Using private github repositories

[Flydiverny]

Yo!

Been experimenting a bit with the chart-releaser in a private github repository to see if it would be possible to use for hosting charts. I think it could be possible to get it working with some small changes.

Current issues / limitations:

• When chart-releaser downloads assets it assumes the project is public and uses browser url, would need to use assets api for private repos, and set this url in the generated index.

• index would have to be public (gh-pages), exposing which packages exist.
  it looks like you can do helm repo add helm-demo https://raw.githubusercontent.com/paulczar/helm-demo/master/docs which would also be accessible with a personal access token

• Downloading assets with helm client would require github token authorization, I think this stale proposal could probably resolve that. Proposal: Handle private repos with Authorization tokens helm#3102

[scottrigby]

From last charts chat meeting we likely won't work on this ourselves until all the work is done to make it easy for people to host public helm repos on GH automatically. If someone wants to work on a PR for this though… 😉

[sayboras]

We came across the same requirement (for enterprise private github), happy to send the PR if you guys are ok with this.

[sayboras]

@scottrigby appreciate if you can review the PR. Thanks

[ozbillwang]

but why for github only? should have generic git support what ever from bitbucket, gitlab, github, etc.

[sayboras]

@ozbillwang Based on my understanding bitbucket, gitlab API might not be the same as github API. More work is required to have appropriate abstraction on top of each git product (github, bitbucket, gitlab, etc)

[jakesylvestre]

It's probably not the best solution, but here's what I'm doing. I run this script on every CI push:

echo "https://[token]:[password]@github.com" > ~/.git-credentials
echo "
[credential]
        helper = store
[url \"https://github.com/\"]
  insteadOf = ssh://git@github.com/
[filter \"lfs\"]
        clean = git-lfs clean -- %f
        smudge = git-lfs smudge -- %f
        process = git-lfs filter-process
        required = true
" > ~/.gitconfig

ssh-keyscan github.com >> ~/.ssh/known_hosts

git config --global user.email "user@example.com" # change me
git config --global user.name "Test User" # change me

git checkout master

rm -f .deploy/*

for filename in charts/*; do
    [ -e "$filename" ] || continue
    echo $filename
    helm package $filename --destination .deploy
    # ... rest of the loop body
done

git add .deploy
git add .cr-index
git commit -m "[ci skip] release deploy"
git push --set-upstream origin master

# In order for cr-upload to work, none of the releases can exist yet, so we'll go through all the current tags and make sure they don't exist

git pull --prune --tags
for filename in .deploy/*; do
    [ -e "$filename" ] || continue
    # get current tag name to rename
    export release_name=$(echo $filename | python truncate.py)
    # generate archived tag name
    export unique=$(cat /proc/sys/kernel/random/uuid)
    export archived_release_name="$release_name-archived-$unique"
    echo $archived_release_name
    # retag
    git tag $archived_release_name $release_name
    git tag -d $release_name
    git push origin :refs/tags/$release_name
    git push --tags
done

./cr upload --config config.yaml


git add .deploy
git add .cr-index
git commit -m "[ci skip] release"
git push --set-upstream origin master

./cr index --config config.yaml

echo "$(python rewrite.py < .cr-index/index.yaml)" > .cr-index/index.yaml
git add .deploy
git add .cr-index
git commit -m "[ci skip] release"
git push --set-upstream origin master

Which calls truncate.py

import sys
lines=sys.stdin.read()
result = ""
print lines.replace('.deploy/', '').replace('.tgz', '').replace("\n", "")

and rewrite.py

# Rewrite our file to use non github-release urls to circumvent private auth issue

import sys
lines=sys.stdin.read()
result = ""
for line in lines.split("\n"):
	if "tgz" in line and "[user]" in line:
		starter = line.split('https://')
		url = line.split('/')
		repo = url[len(url)-1]
		line = starter[0] + 'https://[token]@raw.githubusercontent.com/[user]/[repo]/master/.deploy/' + repo
	print(line)

All you have to do is run release.sh and add "https://[token]@raw.githubusercontent.com/[user]/[repo]/master/.cr-index" as your helm repo and this works. It's super hackey, but hopefully it'll help you/inspire a solution

[unguiculus]

Fixed in #43