Skip to content

Fix nil pointer crash when updating OCI chart dependencies #1726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix nil pointer crash when updating OCI chart dependencies #1726

wants to merge 1 commit into from

Conversation

@efoncubierta
Copy link

@efoncubierta efoncubierta commented Nov 24, 2025
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

No changes to security controls. This fix only adds the already-configured RegistryClient to the downloader Manager, enabling existing authentication to work correctly.

Description

When dependency_update is enabled and chart dependencies use OCI registries, the downloader.Manager was created without the RegistryClient field set. This caused a nil pointer dereference when the downloader tried to resolve version constraints (such as ~1.0.0) that require listing tags from the registry.

The fix adds RegistryClient to the Manager initialization in both:

  • resource_helm_release.go
  • data_helm_template.go

This allows the downloader to properly authenticate and communicate with OCI registries when fetching chart dependencies.

Error before the fix:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x78 pc=0x1f6c4c6]

goroutine 83 [running]:
helm.sh/helm/v3/pkg/registry.(*Client).Tags(0x0, ...)
    helm.sh/helm/v3@v3.18.4/pkg/registry/client.go:848 +0x1a6
helm.sh/helm/v3/internal/resolver.(*Resolver).Resolve(...)
    helm.sh/helm/v3@v3.18.4/internal/resolver/resolver.go:152 +0x59d
helm.sh/helm/v3/pkg/downloader.(*Manager).Update(...)

Acceptance tests

  • Tested manually with OCI registry (GitLab Container Registry)
  • Chart dependencies with version constraints ~1.0.0 and >=1.0.0 <2.0.0
  • Provider configured with registries block for authentication (oci://registry.gitlab.com)
  • Set dependency_update = true in helm_release resource
  • Previously crashed with nil pointer, now successfully downloads dependencies

Release Note

Release note for CHANGELOG:

Fix nil pointer dereference crash when downloading OCI chart dependencies with dependency_update enabled

References

This issue affects users who:

  • Use OCI registries for Helm charts (e.g., oci://registry.gitlab.com)
  • Have dependency_update = true in their helm_release resource
  • Use semantic version constraints in Chart.yaml dependencies (e.g., ~1.0.0, >=1.0.0)

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Fix nil pointer crash when updating OCI chart dependencies
d72eb33 
When dependency_update is enabled and chart dependencies use OCI registries,
the downloader.Manager was created without the RegistryClient field set.
This caused a nil pointer dereference when the downloader tried to resolve
version constraints (like ~1.0.0) that require listing tags from the registry.

The fix adds RegistryClient to the Manager initialization in both:
- resource_helm_release.go (helm_release resource)
- data_helm_template.go (helm_template data source)

This allows the downloader to properly authenticate and communicate with
OCI registries when fetching chart dependencies.

Fixes: panic: runtime error: invalid memory address or nil pointer dereference
in helm.sh/helm/v3/pkg/registry.(*Client).Tags
@efoncubierta efoncubierta requested a review from a team as a code owner November 24, 2025 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@efoncubierta