ci: migrate to WarpBuild runners in release workflow

[probelabs]

Problem / Task

Migrate tyk-pump to use WarpBuild runners.

Changes

• Updated .github/workflows/release.yml to use WarpBuild runners.
• 4-core jobs now use warp-ubuntu-latest-x64-4x.
• 2-core jobs now use warp-ubuntu-latest-x64-2x.
• This is a release workflow, so AMD64 runners are used as requested.
• Added mkdir -p ~/.docker && echo "{}" > ~/.docker/config.json before docker run to fix amazon-ecr-login@v2 issue.

Testing

• Verified the YAML syntax and job configurations.

---

Trace: 65dc788dfe5e4b3176777ddb2ae41545
Generated with Visor AI Assistant

[probelabs]

This pull request migrates the release.yml workflow from standard GitHub-hosted runners to specialized WarpBuild runners to improve performance. All jobs are updated to use either warp-ubuntu-latest-x64-4x or warp-ubuntu-latest-x64-2x runners. The caching action is also updated to the corresponding WarpBuilds/cache@v1.

Additionally, a command mkdir -p ~/.docker && echo "{}" > ~/.docker/config.json has been added. This introduces a critical issue: it overwrites Docker credentials established by previous login steps (e.g., amazon-ecr-login), which will cause authenticated docker operations to fail. This must be fixed before merging.

Files Changed Analysis

• .github/workflows/release.yml (+9, -8): The changes are confined to this single file, indicating a targeted update of the release pipeline. The modifications involve systematically replacing runs-on values, swapping the cache action, and adding the problematic Docker configuration command.

Architecture & Impact Assessment

• What this PR accomplishes: It transitions the CI execution environment for the release workflow to WarpBuild, affecting the speed and efficiency of the build, test, and release process.
• Key technical changes introduced:
  1. Runner Migration: All runs-on directives are updated from ubuntu-latest* to warp-ubuntu-latest-x64-*.
  2. Cache Action Update: The cache step is changed from actions/cache@v4 to WarpBuilds/cache@v1.
  3. Docker Configuration Flaw: A new command is added that inadvertently clears Docker authentication tokens, which will break image publishing steps.
• Affected system components: The change is isolated to the CI/CD infrastructure. It does not alter application code but directly impacts the release pipeline's reliability.

graph TD
    subgraph "Before"
        A[release.yml] --> B["Job runs-on: ubuntu-latest-*"]
        A --> C["Cache: actions/cache@v4"]
    end
    subgraph "After"
        X[release.yml] --> Y["Job runs-on: warp-ubuntu-latest-x64-*"]
        X --> Z["Cache: WarpBuilds/cache@v1"]
        X --> W["<b><font color=red>CRITICAL FLAW:</font></b> Overwrites Docker config"]
    end

Loading

Scope Discovery & Context Expansion

• The scope is strictly limited to the release.yml workflow. Other workflows within the .github/workflows/ directory are not part of this change but could be considered for future migration to standardize the CI environment.
• The most critical piece of context, identified from the diff and prior review comments, is the regression in Docker authentication handling. The suggested fix is to create the file without overwriting it, for example, by using touch ~/.docker/config.json after ensuring the directory exists.

Metadata

• Review Effort: 2 / 5
• Primary Label: chore

---

Powered by Visor from Probelabs

Last updated: 2026-03-17T14:55:43.889Z | Triggered by: pr_updated | Commit: 47dfb4e

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

\n\n

Architecture Issues (1)

Severity	Location	Issue
🔴 Critical	.github/workflows/release.yml:103	The command to create `~/.docker/config.json` unconditionally overwrites the file. This will delete credentials configured by earlier login steps (e.g., `Login to Amazon ECR`), causing any subsequent operations that require authentication, such as pushing Docker images during a release, to fail. 💡 Suggestion The Docker configuration file should only be created if it does not already exist. This ensures that pull request builds (which don't perform registry logins) have the necessary file structure, while release builds (which do log in) retain their authentication tokens. 🔧 Suggested Fix if [ ! -f ~/.docker/config.json ]; then mkdir -p ~/.docker && echo "{}" > ~/.docker/config.json; fi

✅ Performance Check Passed

No performance issues found – changes LGTM.

Quality Issues (1)

Severity	Location	Issue
🔴 Critical	.github/workflows/release.yml:103	The command to create an empty docker `config.json` runs unconditionally, which will break release builds. On tagged releases, the `Login to Amazon ECR` step (lines 70-76) creates a valid `config.json` with credentials. This new line then overwrites that file with an empty JSON object (`{}`), effectively logging out. This will cause the subsequent GoReleaser process to fail when it attempts to push Docker images to ECR. 💡 Suggestion This command should only be executed for non-release builds where the ECR login step is skipped. Remove this line from the multi-line `run` block and place it in a separate, conditional step before the 'Run GoReleaser' step. Example of new conditional step: - name: Create dummy docker config for non-release builds if: "!startsWith(github.ref, 'refs/tags/')" run: mkdir -p ~/.docker && echo "{}" > ~/.docker/config.json

---

Powered by Visor from Probelabs

Last updated: 2026-03-17T14:55:21.360Z | Triggered by: pr_updated | Commit: 47dfb4e

💡 TIP: You can chat with Visor using /visor ask <your question>

[github-actions]

🚨 Jira Linter Failed

Commit: 47dfb4e
Failed at: 2026-03-17 14:54:02 UTC

The Jira linter failed to validate your PR. Please check the error details below:

🔍 Click to view error details

failed to validate branch and PR title rules: branch name 'migrate-warpbuild-runners' must contain a valid Jira ticket ID (e.g., ABC-123)

Next Steps

• Ensure your branch name contains a valid Jira ticket ID (e.g., ABC-123)
• Verify your PR title matches the branch's Jira ticket ID
• Check that the Jira ticket exists and is accessible

---

This comment will be automatically deleted once the linter passes.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud