Handle symlinks within GitRespository by kvaps · Pull Request #1931

Handle symlinks within GitRespository by kvaps · Pull Request #1931 · fluxcd/source-controller

Handle symlinks within GitRespository
Improve security for symlinks within GitRepository

Helm charts may include symlinks to common library charts under /charts. Currently, these are not handled.
This PR adds functionality to properly handle symlinks within a GitRepository, ensuring that all Helm charts using this approach are prepared correctly.
It also introduces a check to prevent users from including files outside their repository.

Example:

apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: cozy-git
  namespace: cozy-public
spec:
  interval: 1m0s
  ref:
    tag: v0.37.5
  timeout: 60s
  url: https://github.com/cozystack/cozystack.git
  ignore: |
    # exclude all
    /*
    # include packages dir
    !/packages
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: virtual-machine-asd2
  namespace: tenant-user
spec:
  interval: 5m
  targetNamespace: cozy-system
  chart:
    spec:
      chart: ./packages/apps/virtual-machine
      sourceRef:
        kind: GitRepository
        name: cozy-git
        namespace: cozy-public
      version: '>= 0.0.0-0'
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  values:
    cloudInit: ""
    cloudInitSeed: ""
    external: false
    externalMethod: PortList
    externalPorts:
    - 22
    instanceProfile: ubuntu
    instanceType: u1.medium
    running: true
    systemDisk:
      image: ubuntu
      storage: 5Gi
      storageClass: replicated