helm · scottrigby · Sep 12, 2025 · Sep 12, 2025 · Sep 13, 2025 · Sep 13, 2025
diff --git a/hips/hip-9999-01.png b/hips/hip-9999-01.png
diff --git a/hips/hip-9999.md b/hips/hip-9999.md
@@ -0,0 +1,109 @@
+---
+hip: 9999
+title: "Automated Release Process for Helm"
+authors: ["Scott Rigby <[email protected]>"]
+created: "2025-09-12"
+type: "process"
+status: "draft"
+---
+
+## Abstract
+
+This HIP proposes automating the Helm release process through GitHub Actions while maintaining human review gates. The automation transforms the current 11-step manual checklist into a two-click process: trigger release, publish draft. All changes flow through pull request reviews, preserving security while eliminating repetitive tasks.
+
+## Motivation
+
+The current 11-step [Release Checklist](https://github.com/helm/helm-www/blob/main/content/en/docs/community/release_checklist.md) requires manual coordination across helm/helm and helm/helm-www repositories, leading to human error, time consumption, and documentation delays. This automation preserves human judgment while eliminating repetitive tasks.
+
+## Design Principles
+
+- **Human Review Gates**: All changes require PR approval before implementation
+- **Draft Releases**: Created for review before triggering documentation updates
+- **Security Preserved**: Maintains signed commits and GPG signatures
+- **Fallback Ready**: Manual process remains fully functional
+
+## Automation Flow
+
+### Workflow Process
+
+```mermaid
+flowchart TD
+    A[Manual: Trigger Release Workflow] --> B[Auto: Create Release Branch & Update Versions]
+    B --> C[Auto: Create Draft Release with Artifacts]
+    C --> D{Manual: Review Draft & Publish}
+    D -->|Publish| E[Auto: Trigger Docs Workflow<br/>repository_dispatch]
+    E --> F[Auto: Create Docs PR]
+    F --> G{Manual: Review & Merge Docs PR}
+
+    %% Manual fallback options
+    A -.->|Fallback| H[Manual: Docs Update Workflow]
+    H --> F
+
+    %% Styling for light/dark mode compatibility
+    classDef manual fill:#cce7ff,stroke:#0066cc,stroke-width:2px,color:#000
+    classDef auto fill:#e6ccff,stroke:#6600cc,stroke-width:2px,color:#000
+    classDef decision fill:#ffe6cc,stroke:#cc6600,stroke-width:2px,color:#000
+
+    class A,D,G,H manual
+    class B,C,E,F auto
+    class D,G decision
+```
+
+### User Experience
+
+**Step 1**: Maintainer triggers "Release" workflow with target version (e.g., `v3.20.0`). Automation creates release branch, updates versions, generates artifacts, and creates **draft release** for review.
+
+<img src="./hip-9999-01.png" width="400" />
+
+**Step 2**: Maintainer publishes draft, automatically triggering docs workflow to create website update PR.
+
+**Fallback**: If automated docs trigger fails, maintainer can manually run "Update Docs" workflow in helm-www repository.
+
+**Result**: 11-step manual checklist becomes a two-click process with full human review gates and automatic fallbacks.
+
+### Example Implementation Repos
+
+Working examples demonstrating the complete automation:
+- [Example Source Repository](https://github.com/scottrigby/example-actions-autorelease-source) - Demonstrates helm/helm automation
+- [Example Docs Repository](https://github.com/scottrigby/example-actions-autorelease-docs) - Demonstrates helm/helm-www automation
+
+Example completion status:
+- [x] Cross-repository automation via repository_dispatch
+- [x] Draft release creation with human review gates
+- [x] Persistent release branches for patch releases
+- [x] Dynamic documentation updates with version/date tracking
+- [x] Manual fallback workflows
+- [x] GPG signing of release artifacts (simulated)
+- [x] Kubernetes version skew calculation from go.mod
+- [x] Release artifact attachment
+- [ ] GitHub milestone management
+
+### File Structure
+
+```
+helm/helm/
+├── .github/workflows/
+│   ├── release.yml              # Single atomic workflow: creates branch, artifacts, draft release
+│   └── update-docs.yml          # Triggers docs when release published (not drafted)
+├── scripts/
+│   └── [supporting scripts]     # Artifact generation, signing, and version extraction
+└── KEYS                        # Public GPG keys for verification
+
+helm/helm-www/
+└── .github/workflows/
+    ├── auto-version-update.yml   # Creates PR to update website configuration
+    └── manual-version-update.yml # Manual fallback for docs updates
+```
+
+**Key mechanisms:**
+- Single atomic workflow eliminates complex multi-step coordination
+- Cross-repository communication via `repository_dispatch` events
+- Draft releases created for human review before docs automation triggers
+- Persistent release branches for patch release support
+- GPG signing and checksum generation for release verification
+
+## Security & Compatibility
+
+**Backwards Compatibility**: Manual process remains fully functional as fallback. No changes to existing release artifacts or tooling.
+
+**Security**: All releases created in draft mode requiring manual publication. GPG signing and commit signing preserved. Cross-repo access via fine-grained Personal Access Token with minimal permissions.