diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 449f522..3076b62 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,6 +9,10 @@ on:
 permissions:
     contents: read
 
+env:
+  GORELEASER_VERSION: v2.15.2
+  GORELEASER_CHECKSUM_x86_64: 0ebdbf0353aba566b969dde746cc4e4806f96c27aa2f3971b229a9df7611fedc
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -29,15 +33,36 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4
 
+    - name: Setup goreleaser
+      env:
+        FILENAME: goreleaser.tar.gz
+      run: |-
+        curl -sSfL -o ${{ env.FILENAME }} https://github.com/goreleaser/goreleaser/releases/download/${{ env.GORELEASER_VERSION }}/goreleaser_Linux_x86_64.tar.gz
+        echo "${{ env.GORELEASER_CHECKSUM_x86_64 }}  ${{ env.FILENAME }}" | sha256sum --check
+        tar -xvzf "${{ env.FILENAME }}" goreleaser
+        sudo install -m 755 goreleaser /usr/local/bin/goreleaser
+
+        rm -f "${{ env.FILENAME }}" goreleaser
+
     - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7
-      with:
-        distribution: goreleaser
-        version: v2
-        args: --clean --snapshot
       env:
         REPO: ${{ github.repository }}
         REGISTRY: ""
+      run: |-
+        goreleaser --clean --snapshot
+
+        if [[ ! -f dist/metadata.json ]] || [[ ! -s dist/metadata.json ]]; then
+          echo "Missing required file: dist/metadata.json"
+          exit 1
+        fi
+
+        if [[ ! -f dist/artifacts.json ]] || [[ ! -s dist/artifacts.json ]]; then
+          echo "Missing required file: dist/artifacts.json"
+          exit 1
+        fi
+
+        echo "metadata=$(tr -d '\n\r' < dist/metadata.json)" >> "${GITHUB_OUTPUT}"
+        echo "artifacts=$(tr -d '\n\r' < dist/artifacts.json)" >> "${GITHUB_OUTPUT}"
 
     - name: Run Trivy vulnerability scanner (k3kcli)
       uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
diff --git a/.github/workflows/chart.yml b/.github/workflows/chart.yml
index c115be4..c0e02d0 100644
--- a/.github/workflows/chart.yml
+++ b/.github/workflows/chart.yml
@@ -8,7 +8,7 @@ permissions:
 
 env:
   HELM_VERSION: v4.1.3
-  HELM_BIN_HASH_AMD64: 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
+  HELM_CHECKSUM_AMD64: 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
 
 jobs:
   chart-release:
@@ -25,12 +25,15 @@ jobs:
         git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
     - name: Install helm
+      env:
+        FILENAME: helm.tar.gz
       run: |
-        curl -sSfL -o helm.tar.gz https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-        echo "${{ env.HELM_BIN_HASH_AMD64 }}  helm.tar.gz" | sha256sum --check
-        tar -xvzf helm.tar.gz --strip-components=1 -C /tmp/
-        sudo mv /tmp/helm /usr/local/bin
-        sudo chmod +x /usr/local/bin/helm
+        curl -sSfL -o ${{ env.FILENAME }} https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+        echo "${{ env.HELM_CHECKSUM_AMD64 }}  ${{ env.FILENAME }}" | sha256sum --check
+        tar -xvzf ${{ env.FILENAME }} linux-amd64/helm
+        sudo install -m 755 helm /usr/local/bin/helm
+
+        rm -f "${{ env.FILENAME }}" helm
 
     - name: Run chart-releaser
       uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index eb282b1..c425d4b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,10 @@ permissions:
     packages: write
     id-token: write
 
+env:
+  GORELEASER_VERSION: v2.15.2
+  GORELEASER_CHECKSUM_x86_64: 0ebdbf0353aba566b969dde746cc4e4806f96c27aa2f3971b229a9df7611fedc
+
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -25,7 +29,7 @@ jobs:
       with:
         fetch-depth: 0
         fetch-tags: true
-    
+
     - name: Checkout code at the specific commit
       if: inputs.commit != ''
       run: git checkout ${{ inputs.commit }}
@@ -67,7 +71,7 @@ jobs:
         registry: ${{ env.REGISTRY }}
         username: ${{ env.DOCKER_USERNAME }}
         password: ${{ env.DOCKER_PASSWORD }}
-    
+
     # If the tag does not exists the workflow was manually triggered.
     # That means we are creating temporary nightly builds, with a "fake" local tag
     - name: Check release tag
@@ -84,14 +88,35 @@ jobs:
 
         echo "CURRENT_TAG=${CURRENT_TAG}" >> "$GITHUB_OUTPUT"
 
+    - name: Setup goreleaser
+      env:
+        FILENAME: goreleaser.tar.gz
+      run: |-
+        curl -sSfL -o ${{ env.FILENAME }} https://github.com/goreleaser/goreleaser/releases/download/${{ env.GORELEASER_VERSION }}/goreleaser_Linux_x86_64.tar.gz
+        echo "${{ env.GORELEASER_CHECKSUM_x86_64 }}  ${{ env.FILENAME }}" | sha256sum --check
+        tar -xvzf "${{ env.FILENAME }}" goreleaser
+        sudo install -m 755 goreleaser /usr/local/bin/goreleaser
+
+        rm -f "${{ env.FILENAME }}" goreleaser
+
     - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7
-      with:
-        distribution: goreleaser
-        version: v2
-        args: --clean
       env:
         GITHUB_TOKEN: ${{ github.token }}
         GORELEASER_CURRENT_TAG: ${{ steps.release-tag.outputs.CURRENT_TAG }}
         REGISTRY: ${{ env.REGISTRY }}
         REPO: ${{ github.repository }}
+      run: |-
+        goreleaser --clean
+
+        if [[ ! -f dist/metadata.json ]] || [[ ! -s dist/metadata.json ]]; then
+          echo "Missing required file: dist/metadata.json"
+          exit 1
+        fi
+
+        if [[ ! -f dist/artifacts.json ]] || [[ ! -s dist/artifacts.json ]]; then
+          echo "Missing required file: dist/artifacts.json"
+          exit 1
+        fi
+
+        echo "metadata=$(tr -d '\n\r' < dist/metadata.json)" >> "${GITHUB_OUTPUT}"
+        echo "artifacts=$(tr -d '\n\r' < dist/artifacts.json)" >> "${GITHUB_OUTPUT}"
diff --git a/.github/workflows/test-conformance-shared.yaml b/.github/workflows/test-conformance-shared.yaml
index 9230e48..2b91c76 100644
--- a/.github/workflows/test-conformance-shared.yaml
+++ b/.github/workflows/test-conformance-shared.yaml
@@ -24,9 +24,9 @@ permissions:
 env:
   K8S_VERSIONS: "v1.34.6,v1.35.3"
   HELM_VERSION: v4.1.3
-  HELM_BIN_HASH_AMD64: 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
+  HELM_CHECKSUM_AMD64: 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
   K3D_VERSION: v5.8.3
-  K3D_BIN_HASH_AMD64: dbaa79a76ace7f4ca230a1ff41dc7d8a5036a8ad0309e9c54f9bf3836dbe853e
+  K3D_CHECKSUM_AMD64: dbaa79a76ace7f4ca230a1ff41dc7d8a5036a8ad0309e9c54f9bf3836dbe853e
 
 jobs:
   setup:
@@ -67,22 +67,26 @@ jobs:
         go-version-file: go.mod
 
     - name: Install helm
+      env:
+        FILENAME: helm.tar.gz
       run: |
-        curl -sSfL -o helm.tar.gz https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-        echo "${{ env.HELM_BIN_HASH_AMD64 }}  helm.tar.gz" | sha256sum --check
-        tar -xvzf helm.tar.gz --strip-components=1 -C /tmp/
-        sudo mv /tmp/helm /usr/local/bin
-        sudo chmod +x /usr/local/bin/helm
+        curl -sSfL -o ${{ env.FILENAME }} https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+        echo "${{ env.HELM_CHECKSUM_AMD64 }}  ${{ env.FILENAME }}" | sha256sum --check
+        tar -xvzf ${{ env.FILENAME }} linux-amd64/helm
+        sudo install -m 755 helm /usr/local/bin/helm
+
+        rm -f "${{ env.FILENAME }}" helm
 
     - name: Install hydrophone
       run: go install sigs.k8s.io/hydrophone@3de3e886a2f6f09635d8b981c195490af1584d97 #v0.7.0
 
-    - name: Install k3d # taken from github.com/rancher/rancher/.github/workflows/integration-tests.yaml
+    - name: Install k3d
       run: |
         curl -sSfL -o k3d "https://github.com/k3d-io/k3d/releases/download/${{ env.K3D_VERSION }}/k3d-linux-amd64"
-        echo "${{ env.K3D_BIN_HASH_AMD64 }}  k3d" | sha256sum --check
-        sudo mv k3d /usr/local/bin
-        sudo chmod +x /usr/local/bin/k3d
+        echo "${{ env.K3D_CHECKSUM_AMD64 }}  k3d" | sha256sum --check
+        sudo install -m 755 k3d /usr/local/bin/k3d
+
+        rm -f k3d
 
     - name: Install k3d and kubectl
       run: |
diff --git a/.github/workflows/test-conformance-virtual.yaml b/.github/workflows/test-conformance-virtual.yaml
index 1f05f09..77db773 100644
--- a/.github/workflows/test-conformance-virtual.yaml
+++ b/.github/workflows/test-conformance-virtual.yaml
@@ -24,7 +24,7 @@ permissions:
 env:
   K8S_VERSIONS: "v1.34.6,v1.35.3"
   HELM_VERSION: v4.1.3
-  HELM_BIN_HASH_AMD64: 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
+  HELM_CHECKSUM_AMD64: 02ce9722d541238f81459938b84cf47df2fdf1187493b4bfb2346754d82a4700
 
 jobs:
   setup:
@@ -65,12 +65,15 @@ jobs:
         go-version-file: go.mod
 
     - name: Install helm
+      env:
+        FILENAME: helm.tar.gz
       run: |
-        curl -sSfL -o helm.tar.gz https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz
-        echo "${{ env.HELM_BIN_HASH_AMD64 }}  helm.tar.gz" | sha256sum --check
-        tar -xvzf helm.tar.gz --strip-components=1 -C /tmp/
-        sudo mv /tmp/helm /usr/local/bin
-        sudo chmod +x /usr/local/bin/helm
+        curl -sSfL -o ${{ env.FILENAME }} https://get.helm.sh/helm-${{ env.HELM_VERSION }}-linux-amd64.tar.gz
+        echo "${{ env.HELM_CHECKSUM_AMD64 }}  ${{ env.FILENAME }}" | sha256sum --check
+        tar -xvzf ${{ env.FILENAME }} linux-amd64/helm
+        sudo install -m 755 helm /usr/local/bin/helm
+
+        rm -f "${{ env.FILENAME }}" helm
 
     - name: Install hydrophone
       run: go install sigs.k8s.io/hydrophone@3de3e886a2f6f09635d8b981c195490af1584d97 #v0.7.0