Publish Jenkins Helm charts to an OCI registry

[jonesbusy]

Is your feature request related to a problem? Please describe

This is to track about publishing the chart into OCI registry instead of the "legacy" format

The index is now stored on https://charts.jenkins.io/index.yaml which is the legacy helm YAML format. Recent Helm version (since 3.8) seems to move to the standard OCI format

• DockerHub could be a solution (since we host Container images there. A bit like bitnami https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html).
• GitHub container registry could be a solution https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
• JFrog Cloud Artifactory https://repo.jenkins-ci.org/ which should support Helm OCI format since 7.75.3 (https://jfrog.com/help/r/jfrog-release-information/artifactory-7.75.3-cloud December 2023)

What are your though about that ?

Probably something that could be discussed with Jenkins infra team as well

Describe the solution you'd like

No response

Describe alternatives you've considered

No response

Additional context

No response

[timja]

What benefit does this give?

---

DockerHub would probably be my preference, but GitHub container registry might be the easiest.

[jonesbusy]

What benefit does this give?

Use standard registry, no scalling issue with the index.yaml, eventually attach attestation etc...

DockerHub would probably be my preference, but GitHub container registry might be the easiest.

Probably will change the way the chart is released (similar to the Jenkins container image ? trusted ci ?)

[timja]

For GitHub no secrets would be required. For docker hub we can probably add a GitHub secret

[jonesbusy]

Resources

helm/chart-releaser-action#107
helm/helm#11062
https://github.com/fluxcd-community/helm-charts/pull/94/files

Nothing to do atannotation level. The package would be directly referenced to the correct repo because of the first URL in the source

sources:
  - https://github.com/jenkinsci/jenkins

I did also some test with my fork and helm publish work well

helm package charts/jenkins
helm registry login ghcr.io -u <username>

There are other repositories that publish their charts on both traditional and OCI storage: https://github.com/fluxcd-community/helm-charts/pkgs/container/charts%2Fflux2

It would allow consumer their prefered way of consuming the artifact

[felipecrs]

I think you just forgot to make the package public:

$ helm install jenkins oci://ghcr.io/jenkinsci/helm-charts/jenkins
Error: INSTALLATION FAILED: GET "https://ghcr.io/v2/jenkinsci/helm-charts/jenkins/tags/list": unexpected status code 403: denied: permission_denied: read_package

There should be a setting to make it public at https://ghcr.io/jenkinsci/helm-charts/jenkins.

[timja]

Updated, @jonesbusy did you want to also update the README with the installation instructions here? https://github.com/jenkinsci/helm-charts/pkgs/container/helm-charts%2Fjenkins#usage

[jonesbusy]

Sure I will open a PR tomorrow with OCI details