Helm: automated publishing of Helm repo with Github Actions


Categories: DevOps, Kubernetes

In a previous article, I described how to expose a Github source repo as a public Helm repository by enabling Github Pages and running the chart-releaser utility.

In this article, I want to remove the manual invocation of the chart-releaser, and instead place that into an Github Actions workflow that automatically publishes changes to the Helm Chart upon a push event.

Prerequisites

  • Github repository that has a Helm chart in a ‘charts’ subfolder, located on the ‘main’ git branch
  • Github Pages enabled on the repo, on the standard ‘gh-pages’ branch

If you want an example setup then see my previous article, OR you can fork my helmpubtest1 repository.

Create a Github Actions workflow

As described in the Github documentation and Helm documentation, you need to create a workflow definition file in the ‘.github/workflows’ directory.  Here is my full release.yml.

As areas of interest in the file, you must have ‘write’ permissions enabled for ‘contents’.  Not having this will result in 403 errors as .tgz cannot be uploaded without this access.

    permissions:
      contents: write # for creating Releases .tgz

Then you must explicitly pass the GITHUB_TOKEN (provided in the pipeline context), to the chart-releaser-action.

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.5.0
        with:
          charts_dir: charts
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

Under the covers, this chart-releaser-action calls back to the chart-releaser tool described in my previous article.

Versioning the Chart

In real-world scenarios, Helm Charts are continually enhanced, so let’s go through the day-2 task of versioning this Helm Chart.

# make sure we are on charts branch
main_branch=main
git checkout $main_branch

# increment version of Chart
current_version=$(grep -Po "^version: \d*.\K(\d)*(?=\d*)" charts/nginx/Chart.yaml)
new_version=$((current_version+1))
echo "current_version=$current_version new_version=$new_version"
sed -i "s/^version: .*/version: 0.$new_version.0/" charts/nginx/Chart.yaml

# push event kicks off the workflow action
git commit -a -m "create new chart version $new_version"
git push

Github Action workflow status

The progress and final status of the workflow can be viewed in the Github Actions tab.

And clicking into the details of the workflow will show the progress of each step.

The output shows the Chart .tgz being created, hash being calculated, and finally the index being updated and committed to the ‘gh-pages’ branch.

This replaces manually needing to invoke ‘helm package’, ‘cr upload’ and ‘cr index’.

Validate new Chart version using Helm client

We can use the Helm client to validate the new chart version now available at this repository.

# substitute your forked repository if desired
repo_name=helmpubtest1
repo_owner=fabianlee

# add Helm repo
helm repo add $repo_name https://$owner_name.github.io/$repo_name

# do repo update to make sure we have the latest
helm repo update $repo_name
# check available versions (new version should be available)
helm search repo -l $repo_name

 

REFERENCES

github chart-releaser-action for Github Actions

colinwilson.uk, signing helm charts with chart-releaser-action

Piotr Minkowski, shows Circle CI raw ‘cr’ commands for generating helm chart

helm.sh, shows how to use Github workflow with chart-releaser-action (left out required ‘write’ permissions for contents)

Markus Lippert, host Helm Charts via GitHub with Chart Releaser

github chart-releaser