feat(helm): publish chart to OCI registry on release by jkhelil · Pull Request #3508 · tektoncd/operator

jkhelil · 2026-06-18T08:29:30Z

Summary

Add OCI publishing step to the helm-release workflow so the Tekton Operator Helm chart is available at oci://ghcr.io/tektoncd/operator/charts/tekton-operator on every release, in addition to the existing GitHub Pages Helm repository.
Adds packages: write permission to the job.
Uses docker/login-action (SHA-pinned, consistent with repo security posture) for ghcr.io authentication.

Motivation

The chart is currently only distributed via git+https://github.com/tektoncd/operator@charts?ref=main, which Flux CD's HelmRepository cannot consume (it requires https:// index or oci://). Users forced to use a GitRepository source pointing to the git tag get version: "devel" from the raw Chart.yaml, which Flux rejects as invalid semver.

Publishing to OCI allows Flux users to use the standard pattern:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: tekton-operator
  namespace: flux-system
spec:
  type: oci
  url: oci://ghcr.io/tektoncd/operator/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
spec:
  chart:
    spec:
      chart: tekton-operator
      version: "0.80.0"

Closes #3493

Test plan

Merge and cherry-pick onto release-v0.80.x
Delete and recreate v0.80.0 tag to trigger the workflow
Verify package appears at https://github.com/orgs/tektoncd/packages/container/package/operator%2Fcharts%2Ftekton-operator
Verify helm pull oci://ghcr.io/tektoncd/operator/charts/tekton-operator --version 0.80.0 succeeds
Verify Flux CD HelmRepository with type: oci installs successfully

Made with Cursor

Add OCI publishing step to the helm-release workflow so the chart is available at oci://ghcr.io/tektoncd/operator/charts/tekton-operator in addition to the existing GitHub Pages Helm repository. This enables Flux CD users to consume the chart via a HelmRepository with type: oci, avoiding the GitRepository workaround that exposes version: "devel" from the raw git source. Uses docker/login-action (SHA-pinned) for ghcr.io authentication and helm push for the OCI publish step. Adds packages: write permission to the job. Signed-off-by: Jawed khelil <jkhelil@redhat.com> Assisted-by: Claude Sonnet 4.6 (via Cursor) Co-authored-by: Cursor <cursoragent@cursor.com>

jkhelil · 2026-06-18T08:30:56Z

/release-note-none

jkhelil · 2026-06-18T08:31:01Z

/kind misc

vdemeester

Make sense ! We'll want to make sure the oci repository is public after the first build, but I think it makes a lot of sense !

tekton-robot · 2026-06-18T09:41:55Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [vdemeester]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

pratap0007 · 2026-06-18T17:45:46Z

/lgtm

jkhelil · 2026-06-19T04:10:38Z

/cherry-pick release-v0.80.x

tekton-robot · 2026-06-19T04:11:16Z

✅ Cherry-pick to release-v0.80.x successful!

A new pull request has been created to cherry-pick this change to release-v0.80.x.

PR: #3511

Please review and merge the cherry-pick PR.

tekton-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label Jun 18, 2026

tekton-robot requested review from anithapriyanatarajan and infernus01 June 18, 2026 08:29

tekton-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 18, 2026

tekton-robot added release-note-none Denotes a PR that doesnt merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jun 18, 2026

tekton-robot added the kind/misc Categorizes issue or PR as a miscellaneuous one. label Jun 18, 2026

vdemeester approved these changes Jun 18, 2026

View reviewed changes

tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 18, 2026

tekton-robot assigned pratap0007 Jun 18, 2026

tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 18, 2026

tekton-robot merged commit a7aad71 into tektoncd:main Jun 18, 2026
16 checks passed

tekton-robot mentioned this pull request Jun 19, 2026

[cherry-pick: release-v0.80.x] feat(helm): publish chart to OCI registry on release #3511

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(helm): publish chart to OCI registry on release#3508

feat(helm): publish chart to OCI registry on release#3508
tekton-robot merged 1 commit into
tektoncd:mainfrom
jkhelil:feat/helm-oci-publish

jkhelil commented Jun 18, 2026

Uh oh!

jkhelil commented Jun 18, 2026

Uh oh!

jkhelil commented Jun 18, 2026

Uh oh!

vdemeester left a comment

Uh oh!

tekton-robot commented Jun 18, 2026

Uh oh!

pratap0007 commented Jun 18, 2026

Uh oh!

Uh oh!

jkhelil commented Jun 19, 2026

Uh oh!

tekton-robot commented Jun 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

jkhelil commented Jun 18, 2026

Summary

Motivation

Test plan

Uh oh!

jkhelil commented Jun 18, 2026

Uh oh!

jkhelil commented Jun 18, 2026

Uh oh!

vdemeester left a comment

Choose a reason for hiding this comment

Uh oh!

tekton-robot commented Jun 18, 2026

Uh oh!

pratap0007 commented Jun 18, 2026

Uh oh!

Uh oh!

jkhelil commented Jun 19, 2026

Uh oh!

tekton-robot commented Jun 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants