fix(helm): trim whitespace before s3 TLS args to prevent command breakage (#8614)

* fix(helm): trim whitespace before s3 TLS args to prevent command breakage (#8613) When global.enableSecurity is enabled, the `{{ include }}` call for s3 TLS args lacked the leading dash (`{{-`), producing an extra blank line in the rendered shell command. This broke shell continuation and caused the filer (and s3/all-in-one) to crash because arguments after the blank line were silently dropped. * ci(helm): assert no blank lines in security+S3 command blocks Renders the chart with global.enableSecurity=true and S3 enabled for normal mode (filer + s3 deployments) and all-in-one mode, then parses every /bin/sh -ec command block and fails if any contains blank lines. This catches the whitespace regression from #8613 where a missing {{- dash on the seaweedfs.s3.tlsArgs include produced a blank line that broke shell continuation. * ci(helm): enable S3 in all-in-one security render test The s3.tlsArgs include is gated by allInOne.s3.enabled, so without this flag the all-in-one command block wasn't actually exercising the TLS args path.
2026-03-12 15:35:22 -07:00
parent 0e570d6a8f
commit 0443b66a75
4 changed files with 41 additions and 3 deletions
--- a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml
@@ -243,7 +243,7 @@ spec:
              {{- if $httpsPort }}
              -s3.port.https={{ $httpsPort }} \
              {{- end }}
-              {{ include "seaweedfs.s3.tlsArgs" (dict "root" . "prefix" "s3.") | nindent 14 }}
+              {{- include "seaweedfs.s3.tlsArgs" (dict "root" . "prefix" "s3.") | nindent 14 }}
              {{- end }}
              {{- if or .Values.allInOne.s3.enableAuth .Values.s3.enableAuth .Values.filer.s3.enableAuth }}
              -s3.config=/etc/sw/s3/seaweedfs_s3_config \
--- a/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml
@@ -200,7 +200,7 @@ spec:
              {{- if .Values.filer.s3.httpsPort }}
              -s3.port.https={{ .Values.filer.s3.httpsPort }} \
              {{- end }}
-              {{ include "seaweedfs.s3.tlsArgs" (dict "root" . "prefix" "s3.") | nindent 14 }}
+              {{- include "seaweedfs.s3.tlsArgs" (dict "root" . "prefix" "s3.") | nindent 14 }}
              {{- end }}
              {{- if .Values.filer.s3.enableAuth }}
              -s3.config=/etc/sw/seaweedfs_s3_config \
--- a/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml
@@ -127,7 +127,7 @@ spec:
              {{- if .Values.s3.httpsPort }}
              -port.https={{ .Values.s3.httpsPort }} \
              {{- end }}
-              {{ include "seaweedfs.s3.tlsArgs" (dict "root" . "prefix" "") | nindent 14 }}
+              {{- include "seaweedfs.s3.tlsArgs" (dict "root" . "prefix" "") | nindent 14 }}
              {{- end }}
              {{- if .Values.s3.domainName }}
              -domainName={{ .Values.s3.domainName }} \