From 583d2fa478d1f2d9e0222c455c4c45a21df0f1db Mon Sep 17 00:00:00 2001 From: Martin Catty Date: Tue, 5 May 2026 16:46:01 -0400 Subject: [PATCH 1/3] feat: add Helm CI and OCI publish on semver tag - Add workflow running helm lint on pull requests and main/develop. - Add release workflow enforcing tag equality with Chart.yaml version and pushing oci://ghcr.io//fluid-workload. - Set default image tag and appVersion to 0.2.2. - Document monorepo path, standalone GitHub repos, and OCI release behaviour in README. --- .github/workflows/ci.yml | 25 ++++++++ .../workflows/release-oci-on-semver-tag.yml | 59 +++++++++++++++++++ Chart.yaml | 2 +- README.md | 4 ++ values.yaml | 2 +- 5 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/release-oci-on-semver-tag.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..4df7306 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,25 @@ +# Runs when this chart tree is the root of the GitHub repository (e.g. fluid-pub/chart-workload). + +name: Helm chart CI + +on: + pull_request: + push: + branches: + - main + - develop + +permissions: + contents: read + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Helm + uses: azure/setup-helm@v4 + + - name: Helm lint + run: helm lint . diff --git a/.github/workflows/release-oci-on-semver-tag.yml b/.github/workflows/release-oci-on-semver-tag.yml new file mode 100644 index 0000000..8cd4184 --- /dev/null +++ b/.github/workflows/release-oci-on-semver-tag.yml @@ -0,0 +1,59 @@ +# Semver tags without `v` (e.g. 0.1.0). Tag must equal `version` in Chart.yaml. +name: Helm OCI release + +on: + push: + tags: + - "[0-9]+.[0-9]+.[0-9]+" + - "[0-9]+.[0-9]+.[0-9]+-*" + +permissions: + contents: read + packages: write + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Helm + uses: azure/setup-helm@v4 + + - name: Verify tag matches Chart.yaml version + run: | + set -euo pipefail + TAG="${GITHUB_REF_NAME}" + CHART_LINE="$(grep -E '^version:[[:space:]]' Chart.yaml | head -1)" + CHART_VER="$(echo "$CHART_LINE" | sed -E 's/^version:[[:space:]]*//; s/[[:space:]]+#.*$//')" + CHART_VER="${CHART_VER%\"}" + CHART_VER="${CHART_VER#\"}" + CHART_VER="${CHART_VER%\'}" + CHART_VER="${CHART_VER#\'}" + CHART_VER="$(echo "$CHART_VER" | sed 's/[[:space:]]*$//')" + if [ "$TAG" != "$CHART_VER" ]; then + echo "::error::Git tag \"$TAG\" must equal Chart.yaml version field \"$CHART_VER\"" + exit 1 + fi + echo "Tag \"$TAG\" matches Chart.yaml version." + + - name: Helm lint + run: helm lint . + + - name: Package chart + run: helm package . + + - name: Log in to GHCR (Helm OCI) + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u "${{ github.actor }}" --password-stdin + + - name: Push chart to GHCR + run: | + set -euo pipefail + shopt -s nullglob + tgz=(./*.tgz) + if [ "${#tgz[@]}" -ne 1 ]; then + echo "::error::Expected exactly one packaged .tgz, got: ${tgz[*]:-none}" + exit 1 + fi + helm push "${tgz[0]}" "oci://ghcr.io/${{ github.repository_owner }}/fluid-workload" diff --git a/Chart.yaml b/Chart.yaml index 6225ea9..c1cf520 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,4 +3,4 @@ name: fluid-workload description: Generic Helm chart for Fluid agents and probes type: application version: 0.1.0 -appVersion: "0.1.0" +appVersion: "0.2.2" diff --git a/README.md b/README.md index f95ba4f..003c4c6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # Helm chart — fluid-workload +In the **`fluid`** monorepo this chart lives under `code/charts/fluid-workload/`; standalone Git (**`fluid-pub/chart-workload`**) uses the same layout at the repository root. + +**Release (standalone repo)** — semver tag (**no `v`**) must equal **`version`** in `Chart.yaml` for GHCR OCI publishing; **`oci://ghcr.io//fluid-workload`**. + Generic chart for **one** Fluid agent or probe image: ConfigMap-mounted YAML config, optional Secret-mounted credentials, extra env. ## Typical values diff --git a/values.yaml b/values.yaml index cb24036..e1f5175 100644 --- a/values.yaml +++ b/values.yaml @@ -7,7 +7,7 @@ workload: image: repository: ghcr.io/fluid-pub/fluid-agent-example - tag: "0.1.0" + tag: "0.2.2" pullPolicy: IfNotPresent imagePullSecrets: [] From 6c4c0f481ca135774f74cbe0b577a373da1900c6 Mon Sep 17 00:00:00 2001 From: Martin Catty Date: Tue, 5 May 2026 17:03:59 -0400 Subject: [PATCH 2/3] docs: align README with chart release and GHCR OCI usage - Describe CI (helm lint) and semver tag release to ghcr.io fluid-workload. - Document canonical helm pull URL with duplicate chart name path on GHCR. - Warn that the short oci prefix does not work for helm pull/install. --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 003c4c6..1ce3103 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,15 @@ In the **`fluid`** monorepo this chart lives under `code/charts/fluid-workload/`; standalone Git (**`fluid-pub/chart-workload`**) uses the same layout at the repository root. -**Release (standalone repo)** — semver tag (**no `v`**) must equal **`version`** in `Chart.yaml` for GHCR OCI publishing; **`oci://ghcr.io//fluid-workload`**. +**Release (standalone repo)** — **`helm lint`** runs on PRs and `main` / `develop`; pushing a semver tag **without `v`** runs **`helm push … oci://ghcr.io//fluid-workload`** when the tag equals **`version`** in **`Chart.yaml`**. + +**Install / pull from GHCR** — Helm OCI on GitHub stores the chart under a path that repeats the chart **`name:`** (see the package page `fluid-workload/fluid-workload`). Use **`--version`** with the full OCI prefix, for example: + +```text +helm pull oci://ghcr.io/fluid-pub/fluid-workload/fluid-workload --version 0.1.0 +``` + +or the equivalent tag form **`oci://ghcr.io/fluid-pub/fluid-workload/fluid-workload:0.1.0`**. The shorter reference **`oci://ghcr.io/fluid-pub/fluid-workload`** (without the second **`fluid-workload`**) does **not** resolve with **`helm pull` / `helm install`** against this registry layout. Generic chart for **one** Fluid agent or probe image: ConfigMap-mounted YAML config, optional Secret-mounted credentials, extra env. From 7761654f92fa1418f9f1de160a5dfefe70d4d57f Mon Sep 17 00:00:00 2001 From: Martin Catty Date: Tue, 5 May 2026 17:06:35 -0400 Subject: [PATCH 3/3] fix: omit appVersion and decouple image tag from chart metadata - Remove appVersion from Chart.yaml; callers deploy arbitrary agent or probe images. - Render container image strictly from image.repository and image.tag in values. - Document that default image values are examples only. --- Chart.yaml | 1 - templates/deployment.yaml | 2 +- values.yaml | 3 ++- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index c1cf520..a3376d5 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,4 +3,3 @@ name: fluid-workload description: Generic Helm chart for Fluid agents and probes type: application version: 0.1.0 -appVersion: "0.2.2" diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 51b3080..946db1a 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -28,7 +28,7 @@ spec: {{- end }} containers: - name: workload - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.service.enabled }} ports: diff --git a/values.yaml b/values.yaml index e1f5175..df2e845 100644 --- a/values.yaml +++ b/values.yaml @@ -5,9 +5,10 @@ workload: # Label-only hint for selectors / docs (e.g. agent, probe) kind: workload +# Example image; replace with your agent or probe image and tag at install time. image: repository: ghcr.io/fluid-pub/fluid-agent-example - tag: "0.2.2" + tag: "0.1.0" pullPolicy: IfNotPresent imagePullSecrets: []