This is an GitHub Action that will check the chart dependencies of a Helm chart are up to date with their source. If a new version is available, the Action will open a Pull Request inserting the new chart dependency versions into the helm chart file.
Table of Contents:
- 🔍 Overview
- 🤔 Assumptions
bump-helm-depsMakes - 📥 Inputs
- 🔒 Permissions
- ♻️ Example Usage
- 🎁 Acknowledgements
- ✨ Contributing
This is an overview of the steps the Action executes.
- Read the helm chart file and find the versions of the dependencies
- Scrape the helm chart source indexes and find the most recent version release for each dependency
- If there is a newer chart version available, then:
- Create a new branch in the repository
- Add the new version(s) to the helm chart file
- Commit the file to the branch
- Open a Pull Request to the default branch
- Assign labels and reviewers to the Pull Request if required
A moderator should check and merge the Pull Request as appropriate.
Here is a list detailing the assumptions that the Action makes.
- You have a GitHub Token with enough permissions to access the GitHub API and create branches, commits and Pull Requests
- The configuration for your helm chart is available in a public GitHub repository, or you have a token with sufficient permissions to read/write to a private repository
- The dependent chart indexes are available at public URLs
| Variable | Description | Required? | Default Value |
|---|---|---|---|
chart_path |
The path to the file that stores the helm chart dependencies | ✅ | - |
chart_urls |
A string-serialised dictionary storing the location of the dependent and their versions. E.g. '{"binderhub": "https://raw.githubusercontent.com/jupyterhub/helm-chart/gh-pages/index.yaml"}' |
✅ | - |
github_token |
A GitHub token to make requests to the API with. Requires write permissions to: create new branches, make commits, and open Pull Requests. | ❌ | ${{github.token}} |
repository |
The GitHub repository where the helm chart is stored | ❌ | ${{github.repository}} |
base_branch |
The base branch to open the Pull Request against | ❌ | main |
head_branch |
The branch to commit to and open a Pull Request from | ❌ | bump-helm-deps/{{ chart name }}/WXYZ where chart name is derived from the chart_path, and WXYZ will be a randomly generated ascii string (to avoid clashes) |
labels |
A comma-separated list of labels to apply to the opened Pull Request. Labels must already exist in the repository. | ❌ | [] |
reviewers |
A comma-separated list of GitHub users (without the leading @) to request reviews from |
❌ | [] |
team_reviewers |
A comma-separated list of GitHub teams to request reviews from | ❌ | [] |
dry_run |
Perform a dry-run of the action. A Pull Request will not be opened, but a log message will indicate if any helm chart versions can be bumped. | ❌ | False |
This Action will need permission to read the contents of a file stored in your repository, create a new branch, commit to that branch, and open a Pull Request.
The default permissive settings of GITHUB_TOKEN should provide the relevant permissions.
If instead your repository is using the default restricted settings of GITHUB_TOKEN, you could grant just enough permissions to the Action using a permissions config, such as the one below:
permissions:
contents: write
pull-requests: writeThe simplest way to use the Action is documented below.
This config features a workflow_dispatch trigger to allow manual running whenever the maintainers desire, and a cron job trigger scheduled to run at 10am every weekday.
name: Check and Bump Helm Chart Dependencies
on:
workflow_dispath:
schedule:
- cron: "0 10 * * 1-5"
jobs:
bump-helm-deps:
runs-on: ubuntu-latest
steps:
- uses: sgibson91/bump-helm-deps-action@main
with:
chart_path: path/to/config
chart_urls: '{"chart_1": "https://example.com/chart_1/index.yaml"}'Thank you to Christopher Hench (@henchc) who wrote and documented henchbot which automatically opens Pull Requests to upgrade mybinder.org.
Give his blog post a read!
Thank you for wanting to contribute to the project! 🎉 Please read our Code of Conduct 💜 and Contributing Guidelines 👾 to get you started.