feat: updated pipelines (#1)

## Description

<!-- **Please link some issue here describing what you are trying to achieve.**

In case there is no issue present for your PR, please consider creating one.
At least please give us some description what you are trying to achieve and why your change is needed. -->

relates to #1234

## Checklist

- [ ] Issue was linked above
- [ ] Code format was applied: `make fmt`
- [ ] Examples were added / adjusted (see `examples/` directory)
- [x] Docs are up-to-date: `make generate-docs` (will be checked by CI)
- [ ] Unit tests got implemented or updated
- [ ] Acceptance tests got implemented or updated (see e.g. [here](f5f99d1709/stackit/internal/services/dns/dns_acc_test.go))
- [x] Unit tests are passing: `make test` (will be checked by CI)
- [x] No linter issues: `make lint` (will be checked by CI)

Reviewed-on: #1
Co-authored-by: Marcel S. Henselin <marcel.henselin@stackit.cloud>
Co-committed-by: Marcel S. Henselin <marcel.henselin@stackit.cloud>

.github/workflows/ci.yaml

@@ -33,6 +33,17 @@ jobs:
       - name: "Ensure docs are up-to-date"
         if: ${{ github.event_name == 'pull_request' }}
         run: ./scripts/check-docs.sh
+        continue-on-error: true
+
+      - name: "Run go mod tidy"
+        if: ${{ github.event_name == 'pull_request' }}
+        run: go mod tidy
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: v2.7
+          args: --config=golang-ci.yaml --allow-parallel-runners --timeout=5m
 
       - name: Lint
         run: make lint
@@ -40,7 +51,6 @@ jobs:
       - name: Test
         run: make test
 
-
       - name: Archive code coverage results
         uses: actions/upload-artifact@v4
         with:

.github/workflows/publish.yaml

@@ -0,0 +1,114 @@
+name: Publish
+
+on:
+  pull_request:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v0.*'
+
+env:
+  GO_VERSION: "1.25"
+  CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile
+  CODE_COVERAGE_ARTIFACT_NAME: "code-coverage"
+
+jobs:
+  config:
+    name: Check GoReleaser config
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Check GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: check
+
+  publish:
+    name: "Publish provider"
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    needs: config
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read        # Required to identify workflow run.
+      checks: write        # Required to add status summary.
+      contents: read       # Required to checkout repository.
+      pull-requests: write # Required to add PR comment.
+    steps:
+      - name: Install needed tools
+        run: |
+          apt-get -y -qq update
+          apt-get -y -qq install jq python3 python3-pip python-is-python3 s3cmd git make wget
+
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Install Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v6
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install go tools
+        run: |
+          go install golang.org/x/tools/cmd/goimports@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-framework/cmd/tfplugingen-framework@latest
+          go install github.com/hashicorp/terraform-plugin-codegen-openapi/cmd/tfplugingen-openapi@latest
+
+      - uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin' # See 'Supported distributions' for available options
+          java-version: '21'
+
+      - name: Run build pkg directory
+        run: |
+          go run cmd/main.go build
+
+      - name: Set up s3cfg
+        run: |
+          cat <<'EOF' >> ~/.s3cfg
+          [default]
+          host_base = https://object.storage.eu01.onstackit.cloud
+          host_bucket = https://%(bucket).object.storage.eu01.onstackit.cloud
+          check_ssl_certificate = False
+          access_key = ${{ secrets.S3_ACCESS_KEY }}
+          secret_key = ${{ secrets.S3_SECRET_KEY }}
+          EOF
+
+      - name: Import GPG key
+        run: |
+          gpg --import private.key
+
+      - name: Run GoReleaser
+        id: goreleaser
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: release --skip publish --clean --snapshot
+
+      - name: Prepare key file
+        run: |
+          echo $(echo ${{ secrets.KEY_FILE_B64 }} | base64 -d) >public_key.pem
+
+      - name: Prepare provider directory structure
+        run: |
+          VERSION=$(jq -r .version < dist/metadata.json)
+          go run cmd/main.go \
+            publish \
+              --namespace=mhenselin \
+              --providerName=stackitprivatepreview \
+              --repoName=terraform-provider-stackitprivatepreview \
+              --domain=tfregistry.sysops.stackit.rocks \
+              --gpgFingerprint=${{ secrets.GPG_FINGERPRINT }} \
+              --gpgPubKeyFile=public_key.pem \
+              --version=${VERSION}
+
+      - name: Publish provider to S3
+        run: |
+          set -e
+          cd release/
+          s3cmd put --recursive v1 s3://terraform-provider-privatepreview/
+          s3cmd put --recursive .well-known s3://terraform-provider-privatepreview/