In my previous post, we briefly covered how to publish a Helm chart to ACR using Azure DevOps. In this post we will use GitHub actions to build and publish Helm chart to ACR using GitHub Actions. We will also take a sneak peak how GitHub environments work.
I am going to assume ACR instance is setup using repository scoped tokens. Since we already covered setting up of ACR this way in the earlier post, I will not include the steps here.
Setting up secrets at GitHub
We would like store Azure Container Registry’s tokens as GitHub repository level secrets. To do that, click on
Settings on the repository page and head to
Secrets tab. Finally click on
New repository secret and add the token name and the password. I have stored token name as
ACR_PUSH_USER and token password as
Creating the workflow in GitHub Actions
Publish chart to ACR
The first step is to create an yaml file under
.github\workflows folder and setup a basic structure. The first things (see the yaml below) are defining name for the action, currently set to trigger via manual trigger using
workflow_dispatch and define few environment variables which we are going to use later in the action.
name: ci on: workflow_dispatch: env: HELM_EXPERIMENTAL_OCI: 1 HELM_VERSION_TO_INSTALL: 3.5.0 ACR_NAME: acrdemoutkarsh ACR_REPO_NAME: helmdemo/vote-app
The first environment variable conveys to ACR that we are going to publish a OCI package. Next couple of variables just define version of Helm we need on the runner, our ACR name to which we are going to publish this chart and finally to the repository we are publishing this chart to (used in below sections).
Installing Helm 3 on the agent
Now that we have all the variables defined, we need add jobs and steps to build our workflow to publish charts to ACR. We then need to install Helm tool on the agent before we can run the Helm commands. We do that using yaml below.
As you can see, we have one job named
build (which will be displayed as
publish acr - see screenshot below) which runs on
ubuntu-latest agent. We also are targeting our deployment to an environment
prod. Environments in GitHub are cool because you can have approvers, additional protection rules for environments and environment specific secrets. In the screenshot below, notice how the flow is waiting for review.
Next, we checkout the repository and using
setup-helm task from Azure repo we install the specific version (
3.5.0) of Helm.
Login to the ACR using Helm
Next, we need to login to ACR registry using Helm tool.
- name: login to acr using helm run: | echo $ | helm registry login $.azurecr.io --username $ --password-stdin
Save and push the chart to ACR
Next we need to save the chart directory to local cache and publish it to ACR.
- name: save helm chart to local registry run: | helm chart save $/src/azure-vote-helm-chart/ $.azurecr.io/$:latest - name: publish chart to acr run: | helm chart push $.azurecr.io/$:latest
Run the workflow, and you will see output as below.
Go to ACR and you will see char correctly published to
helmdemo/vote-app repository as declared in the
env section above.
In this post, you saw how easily we can deploy a OCI package (helm3 chart) to ACR using GitHub actions. We also saw how GitHub environments help you approve changes to the environment. Hope you enjoyed reading this post.