ChartMuseum Resource for Concourse CI
Fetches, verifies and publishes Helm Charts from a running ChartMuseum instance. Harbor works as well, since it uses ChartMuseum under the hood.
This resource works probably best in conjunction with the Helm resource which can be used to perform Helm deployments into Kubernetes clusters.
- A running ChartMuseum instance (this resource has been tested with v0.9.0)
Add a new resource type to your Concourse CI pipeline:
resource_types:
- name: chartmuseum
type: docker-image
source:
repository: cathive/concourse-chartmuseum-resource
tag: latest # For reproducible builds use a specific tag and don't rely on "latest".-
server_url: Required. The address of the Chartmuseum/Harbor API. For chartmuseum, this'll be something likehttps://chartmuseum.yourdomain.com/api/charts. For harbor (which uses chartmuseum but changes the API and path), this'll be something likehttps://harbor.yourdomain.com/api/chartrepo/charts(for the default "library" project) orhttps://harbor.yourdomain.com/api/chartrepo/<project name>/chartsfor other projects. -
chart_name: Required The name of the chart to operate upon. -
version_range: Optional parameter that can be used to specify a (SemVer) version range that must match when checking for new charts, e.g.=1.2.0,^2.0.0,~0.2.3or*. -
basic_auth_username: Optional username to be used if your ChartMuseum is username/password protected. If provided, the paramterbasic_auth_passwordmust also be specified. -
basic_auth_password: Optional password to be used if your ChartMuseum is username/password protected. If provided, the paramterbasic_auth_usernamemust also be specified. -
harbor_api: Optional, set totrueuse the Harbor API (which is different enough to the standard ChartMuseum API not to work)
The resource implements all three actions (check, in and out).
Checks for new versions of the specified Helm chart.
If a semver version range has been specified in the sourceconfiguration it will be
honored when checking new versions.
Places the JSON object that describes the Helm chart into the destination directory along with the package and it's provenance file.
The basename of these three files will be in the format ${chart_name}-${chart_version}
unless overwritten by the parameter target_basename.
target_basename: Optional parameter that can be used to change the name of the input files that will be written.
-
chart: Required Path to the tgz-archive or a folder that contains the chart to be uploaded. If a folder has been specified instead of a ".tgz" file, this folder will be packaged up prior to uploading it's contents to the ChartMuseum instance. -
force: Optional parameter that can be used to force the upload of the chart, even if the version to be uploaded does already exist on the server. Enforcement only works, if the ChartMuseum server has not been started with the--disable-force-overwriteflag, though. -
version: Optional parameter that can be used to override the "version" field in the chart'sChart.yamlfile. If the override version is stored in a file, you can use the parameterversion_fileinstead. -
version_file: Optional parameter that points to a file that contains a version string that should be used to override the version specified in the chart'sChart.yamlfile. -
sign: Optional parameter that indicates if the chart package should be signed using a GPG key. If set totrueeitherkey_dataorkey_filemust be specified as well. -
key_data: Ifsignhas been set totrue, this parameter can be used to pass the key to be used to sign the chart package. -
key_file: Ifsignhas been set totrue, this parameter can be used to pass the location of a file that contains the GPG key that shall be used to sign the chart package. -
key_passphrase: Ifsignhas been set totruethis parameter can be used to specifcy the passphrase that protects the GPG signing key to be used to sign the chart package. -
dependency_update: must be set totrueif there are any dependencies in the helm chart to be uploaded. This will cause the dependencies to be fetched before the chart is packaged.