jf helm
Run native Helm commands with build-info collection support.
When to Use
Use jf helm to package, push, and manage Helm charts with Artifactory as your chart registry. This integrates Helm operations with JFrog build-info for traceability and security scanning.
Prerequisites
- Helm 3.x must be installed. Helm 3.8+ is required for OCI registry support.
- Configure a server with
jf config addorjf c add. - Authentication to Artifactory is required.
Build: jf helm
jf helmRun native Helm commands with build-info collection support.
To run Helm commands with Artifactory integration:
Synopsis
jf helm <helm-arguments> [options]Aliases: none
Arguments
| Argument | Required | Description |
|---|---|---|
<helm-arguments> | Yes | Helm command and arguments (for example, package, push, dependency update) |
Supported Subcommands
All standard Helm commands are supported through jf helm. The following subcommands collect build-info when --build-name and --build-number are provided:
| Subcommand | Description |
|---|---|
package | Package a chart directory into a chart archive. |
push | Push a chart to an OCI-compatible registry. |
pull | Download a chart from a repository. |
dependency update | Update chart dependencies from Chart.yaml. |
install | Install a chart into a Kubernetes cluster. |
upgrade | Upgrade a release to a new chart version. |
repo | Manage chart repositories. |
Any Helm command not listed above is passed through to the native Helm client.
Build Options
| Flag | Default | Description |
|---|---|---|
--build-name | — | Build name for build-info. Requires --build-number. |
--build-number | — | Build number for build-info. Requires --build-name. |
--module | — | Optional module name for build-info. Requires --build-name and --build-number. |
--password | — | JFrog password |
--project | — | JFrog Artifactory project key |
--repository-cache | — | Path to the Helm repository cache directory. This flag is functional but does not appear in jf helm --help output. |
--server-id | — | Server ID configured using jf config add |
--username | — | Artifactory username |
Build Examples
View Help
jf helm --helpPackage a Chart with Build-Info
jf helm package ./mychart --build-name=<build-name> --build-number=<build-number>Where:
./mychartis the path to the chart directory<build-name>is a name for the build (e.g.,helm-charts)<build-number>is a number or identifier for the build run (e.g.,1)
For example:
jf helm package ./mychart --build-name=helm-charts --build-number=1Push a Chart to OCI Registry
jf helm push mychart-0.1.0.tgz oci://<repo-host>/helm-local --build-name=<build-name> --build-number=<build-number>Where:
<repo-host>is your Artifactory hostname (e.g.,acme.jfrog.io)
For example:
jf helm push mychart-0.1.0.tgz oci://acme.jfrog.io/helm-local --build-name=helm-charts --build-number=1Update Chart Dependencies with Build-Info
jf helm dependency update ./mychart --build-name=<build-name> --build-number=<build-number>Important Notes
- No separate config command: Unlike other build tools, Helm does not have a
jf helm-configcommand. Authentication is handled via--server-idor the active server configuration. - OCI registries: For OCI-based Helm registries (Helm 3.8+), use the
oci://prefix in push/pull commands. - Build-info: Use
--build-nameand--build-numberto collect chart info, then publish withjf rt build-publish. - Chart dependencies:
jf helm dependency updateresolves chart dependencies from Artifactory's Helm repositories.
CI/CD Example (GitHub Actions)
# .github/workflows/build.yml
steps:
- uses: actions/checkout@v4
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JF_URL }}
JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
- name: Package Helm chart
run: jf helm package ./mychart --build-name=helm-charts --build-number=${{ github.run_number }}
- name: Push Helm chart
run: jf helm push mychart-0.1.0.tgz oci://acme.jfrog.io/helm-local --build-name=helm-charts --build-number=${{ github.run_number }}
- name: Publish build info
run: jf rt build-publish helm-charts ${{ github.run_number }}Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| 401 / 403 on push or pull | Invalid credentials or insufficient permissions | Re-run jf config add or pass --server-id explicitly |
| OCI push fails | Helm version does not support OCI | Upgrade to Helm 3.8+ for OCI registry support |
jf helm push target not found | Missing oci:// prefix for OCI registries | Use oci://<registry-url>/<repo> format |
| Chart dependencies not resolved from Artifactory | Helm repo not added or not authenticated | Run helm repo add with Artifactory URL and credentials |
| Build-info not collected | --build-name and --build-number not passed | Add both flags to the Helm command |
Enable debug logging: export JFROG_CLI_LOG_LEVEL=DEBUG
Related Topics
- Build Tools Overview — Capabilities matrix and tool reference
- Native Mode — Supported packages with Native Mode
Updated 8 days ago