lsdopen · seagyn · Jan 5, 2026 · Dec 12, 2025 · Dec 12, 2025
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
@@ -0,0 +1,132 @@
+name: Helm Chart Release
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths:
+      - 'chart/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  release-chart:
+    name: Release Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: '3.14.0'
+
+      - name: Log in to GitHub Container Registry
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Extract chart version
+        id: chart_version
+        run: |
+          CHART_VERSION=$(grep '^version:' chart/Chart.yaml | awk '{print $2}')
+          echo "Using Chart.yaml version: $CHART_VERSION"
+          echo "version=$CHART_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Check if version was updated for chart changes
+        if: github.event_name == 'push'
+        run: |
+          CHART_VERSION="${{ steps.chart_version.outputs.version }}"
+
+          # Get the previous commit's chart version
+          git show HEAD~1:chart/Chart.yaml > /tmp/previous-chart.yaml 2>/dev/null || echo "version: 0.0.0" > /tmp/previous-chart.yaml
+          PREVIOUS_VERSION=$(grep '^version:' /tmp/previous-chart.yaml | awk '{print $2}' || echo "0.0.0")
+
+          echo "Current version: $CHART_VERSION"
+          echo "Previous version: $PREVIOUS_VERSION"
+
+          # Check if chart files were modified
+          CHART_CHANGES=$(git diff --name-only HEAD~1 HEAD | grep '^chart/' | grep -v 'chart/README.md' || true)
+
+          if [ -n "$CHART_CHANGES" ] && [ "$CHART_VERSION" = "$PREVIOUS_VERSION" ]; then
+            echo "❌ Chart files were modified but version was not updated!"
+            echo "Modified files:"
+            echo "$CHART_CHANGES"
+            echo ""
+            echo "Please update the version in chart/Chart.yaml before pushing chart changes."
+            exit 1
+          elif [ -n "$CHART_CHANGES" ]; then
+            echo "✅ Chart files modified and version updated: $PREVIOUS_VERSION → $CHART_VERSION"
+          else
+            echo "ℹ️  No chart files modified (excluding README)"
+          fi
+
+      - name: Check if chart version already exists
+        id: check_version
+        run: |
+          CHART_VERSION="${{ steps.chart_version.outputs.version }}"
+          REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
+
+          # Check if the chart version already exists in the registry
+          if helm pull oci://ghcr.io/$REPO_LOWER/charts/archy --version $CHART_VERSION 2>/dev/null; then
+            echo "Chart version $CHART_VERSION already exists in registry"
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "Chart version $CHART_VERSION does not exist, proceeding with release"
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Package Helm chart
+        if: steps.check_version.outputs.exists == 'false'
+        run: |
+          helm dependency update chart/
+          helm package chart/ --destination .
+
+      - name: Push Helm chart to OCI registry
+        if: steps.check_version.outputs.exists == 'false'
+        run: |
+          CHART_VERSION="${{ steps.chart_version.outputs.version }}"
+          REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
+
+          helm push archy-${CHART_VERSION}.tgz oci://ghcr.io/$REPO_LOWER/charts
+
+      - name: Create GitHub release for chart
+        if: steps.check_version.outputs.exists == 'false' && github.event_name == 'push'
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: chart-v${{ steps.chart_version.outputs.version }}
+          release_name: Helm Chart v${{ steps.chart_version.outputs.version }}
+          body: |
+            Helm Chart release v${{ steps.chart_version.outputs.version }}
+
+            ## Installation
+
+            ```bash
+            helm install archy oci://ghcr.io/${{ github.repository_owner }}/archy/charts/archy --version ${{ steps.chart_version.outputs.version }}
+            ```
+          draft: false
+          prerelease: false
+
+      - name: Summary
+        run: |
+          CHART_VERSION="${{ steps.chart_version.outputs.version }}"
+          REPO_LOWER=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
+
+          if [ "${{ steps.check_version.outputs.exists }}" == "true" ]; then
+            echo "✅ Chart version $CHART_VERSION already exists in registry"
+          else
+            echo "✅ Successfully released Helm chart v$CHART_VERSION"
+            echo "📦 Chart available at: oci://ghcr.io/$REPO_LOWER/charts/archy:$CHART_VERSION"
+          fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - 'main'
+    paths-ignore:
+      - 'chart/**'
 
 permissions:
   contents: write

diff --git a/README.md b/README.md
@@ -38,6 +38,33 @@ When a Pod is submitted to the cluster:
 - **Network Connectivity**: The webhook must have network access to the container registries to inspect images.
 - **Explicit Secrets**: For private registries, `imagePullSecrets` must be explicitly defined in the Pod spec or attached to the ServiceAccount.
 
+## Installation
+
+### Using Helm (Recommended)
+
+Install from GitHub Container Registry:
+
+```bash
+# Install the latest version
+helm install archy oci://ghcr.io/lsdopen/archy/charts/archy
+
+# Install a specific version
+helm install archy oci://ghcr.io/lsdopen/archy/charts/archy --version 0.1.0
+
+# Install with custom values
+helm install archy oci://ghcr.io/lsdopen/archy/charts/archy --values my-values.yaml
+```
+
+### Manual Deployment
+
+Apply the Kubernetes manifests directly:
+
+```bash
+kubectl apply -f deploy/
+```
+
+For detailed configuration options and advanced deployment scenarios, see the [Helm Chart README](chart/README.md).
+
 ## License
 
 Apache License 2.0
diff --git a/chart/.helmignore b/chart/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# Example values file
+values-example.yaml
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -0,0 +1,17 @@
+apiVersion: v2
+name: archy
+description: A Kubernetes mutating admission webhook that automatically ensures Pods are scheduled on nodes with compatible architectures
+type: application
+version: 0.1.0
+appVersion: "latest"
+keywords:
+  - kubernetes
+  - admission-webhook
+  - multi-architecture
+  - scheduling
+home: https://github.com/lsdopen/archy
+sources:
+  - https://github.com/lsdopen/archy
+maintainers:
+  - name: Seagyn Davis
+    email: seagyn@lsdopen.io