helm / chart-releaser Goto Github PK

Would it be possible to get a new release including my recent change that keeps the generated field of the index updated?

Proposal:

• remove the vendor dir (to simplify PRs)
• implement goreleaser and automate with CircleCI
• gitignore /vendor and /dist dirs
• update the README with how to install, and for contribution how to build

See https://github.com/scottrigby/example-dep-no-vendor for how and why

Also see helm/chart-testing#29 (comment) for related discussion, some version of which was done for chart-testing.

When using the chart-releaser via the official GitHub chart-releaser Action on a repo containing the application as well as the Helm chart the tags that are created are confusing unless something is added to the chart name to clarify that it is a chart (see kubernetes-sigs/descheduler#248 (comment) & kubernetes/autoscaler#3393).

This results in the two charts above being called descheduler/descheduler-chart & autoscaler/cluster-autoscaler-chart respectively just to make sure the tags are created correctly.

It would be really useful to enable a custom tag prefix via the cr command so these charts can loose the -chart postfix from their name which is confusing and unnecessary beyond tagging concerns.

Hello,

I've noticed that cr index --push does not work for Github Enterprise Users because it tries to use github.com to push index file. The reason is that the base URL is hardcoded:

However, I dot not know if there is a straightforward way to fix it since git-base-url is used to configure the GitHub API URL (https://ghe.example.com/api/v3/) and not the GitHub base URL (https://ghe.example.com/).

I could draft a PR, but I think I would need some advice on how best to fix this.

I guess we could / should have something like that:

Best

I'm trying to use chart-releaser in a private repository.
Steps:

• create private repository
• enable gh-pages (public)
• cr package ...
• cr upload ...
• cr index --push ...
• helm repo add my_private_repo <owner>.github.io/<repo_name> --username <user> --password <token>
• helm pull my_private_repo/<chart> <-ERROR
  Error: failed to fetch https://github.com/<owner>/<repo>/releases/download/<release>/<chart>.tgz: 404 Not Found

Am I missing something or chart-releaser is useless on private repositories?

Consider enabling chartmuseum as a target instead of GitHub pages.

Reading the code and documentation I couldn't figure out how to use this for a repo with multiple charts in it. Does it even support such use cases?

likely operator error, but i'm having an issue setting up index.yaml.

i'm trying to run via docker image with something like:

docker run \
  --rm \
  -v /Users/tony/git-alt/helm-charts/build:/build \
  -e CR_OWNER=the-watchmen \
  -e CR_GIT_REPO=helm-charts \
  -e CR_PACKAGE_PATH=/build \
  -e CR_INDEX_PATH=/build/index.yaml \
  -e CR_CHARTS_REPO=https://github.com/the-watchmen/helm-charts \
  -e CR_TOKEN={my-token} \
  quay.io/helmpack/chart-releaser:v0.2.3 \
  cr index

and seeing:

====> UpdateIndexFile new index at /build/index.yaml
Error: GET https://api.github.com/repos/the-watchmen/helm-charts/releases/tags/index: 404 Not Found []

contents of /Users/tony/git-alt/helm-charts/build:

bash-3.2$ ls -la build
total 32
drwxr-xr-x  5 tony  staff   160 Mar 22 13:29 .
drwxr-xr-x  9 tony  staff   288 Mar 22 13:29 ..
-rw-r--r--  1 tony  staff   528 Mar 22 13:29 index.yaml
-rw-r--r--  1 tony  staff  1477 Mar 22 13:29 micro-service-1.0.0.tgz
-rw-r--r--  1 tony  staff  5542 Mar 22 13:29 tls-1.0.0.tgz

am i missing some pre-requisite steps?

i manually created a gh-pages branch, but that didn't help.

here is the repo that i am working with...

Required for any security-related patches for previous (Helm 2) releases.

Branch from the commit before #47 was merged

In order to make cr easier to aquire and upgrade chart-releaser (without having to manually go to the github releases page, download it, move it to bin/, etc.), could this binary be made available on homebrew tap?

If you didn't want to submit it to the "main" homebrew tap or kubernetes tap, another option would be to update .goreleaser to publish a cr.rb file in the root of this project as part of the release process, and then users could do:

brew tap helm/chart-releaser https://github.com/helm/chart-releaser
brew install helm/chart-releaser/chart-releaser

That is a technique it appears other CLI tools are taking, though to be honest I can't speak to whether or not it's the best idea / if there are consequences of doing it that way

I was trying to use tags as v<sem_ver> to create a release on github with the helm chart plus some other files and then rebuild the index correctly with cr index. I didn't want to use the cr upload command because it does not allow to upload other files easily and another process was already in place to create the release with a meaningful release note, etc.

But I hit the following issue:

Currently due to some assumptions on release tags made by the cr index command (the presence of a - in order to split package name and version), it is not possible to use such kind of "simple tags" because passing --release-name-template "{{ .Version }} returns an index error here.

Proposed solution:

I think a user should be able to pass explicitly the package name (maybe as a template) and the package version as a template separately and if not provided fallback to the current assumption.

Description

Following the instructions in README.md, the version from locally built binary is less than the current released version.

Steps

1. Run through build instructions

git clone https://github.com/helm/chart-releaser
cd chart-releaser
go mod download
go install ./...

2. Get the version

go version

Actual Results

The binary is installed at $HOME/go/bin/cr and when getting the version cr version:

Version:	 v0.2.3
Git commit:	 5e239bd19fbefb9eb0181ecf0c7ef73b8fe2753c
Date:		 2019-11-22T14:28:30Z
License:	 Apache 2.0

Expected Results

The released version is v1.1.1, so expected that the version would be this or greater.

Current plan is this will be for the Helm chart-releaser GitHub app as a service.

Replace the current circle setup with gh-actions.
Have a build workflow, and a release-workflow which we can trigger by clicking.

When I suggested using semver spec Item 10 (metadata) for the chart name so we could still be semver compliant, I somehow missed this important point:

Build metadata SHOULD be ignored when determining version precedence. Thus two versions that differ only in the build metadata, have the same precedence. Examples: 1.0.0-alpha+001, 1.0.0+20130313144700, 1.0.0-beta+exp.sha.5114f85.

In our case, if there are two charts in a GitHub repo named foo and bar with the same version 1.0.0, the tags 1.0.0+foo and 1.0.0+bar would have the same precedence 🤦‍♂️ @mattfarina confirmed this is how Helm handles build metadata. So… we can't do that.

I think we should go with what @prydonius suggested: CHARTNAME-VERSION. This way it's not valid semver (git release tags don't need to be for this), and so bypasses it altogether. This is also the same pattern helm package uses (minus the .tgz).

This should be automated.

Right now, all your packages must be in your --package-path directory when you build your index. I'd like to add the ability to build your index with only new packages in --package-path. This way, you don't have to keep around the --package-path directory and can use releases as the sole source of truth.

I can write in this functionality, I just want to make sure this is a welcome addition first.

We should probably write these for go test.

Having the index.yaml generated is great and all, but have you considered adding (or accepting a PR That adds) an index.html that shows a simple list of all the charts and the latest version? So that who ever visits the chart repo URL we pass around have an idea of what's in the repo without having to parse the YAML?

i have a repo with a series of charts in it and i just wrote a script to iterate over each chart
calling helm package on every chart, and then call cr upload on the result.

works the first time, but then the second time i get 422's.

to account for this situation, do you think cr should ignore or warn on duplicates?

or do you think that the consumer should be smart enough to only generate packages for those things that have changed?

docker run \
  --rm \
  -v /Users/tony/git-alt/helm-charts/build:/build \
  -e CR_OWNER=the-watchmen \
  -e CR_GIT_REPO=helm-charts \
  -e CR_PACKAGE_PATH=/build \
  -e CR_TOKEN=$CR_TOKEN \
  quay.io/helmpack/chart-releaser:v1.0.0-beta.1 \
  cr upload

Error: error creating GitHub release: POST https://api.github.com/repos/the-watchmen/helm-charts/releases: 422 Validation Failed [{Resource:Release Field:tag_name Code:already_exists Message:}]

We agreed to move https://github.com/paulczar/charthub to https://github.com/helm/chart-releaser, but the project strings also now need to be renamed.

version: v0.2.3
helm version 2

I have configured the following in my config file chart-releaser.yaml

owner: SouthbankSoftware
git-repo: provendb-helm
package-path: ./
git-base-url: https://api.github.com/
git-upload-url: https://uploads.github.com/
token: 2332
charts-repo: provendb-helm
index-path: ./index.yaml

I could upload the helm chart correctly with

cr upload --config chart-releaser.yaml

When I create an index like this
cr index --config ./chart-releaser.yaml

I get the following error:

Error: Get provendb-helm/index.yaml: unsupported protocol scheme ""

Am I missing something?

Yo!

Been experimenting a bit with the chart-releaser in a private github repository to see if it would be possible to use for hosting charts. I think it could be possible to get it working with some small changes.

Current issues / limitations:

• When chart-releaser downloads assets it assumes the project is public and uses browser url, would need to use assets api for private repos, and set this url in the generated index.

• index would have to be public (gh-pages), exposing which packages exist.
  it looks like you can do helm repo add helm-demo https://raw.githubusercontent.com/paulczar/helm-demo/master/docs which would also be accessible with a personal access token

• Downloading assets with helm client would require github token authorization, I think this stale proposal could probably resolve that. helm/helm#3102

Some teams choose to host their helm chart repos on a different branch for github pages. cr index and cr upload should have an option to specify which branch.

issue

charts
|- chart1
  |- charts
    |- sub-chart1 -> ../../../sub-chart1
|- sub-chart1

In this case the ct lint requires that the Chart.yaml for chart1 have an entry for dependencies such as:

dependencies:
- name: sub-chart1
  version: ">= 0.0.0 || >= 0.0.0-0"

Problem is when I try to run cr package chart/chart1 i get:

Error: could not find protocol handler for:

workaround

if i run a helm dependency update first then it generates a Chart.lock file and then the cr package passes

ask

make it so cr package works for local dependencies without a Chart.lock file (or generate the lock file as part of the process if needed)

Hi all,

It seems that there is a problem with the new release for the homebrew tap formula. I get this error:

brew install chart-releaser                                                                                                                                            
==> Installing chart-releaser from helm/tap
==> Downloading https://github.com/helm/chart-releaser/releases/download/v1.2.0/chart-releaser_1.2.0_darwin_amd64.tar.gz
==> Downloading from https://github-releases.githubusercontent.com/144605653/153ca700-719e-11eb-97aa-a88dc46c26db?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210219%2Fus
######################################################################## 100.0%
Error: An exception occurred within a child process:
  Errno::ENOENT: No such file or directory - chart-releaser

https://github.com/helm/chart-releaser/blob/master/pkg/releaser/releaser.go#L210

github.com is hardcoded in this line, which breaks cr index --push/--pr when using Github Enterprise.

fork demo, then failed to create release:

 chart-releaser upload -o daixiang0 -r helm-demo -t $token -p ~/helm-demo/ --recursive
--> Processing package demo-0.1.0.tgz
release "demo-0.1.0"====> Creating release demo-0.1.0
Error: failed to create a release: POST https://api.github.com/repos/daixiang0/helm-demo/releases: 404 Not Found []
Usage:
  chart-releaser upload [flags]

Flags:
  -h, --help           help for upload
  -o, --owner string   github username or organization
  -p, --path string    Path to Helm Artifacts
      --recursive      recursively find artifacts
  -r, --repo string    github repository
  -t, --token string   Github Auth Token

Global Flags:
      --config string   config file (default is $HOME/.chart-releaser.yaml)

failed to create a release: POST https://api.github.com/repos/daixiang0/helm-demo/releases: 404 Not Found []

Hi, I have a single repo containing my container source and the relevant helm package.
I'd like to do the following on every push to master:

• calculate new semantic release version
• build & push image to github registry
• update a helm repository with my chart on branch gh-pages

Altough I'm unsure how to do this since chart-releaser will create the GitHub release itself, but there is no way to re-use that release for the image tag? Anyone doing the same?

When you create a release at an earlier commit point, cr upload release a package at the current commit point in origin/master.

STEPS

As an example, I have ef6f90 that you want to be dgraph-0.0.6, and I want to publish an earlier commit at c4a062de that you want to be dgraph-0.0.5

* ef6ef90 - (HEAD -> master, origin/master, origin/HEAD) super duper tls secret support (#37) (2 days ago) <me>
* 5debc54 - some bug that was fixed (6 days ago) <another dev>
* c4a062e - ingress on steroids support (4 weeks ago) <me>

Then you do:

git checkout c4a062e
helm package charts/dgraph --destination .packages/
cr upload --config ~/.config/chart-releaser/config.yaml

Actual Results

It creates a tag at ef6ef90, not c4a062e.

Expected Results

I wanted the tag at c4a062e or have a command option or other method to do that.

Current, does not work:

https://api.github.com/repos/tidepool-org/development/releases/tags/

vs

Updated, works:

https://api.github.com/repos/tidepool-org/development/tags

Should I use cr index to generate index.yaml file?
I ran
cr index -i ./index.yaml -p .deploy -o <MyID> -r charts -c https://github.xyz.com/MyID/charts/releases/download --token <myToken>
This returns

====> Using existing index at ./index.yaml
Error: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type repo.IndexFile
Usage:
  cr index [flags]

And index.yaml file contains
<h3>You are being redirected to your identity provider in order to authenticate.</h3>

But the same token works with cr upload. So its not an issue token issue.

The tool works like a charm. However, tags should not only be named after the version. If you have different charts in one repo, you will sooner or later run into version conflicts. Plus, you cannot identify by the tag name which chart the tag is for.

Gave it a try but ran into the following when creating the index:

# Example
cr index --charts-repo https://my-repo/k8s/helm/charts --owner wallyqs --git-repo https://github.com/wallyqs/my-charts

====> UpdateIndexFile new index at .cr-index/index.yaml
Error: open .cr-release-packages: no such file or directory

Thanks :)

Hi,

I have a strange behaviour. When I try to run:

alias cr="docker run --rm -w /charts -v \$(pwd):/charts quay.io/helmpack/chart-releaser:v0.2.2 cr"
cr upload --config config.yaml -t 82a57cbf1885517dca002fa1a25c88c9222bbafa

I'm getting:

Error: error creating GitHub release: Post https://api.github.com/repos/CrowdfoxGmbH/cfcharts/releases: x509: certificate signed by unknown authority

Which is not the case. I can do:

docker run --rm  quay.io/helmpack/chart-releaser:v0.2.1 apk add curl && curl https://api.github.com/repos/crowdfoxgmbh/cfcharts/releases

Without any problems.

Consider using semantic-release to

1. Generate the GitHub release description based on commit messages
2. Increase the version number automatically based on commit messages

Hey,

Thanks for a great package, but I have a small issue.
The first time I uploaded my helm chart everything worked well, cr upload and then cr index did the job.

But now, when I am trying to upload a new version I keep getting:

422 Validation Failed [{Resource:Release Field:tag_name Code:already_exists Message:}]

Tried increasing the version and the appVersion in Chart.yaml but still keep getting the same error.
What am I doing wrong?

Thanks!

Hey guys.

I'm trying to install packages from a private repository I've deployed using chart-releaser, but I'm not being able to do it.

Here is what I've done:

1. I've created a new private repository, added a sample chart to it and ran the following commands:

helm package charts/* --destination .deploy
cr upload -o odelucca -r helm-charts -p .deploy -t $MY_TOKEN

2. I've created the index.yaml with the following command:

cr index --config .cr.yaml -t $MY_TOKEN
# My .cr.yaml file:
# owner: odelucca
# git-repo: helm-charts
# package-path: .deploy
# index-path: index.yaml
# charts-repo: https://github.com/odelucca/helm-charts/

3. I've commit the index.yaml to the repo

4. I've added the remote helm repo with the following command:

helm repo add helm-charts https://raw.githubusercontent.com/odelucca/helm-charts/master --username $MY_EMAIL --password $MY_TOKEN

5. The repo was added, then I've added the following dependency to a local chart:

dependencies:
- name: serverless-common
  version: 1.0.0
  repository: "@helm-charts"

6. Now, I've tried to run the following:

helm dep update

7. I get the following errors:

Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
        Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: connect: connection refused
...Successfully got an update from the "helm-charts" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.
Saving 1 charts
Downloading serverless-common from repo https://raw.githubusercontent.com/odelucca/helm-charts/master
Save error occurred:  could not download https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz: Failed to fetch https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz : 404 Not Found
Deleting newly downloaded charts, restoring pre-update state
Error: could not download https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz: Failed to fetch https://github.com/odelucca/helm-charts/releases/download/serverless-common-1.0.0/serverless-common-1.0.0.tgz : 404 Not Found

Anyone can help me? I've tried a lot of different approaches, and none of them fix it

We still need to test PRs… so far I only added for tag releases. We discussed but didn't implement this yet.

Hello

Sorry if this is more of a question than a bug. We're using the chart-releaser over at https://github.com/k8s-at-home/charts

We've noticed that the top level generated field in the index.yaml is not being updated when charts are being updated. Tools like flux2 expect this field to be updated when a chart is released so it knows when to update the repo.

You can see in index.yaml the generated field is not being updated and it's currently pinned to generated: "2019-12-22T07:05:20.914237208Z"

My question is should this field be updated when a new chart is released, or is it something that could be supported in the future?

Thanks!

For Github Enterprise, chart-releaser users need git-base-url and git-upload-url correctly, but the correct values are not always obvious.

Often they are along these lines:

https://example.com/api/v3/
https://example.com/api/uploads/

If however you set the upload URL incorrectly, let's say to something like https://example.com/uploads/, then cr upload will appear to work, but there will only be the 2 source code assets and the third asset is missing. This will become apparent when you run cr index and it always claims that nothing has changed, because it can't find any assets for the release.

The initial issue might be a problem in the go-github Do call, but basically if the asset upload fails the release should be rolled back (deleted) and a an appropriate log message should be displayed.

It is likely that the cr index command should also generate at least a warning when a release has no assets attached to it.

Note:
If you are trying to figure out what your upload_url is try to use a curl command like this:
curl -u username:token https://example.com/api/v3/repos/org/repo/releases
and then look for "upload_url" - You need the part before repos/

#47

This merge never had an official release cut? Was this expected?

This URL: https://api.github.com/repos/neo4j-contrib/neo4j-helm/releases/tags/ is a 404.

This URL: (a specific release) https://api.github.com/repos/neo4j-contrib/neo4j-helm/releases/tags/4.0.4-2 works just fine.

Is it built into the tool, the assumption that the GitHub API will allow you to enumerate releases with this endpoint? Because GitHub appears not to allow that.

$ cr index -c https://github.com/neo4j-contrib/neo4j-helm.git -r neo4j-helm -i index.yaml -o neo4j-contrib -p . 
====> UpdateIndexFile new index at index.yaml
Error: GET https://api.github.com/repos/neo4j-contrib/neo4j-helm/releases/tags/: 404 Not Found []
Usage:
  cr index [flags]

Flags:
  -c, --charts-repo string      The URL to the charts repository
  -b, --git-base-url string     GitHub Base URL (only needed for private GitHub) (default "https://api.github.com/")
  -r, --git-repo string         GitHub repository
  -u, --git-upload-url string   GitHub Upload URL (only needed for private GitHub) (default "https://uploads.github.com/")
  -h, --help                    help for index
  -i, --index-path string       Path to index file (default ".cr-index/index.yaml")
  -o, --owner string            GitHub username or organization
  -p, --package-path string     Path to directory with chart packages (default ".cr-release-packages")
  -t, --token string            GitHub Auth Token (only needed for private repos)

Global Flags:
      --config string   Config file (default is $HOME/.cr.yaml)

This would be a ideal fit as an helm plugin to have like a single command helm release that would propose options to do both commands, the release and the index update.

Hi,

When using a private GitHub repository, the Helm client is not able to fetch the release artifacts due to the standard browser download url used in the generated index.yaml. It's mentioned in the following PR that the url in the index.yaml needs to be adjusted, and the PR also references a fix (#43) which introduced some changes.

PR: #14

I've checked the code, but it seems there is currently no way to tweak the actual download url in the generated index.yaml (e.g. like mentioned in this comment #14 (comment)) or?

-- Sven

• Add code of conduct
• Ensure all past commits are signed (given there are only 12 commits and this repo was very recently added to the Helm github org unannounced, we agreed this is the easiest way to handle this requirement)
• Ensure correct licensing. Currently there's an MIT license and Apache licenses need to fix the copyright line.

Hi, just FYI I've setup a workflow that uses plain helm without GitHub Pages: https://github.com/ironpeakservices/iron-chart-go/blob/master/.github/workflows/release.yml

Might be interesting for others.
You install via

# first add our helm repository
# provide a GitHub token if it's private
% helm repo add ironchartgo https://${GITHUB_TOKEN}@raw.githubusercontent.com/ironpeakservices/iron-chart-go/helmrepo/
"ironchartgo" has been added to your repositories

# now let's install our Chart from our repository
% helm install mychart ironchartgo/iron-chart-go

Currently, chart-releaser uses the default release creation behavior: target commits for a new release will be the current commit on the default branch.

This is reasonable default behavior, but it would be nice to have the ability to specify the commit. Use cases - if you are doing backfill or other manual work outside of normal workflow.