Skip to content

blog: Standardizing release infrastructure — from 7 divergent workflows to 2 reusable ones #181

Description

@sonupreetam

Topic

How the ComplyTime/Unbound Force organizations standardized their release infrastructure by extracting common release patterns into two reusable GitHub Actions workflows.

Suggested angle

Problem → Solution narrative: 7 Go repositories each maintained their own release workflow with inline preflight validation, GoReleaser execution, and supply chain steps. This led to action version drift, inconsistent supply chain coverage (3 of 7 repos lacked SBOMs and cosign signing), hardcoded CI check names that broke silently, and two functional bugs.

Key points:

  • The journey from duplicated inline workflows to composable reusable workflows
  • File-based CI check auto-discovery (convention over configuration)
  • Smart re-run resilience — fixing the "tag already exists" problem
  • Semver-aware pre-release ordering (why sort -V gets it wrong)
  • Supply chain enforcement by default (cosign + syft always installed)
  • Adoption documentation as a first-class deliverable

PR reference

complytime/org-infra#394

Target audience

DevOps engineers and platform teams managing multi-repo release infrastructure with GitHub Actions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    blogBlog post opportunity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions