Skip to content

sgibson91/bump-helm-deps-action

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

f7dcff9 Β· Dec 23, 2024
Dec 1, 2024
Aug 16, 2022
Jul 4, 2022
May 30, 2022
May 12, 2022
Oct 15, 2021
Dec 23, 2024
Apr 27, 2020
Oct 15, 2021
Nov 1, 2024
Oct 8, 2021
Jun 8, 2022
Mar 20, 2023
Jan 19, 2022
Aug 1, 2024
Oct 15, 2021
Jul 29, 2024
May 12, 2022

Repository files navigation

Helm Bot logo

Bump Helm Chart Dependencies

This is an GitHub Action that will check the chart dependencies of a Helm chart are up to date with their source. If a new version is available, the Action will open a Pull Request inserting the new chart dependency versions into the helm chart file.

CI tests pre-commit.ci status codecov GitHub badge badge

Table of Contents:


πŸ” Overview

This is an overview of the steps the Action executes.

  • Read the helm chart file and find the versions of the dependencies
  • Scrape the helm chart source indexes and find the most recent version release for each dependency
  • If there is a newer chart version available, then:
    • Create a new branch in the repository
    • Add the new version(s) to the helm chart file
    • Commit the file to the branch
    • Open a Pull Request to the default branch
    • Assign labels and reviewers to the Pull Request if required

A moderator should check and merge the Pull Request as appropriate.

πŸ€” Assumptions bump-helm-deps Makes

Here is a list detailing the assumptions that the Action makes.

  1. You have a GitHub Token with enough permissions to access the GitHub API and create branches, commits and Pull Requests
  2. The configuration for your helm chart is available in a public GitHub repository, or you have a token with sufficient permissions to read/write to a private repository
  3. The dependent chart indexes are available at public URLs

πŸ“₯ Inputs

Variable Description Required? Default Value
chart_path The path to the file that stores the helm chart dependencies βœ… -
chart_urls A string-serialised dictionary storing the location of the dependent and their versions. E.g. '{"binderhub": "https://raw.githubusercontent.com/jupyterhub/helm-chart/gh-pages/index.yaml"}' βœ… -
github_token A GitHub token to make requests to the API with. Requires write permissions to: create new branches, make commits, and open Pull Requests. ❌ ${{github.token}}
repository The GitHub repository where the helm chart is stored ❌ ${{github.repository}}
base_branch The base branch to open the Pull Request against ❌ main
head_branch The branch to commit to and open a Pull Request from ❌ bump-helm-deps/{{ chart name }}/WXYZ where chart name is derived from the chart_path, and WXYZ will be a randomly generated ascii string (to avoid clashes)
labels A comma-separated list of labels to apply to the opened Pull Request. Labels must already exist in the repository. ❌ []
reviewers A comma-separated list of GitHub users (without the leading @) to request reviews from ❌ []
team_reviewers A comma-separated list of GitHub teams to request reviews from ❌ []
dry_run Perform a dry-run of the action. A Pull Request will not be opened, but a log message will indicate if any helm chart versions can be bumped. ❌ False

πŸ”’ Permissions

This Action will need permission to read the contents of a file stored in your repository, create a new branch, commit to that branch, and open a Pull Request. The default permissive settings of GITHUB_TOKEN should provide the relevant permissions.

If instead your repository is using the default restricted settings of GITHUB_TOKEN, you could grant just enough permissions to the Action using a permissions config, such as the one below:

permissions:
  contents: write
  pull-requests: write

♻️ Example Usage

The simplest way to use the Action is documented below. This config features a workflow_dispatch trigger to allow manual running whenever the maintainers desire, and a cron job trigger scheduled to run at 10am every weekday.

name: Check and Bump Helm Chart Dependencies

on:
  workflow_dispath:
  schedule:
    - cron: "0 10 * * 1-5"

jobs:
  bump-helm-deps:
    runs-on: ubuntu-latest
    steps:
    - uses: sgibson91/bump-helm-deps-action@main
      with:
        chart_path: path/to/config
        chart_urls: '{"chart_1": "https://example.com/chart_1/index.yaml"}'

🎁 Acknowledgements

Thank you to Christopher Hench (@henchc) who wrote and documented henchbot which automatically opens Pull Requests to upgrade mybinder.org. Give his blog post a read!

✨ Contributing

Thank you for wanting to contribute to the project! πŸŽ‰ Please read our Code of Conduct πŸ’œ and Contributing Guidelines πŸ‘Ύ to get you started.