duplicated across 5 manifests. A future schema change (uri:// prefix, IPv6 brackets, default-port fallback) now touches one helper instead of fanning out across
daemonset.yaml,service.yaml,servicemonitor.yaml,networkpolicy.yaml. Each callsite shrinks from a 60-char Sprig invocation to a namedinclude.No behavior change. Helm render is byte-identical across:
--set telemetry.enabled=true --set serviceMonitor.enabled=true --set networkPolicy.enabled=true --set prometheusScrape.enabled=trueinstall/kubernetes/tracecore/ci/*.yamlvalue filesDiff shape
After:
grep -rn 'regexReplaceAll' install/kubernetes/tracecore/templates/returns only the two helper bodies (zero inline callsites).Test plan
helm lint install/kubernetes/tracecore— clean (only the pre-existing icon-recommended INFO).diff -u <pre> <post>on default render — identical.diff -u <pre> <post>on all-features-enabled render — identical.diff -qacross all threeci/value-file renders — identical.