Fetch Helm Chart tags from an AWS ECR repository


This article is intended for FirstGen.


Amazon ECR supports pushing Open Container Initiative (OCI) artifacts to your repositories. Although HTTP protocol for fetching charts is more common, a few edge cases need OCI protocol. Unfortunately, CurrentGen doesn’t support this kind of repository and requires additional customization to make this work.


Before you begin

Step 1

To add a Custom Artifact Source, do the following:

  1. In your Harness Application, open the Service where you want to use a Custom Artifact Source.
  2. Click Add Artifact Source, and then click Custom Repository.

The Add Custom Artifact Source dialog appears.

Step 2: Source Type

Select Custom.

Step 3: Display Name

Enter a name to identify this custom artifact source. You will use this name when picking the artifact builds and versions during deployment.

Step 4: Script

Use the script below for pulling tags from the ECR repository.

In the example below, AWS command line and helm binary are installed in the runtime, but I highly recommend for optimization purposes to install it using Delegate profile

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip

export AWS_ACCESS_KEY_ID="<your-aws-access-key>"
export AWS_SECRET_ACCESS_KEY="<your-aws-secret-key>"

aws ecr describe-images \
     --repository-name <your-repository-name> \
     --region us-east-1 > ${ARTIFACT_RESULT_PATH}

The shell script you enter will query the custom artifact repository for your artifact, and output the result to a file on the Harness Delegate host using the environment variable ARTIFACT_RESULT_PATH , initialized by Harness. ARTIFACT_RESULT_PATH is a random, unique file path created on the Delegate by Harness.

The script you enter should result in a JSON array, for example:

    "imageDetails": [
            "registryId": "911642792698",
            "repositoryName": "<repo-name>",
            "imageDigest": "sha256:e2e134648e38775ff8893f5726ca487cb2c24easd123e42a7383c52c976899b40",
            "imageTags": [
            "imageSizeInBytes": 40818,
            "imagePushedAt": "2023-03-02T11:23:41-03:00",
            "imageManifestMediaType": "application/vnd.oci.image.manifest.v1+json",
            "artifactMediaType": "application/vnd.cncf.helm.config.v1+json",
            "lastRecordedPullTime": "2023-03-06T14:47:12.715000-03:00"

Step 5: Query Result to Artifact Mapping

Use the Query Result to Artifact Mapping section to map the JSON key from your script to the artifact Build Number.


In Artifacts Array Path , enter the root object of the array. In this case, $.imageDetails for Artifacts Array Path and imageTags[0] for Build No. Path.

Once mapped, you can reference the build number using the expression ${artifact.buildNo}.

For more information about Custom Artifact Sources, refer to: Using Custom Artifact Sources | Harness Developer Hub


If you have any suggestions on how to improve this article, or helpful and specific examples of permissions related issues that may be of use to others, please leave a comment with the information as this document is intended to evolve over time.
If this article cannot resolve your issue, don’t hesitate to contact us here: support@harness.io – or through the Zendesk portal in Harness SaaS.

1 Like