Skip to content

fix: align otel-collector image tag with appVersion#234

Open
mfroembgen wants to merge 1 commit into
ClickHouse:mainfrom
mfroembgen:warren/align-otel-collector-appversion
Open

fix: align otel-collector image tag with appVersion#234
mfroembgen wants to merge 1 commit into
ClickHouse:mainfrom
mfroembgen:warren/align-otel-collector-appversion

Conversation

@mfroembgen

Copy link
Copy Markdown

Problem

The clickstack chart on current main has appVersion: 2.28.0, but the default bundled collector image is still pinned to docker.clickhouse.com/clickhouse/clickstack-otel-collector:2.19.0.

As reported in #219, the older collector rejects the ClickHouse exporter json key pushed by newer ClickStack app versions:

'clickhouseexporter.Config' has invalid keys: json

That causes the default collector pod to crash loop.

Changes

  • Bump the default otel-collector.image.tag from 2.19.0 to 2.28.0, matching the current chart appVersion.
  • Update the appVersion workflow so future appVersion bumps also update the collector image tag.
  • Add a patch changeset for the chart fix.

Verification

helm lint charts/clickstack
helm template smoke charts/clickstack --set clickhouse.persistence.enabled=false --set mongodb.persistence.enabled=false | rg 'clickstack-otel-collector|hyperdx:2\.28\.0|2\.19\.0|2\.28\.0'

The rendered default collector image is now:

image: "docker.clickhouse.com/clickhouse/clickstack-otel-collector:2.28.0"

Fixes #219.

Related to #220. Replaces closed #233 with only the original first commit.

@mfroembgen mfroembgen requested a review from a team as a code owner June 29, 2026 09:21
@changeset-bot

changeset-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: ec07086

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
helm-charts Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions

Copy link
Copy Markdown
Contributor

Deep Review

Scope: 3 files — charts/clickstack/values.yaml (collector image tag 2.19.02.28.0), .github/workflows/update-app-version.yml (new tag-sync step), .changeset/align-otel-collector-tag.md (new).
Intent: Align the default otel-collector.image.tag with chart appVersion: 2.28.0 to stop the older collector from crash-looping on a newer config key, and keep the two in sync on future bumps.

The core value change is correct: clickstack-otel-collector appears exactly once in values.yaml, the new tag matches appVersion, and the opentelemetry-collector subchart consumes otel-collector.image.tag as expected. The findings below concern the automation added to the workflow, not the rendered chart.

🔴 P0/P1 — must fix

  • .github/workflows/update-app-version.yml:30 — the new step interpolates ${{ github.event.inputs.tag }} directly into the sed shell command, creating a script-injection sink and also breaking on legitimate tags containing &, /, or ".
    • Fix: bind the input to an env: variable and reference "$TAG" inside the quoted sed, and constrain the input to a version charset (e.g. ^[A-Za-z0-9._-]+$) before use.
    • security, correctness

🟡 P2 — recommended

  • .github/workflows/update-app-version.yml:30 — the /clickstack-otel-collector/{n;s/...} pattern depends on tag: being the line immediately after repository:; if that layout ever changes, sed exits 0 while changing nothing, producing a PR with appVersion bumped but the collector tag stale — silently reintroducing the mismatch this PR fixes.
    • Fix: target the YAML path with yq -i '.["otel-collector"].image.tag = ...', or add a post-step assertion that the tag was rewritten and equals the new appVersion, failing the workflow on mismatch.
    • reliability, maintainability, correctness, project-standards
🔵 P3 nitpicks (1)
  • .github/workflows/update-app-version.yml:30 — the automation hard-couples the collector image tag to appVersion with no record of that assumption; if the collector ever ships on a divergent cadence the workflow will pin a tag with no published image.
    • Fix: document the shared-version assumption near the step, or add a docker manifest inspect preflight before opening the PR.

Reviewers (6): correctness, testing, maintainability, project-standards, security, reliability.

Testing gaps:

  • The collector image default is rendered by the opentelemetry-collector subchart, so it is not assertable via the repo's local helm-unittest templates; no shell-level test exercises the new sed against a values.yaml fixture.
  • No CI check asserts that otel-collector.image.tag equals Chart.yaml appVersion after a bump.

Note (pre-existing, not introduced here): the same raw-${{ }}-into-shell pattern exists on the unchanged appVersion sed step and the changeset filename; worth hardening together when addressing the P1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

clickstack 3.0.0 defaults collector image tag to 2.19.0 while appVersion is 2.27.0

1 participant