GitHub Actions Integration

Learn how to automate your Helm chart publishing workflow using GitHub Actions.

Workflow Setup

Create the following workflow file in your repository:

.github/workflows/helm.yml 
name: Helm Chart CI/CD

on:
  push:
    paths:
      - 'charts/**'
    branches:
      - main
  pull_request:
    paths:
      - 'charts/**'

jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Set up Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.12.0

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.9'

      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.6.1

      - name: Run chart-testing (lint)
        run: ct lint --target-branch ${{ github.event.repository.default_branch }}

      - name: Run chart-testing (install)
        run: ct install --target-branch ${{ github.event.repository.default_branch }}

  publish:
    needs: lint-test
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Set up Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.12.0

      - name: Configure Helmbay
        run: |
          helm repo add helmbay https://charts.helmbay.com/${{ secrets.HELMBAY_REPO }}
          helm repo update
        env:
          HELMBAY_TOKEN: ${{ secrets.HELMBAY_TOKEN }}

      - name: Package and push charts
        run: |
          for chart in charts/*; do
            if [ -d "$chart" ]; then
              helm package "$chart"
              helm push ${chart##*/}-*.tgz oci://charts.helmbay.com/${{ secrets.HELMBAY_REPO }}
            fi
          done
        env:
          HELMBAY_TOKEN: ${{ secrets.HELMBAY_TOKEN }}

Required Secrets

Add the following secrets to your GitHub repository:

HELMBAY_TOKEN Required
API token for authentication
HELMBAY_REPO Required
Repository name in Helmbay

Best Practices

Version Control

  • Use semantic versioning for charts
  • Update Chart.yaml version automatically
  • Tag releases with chart versions
  • Include changelog entries

Testing

  • Run helm lint before publishing
  • Test chart installation in CI
  • Validate values schema
  • Check for breaking changes

Security

  • Use repository secrets for tokens
  • Implement RBAC for CI/CD
  • Scan charts for vulnerabilities
  • Sign charts with GPG

Configuration Examples

Chart Testing Configuration

Example chart-testing config file

.ct.yaml 
chart-repos:
  - helmbay=https://charts.helmbay.com/myrepo
remote: origin
target-branch: main
helm-extra-args: --timeout 600s
check-version-increment: true
validate-maintainers: true

Chart Schema Validation

JSON Schema for values.yaml

values.schema.json 
{
  "$schema": "https://json-schema.org/draft-07/schema#",
  "type": "object",
  "required": ["replicaCount", "image"],
  "properties": {
    "replicaCount": {
      "type": "integer",
      "minimum": 1
    },
    "image": {
      "type": "object",
      "required": ["repository", "tag"],
      "properties": {
        "repository": {
          "type": "string"
        },
        "tag": {
          "type": "string"
        }
      }
    }
  }
}

Troubleshooting

Authentication failures
Verify HELMBAY_TOKEN is correctly set in repository secrets 
echo ${{ secrets.HELMBAY_TOKEN }} | helm registry login -u helmbay --password-stdin charts.helmbay.com
Chart version conflicts
Ensure chart version is incremented before pushing 
helm show chart ./mychart | grep version
Lint failures
Run helm lint locally to debug issues 
helm lint ./mychart --strict

Next Steps

Learn how to integrate with other CI/CD platforms.

GitLab CI Guide → Jenkins Guide →