Page MenuHomePhabricator

CI pipeline/job to build and release helm chart artifacts
Open, Needs TriagePublic


I would like to extend our CI for the operations/deployment-charts.git repo.

Currently developers build helm chart tarballs manually, update a index.yaml and push all that at part of the CR to gerrit. That's a pretty bad experience, a lot of manual work and requires rebase all over the place (index.yaml).

With T253843 we now have a registry for helm charts. I would like the CI to take care of the manual steps after CRs got merged:

  • Check if/what helm charts have bumped versions (superchart/Chart.yaml vs. whats in chartmuseum registry maybe)
  • Build the helm chart artifact ('helm package superchart')
  • Push the helm chart artifact to chartmuseum ('curl -u $CREDENTIALS -F "chart=@superchart-0.0.1.tgz"')

I'm happy to provide code/help with any of that!

Event Timeline

Hi, we also thought it would be helpful for developers to not have to create a patchset to deployment-charts every time their application has a new image published, and are working on this related task T255835: Make pipelinelib able to update deployment chart image tags in pipelinelib:

I'm writing a (python) tool that is able to perform the three steps described above in first place.

Change 610849 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/docker-images/docker-report@master] Add chartmuseum module to interact with the API

Change 610849 merged by jenkins-bot:
[operations/docker-images/docker-report@master] Add basic chartmuseum library and helm-chartctl CLI

I talked with @dduvall on how we could add this to CI. I initially thought we could do this pre-merge in CI, but another thought is if our releases Jenkins server could have a chron job or be triggered by a merge from CI Jenkins (controversial I know :)), then we could run this to package/publish the charts.

Is this task superseded by the cronjob on the deployment machines that publishes to the chart museum?

Is this task superseded by the cronjob on the deployment machines that publishes to the chart museum?

I'd say no. The cronjob is just something I've implemented to have a working solution but I personally would prefer a complete release in CI. The downsides of the current solution are:

  • It's takes ~2min to push a new chart after the change looks completed from a developers POV
  • If releasing to chartmuseum fails for some reason:
    • The developer will not know about it
    • The developer is not able to look at any logs to figure out what went wrong or whom to "call"