agilira
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 267 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 267 additions & 0 deletions
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 41 additions & 0 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 41 additions & 0 deletions
@@ -0,0 +1,267 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [ main, develop ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ main, develop ]
+
+env:
+  GO_VERSION: '1.24.4'
+  CGO_ENABLED: 0
+
+jobs:
+  validate:
+    name: Validate Workflow
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Validate workflow syntax
+      run: |
+        # Check if workflow files are valid YAML
+        python3 -c "import yaml; yaml.safe_load(open('.github/workflows/ci.yml'))"
+        echo "✅ Workflow syntax is valid"
+        
+    - name: Check workflow context usage
+      run: |
+        # Check for potential context issues
+        if grep -q "steps\." .github/workflows/ci.yml; then
+          echo "⚠️  Found steps context usage - verifying validity"
+        fi
+        echo "✅ Workflow context usage appears valid"
+
+  test:
+    name: Test & Coverage
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [1.24.4, 1.25.0]
+        platform: [ubuntu-latest, windows-latest, macos-latest]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go ${{ matrix.go-version }}
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ matrix.go-version }}
+        cache: true
+
+    - name: Install dependencies
+      run: go mod download
+
+    - name: Run tests with coverage
+      run: |
+        go test -v -race -coverprofile=coverage.out -covermode=atomic ./...
+        go tool cover -func=coverage.out
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      with:
+        file: ./coverage.out
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false
+        verbose: true
+
+  quality:
+    name: Code Quality
+    runs-on: ubuntu-latest
+    needs: [validate, test]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        cache: true
+
+    - name: Install tools
+      run: |
+        go install golang.org/x/lint/golint@latest
+        go install honnef.co/go/tools/cmd/staticcheck@latest
+        go install github.com/securecodewarrior/gosec@latest
+
+    - name: Run go fmt check
+      run: |
+        if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
+          echo "Code is not formatted. Please run 'go fmt ./...'"
+          gofmt -s -d .
+          exit 1
+        fi
+
+    - name: Run go vet
+      run: go vet ./...
+
+    - name: Run golint
+      run: golint -set_exit_status ./...
+
+    - name: Run staticcheck
+      run: staticcheck ./...
+
+    - name: Run gosec
+      run: gosec ./...
+
+    - name: Check for race conditions
+      run: go test -race ./...
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    needs: [validate, test]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: [validate, test, quality]
+    strategy:
+      matrix:
+        goos: [linux, windows, darwin]
+        goarch: [amd64, arm64]
+        exclude:
+          - goos: windows
+            goarch: arm64
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        cache: true
+
+    - name: Build
+      env:
+        GOOS: ${{ matrix.goos }}
+        GOARCH: ${{ matrix.goarch }}
+        CGO_ENABLED: 0
+      run: |
+        go build -v -ldflags="-s -w" ./...
+        go test -c ./...
+
+    - name: Upload build artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: build-${{ matrix.goos }}-${{ matrix.goarch }}
+        path: |
+          *.exe
+          *.test
+        retention-days: 7
+
+  benchmark:
+    name: Benchmark
+    runs-on: ubuntu-latest
+    needs: [validate, test]
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        cache: true
+
+    - name: Run benchmarks
+      run: |
+        go test -bench=. -benchmem ./...
+        go test -bench=. -benchmem -cpu=1,2,4 ./...
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: [test, quality, security, build]
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ env.GO_VERSION }}
+        cache: true
+
+    - name: Build for multiple platforms
+      env:
+        CGO_ENABLED: 0
+      run: |
+        # Build for current platform
+        go build -v -ldflags="-s -w" -o go-errors ./...
+        
+        # Build for other platforms
+        GOOS=linux GOARCH=amd64 go build -v -ldflags="-s -w" -o go-errors-linux-amd64 ./...
+        GOOS=linux GOARCH=arm64 go build -v -ldflags="-s -w" -o go-errors-linux-arm64 ./...
+        GOOS=windows GOARCH=amd64 go build -v -ldflags="-s -w" -o go-errors-windows-amd64.exe ./...
+        GOOS=darwin GOARCH=amd64 go build -v -ldflags="-s -w" -o go-errors-darwin-amd64 ./...
+        GOOS=darwin GOARCH=arm64 go build -v -ldflags="-s -w" -o go-errors-darwin-arm64 ./...
+
+    - name: Generate checksums
+      run: |
+        sha256sum go-errors* > checksums.txt
+
+    - name: Create Release
+      id: create_release
+      uses: softprops/action-gh-release@v2
+      with:
+        tag_name: ${{ github.ref_name }}
+        name: Release ${{ github.ref_name }}
+        draft: false
+        prerelease: false
+        files: |
+          go-errors
+          go-errors-linux-amd64
+          go-errors-linux-arm64
+          go-errors-windows-amd64.exe
+          go-errors-darwin-amd64
+          go-errors-darwin-arm64
+          checksums.txt
+        generate_release_notes: true
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v4
+      with:
+        fail-on-severity: moderate 
@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main", "develop" ]
+  pull_request:
+    branches: [ "main", "develop" ]
+  schedule:
+    - cron: '30 1 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        queries: security-extended,security-and-quality
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"