GoReleaser v2.16+ exits non-zero when the config uses deprecated dockers/docker_manifests/brews keys. Both CI and Release workflows are currently pinned to ~> v2.15 (see #49) so unrelated PRs aren't blocked. This issue tracks the migration that lets the pin go.
What ships
.goreleaser.yaml rewritten:
dockers: + docker_manifests: → dockers_v2: (a single block per image that builds + manifests in one pass)brews: → homebrew_casks:
- Workflow pins drop from
~> v2.15 to ~> v2 in both ci.yml and release.yml
- Cut a test release (vX.Y.Z) and verify all 8 release-workflow jobs stay green, including the SBOM attestation step and the multi-arch manifest verifier
Why now (rc.1)
The pin is fine short-term but every contributor pulling latest CI dependencies will hit the same warning. Cleaner to land the migration before rc.1 freezes the release pipeline.
Risk
The migration is dockers_v2's definition is slightly different — instead of separate per-arch builds chained by docker_manifests:, you get one entry per platform with the manifest auto-generated. The cosign signature behavior should be identical (signs the resulting image refs). Worth a snapshot dry-run against the new syntax before tagging.
GoReleaser v2.16+ exits non-zero when the config uses deprecated
dockers/docker_manifests/brewskeys. Both CI and Release workflows are currently pinned to~> v2.15(see #49) so unrelated PRs aren't blocked. This issue tracks the migration that lets the pin go.What ships
.goreleaser.yamlrewritten:dockers:+docker_manifests:→dockers_v2:(a single block per image that builds + manifests in one pass)brews:→homebrew_casks:~> v2.15to~> v2in bothci.ymlandrelease.ymlWhy now (rc.1)
The pin is fine short-term but every contributor pulling latest CI dependencies will hit the same warning. Cleaner to land the migration before rc.1 freezes the release pipeline.
Risk
The migration is
dockers_v2's definition is slightly different — instead of separate per-arch builds chained bydocker_manifests:, you get one entry per platform with the manifest auto-generated. The cosign signature behavior should be identical (signs the resulting image refs). Worth a snapshot dry-run against the new syntax before tagging.