Github action that performs a Helm deployment with support for Helm Secrets. Largely based on deliverybot/helm. Only supports Helm 3.

• No Helm 2 support
• Only supports the SOPS secret driver with GCP KMS (and possibly PGP)

• release: Helm release name. (required)
• namespace: Kubernetes namespace name. (required)
• chart: Helm chart path. (required)
• chart_version: Helm chart version.
• repository: Helm repository to get the chart from.
• values: Helm chart values, expected to be a YAML or JSON string.
• value-files: Additional value files to apply to the helm chart. Expects JSON encoded array or a string.
• secrets-files: Helm Secrets files to apply to the helm chart as values. Expects JSON encoded array or a string.
• task: Task name. If the task is "remove" it will remove the configured helm release.
• dry-run: Helm dry-run option.
• atomic: If true, upgrade process rolls back changes made in case of failed upgrade. Defaults to true.
• timeout: specify a timeout for helm deployment
• image: Image to deploy. Overrides the image.name value.
• tag: Image tag to deploy, usually commit sha or Git tag. Overrides the image.tag value.

• KUBECONFIG_FILE: Kubeconfig file for Kubernetes cluster access.
• GCP_KMS_KEY_FILE: Key file for a GCP service account with access to the KMS keys. Required if secrets files are (partially) encrypted with GCP KMS.

name: Deploy with Helm

on:
  push:
    branches: [master]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Deploy
        uses: ivido/helm-deploy@v1
        with:
          release: my-release
          namespace: my-namespace
          chart: ./chart
          value-files: "./chart/values.yaml"
          secrets-files: "./chart/secrets.yaml"
          tag: ${{ github.sha }}
        env:
          KUBECONFIG_FILE: ${{ secrets.KUBECONFIG }}
          GCP_KMS_KEY_FILE: ${{ secrets.GCP_KMS_KEY }}