Skip to content
anchor

GitHub Action

Helm deploy with support for Helm Secrets

v2.0.0 Latest version

Helm deploy with support for Helm Secrets

anchor

Helm deploy with support for Helm Secrets

Helm deploy action with support for Helm Secrets

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Helm deploy with support for Helm Secrets

              
  uses: formelio/[email protected]
Learn more about this action in formelio/helm-deploy

Choose a version

Helm Deploy Github action

Github action that performs a Helm deployment with support for Helm Secrets. Largely based on deliverybot/helm. Only supports Helm 3.

Limitations

  • No Helm 2 support
  • Only supports the SOPS secret driver with GCP KMS (and possibly PGP)

Parameters

Inputs

  • release: Helm release name. (required)
  • namespace: Kubernetes namespace name. (required)
  • chart: Helm chart path. (required)
  • chart_version: Helm chart version.
  • repository: Helm repository to get the chart from.
  • values: Helm chart values, expected to be a YAML or JSON string.
  • value-files: Additional value files to apply to the helm chart. Expects JSON encoded array or a string.
  • secrets-files: Helm Secrets files to apply to the helm chart as values. Expects JSON encoded array or a string.
  • task: Task name. If the task is "remove" it will remove the configured helm release.
  • dry-run: Helm dry-run option.
  • atomic: If true, upgrade process rolls back changes made in case of failed upgrade. Defaults to true.
  • timeout: specify a timeout for helm deployment
  • image: Image to deploy. Overrides the image.name value.
  • image-fields: Fields to insert the image name in. Expects JSON encoded array or a string. Defaults to "image.name".
  • tag: Image tag to deploy, usually commit sha or Git tag. Overrides the image.tag value.
  • tag-fields: Fields to insert the image tags in. Expects JSON encoded array or a string. Defaults to "image.tag".

Environment

  • KUBECONFIG_FILE: Kubeconfig file for Kubernetes cluster access.
  • GCP_KMS_KEY_FILE: Key file for a GCP service account with access to the KMS keys. Required if secrets files are (partially) encrypted with GCP KMS.

Example usage

name: Deploy with Helm

on:
  push:
    branches: [master]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Deploy
        uses: ivido/helm-deploy@v1
        with:
          release: my-release
          namespace: my-namespace
          chart: ./chart
          value-files: "./chart/values.yaml"
          secrets-files: "./chart/secrets.yaml"
          tag: ${{ github.sha }}
        env:
          KUBECONFIG_FILE: ${{ secrets.KUBECONFIG }}
          GCP_KMS_KEY_FILE: ${{ secrets.GCP_KMS_KEY }}