Tag: Helm

Visual Studio Geeks | Publish Helm 3 charts to Azure Container Registry (ACR) using GitHub Actions

Posted on by faz_business


In my previous post, we briefly covered how to publish a Helm chart to ACR using Azure DevOps. In this post we will use GitHub actions to build and publish Helm chart to ACR using GitHub Actions. We will also take a sneak peak how GitHub environments work.

Pre-requisites

I am going to assume ACR instance is setup using repository scoped tokens. Since we already covered setting up of ACR this way in the earlier post, I will not include the steps here.

Setting up secrets at GitHub

We would like store Azure Container Registry’s tokens as GitHub repository level secrets. To do that, click on Settings on the repository page and head to Secrets tab. Finally click on New repository secret and add the token name and the password. I have stored token name as ACR_PUSH_USER and token password as ACR_PUSH_TOKEN.

Add repository secrets

Creating the workflow in GitHub Actions

Publish chart to ACR

The first step is to create an yaml file under .github\workflows folder and setup a basic structure. The first things (see the yaml below) are defining name for the action, currently set to trigger via manual trigger using workflow_dispatch and define few environment variables which we are going to use later in the action.

name: ci

on: 
  workflow_dispatch:

env:
  HELM_EXPERIMENTAL_OCI: 1
  HELM_VERSION_TO_INSTALL: 3.5.0
  ACR_NAME: acrdemoutkarsh
  ACR_REPO_NAME: helmdemo/vote-app

The first environment variable conveys to ACR that we are going to publish a OCI package. Next couple of variables just define version of Helm we need on the runner, our ACR name to which we are going to publish this chart and finally to the repository we are publishing this chart to (used in below sections).

Installing Helm 3 on the agent

Now that we have all the variables defined, we need add jobs and steps to build our workflow to publish charts to ACR. We then need to install Helm tool on the agent before we can run the Helm commands. We do that using yaml below.

jobs:
  build:
    name: publish acr
    runs-on: ubuntu-latest
    environment: prod
    steps:
      - uses: actions/checkout@v2
        name: checkout repo
      
      - name: install helm
        uses: Azure/setup-helm@v1
        with:
          version: ${{ env.HELM_VERSION_TO_INSTALL }}# default is latest

As you can see, we have one job named build (which will be displayed as publish acr – see screenshot below) which runs on ubuntu-latest agent. We also are targeting our deployment to an environment prod. Environments in GitHub are cool because you can have approvers, additional protection rules for environments and environment specific secrets. In the screenshot below, notice how the flow is waiting for review.

Next, we checkout the repository and using setup-helm task from Azure repo we install the specific version (3.5.0) of Helm.

Login to the ACR using Helm

Next, we need to login to ACR registry using Helm tool.

- name: login to acr using helm
  run: |
    echo $ | helm registry login $.azurecr.io --username $ --password-stdin

Save and push the chart to ACR

Next we need to save the chart directory to local cache and publish it to ACR.

- name: save helm chart to local registry
  run: |
    helm chart save $/src/azure-vote-helm-chart/ $.azurecr.io/$:latest
      
- name: publish chart to acr
  run: |
    helm chart push $.azurecr.io/$:latest

Run the workflow, and you will see output as below.

Go to ACR and you will see char correctly published to helmdemo/vote-app repository as declared in the env section above.

Conclusion

In this post, you saw how easily we can deploy a OCI package (helm3 chart) to ACR using GitHub actions. We also saw how GitHub environments help you approve changes to the environment. Hope you enjoyed reading this post.

Visual Studio Geeks | How to publish Helm 3 charts to GitHub Container Registry using GitHub Actions

Posted on by faz_business


I have already written how to publish Helm chart to ACR using Azure DevOps and GitHub actions. But did you know that you can also publish Helm3 charts (or any OCI compliant package) to GitHub Container Registry(GCR)? In this post we will see how to do that.

Enable improved container support

GitHub Container Registry is currently in public beta. So, the first step is to ensure that you have enabled the GitHub Container Registry for your account. If you have GitHub personal account, you can do that from Feature Preview window.

If you have a Enterprise account, you can do that going to Settings page.

GitHub documentation has step-by-step guide of enabling improved container support here

Publishing Helm 3 charts using GitHub Actions

It really takes only couple of steps to publish a Helm chart to GCR using GitHub Actions. Like any other action, you start by creating .github\workflow folder and create an yml file in your repository.

Excluding the name and trigger part, first step in the YAML is to define few necessary variables.

env:
  HELM_EXPERIMENTAL_OCI: 1 #enable OCI support
  HELM_VERSION_TO_INSTALL: 3.5.0 # version of HEL to install
  GCR_IMAGE: ghcr.io/${{ github.repository_owner }}/vote-app

First variable enables the OCI support for the Helm commands we are going to run later in the YAML.

Next variable HELM_VERSION_TO_INSTALL is used later in the workflow to install specific version of the Helm. For this workflow, we need 3.5.0.

Last variable GCR_IMAGE is constructing the chart name for the publication.

The GitHub Container Registry hosts containers at ghcr.io/OWNER/IMAGE-NAME. I get the OWNER of the repository using github.repository_owner from github context.

Next steps are defining the job with steps to download the code (where we have Helm chart) and install the specific Helm tool on the runner/agent.

jobs:
  build:
    name: publish gcr
    runs-on: ubuntu-latest
    environment: prod
    steps:
      - uses: actions/checkout@v2
        name: checkout repo
      
      - name: install helm
        uses: Azure/setup-helm@v1
        with:
          # Version of helm
          version: ${{ env.HELM_VERSION_TO_INSTALL }} # default is latest

The above steps setup the agent machine with the required Helm tool.

Next, we need to run few helm commands to login to GCR (GitHub Container Registry) and finally publish the chart.

  1. We login to GCR using ${{ secrets.GITHUB_TOKEN }}

    GitHub Container Registry only recently started supporting GITHUB_TOKEN. Previously you had to create a separate PAT token with specific permissions to GCR.

  2. Next two steps in the workflow will be to save the chart and publish. We do that using helm chart save and help chart push commands as shown below.

- name: login to acr using helm
  run: |
    echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin

- name: save helm chart to local registry
  run: |
    helm chart save ${{ github.workspace }}/src/azure-vote-helm-chart/ ${{ env.GCR_IMAGE }}:${{ github.sha }}

- name: publish chart to acr
  run: |
    helm chart push ${{ env.GCR_IMAGE }}:${{ github.sha }}

That is it, if all worked successfully for you, you should see the chart in the GCR.