schmalz/shared-actions
15
0
Fork 0
Code Issues Pull requests 2 Releases Packages Activity Actions
shared-actions/helm-deploy
History
Sebastian Böhringer 452039b6fd
All checks were successful
validate-shared-actions / validate-shared-actions (pull_request) Successful in 47s
Details
Aikido Security PR Check / Aikido Security Scan (pull_request) Successful in 1m16s
Details
feat: decouple hostname from action 
Refs: ITDO-339
2026-06-01 11:06:31 +02:00
..
action.yml feat: decouple hostname from action 2026-06-01 11:06:31 +02:00
README.md feat: decouple hostname from action 2026-06-01 11:06:31 +02:00

README.md

helm-deploy

Deploy a service to Kubernetes via Helm over SSH.

Inputs

Input Required Default Description
service-name Yes Helm release name
helm-cluster Yes Cluster to deploye to (one of internal_stage or internal_prod)
image-tag Yes Docker image tag to deploy
ssh-key Yes Private SSH key content
overrides-file No kubernetes/overrides-pu.yaml Local path to Helm values override file
namespace No dsp Kubernetes namespace
helm-repo No nexus-helm-repository Helm chart repository name
helm-chart No DSP-Blueprint Chart name in the repository

Usage

- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/helm-deploy@helm-deploy-v1
  with:
    service-name: my-service
    helm-host: dsp1-stage.schmalzgroup.net
    image-tag: ${{ github.sha }}
    ssh-key: ${{ secrets.HELM_SSH_KEY }}

Notes

  • The SSH key is written to a temporary file with 600 permissions and removed after the job, even on failure.
  • The overrides file is copied to the remote host via scp before the Helm upgrade.
  • helm upgrade --install is run with --atomic so a failed release is automatically rolled back.
  • StrictHostKeyChecking=no is used; ensure the host is trusted within your network or add host verification as needed.