Migrate release automation from CircleCI to GitHub Actions #2017
Description
Summary
Migrate the release pipeline from CircleCI to GitHub Actions to simplify macOS builds, automate manual steps, and keep everything within GitHub.
Motivation
The current CircleCI setup works but has pain points:
- macOS cross-compilation via osxcross is the most complex part of the pipeline and is fragile to maintain
- Several manual steps after each release (updating
godownloader.sh, homebrew-tap PR, publishing the release) that could be automated - Approval gates live in CircleCI UI, requiring context-switching away from GitHub
GitHub Actions provides native macOS runners, built-in environment approvals, and tighter integration with releases — addressing all of the above.
Proposed Workflows
Workflow 1: CI (on every push/PR)
- Lint + unit tests (same as today)
- Integration tests (manual trigger or on release branches)
Workflow 2: Release (on push to release-* branches)
- Run lint + tests
- Environment approval gate using GitHub's required reviewers on environments to replace CircleCI's manual approval
- Compute next version (port
.circleci/next_version.pylogic) - Create + push tag
- Build via goreleaser-action — use a build matrix with
macos-latestfor darwin builds andubuntu-latestfor linux/windows, eliminating the osxcross dependency - Auto-PR for
godownloader.sh— post-release step opens a PR tomainbumpingLATEST_VERSION - Auto-PR for homebrew-tap — goreleaser already generates the formula (
skip_upload: truecurrently), so either flip that flag or have the workflow open the PR toastronomer/homebrew-tap
Workflow 3: Post-soak (manual dispatch)
After the 7-day soak period, a manually triggered workflow could:
- Remove the pre-release flag on the GitHub release
- Generate the winget manifest / open the winget PR
- Remind about updating
updates.astronomer.io
Comparison
| Area | CircleCI (current) | GitHub Actions (proposed) |
|---|---|---|
| macOS builds | osxcross cross-compilation on Linux (fragile) | Native macOS runner |
| Approval gates | CircleCI UI | GitHub environment approvals |
godownloader.sh update |
Manual PR | Automated PR |
| Homebrew tap | Manual copy + edit | Automated PR from goreleaser output |
| Release publish | Manual gh release edit |
Part of workflow |
| Secrets | CircleCI context (github-repo) |
GitHub native secrets |
Migration Risks
- Darwin binary equivalence: Switching from osxcross (cross-compiled on Linux with CGO) to native macOS runners changes how darwin binaries are compiled. Need to verify binaries are equivalent. Fallback: goreleaser supports osxcross in a Docker container on GitHub Actions if needed.
- Resource classes: CircleCI uses
xlargefor the release job. GitHub-hosted runners may be slower; larger runners are available if needed. - Integration tests: Currently run on CircleCI with Python 3.11 + Go 1.24 + Docker. Need to replicate this environment on GitHub Actions runners.
Files to Modify
.circleci/config.yml— eventually remove (or keep for transition period).goreleaser.yml— update darwin build config if switching away from osxcross.circleci/next_version.py— port to shell script or keep as Python in new workflow.github/workflows/— add new CI, release, and post-soak workflows
Out of Scope
- Changing the release branching strategy (
release-x.y) - Changing goreleaser itself (just how/where it runs)
- Winget/Homebrew Core automation (tracked separately if desired)