├── .github ├── dependabot.yml └── workflows │ ├── docker.yaml │ └── update-helm.yaml ├── Dockerfile └── README.md /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "docker" 4 | directory: "/" 5 | schedule: 6 | interval: "monthly" 7 | -------------------------------------------------------------------------------- /.github/workflows/docker.yaml: -------------------------------------------------------------------------------- 1 | name: Publish Docker image 2 | 3 | # NOTE: this won't work if the tag was created by another action 4 | 5 | on: 6 | create: 7 | tags: 8 | - "*" 9 | 10 | workflow_dispatch: 11 | inputs: 12 | 13 | jobs: 14 | push_to_registry: 15 | name: Push Docker image to Docker Hub 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Check out the repo 19 | uses: actions/checkout@v4 20 | 21 | - name: Log in to Docker Hub 22 | uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 23 | with: 24 | username: ${{ secrets.DOCKERHUB_USERNAME }} 25 | password: ${{ secrets.DOCKERHUB_TOKEN }} 26 | 27 | - name: Extract metadata (tags, labels) for Docker 28 | id: meta 29 | uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 30 | with: 31 | images: devth/helm 32 | tags: | 33 | type=semver,pattern=v{{version}} 34 | type=semver,pattern=v{{major}} 35 | 36 | - name: Set up Docker 37 | uses: docker/setup-docker-action@v4 38 | with: 39 | daemon-config: | 40 | { 41 | "debug": true, 42 | "features": { 43 | "containerd-snapshotter": true 44 | } 45 | } 46 | 47 | - name: Set up QEMU 48 | uses: docker/setup-qemu-action@v3 49 | 50 | - name: Build and push Docker image 51 | uses: docker/build-push-action@v6 52 | with: 53 | context: . 54 | platforms: linux/amd64,linux/arm64 55 | load: true 56 | push: true 57 | tags: ${{ steps.meta.outputs.tags }} 58 | labels: ${{ steps.meta.outputs.labels }} 59 | -------------------------------------------------------------------------------- /.github/workflows/update-helm.yaml: -------------------------------------------------------------------------------- 1 | name: Update Helm 2 | 3 | on: 4 | issues: 5 | types: [opened] 6 | 7 | jobs: 8 | check: 9 | name: Check for Release 10 | runs-on: ubuntu-latest 11 | outputs: 12 | release_found: ${{ steps.compare_versions.outputs.release_found }} 13 | release_tag: ${{ steps.get_tags.outputs.tag }} 14 | issue_number: ${{ steps.get_issue.outputs.issue_number }} 15 | issue_title: ${{ steps.get_issue.outputs.issue_title }} 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v4 19 | 20 | - name: Get issue that caused the workflow to run 21 | id: get_issue 22 | run: | 23 | issue_number=$(jq --raw-output .issue.number "$GITHUB_EVENT_PATH") 24 | issue_title=$(jq --raw-output .issue.title "$GITHUB_EVENT_PATH") 25 | 26 | echo "issue_number: $issue_number" 27 | echo "issue_title: $issue_title" 28 | echo "issue_number=${issue_number}" >> $GITHUB_OUTPUT 29 | echo "issue_title=${issue_title}" >> $GITHUB_OUTPUT 30 | 31 | - name: Get Helm tags 32 | id: get_tags 33 | run: | 34 | LATEST_TAG=$(curl --silent --fail https://api.github.com/repos/helm/helm/tags | jq -r .[0].name) 35 | echo "Latest tag: ${LATEST_TAG}" 36 | echo "LATEST_TAG=${LATEST_TAG}" >> $GITHUB_ENV 37 | echo "tag=${LATEST_TAG}" >> $GITHUB_OUTPUT 38 | - name: Compare versions 39 | id: compare_versions 40 | run: | 41 | if grep -q "ENV VERSION ${{ env.LATEST_TAG }}$" Dockerfile 42 | then 43 | echo "Not a new version, skipping..." 44 | echo "release_found=false" >> $GITHUB_OUTPUT 45 | else 46 | echo "Found a new release: $LATEST_TAG" 47 | echo "release_found=true" >> $GITHUB_OUTPUT 48 | fi 49 | update: 50 | name: Update Dockerfile 51 | needs: check 52 | runs-on: ubuntu-latest 53 | if: ${{ needs.check.outputs.release_found == 'true' }} 54 | steps: 55 | - name: Checkout 56 | uses: actions/checkout@v4 57 | with: 58 | token: ${{ secrets.PAT }} 59 | - name: Update 60 | run: | 61 | sed -i "3s/.*/ENV VERSION ${{ needs.check.outputs.release_tag }}/" Dockerfile 62 | - name: Commit and Push - Full version tag 63 | run: | 64 | set -x 65 | git config user.name github-actions 66 | git config user.email github-actions@github.com 67 | 68 | commit_message="Update version to ${{ needs.check.outputs.release_tag }}" 69 | 70 | # check if the issue title contains the version number we're upgrading 71 | if [[ "${{ needs.check.outputs.issue_title }}" == *"${{ needs.check.outputs.release_tag }}"* ]]; then 72 | # if so, close it via commit message 73 | commit_message="${commit_message}; fix #${{ needs.check.outputs.issue_number }}" 74 | fi 75 | 76 | git diff 77 | git commit -am "$commit_message" 78 | git tag ${{ needs.check.outputs.release_tag }} 79 | 80 | # must push with a PAT in order to trigger downstream github actions 81 | - name: Push changes 82 | run: | 83 | git push 84 | git push origin ${{ needs.check.outputs.release_tag }} 85 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.22.0 2 | 3 | ENV VERSION v3.18.2 4 | 5 | ARG TARGETARCH 6 | 7 | LABEL maintainer="Trevor Hartman " 8 | 9 | WORKDIR / 10 | 11 | # Enable SSL 12 | RUN apk --update add ca-certificates wget python3 curl tar jq gcompat 13 | 14 | # Install gcloud and kubectl 15 | # kubectl will be available at /google-cloud-sdk/bin/kubectl 16 | # This is added to $PATH 17 | ENV HOME=/ 18 | ENV PATH=/google-cloud-sdk/bin:$PATH 19 | ENV CLOUDSDK_PYTHON_SITEPACKAGES=1 20 | 21 | RUN export ARCH=${TARGETARCH/amd64/x86_64}; export ARCH=${ARCH/arm64/arm}; wget --no-verbose https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-${ARCH}.tar.gz && tar -xf google-cloud-cli-linux-${ARCH}.tar.gz && rm google-cloud-cli-linux-${ARCH}.tar.gz 22 | RUN google-cloud-sdk/install.sh --usage-reporting=true --path-update=true --bash-completion=true --rc-path=/.bashrc --additional-components app kubectl alpha beta 23 | # Disable updater check for the whole installation. 24 | # Users won't be bugged with notifications to update to the latest version of gcloud. 25 | RUN google-cloud-sdk/bin/gcloud config set --installation component_manager/disable_update_check true 26 | 27 | ENV FILENAME=helm-${VERSION}-linux-${TARGETARCH}.tar.gz 28 | ENV HELM_URL=https://get.helm.sh/${FILENAME} 29 | 30 | RUN echo $HELM_URL 31 | 32 | RUN curl -o /tmp/$FILENAME ${HELM_URL} \ 33 | && tar -zxvf /tmp/${FILENAME} -C /tmp \ 34 | && mv /tmp/linux-${TARGETARCH}/helm /bin/helm \ 35 | && rm -rf /tmp 36 | 37 | # Helm plugins require git 38 | # helm-diff requires bash, curl 39 | RUN apk --update add git bash 40 | 41 | # Install envsubst [better than using 'sed' for yaml substitutions] 42 | ENV BUILD_DEPS="gettext" \ 43 | RUNTIME_DEPS="libintl" 44 | 45 | RUN set -x && \ 46 | apk add --update $RUNTIME_DEPS && \ 47 | apk add --virtual build_deps $BUILD_DEPS && \ 48 | cp /usr/bin/envsubst /usr/local/bin/envsubst && \ 49 | apk del build_deps 50 | 51 | # Install Helm plugins 52 | # workaround for an issue in updating the binary of `helm-diff` 53 | ENV HELM_PLUGIN_DIR=/.helm/plugins/helm-diff 54 | # Plugin is downloaded to /tmp, which must exist 55 | RUN mkdir /tmp 56 | RUN helm plugin install https://github.com/viglesiasce/helm-gcs.git 57 | RUN helm plugin install https://github.com/databus23/helm-diff 58 | 59 | # Install vals tool 60 | ENV VALS_VERSION=0.25.0 61 | ENV VALS_URL=https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_${TARGETARCH}.tar.gz 62 | RUN curl -sL ${VALS_URL} | tar zx -C /usr/local/bin vals 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # helm-docker 2 | 3 | [![Docker Pulls](https://img.shields.io/docker/pulls/devth/helm.svg?style=for-the-badge)](https://hub.docker.com/r/devth/helm/) 4 | [![Docker Image Version](https://img.shields.io/docker/v/devth/helm?sort=date&style=for-the-badge)](https://hub.docker.com/r/devth/helm/) 5 | 6 | ## Usage 7 | 8 | This Docker image includes `helm` along with: 9 | 10 | - `gcloud` 11 | - `kubectl` 12 | - `envsubst` 13 | - `jq` 14 | - [`vals`](https://github.com/variantdev/vals) 15 | 16 | And `helm` plugins: 17 | 18 | - `viglesiasce/helm-gcs.git` 19 | - `databus23/helm-diff` 20 | 21 | ## Docker 22 | 23 | Docker images are automatically built on [Docker 24 | Hub](https://hub.docker.com/r/devth/helm/): 25 | 26 | - Docker tags correspond to [Helm 27 | release](https://github.com/helm/helm/releases) versions. 28 | - `latest` is always the latest fully released version (non-beta/RC). 29 | - `master` is always the latest commit on master. 30 | 31 | ### Building 32 | 33 | To test a local build: 34 | 35 | ```bash 36 | docker build -t devth/helm . 37 | ``` 38 | 39 | ## Release procedure 40 | 41 | Use the following to: 42 | 43 | - Bump `VERSION` in the [Dockerfile](Dockerfile) 44 | - Commit and create tag matching the version 45 | 46 | NB: the `sed` syntax works with MacOS built-in `sed`. 47 | 48 | ```bash 49 | gh issue list 50 | VERSION=v3.16.3 51 | ISSUE=227 52 | # use GNU sed 53 | sed -i "3s/.*/ENV VERSION $VERSION/" Dockerfile 54 | # ensure it looks good 55 | git diff 56 | git commit -am "Bump to $VERSION; fix #$ISSUE" 57 | git tag $VERSION 58 | git push && git push --tags 59 | ``` 60 | 61 | Close an issue without fixing it: 62 | 63 | ```bash 64 | gh issue close 109 65 | ``` 66 | 67 | Optionally test building the image before pushing: 68 | 69 | ```bash 70 | docker build . 71 | ``` 72 | 73 | ### Re-release 74 | 75 | To re-build a particular tag we need to delete the git tag locally and remotely: 76 | 77 | ```bash 78 | git push origin :$VERSION 79 | git tag -d $VERSION 80 | ``` 81 | 82 | Then re-tag and push: 83 | 84 | ```bash 85 | git tag $VERSION 86 | git push --tags 87 | ``` 88 | --------------------------------------------------------------------------------