Migrate release automation from CircleCI to GitHub Actions

[jlaneve]

Summary

Migrate the release pipeline from CircleCI to GitHub Actions to simplify macOS builds, automate manual steps, and keep everything within GitHub.

Motivation

The current CircleCI setup works but has pain points:

• macOS cross-compilation via osxcross is the most complex part of the pipeline and is fragile to maintain
• Several manual steps after each release (updating godownloader.sh, homebrew-tap PR, publishing the release) that could be automated
• Approval gates live in CircleCI UI, requiring context-switching away from GitHub

GitHub Actions provides native macOS runners, built-in environment approvals, and tighter integration with releases — addressing all of the above.

Proposed Workflows

Workflow 1: CI (on every push/PR)

• Lint + unit tests (same as today)
• Integration tests (manual trigger or on release branches)

Workflow 2: Release (on push to release-* branches)

1. Run lint + tests
2. Environment approval gate using GitHub's required reviewers on environments to replace CircleCI's manual approval
3. Compute next version (port .circleci/next_version.py logic)
4. Create + push tag
5. Build via goreleaser-action — use a build matrix with macos-latest for darwin builds and ubuntu-latest for linux/windows, eliminating the osxcross dependency
6. Auto-PR for godownloader.sh — post-release step opens a PR to main bumping LATEST_VERSION
7. Auto-PR for homebrew-tap — goreleaser already generates the formula (skip_upload: true currently), so either flip that flag or have the workflow open the PR to astronomer/homebrew-tap

Workflow 3: Post-soak (manual dispatch)

After the 7-day soak period, a manually triggered workflow could:

• Remove the pre-release flag on the GitHub release
• Generate the winget manifest / open the winget PR
• Remind about updating updates.astronomer.io

Comparison

Area	CircleCI (current)	GitHub Actions (proposed)
macOS builds	osxcross cross-compilation on Linux (fragile)	Native macOS runner
Approval gates	CircleCI UI	GitHub environment approvals
godownloader.sh update	Manual PR	Automated PR
Homebrew tap	Manual copy + edit	Automated PR from goreleaser output
Release publish	Manual gh release edit	Part of workflow
Secrets	CircleCI context (github-repo)	GitHub native secrets

Migration Risks

• Darwin binary equivalence: Switching from osxcross (cross-compiled on Linux with CGO) to native macOS runners changes how darwin binaries are compiled. Need to verify binaries are equivalent. Fallback: goreleaser supports osxcross in a Docker container on GitHub Actions if needed.
• Resource classes: CircleCI uses xlarge for the release job. GitHub-hosted runners may be slower; larger runners are available if needed.
• Integration tests: Currently run on CircleCI with Python 3.11 + Go 1.24 + Docker. Need to replicate this environment on GitHub Actions runners.

Files to Modify

• .circleci/config.yml — eventually remove (or keep for transition period)
• .goreleaser.yml — update darwin build config if switching away from osxcross
• .circleci/next_version.py — port to shell script or keep as Python in new workflow
• .github/workflows/ — add new CI, release, and post-soak workflows

Out of Scope

• Changing the release branching strategy (release-x.y)
• Changing goreleaser itself (just how/where it runs)
• Winget/Homebrew Core automation (tracked separately if desired)