A GitHub action for single chart or multi-chart repositories that performs push and github releases creation for the hosted charts.
- A GitHub repo containing a directory with your Helm charts (one of the following folders named
/charts,/chartorhelm, if you want to maintain your charts in a different directory, you must include acharts_dirinput in the workflow). - Create a workflow
.ymlfile in your.github/workflowsdirectory. An example workflow is available below. For more information, reference the GitHub Help Documentation for Creating a workflow file
When using this action with Helm charts that have dependencies, the default GITHUB_TOKEN might not have sufficient permissions to access those dependencies if they're stored in GitHub Container Registry (ghcr.io). This is because:
- The
GITHUB_TOKENis scoped only to the current repository - It cannot access packages from other repositories unless those packages are explicitly connected to your repository
- You may encounter errors like:
403 Forbiddenwhen trying to download dependencies
Solutions:
- Option 1: Set
skip_dependencies: trueto avoid dependency resolution - Option 2: Use a Personal Access Token (PAT) with appropriate scopes:
with: oci_username: ${{ github.actor }} oci_password: ${{ secrets.PAT_WITH_PACKAGE_ACCESS }} # PAT with read:packages github_token: ${{ secrets.PAT_WITH_PACKAGE_ACCESS }}
- Option 3: Ensure all dependencies are connected to your repository
For more information, see GitHub Packages documentation.
version: The helm version to use (default: v0.3.1)charts_dir: The charts directoryoci_registry: The OCI registry hostoci_username: The username used to login to the OCI registryoci_password: The OCI user's passwordgithub-token: Github Actions token must be provided to manage release creation and update.tag_name_pattern: Specifies GitHub repository release naming pattern (ex. '{chartName}-chart'). For instance you chart is named as app, but you want it to be released as app-chart-x.y.z, use tag_name_pattern{chartName}-chart.skip_helm_install: Skip helm installation (default: false)skip_dependencies: Skip dependencies update from "Chart.yaml" to dir "charts/" before packaging (default: false)skip_existing: Skip the chart push if the GithHub release existsskip_oci_login: Skip the OCI login step (rely on existing credentials)mark_as_latest: When you set this tofalse, it will mark the created GitHub release not as 'latest'.skip_gh_release: Skip the GitHub release creation
released_charts: A comma-separated list of charts that were released on this run. Will be an empty string if no updates were detected, will be unset if--skip_packagingis used: in the latter case your custom packaging step is responsible for setting its own outputs if you need them.chart_version: The version of the most recently generated charts; will be set even if no charts have been updated since the last run.
Create a workflow (eg: .github/workflows/release.yml):
name: Release Charts
on:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Run chart-releaser
uses: bitdeps/[email protected]
with:
oci_registry: ghcr.io/username
oci_username: username
oci_password: ${{ secrets.GITHUB_TOKEN }}
github_token: ${{ secrets.GITHUB_TOKEN }}This uses under the hood uses Helm and gh cli (which is available to actions). Helm is used to login and push charts into an OCI registry, while gh cli is used to create and update the repository releases.
It does this – during every push to main – by checking each chart in your project, and whenever there's a new chart version, creates a corresponding GitHub release named for the chart version, adds Helm chart artifacts to the release, and pushes the chart into the given OCI registry.