Skip to content

feat(helm): publish Helm chart to OCI registry #267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nlamirault wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(helm): publish Helm chart to OCI registry #267

nlamirault wants to merge 2 commits into from

Conversation

@nlamirault
Copy link
Contributor

@nlamirault nlamirault commented Sep 15, 2025
edited by coderabbitai bot
Loading

Pull Request

Related issue

Fixes #266

What does this PR do?

  • ...

PR checklist

Please check if your PR fulfills the following requirements:

  • Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)?
  • Have you read the contributing guidelines?
  • Have you made sure that the title is accurate and descriptive of the changes?

Thank you so much for contributing to Meilisearch!

Summary by CodeRabbit

  • Chores
    • Enhanced release workflow with improved permissions and package distribution capabilities.
    • Release packages now published to GitHub Container Registry (GHCR) for increased availability and accessibility.

✏️ Tip: You can customize this high-level summary in your review settings.

@nlamirault
feat(helm): publish Helm chart to OCI registry
38ca7bb 
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
@nlamirault
feat(helm): typo
dd2eeec 
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
@brunoocasali
Copy link
Member

brunoocasali commented Dec 11, 2025
edited
Loading

@coderabbitai review

@coderabbitai
Copy link

coderabbitai bot commented Dec 11, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai
Copy link

coderabbitai bot commented Dec 11, 2025
edited
Loading

Walkthrough

The pull request modifies the GitHub Actions release workflow to add OCI registry support. It introduces job permissions for contents and packages, then adds three new steps to authenticate with GHCR and push Helm chart packages to an OCI-compliant registry using helm push commands.

Changes

Cohort / File(s) Change Summary
GitHub Actions Workflow Enhancement
.github/workflows/release-chart.yaml		 Added job permissions for contents and packages. Extended workflow with three new steps: GHCR login, loop-based OCI registry push of .cr-release-packages/\*.tgz files using helm push, while maintaining existing CR_TOKEN usage.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Single file with configuration and workflow step additions
  • Clear purpose aligned with OCI registry publishing objective
  • Review focuses on permissions configuration accuracy and helm push command syntax

Poem

🐰 Charts now hop to the registry cloud,
OCI artifacts, published proud!
With GHCR's door now open wide,
Our Helm charts have nowhere to hide. 📦✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding functionality to publish Helm charts to an OCI registry, which matches the workflow modifications in the changeset.
Linked Issues check ✅ Passed The PR implements the core requirement from issue #266: publishing Helm charts as OCI artifacts to OCI-compliant registries using Helm v3.8.0 GA OCI support.
Out of Scope Changes check ✅ Passed All changes are focused on the GitHub Actions workflow for releasing Helm charts to GHCR, which is directly aligned with the linked issue's objective.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai
Copy link

coderabbitai bot commented Dec 11, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai[bot]
coderabbitai bot reviewed Dec 11, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/workflows/release-chart.yaml (1)

36-44: Simplify script by removing redundant nullglob check and add error handling.

With shopt -s nullglob enabled, the if [ -z "${pkg:-}" ] check is unnecessary—the loop simply won't execute if no files match. Additionally, if helm push fails for any package, the workflow silently continues instead of failing the step. Consider adding error handling to fail fast on push failures.

Apply this diff to streamline the script:

- - name: Push chart to GHCR
-   run: |
-     shopt -s nullglob
-     for pkg in .cr-release-packages/*.tgz; do
-       if [ -z "${pkg:-}" ]; then
-         break
-       fi
-       helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/meilisearch-kubernetes"
-     done
+ - name: Push chart to GHCR
+   run: |
+     shopt -s nullglob
+     set -e
+     for pkg in .cr-release-packages/*.tgz; do
+       helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/meilisearch-kubernetes"
+     done
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f864775 and dd2eeec.

📒 Files selected for processing (1)
  • .github/workflows/release-chart.yaml (2 hunks)
🔇 Additional comments (3)
.github/workflows/release-chart.yaml (3)

9-11: Job permissions are correctly scoped.

The permissions block appropriately grants contents: write for chart-releaser and packages: write for GHCR authentication, following the principle of least privilege.

29-34: GHCR login step looks good.

Standard docker/login-action setup with GITHUB_TOKEN. The packages: write permission is sufficient for GHCR push operations.

36-44: No action needed. The ubuntu-latest runner includes Helm 4.0.0 by default, which exceeds the Helm 3.8.0+ requirement for OCI registry operations. The workflow will work as written without an explicit Helm setup step.

brunoocasali
brunoocasali requested changes Dec 11, 2025
View reviewed changes
Copy link
Member

@brunoocasali brunoocasali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello there, thanks for this improvement!

.github/workflows/release-chart.yaml
Comment on lines +38 to +44
shopt -s nullglob
for pkg in .cr-release-packages/*.tgz; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/meilisearch-kubernetes"
done
Copy link
Member

@brunoocasali brunoocasali Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't know the shopt -s nullglob so I had to research a bit, and I learned that the conditional inside the loop is not relevant since the .cr-release-packages/*.tgz will expand []

brunoocasali
brunoocasali reviewed Dec 11, 2025
View reviewed changes
.github/workflows/release-chart.yaml
Comment on lines +38 to +44
shopt -s nullglob
for pkg in .cr-release-packages/*.tgz; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/meilisearch-kubernetes"
done
Copy link
Member

@brunoocasali brunoocasali Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
shopt -s nullglob
for pkg in .cr-release-packages/*.tgz; do
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/meilisearch-kubernetes"
done
shopt -s nullglob
for pkg in .cr-release-packages/*.tgz; do
helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/meilisearch-kubernetes"
done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brunoocasali brunoocasali brunoocasali requested changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Upload Helm chart to OCI registry #586

2 participants

@nlamirault @brunoocasali