Publish Your Helm Charts Easily With Chart-Repo-PR-Action

Photo by Karla Car on Unsplash

Many developers who work on Kubernetes have a set of Helm charts to deploy their applications. Developers often manage these charts alongside their application source code in a project structure that, at a very high level, might resemble something like this:

charts/ # Contains Helm charts for deploying the application
src/    # Contains application source code and other assets
...     # Other files

This structure is usually sufficient for most teams that don’t intend to publish their charts to a Helm chart repository. Perhaps for these teams, a CD tool checks out the project and then deploys the charts inside the charts/ folder. These teams don’t rely on a chart repository for deploying their charts; they simply deploy straight from the charts/ folder.

However, what if you wanted to make your charts more publicly available by publishing them to a central Helm chart repository?

Helm chart repositories are often maintained in git, so you would need a way to add your charts to the chart repository’s git repo. You could do this in one of two ways:

  • Move your charts out of your project and maintain them in the chart repository’s git repo
  • Copy your project’s charts over to the chart repository’s git repo whenever you want to publish changes

For some, the first choice is not a viable option. Your team may not own the chart repository, so that choice would slow down development since you may not have write permission on the repo.

The second choice is likely better. Your team would develop at its regular pace since your charts would still be native to your project. When you want to make your changes publicly available, you would copy your charts to the Helm chart repository (or a fork of it) and make a PR. Once a maintainer approves your PR, your changes will be published. However, this method contains the manual step of copying your charts over to the Helm chart repository.

To help simplify the second choice I described, I wrote a GitHub Action called chart-repo-pr-action. This Action automatically copies your project’s charts over to a chart repository that you specify, allowing you to easily make your charts public while maintaining them in a separate repository that you own.

Let’s dive into the chart-repo-pr-action to learn how it can help you publish your charts easier.

Introducing: Chart-Repo-PR-Action

Because a picture’s worth a thousand words, I drew a diagram to describe the high-level steps of how this Action works.

chart-repo-pr-action workflow

The process begins when you push to your project. Assuming you have a workflow using the chart-repo-pr-action, the Action will be triggered and create a PR to a Helm chart repository. The PR will contain your project’s Helm charts.

Depending on whether or not you have write access to the chart repository, you can either:

  • Instruct the Action to push straight to the chart repository and make a PR
  • Instruct the Action to push to a chart repository fork and make a PR

These options provide some flexibility and allow the Action to be usable regardless of whether you have ownership of the Helm chart repository or not.

Here’s an example workflow that leverages chart-repo-pr-action:

name: Submit PR to chart repository
on:
  push:
    branches:
      - master

jobs:
  test-job:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: deweya/chart-repo-pr-action@v0.2.0
        with:
          auth_token: ${{ secrets.PAT }}
          chart_repo: deweya0/helm-charts
          committer_email: deweya964@gmail.com

I recommend using this Action on release branches, so on line 5, I only trigger this workflow on pushes to master (though your use case may require a different branch). On line 11, I perform a checkout of my project’s repository, and on line 12, I use the chart-repo-pr-action. As of writing, the latest version is v0.2.0, but I’ll likely make updates to this in the future. Be sure to check the latest releases before using this Action in your workflow.

The auth_token and chart_repo are the two required parameters. The auth_token parameter provides authentication so the Action can push to a chart repository (or a fork of one). This token should be a Personal Access Token with at least the following permissions:

  • public_repo
  • read:discussion

Once you create your token, you can add it to your repository’s secrets and refer to securely in your workflow.

The chart_repo parameter is the Helm chart repo from which you’d like to publish your charts.

The committer_email sets the email to use for the commit message. This parameter is not required, but I recommend setting it since the default is <>.

If you do not have write access to the chart repository, you can also set the fork_owner parameter. Here’s an example:

<omitted>
      - uses: deweya/chart-repo-pr-action@v0.2.0
        with:
          auth_token: ${{ secrets.PAT }}
          chart_repo: deweya0/helm-charts
          fork_owner: deweya
          committer_email: deweya964@gmail.com

Setting the fork_owner tells the Action to push to a fork and then make a PR from that fork. The example above will configure chart-repo-pr-action to first push to “deweya/helm-charts”, then make a PR to “deweya0/helm-charts” from that commit.

There are several more parameters that you can set to configure your commit message, charts directory, and base and head branches. I have a list of these parameters documented in my Git repo.

With an understanding of how chart-repo-pr-action works, let’s see it in Action!

And…Action!

In this example, I will use chart-repo-pr-action to copy a new Helm chart in my project over to a Helm chart repository.

Let’s assume that my project has the following file structure:

.github/workflows/main.yml
charts/my-chart/ ## my-chart is the chart I want to copy
src/

For .github/workflows/main.yml, I’ll reuse the same workflow from above. I’ll copy it again here:

name: Submit PR to chart repository
on:
  push:
    branches:
      - master

jobs:
  test-job:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: deweya/chart-repo-pr-action@v0.2.0
        with:
          auth_token: ${{ secrets.PAT }}
          chart_repo: deweya0/helm-charts
          committer_email: deweya964@gmail.com

Now, I’ll push to master:

git add --all
git commit -m “creating a new chart called my-chart”
git push origin master

After a short amount of time, you’ll see a new PR appear at the Helm chart git repository.

The PR created by chart-repo-pr-action

You can see that the Action created the PR on behalf of the authenticated user (deweya). There were 11 files changed, which were all additions since we’re copying over a new chart. If you made modifications to previous charts you had copied over, you would see a diff of those appear as well under “Files changed”.

From here, a maintainer of the chart repository can either approve this PR or request changes. If the maintainer requests changes, you can make them locally in your project and re-run the chart-repo-pr-action to sync the changes.

Thanks For Reading

I enjoyed writing this Action, and I hope it serves as a helpful utility for Helm users in the community. If you have any questions or feature requests, please leave a comment or an issue on my GitHub repo. And of course, PRs are always welcome!

Austin Dewey

Austin Dewey is a DevOps engineer focused on delivering a streamlined developer experience on cloud and container technologies. Austin started his career with Red Hat’s consulting organization, where he helped drive success at many different Fortune 500 companies by automating deployments on Red Hat’s Kubernetes-based PaaS, OpenShift Container Platform. Currently, Austin works at fintech startup Prime Trust, building automation to scale financial infrastructure and support developers on Kubernetes and AWS. Austin is the author of "Learn Helm", a book focused on packaging and delivering applications to Kubernetes, and he enjoys writing about open source technologies at his blog in his free time, austindewey.com.

Leave a Reply