nflaig / semantic-release-helm Goto Github PK

View Code? Open in Web Editor NEW

13.0 3.0 11.0 234 KB

semantic-release plugin to publish Helm charts

License: MIT License

JavaScript 100.00%

semantic-release semantic-release-plugin helm release helm-charts version

semantic-release-helm's Introduction

semantic-release-helm3

semantic-release plugin to publish Helm charts.

Step	Description
`verifyConditions`	Verify required configuration and login to Helm registry.
`prepare`	Update `version` and/or `appVersion` in Chart.yaml.
`publish`	Publish Helm chart to registry.

NOTE: This is a fork of semantic-release-helm with added support for ChartMuseum repositories such as Harbor by utilizing the helm cm-push plugin. It also supports helm versions >=3.7.0 and pre-release branches.

This is a plugin for semantic-release. It updates version and appVersion of a Helm chart's Chart.yaml.

The version and appVersion are updated according to nextRelease.version. Updating the appVersion is optional and can be disabled by setting onlyUpdateVersion to true.

Install

npm install semantic-release-helm3 -D

BREAKING CHANGE in v2

path has been renamed to chartPath to prevent config conflicts.

Examples:

version 0.1.0  
appVersion 1.16.0

patch (1.16.0 -> 1.16.1)
New chart version is 0.1.1
minor (1.16.0 -> 1.17.0)
New chart version is 0.2.0
major (1.16.0 -> 2.0.0)
New chart version is 1.0.0

Configuration

Plugin Config

Parameter	Type	Default	Required	Description
`chartPath`	`string`	`""`	`true`	Chart directory, where the Chart.yaml is located.
`registry`	`string`	`""`	`false`	URI of a container registry.
`onlyUpdateVersion`	`boolean`	`false`	`false`	Don't change `appVersion` if this is true. Useful if your chart is in a different git repo than the application.
`crPublish`	`boolean`	`false`	`false`	Enable chart-releaser publishing.
`crConfigPath`	`string`	`""`	`false`	Path to .ct.yaml chart-releaser configuration file.
`isChartMuseum`	`boolean`	`false`	`false`	Enable ChartMuseum publishing.
`populateChangelog`	`boolean`	`false`	`false`	Populate `artifacthub.io/changes` annotations with notes produced by `@semantic-release/release-notes-generator` compatible plugins.
`skipRegistryLogin`	`boolean`	`false`	`false`	Skip the `helm registry login` command in the verifyConditions step.
`packageArgs`	`string`	`""`	`false`	Additional parameters for the helm package command, e.g. `--key mykey --keyring ~/.gnupg/secring.gpg`
`cmPushArgs`	`string`	`""`	`false`	Additional parameters for the helm cm-push command (only relevant if `isChartMuseum` is set to true) e.g. `--context-path /repo/path`

Environment Variables

Set chart path

export CHART_PATH=<dir>

Pass credentials through environment variables accordingly:

export REGISTRY_HOST=<HOST>
export REGISTRY_USERNAME=<USERNAME>
export REGISTRY_PASSWORD=<PASSWORD>

For S3 pass the AWS credentials as environment variables:

export AWS_REGION=<REGION>
export AWS_ACCESS_KEY_ID=<ACCESS_KEY_ID>
export AWS_SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>

Example

This will update version and appVersion in ./chart/Chart.yaml and push the chart to localhost:5000/repo/chart. The image will be tagged with the value of version from Chart.yaml.

{
  "plugins": [
    [
      "semantic-release-helm3",
      {
        chartPath: './chart',
        registry: 'localhost:5000/repo/chart'
      }
    ]
  ]
}

ChartMuseum Example

The helm cm-push plugin adds support for ChartMuseum repositories such as Harbor.

This will push the chart to the specified repository, e.g. https://mydomain.com/chartrepo/myproject and tag the chart with the value of version from Chart.yaml.

It is important to set isChartMuseum to true and to specify the repository url as registry.

Note: It is required to have at least helm version 3.7.0 installed.

{
  "plugins": [
    [
      "semantic-release-helm3",
      {
        chartPath: './chart',
        registry: 'https://mydomain.com/chartrepo/myproject',
        isChartMuseum: true
      }
    ]
  ]
}

S3 Example

The helm-s3 plugin adds support for S3. Check the documentation for additional options

This will update version in ./chart/Chart.yaml and push the chart to s3://my-s3-bucket/s3-prefix. The image will be tagged with the value of version from Chart.yaml.

{
  "plugins": [
    [
      "semantic-release-helm3",
      {
        chartPath: './chart',
        registry: 's3://my-s3-bucket-repo/s3-prefix',
        onlyUpdateVersion: true,
      }
    ]
  ]
}

semantic-release-helm's People

Stargazers

Watchers

Forkers

gr2u spisaczek halkeye alita1991 manuschillerdev sjoukedv maxnasonov reidmiller-geotab etrikp-ec meshkat632 donovanrost

semantic-release-helm's Issues

Allow multiple charts in the same repo

Is there any way of the plugin to check in the multiple charts in the same repo?
on this repo https://github.com/Piwero/helmseum, I have multiple charts inside the charts/ directory but when adding

        [
            'semantic-release-helm3',
            {
                chartPath: 'charts',
                onlyUpdateVersion: true,
            }
        ]

It fails with :

[10:03:54 AM] [semantic-release] › ℹ  Start step "prepare" of plugin "semantic-release-helm3"
[10:03:54 AM] [semantic-release] › ✖  Failed step "prepare" of plugin "semantic-release-helm3"
[10:03:54 AM] [semantic-release] › ✖  An error occurred while running semantic-release: [Error: ENOENT: no such file or directory, open 'charts/Chart.yaml'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: 'charts/Chart.yaml',
  pluginName: 'semantic-release-helm3'
}

It's trying to look for file Chart.yaml which lives in each subdirectory of charts.

Please, find gh action with above setup error https://github.com/Piwero/helmseum/actions/runs/9329440411/job/25681881096

Error: Could Not Add Chart Repository - Wrong Credentials?

Description:
I'm experiencing an issue when trying to use the plugin to upload new versions of my Helm chart to my self-hosted Chartmuseum. When running the action, I get the following error:

Error: Could not add chart repository. Wrong credentials?

Repository: Piwero/sandbox-github-actions

Error Example: GitHub Actions Run

Steps to Reproduce:

Go to the testing repo Piwero/sandbox-github-actions.
Go the GitHub Actions workflow and trigger the "Release Helm Chart" action.

Expected Behavior:
The Helm chart should be successfully uploaded to my self-hosted Chartmuseum.

Actual Behavior:
The upload process fails with the error: Error: Could not add chart repository. Wrong credentials?

Secrets Added:

CM_REGISTRY: https://testmuseum.piwero.com
REGISTRY_USERNAME: testuser
REGISTRY_PASSWORD: ********

Additional Context:

The credentials (REGISTRY_USERNAME and REGISTRY_PASSWORD) are correctly set in the GitHub Secrets.
The password used for REGISTRY_PASSWORD is the same as the user password for Chartmuseum.
The same credentials work when used directly with Chartmuseum outside of GitHub Actions.

Feel free to play around with the GitHub Action. You can go to the sandbox repo and under actions, go to the "Release Helm Chart" action and run the workflow.

Please let me know if you need any further information to diagnose this issue. I can DM the password if needed for testing purposes.

Thank you

Output SHA of helm chart when pushed to registry

It would be useful to be able to get the SHA of a helm chart when it's pushed to an OCI registry. This output is given by the helm push command. For example:

$ helm push my-chart-1.0.0.tgz oci://registry.example.com
Pushed: registry.example.com/my-chart:1.0.0
Digest: sha256:d53992a432b9abc754b5ada7262f03d925ea62c939349bf83164a3aa7dd284ca

This SHA is useful not only to reference the exact artifact for pulling, but also when using a tool such as cosign to sign the specific artifact. While cosign does allow the use of tags to sign an artifact, their ephemeral nature means this function is deprecated and will be removed in favour of using the SHA.

multiple charts in the /charts folder

Hi @nflaig

Is it possible to have different chart versions for each chart?

i.e.
charts/
ch1
ch2
ch3

current tag is 1.0.0, and charts/{cj1, ch2, ch3}/Chart.yaml has version: 1.0.0
I modify ch1 and it gets 1.0.1
I modify ch2 and it gets 1.0.1 as well

My current understanding is that it is impossible, means that in my second modifications ch2/Chart.yaml would get 1.0.2
means ch2 will have just two releases: 1.0.0 and 1.0.2, i.e. 1.0.1 would be missed

Do I get it right or miss something?

Thanks,
Dmitry

allow for extra args on helm push?

for pushing to private nexus registries one has to specify the flag --context-path=/repo/chart with the helm cm-push command.

It would be awesome if we could specify additional parameters for helm cm-push via the options :)

Chart.yaml version doesn't get updated

For some reason when I create a new release, the version from Chart.yaml doesn't get updated on this repo. https://github.com/Piwero/piwhelm/blob/main/charts/piwhelm/Chart.yaml
Is there any setup missing?
Thanks

Support registry host set from ENV var

It would be great if we could use e.g. REGISTRY_HOST (similar to username and password) from the env and fallback to pluginConfig.registry

Unable to publish to gitlab package registry

Since this always assume that the registry is an OCI registry, it doesn't publish to gitlab.

"semantic-release-helm3",
      {
          "chartPath": ".",
          "isChartMuseum": false,
          "registry": "https://gitlab.com/api/v4/projects/12345678/packages/helm/release",
          "skipRegistryLogin": true
      }

and I get this error when i try and publish

An error occurred while running semantic-release: Error: Command failed with exit code 1: helm push /builds/test/devops/charts/test/gustpTest-1.1.1.tgz oci://https://gitlab.com/api/v4/projects/12345678/packages/helm/release
Error: invalid_reference: invalid repository

Parser Causes Exception

Hello everyone!

I am not sure if I am the only one to experience this, but since version 2.9.1 the release fails with the following error:

TypeError: this.buffer.substring is not a function
    at Lexer.getLine (/home/runner/work/ott-channel-schedule-template/ott-channel-schedule-template/node_modules/yaml/dist/parse/lexer.js:208:28)
    at Lexer.parseStream (/home/runner/work/ott-channel-schedule-template/ott-channel-schedule-template/node_modules/yaml/dist/parse/lexer.js:244:25)
    at parseStream.next (<anonymous>)
    at Lexer.parseNext (/home/runner/work/ott-channel-schedule-template/ott-channel-schedule-template/node_modules/yaml/dist/parse/lexer.js:226:36)
    at parseNext.next (<anonymous>)
    at Lexer.lex (/home/runner/work/ott-channel-schedule-template/ott-channel-schedule-template/node_modules/yaml/dist/parse/lexer.js:160:32)
    at lex.next (<anonymous>)
    at Parser.parse (/home/runner/work/ott-channel-schedule-template/ott-channel-schedule-template/node_modules/yaml/dist/parse/parser.js:159:20)
    at parse.next (<anonymous>)
    at Composer.compose (/home/runner/work/ott-channel-schedule-template/ott-channel-schedule-template/node_modules/yaml/dist/compose/composer.js:130:20) {
  pluginName: 'semantic-release-helm3'
}

I tried with node versions 18, 19, and 20.
I did some investigation and I think the problem might be in `lib/publish.js' on lines 23- 24:

const chartYaml = await fsPromises.readFile(filePath);
const chart = yaml.parse(chartYaml);

I found this issue on GitHub that hints at the fact that readFile returns a buffer if called without a second argument, while yaml.parse() expects a string.

I would be curious to hear someone else's opinion on this and knowing if anyone else had this issue

multiple registry

It's is possible to publish the package on several repositories ? (ex: gitlab + aws ecr)

Need a way to sign the chart before publish

Hi,

I have a use case where I must sign the helm chart before publishing it to the registry. By exploring the code, I notice there is no way to send the extra configuration to the helm package action.

Code snippet:
await execa( 'helm', ['package', configPath] );

Helm command:
helm package --sign ./mychart --key mykey --keyring ~/.gnupg/secring.gpg

Is there any way to achieve that or a plan to introduce this feature?

Thanks

Failed to push to OCI registry

Got this error:

[11:08:51 AM] [semantic-release] › ✘  An error occurred while running semantic-release: Error: Command failed with exit code 1: helm push <redacted> <redacted url>
Error: scheme prefix missing from remote (e.g. "oci://")

with helm:

$ helm version
version.BuildInfo{Version:"v3.10.3", GitCommit:"835b7334cfe2e5e27870ab3ed4135f136eecc704", GitTreeState:"clean", GoVersion:"go1.18.9"}

Detailed Document!

Can we have a detailed Readme, to how to use the plugin?

Support for Azure container Registry

Is there support for ACR, as i see there is support for AWS S3 but for OCI based registries, the option is not provided.

Can you guide me where the changes should occur, just like its done for S3

Could not add chart repository. Wrong credentials?

I'm getting the following error in my pipeline:

[9:03:02 PM] [semantic-release] › ✖  An error occurred while running semantic-release: Error: Could not add chart repository. Wrong credentials?
    at /usr/local/lib/node_modules/semantic-release-helm3/node_modules/aggregate-error/index.js:23:11
    at Array.map (<anonymous>)
    at new AggregateError (/usr/local/lib/node_modules/semantic-release-helm3/node_modules/aggregate-error/index.js:13:24)
    at module.exports (/usr/local/lib/node_modules/semantic-release-helm3/lib/verifyConditions.js:84:15)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async verifyConditions (/usr/local/lib/node_modules/semantic-release-helm3/index.js:9:5)
    at async validator (/usr/local/lib/node_modules/semantic-release/lib/plugins/normalize.js:34:24)
    at async /usr/local/lib/node_modules/semantic-release/lib/plugins/pipeline.js:37:34
    at async /usr/local/lib/node_modules/semantic-release/lib/plugins/pipeline.js:31:3
    at async Object.pluginsConf.<computed> [as verifyConditions] (/usr/local/lib/node_modules/semantic-release/lib/plugins/index.js:80:11) {
  pluginName: 'semantic-release-helm3'
}
[9:03:02 PM] [semantic-release] › ✖  An error occurred while running semantic-release: Error: Command failed with exit code 1: helm repo add semantic-release-helm https://some.gitlab.server/api/v4/projects/349/packages/helm/stable
Error: looks like "https://some.gitlab.server/api/v4/projects/349/packages/helm/stable" is not a valid chart repository or cannot be reached: failed to fetch https://some.gitlab.server/api/v4/projects/349/packages/helm/stable/index.yaml : 401 Unauthorized

I tried the same command on my local PC and also got 401. Then I added "--username" and "--password" to the "helm repo add" command and it was able to add the repo. Unfortunately "helm registry login" before calling semantic-release didn't solve my problem. So are we missing these parameters here?

Getting a type error when running the plugin to update a helm repo

All steps in the plugin pass normally but the publish step gives an error

ERROR LOGS:

fix(Values.yml): Removed some redundancy
2022-11-14T12:15:53.611Z semantic-release:commit-analyzer Analyzing with default rules
[12:15:53 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The commit should not trigger a release
[12:15:53 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: fix(Values.yml): Removed some redundancy
2022-11-14T12:15:53.612Z semantic-release:commit-analyzer Analyzing with default rules
2022-11-14T12:15:53.613Z semantic-release:commit-analyzer The rule { type: 'fix', release: 'patch' } match commit with release type 'patch'
[12:15:53 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The release type for the commit is patch
[12:15:53 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analysis of 2 commits complete: patch release
[12:15:53 PM] [semantic-release] › ✔  Completed step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[12:15:53 PM] [semantic-release] › ℹ  The next release version is 1.0.4
[12:15:53 PM] [semantic-release] › ℹ  Start step "prepare" of plugin "semantic-release-helm3"
[12:15:53 PM] [semantic-release] [semantic-release-helm3] › ℹ  Updating Chart.yaml with version 1.0.4 and appVersion 1.0.4.
[12:15:53 PM] [semantic-release] › ✔  Completed step "prepare" of plugin "semantic-release-helm3"
[12:15:55 PM] [semantic-release] › ✔  Created tag v1.0.4
[12:15:55 PM] [semantic-release] › ℹ  Start step "publish" of plugin "semantic-release-helm3"
[12:15:55 PM] [semantic-release] › ✖  Failed step "publish" of plugin "semantic-release-helm3"
[12:15:55 PM] [semantic-release] › ✖  An error occurred while running semantic-release: TypeError: Invalid Version: [object Promise]
    at new SemVer (/var/lib/jenkins/workspace/New Job/node_modules/semver/classes/semver.js:19:13)
    at compare (/var/lib/jenkins/workspace/New Job/node_modules/semver/functions/compare.js:3:3)
    at Object.gte (/var/lib/jenkins/workspace/New Job/node_modules/semver/functions/gte.js:2:30)
    at publishChartToRegistry (/var/lib/jenkins/workspace/New Job/node_modules/semantic-release-helm3/lib/publish.js:67:24)
    at module.exports (/var/lib/jenkins/workspace/New Job/node_modules/semantic-release-helm3/lib/publish.js:19:19)
    at async publish (/var/lib/jenkins/workspace/New Job/node_modules/semantic-release-helm3/index.js:30:5)
    at async validator (/var/lib/jenkins/workspace/New Job/node_modules/semantic-release/lib/plugins/normalize.js:34:24)
    at async /var/lib/jenkins/workspace/New Job/node_modules/semantic-release/lib/plugins/pipeline.js:37:34
    at async /var/lib/jenkins/workspace/New Job/node_modules/semantic-release/lib/plugins/pipeline.js:31:3
    at async pluginsConf.<computed> [as publish] (/var/lib/jenkins/workspace/New Job/node_modules/semantic-release/lib/plugins/index.js:80:11) {
  pluginName: 'semantic-release-helm3'
}
TypeError: Invalid Version: [object Promise]
    at new SemVer �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemver�[24m/classes/semver.js:19:13�[90m)�[39m
    at compare �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemver�[24m/functions/compare.js:3:3�[90m)�[39m
    at Object.gte �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemver�[24m/functions/gte.js:2:30�[90m)�[39m
    at publishChartToRegistry �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release-helm3�[24m/lib/publish.js:67:24�[90m)�[39m
    at module.exports �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release-helm3�[24m/lib/publish.js:19:19�[90m)�[39m
    at async publish �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release-helm3�[24m/index.js:30:5�[90m)�[39m
    at async validator �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release�[24m/lib/plugins/normalize.js:34:24�[90m)�[39m
    at async �[90m/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release�[24m/lib/plugins/pipeline.js:37:34
    at async �[90m/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release�[24m/lib/plugins/pipeline.js:31:3
    at async pluginsConf.<computed> [as publish] �[90m(/var/lib/jenkins/workspace/New Job/�[39mnode_modules/�[4msemantic-release�[24m/lib/plugins/index.js:80:11�[90m)�[39m {
  pluginName: �[32m'semantic-release-helm3'�[39m
}

My .releaserc.yml file:

{

"branches": ["main"],

  "plugins": [
    [
      "semantic-release-helm3",
      {
        chartPath: './',
        registry: 'https://github.com/csye7125-fall2022-group01/helm-chart'
      }
    ]
  ]
}

In case it is relevant I'm running the plugin on a jenkins ci environment

If you need any more details i'd be happy to provide them !