diff --git a/hips/hip-9999-01.png b/hips/hip-9999-01.png new file mode 100644 index 000000000..d7cf93349 Binary files /dev/null and b/hips/hip-9999-01.png differ diff --git a/hips/hip-9999.md b/hips/hip-9999.md new file mode 100644 index 000000000..e2a1a7fd1 --- /dev/null +++ b/hips/hip-9999.md @@ -0,0 +1,109 @@ +--- +hip: 9999 +title: "Automated Release Process for Helm" +authors: ["Scott Rigby "] +created: "2025-09-12" +type: "process" +status: "draft" +--- + +## Abstract + +This HIP proposes automating the Helm release process through GitHub Actions while maintaining human review gates. The automation transforms the current 11-step manual checklist into a two-click process: trigger release, publish draft. All changes flow through pull request reviews, preserving security while eliminating repetitive tasks. + +## Motivation + +The current 11-step [Release Checklist](https://github.com/helm/helm-www/blob/main/content/en/docs/community/release_checklist.md) requires manual coordination across helm/helm and helm/helm-www repositories, leading to human error, time consumption, and documentation delays. This automation preserves human judgment while eliminating repetitive tasks. + +## Design Principles + +- **Human Review Gates**: All changes require PR approval before implementation +- **Draft Releases**: Created for review before triggering documentation updates +- **Security Preserved**: Maintains signed commits and GPG signatures +- **Fallback Ready**: Manual process remains fully functional + +## Automation Flow + +### Workflow Process + +```mermaid +flowchart TD + A[Manual: Trigger Release Workflow] --> B[Auto: Create Release Branch & Update Versions] + B --> C[Auto: Create Draft Release with Artifacts] + C --> D{Manual: Review Draft & Publish} + D -->|Publish| E[Auto: Trigger Docs Workflow
repository_dispatch] + E --> F[Auto: Create Docs PR] + F --> G{Manual: Review & Merge Docs PR} + + %% Manual fallback options + A -.->|Fallback| H[Manual: Docs Update Workflow] + H --> F + + %% Styling for light/dark mode compatibility + classDef manual fill:#cce7ff,stroke:#0066cc,stroke-width:2px,color:#000 + classDef auto fill:#e6ccff,stroke:#6600cc,stroke-width:2px,color:#000 + classDef decision fill:#ffe6cc,stroke:#cc6600,stroke-width:2px,color:#000 + + class A,D,G,H manual + class B,C,E,F auto + class D,G decision +``` + +### User Experience + +**Step 1**: Maintainer triggers "Release" workflow with target version (e.g., `v3.20.0`). Automation creates release branch, updates versions, generates artifacts, and creates **draft release** for review. + + + +**Step 2**: Maintainer publishes draft, automatically triggering docs workflow to create website update PR. + +**Fallback**: If automated docs trigger fails, maintainer can manually run "Update Docs" workflow in helm-www repository. + +**Result**: 11-step manual checklist becomes a two-click process with full human review gates and automatic fallbacks. + +### Example Implementation Repos + +Working examples demonstrating the complete automation: +- [Example Source Repository](https://github.com/scottrigby/example-actions-autorelease-source) - Demonstrates helm/helm automation +- [Example Docs Repository](https://github.com/scottrigby/example-actions-autorelease-docs) - Demonstrates helm/helm-www automation + +Example completion status: +- [x] Cross-repository automation via repository_dispatch +- [x] Draft release creation with human review gates +- [x] Persistent release branches for patch releases +- [x] Dynamic documentation updates with version/date tracking +- [x] Manual fallback workflows +- [x] GPG signing of release artifacts (simulated) +- [x] Kubernetes version skew calculation from go.mod +- [x] Release artifact attachment +- [ ] GitHub milestone management + +### File Structure + +``` +helm/helm/ +├── .github/workflows/ +│ ├── release.yml # Single atomic workflow: creates branch, artifacts, draft release +│ └── update-docs.yml # Triggers docs when release published (not drafted) +├── scripts/ +│ └── [supporting scripts] # Artifact generation, signing, and version extraction +└── KEYS # Public GPG keys for verification + +helm/helm-www/ +└── .github/workflows/ + ├── auto-version-update.yml # Creates PR to update website configuration + └── manual-version-update.yml # Manual fallback for docs updates +``` + +**Key mechanisms:** +- Single atomic workflow eliminates complex multi-step coordination +- Cross-repository communication via `repository_dispatch` events +- Draft releases created for human review before docs automation triggers +- Persistent release branches for patch release support +- GPG signing and checksum generation for release verification + +## Security & Compatibility + +**Backwards Compatibility**: Manual process remains fully functional as fallback. No changes to existing release artifacts or tooling. + +**Security**: All releases created in draft mode requiring manual publication. GPG signing and commit signing preserved. Cross-repo access via fine-grained Personal Access Token with minimal permissions.