wyrihaximus / github-action-helm3 Goto Github PK

View Code? Open in Web Editor NEW

56.0 3.0 28.0 3.49 MB

Slim wrapper around helm3

Shell 14.15% JavaScript 85.85%

github-acion helm helm3 hacktoberfest

github-action-helm3's Introduction

Helm Github Action

Runs given Helm/shell commands after ensuring Helm and kubectl are installed or pull in it's own.

Options

This action supports the following options.

exec

The shell commands to run.

Required: Yes
Type: string
Example: helm version

kubeconfig

The contents of the ~/.kube/config used by kubectl and helm to authenticate and communicate with your kubernetes cluster. Note: this can be empty if you want to use this action to do helm lints. The contents of this input will be appended to ~/.kube/config, and will always be removed afterwards.

Required: no
Type: string

overrule_existing_kubeconfig

When this input is set to "true" it will swap out the .kube/config with the one provided.

Required: no
Type: string

Output

This action has only one output and that's the number output. This is the number you see in the HTML URL of the milestone and can be used to refer to in other actions when creating PR's as shown in the example below.

Examples

The following example is triggered on the tagging of a new release and update the helm charts appVersion to the tag title before calling helm to install the application in ./.helm/app/ to kubernetes:

name: Deploy
on:
  release:
    types: [created]
jobs:
  deployment:
    runs-on: 'ubuntu-latest'
    steps:
      - uses: actions/checkout@v3
      - name: Deploy
        uses: WyriHaximus/github-action-helm3@v3
        with:
          exec: helm upgrade APP_NAME ./.helm/app/ --install --wait --atomic --namespace=APP_NAMESPACE --values=./.helm/app/values.yaml
          kubeconfig: '${{ secrets.KUBECONFIG }}'
          overrule_existing_kubeconfig: "true"

The following example shows how you can use this action to lint your helm files in (for example) ./.helm/app/.

name: CI
on:
  push:
jobs:
  lint-helm:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Lint Helm
        uses: WyriHaximus/github-action-helm3@v3
        with:
          exec: helm lint ./.helm/app/

License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

github-action-helm3's People

Contributors

Stargazers

Watchers

github-action-helm3's Issues

Node16 is deprecated, need to update

I got the following warning:

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: WyriHaximus/github-action-helm3@v3

Can you update node to 20 and make a new major release? That'd be great!

Issue executing helm and connecting to cluster

Setting up kubectl configuration
Preparing helm execution
Executing helm
W1021 10:02:01.532600 10 loader.go:223] Config not found: /home/runner/work/temp/kubeconfig************
Error: Kubernetes cluster unreachable

What should I do with KUBECONFIG

Hi:

Thank you so much for creating this action.

I tried many times without success.

I did the following to KUBECONFIG,but it doesn't work.

Get ~/.kube/config of my k8s cluster.
I change localhost to external access ip.
Set github project Secrets/Actions for 'KUBE_CONFIG'.

Looking forward to your reply.

how to avoid using existing kubeconfig file and always use kubeconfig which passed via workflow

Im using following in my workflow:

      - name: Dry Run on Ashburn
        id: dry_run_ashburn
        uses: WyriHaximus/github-action-helm3@v3
        with:
          exec: |
            helm upgrademyapp --install --wait --atomic  -f values-resources.yaml --dry-run
          kubeconfig: '${{ env.KUBECONFIG }}'

seeing following in run:

Existing kubeconfig found, using that and ignoring input
Preparing helm execution
Executing helm

how to force action to use supplied kubeconfig?

v2 uses set-output which will be deprecated soon

We wanted to try to upgrade our action to v3 to avoid the issue. But it fails to apply with the updated default release name (RELEASE-NAME to release-name since newer helm forces lowercase)

[Setup, Build, and Deploy]
The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Could you guys fix the v2 action to follow GITHUB_OUTPUT as the official guideline?

It would be super helpful for us without renaming release name of the deployed resources (https://engineering.salesforce.com/how-to-rename-a-helm-release-6fdcd7526ac7/). Thanks 🙏

Replace deprecated set-output command

The save-state and set-output commands have been deprecated, so this action's usage of set-output should be replaced. See this blog post: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

github-action-helm3/main.js

Line 98 in 240b28c

    
           console.log('::set-output name=helm_output::' + result.split('%').join('%25').split('\n').join('%0A').split('\r').join('%0D'));

Support ARM

Is it possible to make this support ARM runners? When I try this action I get the error:

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
exec /workdir/entrypoint.sh: exec format error

unable to find version `v3`

when using WyriHaximus/github-action-helm3@v3 i'm getting the following error.

Error: Unable to resolve action WyriHaximus/github-action-helm3@v3, unable to find version v3

Previously was using WyriHaximus/github-action-helm3@master.

Not a valid chart repository error.

Hi, thanks for this awesome action.

I have been using it for over a year now and it works until recently when my Azure credentials expired and GitHub subscription expired. I decided to renew both but now running my action, I get this error

Error: looks like "https://xxx.github.io/helm-charts" is not a valid chart repository or cannot be reached: failed to fetch https://xxx.github.io/helm-charts/index.yaml : 404 Not Found

I am not sure what has changed .

Helm lint does not show error message

Thank you for creating this action.

I used the action to lint my helm chart before I attempted deployment, and the step fails each time but does not display what caused it to fail. Because of this, I don't know what I am dealing with since helm lint works on my local machine.

no awscli

getting credentials: *** *** "aws": executable file not found in $PATH

i'd love to use this with EKS but kubectl needs a token for each request.

Does not work on centos runners

This actions does not work on CentOS-Runners.
You should mention this in the Readme, so people are not confused if the action fails to run.

Action's cache dirs are stored in working directory

When using the v3 version of this action, I ran into an issue because the action stores its cache dirs docker-kube-config-[...] and helm-cache-[...] in the working directory. That will lead to an error 413 (Request Entity Too Large) when trying to install the chart in the working directory.

Anyone else affected reading this: add these lines to your .helmignore (create one if it doesn't exist) to work around this issue:

helm-cache-*/
docker-kube-config-*/

Reporting a vulnerability

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Action does not work on AWS CodeBuild self-hosted Github runners when `helm` is invoked from Python script

I've tried to use this action on an AWS CodeBuild self-hosted Github runner.

It works like this:

- name: Test helm template
        uses: WyriHaximus/github-action-helm3@v4
        with:
          exec: helm template does-not-matter ./kubernetes/xyz > defaultTemplate.yaml

but not when helm is invoked by a python script:

 - name: Deploy with helm
        uses: WyriHaximus/github-action-helm3@v4
        with:
          exec: ./deploy.py --verbose helm --branch ${{ github.ref_name }} --sha ${{ github.sha }}

this fails with:

Traceback (most recent call last):
  File "/codebuild/output/src3554363593/src/actions-runner/_work/x/x/./deploy.py", line 225, in <module>
    main()
  File "/codebuild/output/src3554363593/src/actions-runner/_work/x/x/./deploy.py", line 79, in main
    handle_helm()
  File "/codebuild/output/src3554363593/src/actions-runner/_work/x/x/./deploy.py", line [16](https://github.com/x-project/x/actions/runs/8853717181/job/24315537008#step:7:17)6, in handle_helm
    run_command(parameters)
  File "/codebuild/output/src3554363593/src/actions-runner/_work/x/x/./deploy.py", line 69, in run_command
    output =  subprocess.run(command, **kwargs)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.pyenv/versions/3.11.8/lib/python3.11/subprocess.py", line 548, in run
    with Popen(*popenargs, **kwargs) as process:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.pyenv/versions/3.11.8/lib/python3.11/subprocess.py", line 1026, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/root/.pyenv/versions/3.11.8/lib/python3.11/subprocess.py", line [19](https://github.com/x-project/x/actions/runs/8853717181/job/24315537008#step:7:20)53, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'helm'

Invoking helm from a Python script works fine using the normal Github actions. Not sure why it doesn't on AWS runners.

Outdated version of helm is used

Current version is 3.11.

Action uses helm 3.4.1

version.BuildInfo{Version:"v3.4.1", GitCommit:"c4e74854886b2efe3321e185578e6db9be0a6e29", GitTreeState:"clean", GoVersion:"go1.14.11"}

As a result, new helm options are not supported
(i.e helm lint --quiet fails).

ideally, add an option to set required helm/kubectl versions via action config to provide future proof support.

Other issues is that new helm chart for the cert-manager fails to be linted because old version of helm is used:

Error:  templates/cainjector-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-cainjector:leaderelection": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/cainjector-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-cainjector:leaderelection": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager:leaderelection": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager:leaderelection": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-controller-approve:cert-manager-io": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-controller-approve:cert-manager-io": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/startupapicheck-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-startupapicheck:create-cert": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/startupapicheck-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-startupapicheck:create-cert": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/webhook-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-webhook:dynamic-serving": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/webhook-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-webhook:dynamic-serving": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/webhook-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-webhook:subjectaccessreviews": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253
Error:  templates/webhook-rbac.yaml: object name does not conform to Kubernetes naming requirements: "test-release-cert-manager-webhook:subjectaccessreviews": invalid metadata name, must match regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ and the length must not be longer than 253

Use the default Kubeconfig or allow using it

Hi,

First of all, thanks for creating this action!
I have tried to use this action where I am deploying to an EKS cluster. So I am using other actions that sets up aws credentials and kubernetes clusters like these

      - name: Configure AWS credentials for EKS deployment
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.EKS_REGION }}

      - name: Setup kubeconfig
        id: setup-kubeconfig
        run: |
          aws eks --region ${{ secrets.EKS_REGION }} update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME }}

However, the entrypoint.sh script seems to be always overwriting the contents of the default kubeconfig.
Can we make than optional and use a flag like USE_DEFAULT_KUBECONFIG=false.
So we can then override this flag and set it to true.
If true then we skip creating the kubeconfig and also the cleanup.

Is that doable?

Regards,

Nas

facing error with version 3 for kubeconfig file

im using following code in my workflow:


      - name: DryRun on Ashburn
        id: dryrun_ashburn
        uses: WyriHaximus/github-action-helm3@v3
        with:
          exec: helm upgrade testing deployment/helm/mychart --install --wait --atomic --namespace=test --set=app.name=testing -f my-val.yaml
          kubeconfig: '${{ env.KUBECONFIG_CLUSTER }}'

Im reading KUBECONFIG_CLUSTER from vault and have verified using print that it is correct config in json format.

however im getting following error:

Using kubeconfig from input
Preparing helm execution
Executing helm
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/ubuntu/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/ubuntu/.kube/config

Error: Kubernetes cluster unreachable: error loading config file "/home/ubuntu/.kube/config": yaml: line 2: did not find expected ',' or '}'

please suggest why it is looking at yaml file when its a json kubconfig which im passing.
im also doing following before calling action:

      - run: rm ./.kube/config -fR
      - run: rm -f /home/ubuntu/.kube/config || true