Release Checklist

IMPORTANT: If your experience deviates from this document, please document the changes to keep it up-to-date.

A Maintainer’s Guide to Releasing Helm

So you’re in charge of a new release for helm? Cool. Here’s what to do…

TODO: Nothing

Just kidding! :trollface:

All releases will be of the form vX.Y.Z where X is the major version number, Y is the minor version number and Z is the patch release number. This project strictly follows semantic versioning so following this step is critical.

It is important to note that this document assumes that the git remote in your repository that corresponds to “" is named “upstream”. If yours is not (for example, if you’ve chosen to name it “origin” or something similar instead), be sure to adjust the listed snippets for your local environment accordingly. If you are not sure what your upstream remote is named, use a command like git remote -v to find out.

If you don’t have an upstream remote, you can add one easily using something like:

git remote add upstream

In this doc, we are going to reference a few environment variables as well, which you may want to set for convenience. For major/minor releases, use the following:

export RELEASE_NAME=vX.Y.0
export RELEASE_BRANCH_NAME="release-X.Y"

If you are creating a patch release, you may want to use the following instead:

export RELEASE_NAME=vX.Y.Z+1
export RELEASE_BRANCH_NAME="release-X.Y"

We are also going to be adding security and verification of the release process by hashing the binaries and providing signature files. We perform this using GitHub and GPG. If you do not have GPG already setup you can follow these steps:

  1. Install GPG
  2. Generate GPG key
  3. Add key to GitHub account
  4. Set signing key in Git

Once you have a signing key you need to add it to the KEYS file at the root of the repository. The instructions for adding it to the KEYS file are in the file. If you have not done so already, you need to add your public key to the keyserver network. If you use GnuPG you can follow the instructions provided by Debian.

1. Create the Release Branch

Major/Minor Releases

Major releases are for new feature additions and behavioral changes that break backwards compatibility. Minor releases are for new feature additions that do not break backwards compatibility. To create a major or minor release, start by creating a release-vX.Y.0 branch from master.

git fetch upstream
git checkout upstream/master
git checkout -b $RELEASE_BRANCH_NAME

This new branch is going to be the base for the release, which we are going to iterate upon later.

Patch releases

Patch releases are a few critical cherry-picked fixes to existing releases. Start by creating a release-vX.Y.Z branch:

git fetch upstream

From here, we can cherry-pick the commits we want to bring into the patch release:

# get the commits ids we want to cherry-pick
git log --oneline
# cherry-pick the commits starting from the oldest one, without including merge commits
git cherry-pick -x <commit-id>

Finally, we create the tag for the patch on the branch and push upstream:

git tag --sign --annotate "$RELEASE_NAME" --message "Helm release $RELEASE_NAME"
git push upstream "$RELEASE_NAME"

This new tag is going to be the base for the patch release.

Make sure to check helm on CircleCI to see that the release passed CI before proceeding.

2. Change the Version Number in Git

When doing a minor release, make sure to update pkg/version/version.go with the new release version.

$ git diff pkg/version/version.go
diff --git a/pkg/version/version.go b/pkg/version/version.go
index 2109a0a..6f5a1a4 100644
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -26,7 +26,7 @@ var (
        // Increment major number for new feature additions and behavioral changes.
        // Increment minor number for bug fixes and performance enhancements.
        // Increment patch number for critical fixes to existing releases.
-       Version = "v2.6"
+       Version = "v2.7"

        // BuildMetadata is extra build time data
        BuildMetadata = "unreleased"
git add .
git commit -m "bump version to $RELEASE_CANDIDATE_NAME"

This will update it for the $RELEASE_BRANCH_NAME only. You will also need to pull this change into the master branch for when the next release is being created.

# get the last commit id i.e. commit to bump the version
git log --format="%H" -n 1

# create new branch off master
git checkout master
git checkout -b bump-version-<release_version>

# cherry pick the commit using id from first command
git cherry-pick -x <commit-id>

# commit the change
git push origin bump-version-<release-version>

3. Major/Minor releases: Commit and Push the Release Branch

In order for others to start testing, we can now push the release branch upstream and start the test process.

git push upstream $RELEASE_BRANCH_NAME

Make sure to check helm on CircleCI to see that the release passed CI before proceeding.

If anyone is available, let others peer-review the branch before continuing to ensure that all the proper changes have been made and all of the commits for the release are there.

4. Major/Minor releases: Create a Release Candidate

Now that the release branch is out and ready, it is time to start creating and iterating on release candidates.

git tag --sign --annotate "${RELEASE_CANDIDATE_NAME}" --message "Helm release ${RELEASE_CANDIDATE_NAME}"
git push upstream $RELEASE_CANDIDATE_NAME

CircleCI will automatically create a tagged release image and client binary to test with.

For testers, the process to start testing after CircleCI finishes building the artifacts involves the following steps to grab the client:

linux/amd64, using /bin/bash:


darwin/amd64, using


windows/amd64, using PowerShell:

PS C:\> Invoke-WebRequest -Uri "$RELEASE_CANDIDATE_NAME-windows-amd64.tar.gz" -OutFile "helm-$ReleaseCandidateName-windows-amd64.tar.gz"

Then, unpack and move the binary to somewhere on your $PATH, or move it somewhere and add it to your $PATH (e.g. /usr/local/bin/helm for linux/macOS, C:\Program Files\helm\helm.exe for Windows).

5. Major/Minor releases: Iterate on Successive Release Candidates

Spend several days explicitly investing time and resources to try and break helm in every possible way, documenting any findings pertinent to the release. This time should be spent testing and finding ways in which the release might have caused various features or upgrade environments to have issues, not coding. During this time, the release is in code freeze, and any additional code changes will be pushed out to the next release.

During this phase, the $RELEASE_BRANCH_NAME branch will keep evolving as you will produce new release candidates. The frequency of new candidates is up to the release manager: use your best judgement taking into account the severity of reported issues, testers’ availability, and the release deadline date. Generally speaking, it is better to let a release roll over the deadline than to ship a broken release.

Each time you’ll want to produce a new release candidate, you will start by adding commits to the branch by cherry-picking from master:

git cherry-pick -x <commit_id>

You will also want to update the release version number and the CHANGELOG as we did in steps 2 and 3 as separate commits.

After that, tag it and notify users of the new release candidate:

git tag --sign --annotate "${RELEASE_CANDIDATE_NAME}" --message "Helm release ${RELEASE_CANDIDATE_NAME}"
git push upstream $RELEASE_CANDIDATE_NAME

From here on just repeat this process, continuously testing until you’re happy with the release candidate.

6. Major/Minor releases: Finalize the Release

When you’re finally happy with the quality of a release candidate, you can move on and create the real thing. Double-check one last time to make sure everything is in order, then finally push the release tag.

git tag --sign --annotate "${RELEASE_NAME}" --message "Helm release ${RELEASE_NAME}"
git push upstream $RELEASE_NAME

Verify that the release succeeded in CI. If not, you will need to fix the release and push the release again.

7. PGP Sign the downloads

While hashes provide a signature that the content of the downloads is what it was generated, signed packages provide traceability of where the package came from.

To do this, run the following make commands:

make clean
make fetch-dist
make sign

This will generate ascii armored signature files for each of the files pushed by CI.

All of the signature files (*.asc) need to be uploaded to the release on GitHub.

8. Write the Release Notes

We will auto-generate a changelog based on the commits that occurred during a release cycle, but it is usually more beneficial to the end-user if the release notes are hand-written by a human being/marketing team/dog.

If you’re releasing a major/minor release, listing notable user-facing features is usually sufficient. For patch releases, do the same, but make note of the symptoms and who is affected.

An example release note for a minor release would look like this:

## vX.Y.Z

Helm vX.Y.Z is a feature release. This release, we focused on <insert focal point>. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

- Join the discussion in [Kubernetes Slack](
  - `#helm-users` for questions and just to hang out
  - `#helm-dev` for discussing PRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](
- Test, debug, and contribute charts: [GitHub/helm/charts](

## Notable Changes

- Kubernetes 1.16 is now supported including new manifest apiVersions
- Sprig was upgraded to 2.22

## Installation and Upgrading

Download Helm X.Y. The common platform binaries are here:

- [MacOS amd64]( ([checksum]( / CHECKSUM_VAL)
- [Linux amd64]( ([checksum]( / CHECKSUM_VAL)
- [Linux arm]( ([checksum]( / CHECKSUM_VAL)
- [Linux arm64]( ([checksum]( / CHECKSUM_VAL)
- [Linux i386]( ([checksum]( / CHECKSUM_VAL)
- [Linux ppc64le]( ([checksum]( / CHECKSUM_VAL)
- [Linux s390x]( ([checksum]( / CHECKSUM_VAL)
- [Windows amd64]( ([checksum]( / CHECKSUM_VAL)

The [Quickstart Guide]( will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide]( You can also use a [script to install]( on any system with `bash`.

## What's Next

- vX.Y.Z+1 will contain only bug fixes.
- vX.Y+1.Z is the next feature release. This release will focus on ...

## Changelog

- chore(*): bump version to v2.7.0 08c1144f5eb3e3b636d9775617287cc26e53dba4 (Adam Reese)
- fix circle not building tags f4f932fabd197f7e6d608c8672b33a483b4b76fa (Matthew Fisher)

A partially completed set of release notes including the changelog can be created by running the following command:

make release-notes

This will create a good baseline set of release notes to which you should just need to fill out the Notable Changes and What’s next sections.

Feel free to add your voice to the release notes; it’s nice for people to think we’re not all robots.

You should also double check the URLs and checksums are correct in the auto-generated release notes.

Once finished, go into GitHub and edit the release notes for the tagged release with the notes written here.

It is now worth getting other people to take a look at the release notes before the release is published. Send a request out to #helm-dev for review. It is always beneficial as it can be easy to miss something.

When you are ready to go, hit publish.

9. Update Docs Site

The Helm website docs section lists the Helm versions for the docs. The minor and patch information needs to be updated on the site. To do that create a pull request against the helm-www repository. In the config.toml file find the proper params.versions section and updated the Helm version.

10. Evangelize

Congratulations! You’re done. Go grab yourself a $DRINK_OF_CHOICE. You’ve earned it.

After enjoying a nice $DRINK_OF_CHOICE, go forth and announce the glad tidings of the new release in Slack and on Twitter.

Optionally, write a blog post about the new release and showcase some of the new features on there!