Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cresta/helm-autoupdate
CLI/action to update helm versions in git repositories
https://github.com/cresta/helm-autoupdate
flux2 gitops
Last synced: about 2 months ago
JSON representation
CLI/action to update helm versions in git repositories
- Host: GitHub
- URL: https://github.com/cresta/helm-autoupdate
- Owner: cresta
- License: apache-2.0
- Created: 2022-08-15T17:53:17.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-07-30T20:49:02.000Z (about 2 months ago)
- Last Synced: 2024-07-31T01:32:39.143Z (about 2 months ago)
- Topics: flux2, gitops
- Language: Go
- Homepage:
- Size: 567 KB
- Stars: 11
- Watchers: 23
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# helm-autoupdate
CLI/action to update helm versions in git repositories
# Motivation
You start with a helm release object
```yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: aws-vpc-cni
spec:
chart:
spec:
chart: aws-vpc-cni
sourceRef:
kind: HelmRepository
name: aws
version: 0.0.1
interval: 1m0s
timeout: 10
values:
replicaCount: 1
```
This is fine, but how do you know when to update the helm release to a newer version? One option is to use `*` like this
```yaml
sourceRef:
kind: HelmRepository
name: aws
version: "*"
```
But in this case, you don't have any git tracking of what version was released. What you really want is some automation
that will bump the `version` field when a new helm chart is released. This is what `helm-autoupdate` is for.
# Usage
First, add a file named `.helm-autoupdate.yaml` in the root of your repository. Add a `chart` item for each chart you want to update.
The field "filename_regex" is an optional list of whitelisted filenames. If you don't specify it, all files will be considered.
```yaml
charts:
- chart:
name: aws-vpc-cni
repository: https://aws.github.io/eks-charts
version: "*"
identity: aws-vpc-cni
filename_regex:
- .*\.yaml
```
Next, change the `version` line to include the YAML comment `# helm:autoupdate:` where `` is the value
of the `charts[].identity` field. For example, the original file now becomes
```yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: aws-vpc-cni
spec:
chart:
spec:
chart: aws-vpc-cni
sourceRef:
kind: HelmRepository
name: aws
version: 0.0.1 # helm:autoupdate:aws-vpc-cni
interval: 1m0s
timeout: 10m
values:
replicaCount: 1
```
Next, triger a run of `helm-autoupdate`. One way is to compile and run the binary with `go run`. For example
```bash
cd /tmp
git clone [email protected]:cresta/helm-autoupdate.git
go build ./cmd/helm-autoupdate
cd -
/tmp/helm-autoupdate
```
If you're using GitHub actions, a more reasonable way is to trigger the update as a workflow. An example workflow is
below. This will trigger on a manual execution of the workflow, as well as daily at midnight.
```yaml
name: Force a helm update
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
plantrigger:
runs-on: ubuntu-latest
name: Force helm update
steps:
- name: Checkout
uses: actions/checkout@v2
- name: update helm
uses: cresta/[email protected]
- name: Create PR with changes
uses: peter-evans/create-pull-request@v3
id: cpr
with:
branch: helm-updates
delete-branch: true
title: "Force helm updates"
labels: forced-workflow
committer: Forced updates
body: "Updated helm versions"
commit-message: "Updates helm versions"
```
You can combine this with GitHub's auto-merge feature and status checks to complete the auto merge.
# Supported helm backends
This project comes with support for HTTPS, OCI, and [S3](./internal/helm/s3.go) backends.
# Our personal GitHub actions workflows
The workflow we use is the one below, which creates a pull request using a GitHub Application's token and enables auto
merge on the pull request. Each step is documented
```yaml
name: Auto update helm files
on:
# Allow other workflows, which build helm charts, to trigger this workflow as a push event on new chart pushes
workflow_dispatch:
# Catch up daily
schedule:
- cron: "0 0 * * *"
jobs:
plantrigger:
runs-on: ubuntu-latest
name: Force update of helm versions
steps:
# Use a github application for our token. You'll need to make the application and public a private key PEM as a secret
- name: Generate token
id: generate_token
uses: peter-murray/workflow-application-token-action@v1
with:
application_id: ${{ secrets.APP_ID }}
application_private_key: ${{ secrets.APP_PEM }}
- name: Checkout
uses: actions/checkout@v2
# We use S3, so also configure AWS credentials to read the S3 bucket
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
role-duration-seconds: 1200
# Do the helm updates
- name: update helm
uses: cresta/[email protected]
# Only make a PR if there are changes
- name: check for changes
id: changes
run: |
if [[ `git status --porcelain` ]]; then
echo '::set-output name=CHANGES::true'
else
echo '::set-output name=CHANGES::false'
fi
# Create the pull request (notice the if statement)
- name: Create PR to flux2 repo
uses: peter-evans/create-pull-request@v3
id: cpr
if: steps.changes.outputs.CHANGES == 'true'
with:
token: ${{ steps.generate_token.outputs.token }}
branch: helm-autoupdate
delete-branch: true
title: "Forced helm auto update"
labels: forced-workflow
committer: Forced Replan
body: "A forced auto update of helm versions"
commit-message: "A forced auto update of helm versions"
# Enable auto merge on the PR. This part requires the generated token above
- name: Enable Pull Request Auto Merge
if: steps.cpr.outputs.pull-request-operation == 'created'
uses: peter-evans/enable-pull-request-automerge@v2
with:
token: ${{ steps.generate_token.outputs.token }}
pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
merge-method: squash
```
This workflow allows itself to be triggered by other workflows. In the repositories that create helm charts, they will
run an action like this.
```yaml
name: Build Project
on: push
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
# Setup AWS for chart upload
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
# Build charts on every push
- name: Build charts
run: ./make.sh github_actions_lint_build_charts
# Only upload charts on the master branch
- name: Build and Push charts
if: github.ref == 'refs/heads/master'
run: ./make.sh github_actions_upload_charts
# Trigger an automatic update for helm versions
- name: Tell helm auto update there may be a new helm version
if: github.ref == 'refs/heads/master'
run: gh -R cresta/flux2 workflow run helm-autoupdate.yml
env:
# Note: there are some bugs with application GH tokens that don't allow them
# to dispatch workflows :(
# You need to use your personal token here
GH_TOKEN: ${{ secrets.GITHUB_PAT }}
```
# Example
For a simple example, see the workflow file in [helm-autoupdate-testing](https://github.com/cresta/helm-autoupdate-testing/blob/main/.github/workflows/update-helm-versions.yaml). You can see a created PR [here](https://github.com/cresta/helm-autoupdate-testing/pull/2).