kinokopio
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 167 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 167 additions & 0 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 42 additions & 0 deletions b/‎.gitignore‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎.goreleaser.yaml‎
Lines changed: 134 additions & 0 deletions b/‎.goreleaser.yaml‎
Lines changed: 134 additions & 0 deletions
@@ -0,0 +1,167 @@
+name: CI
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  # 代码格式和静态检查
+  lint:
+    name: Lint & Format Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Check go mod tidy
+        run: |
+          go mod tidy
+          git diff --exit-code go.mod go.sum
+
+      - name: Check formatting
+        run: |
+          if [ -n "$(gofmt -l .)" ]; then
+            echo "The following files are not formatted correctly:"
+            gofmt -l .
+            exit 1
+          fi
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          args: --timeout=5m
+
+  # 编译测试
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        goos: [linux, darwin, windows]
+        goarch: [amd64, arm64]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Build binary
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          echo "Building for $GOOS/$GOARCH..."
+          if [ "$GOOS" = "windows" ]; then
+            go build -v -ldflags "-X main.Version=ci-test" -o bin/kctl-$GOOS-$GOARCH.exe ./main/main.go
+          else
+            go build -v -ldflags "-X main.Version=ci-test" -o bin/kctl-$GOOS-$GOARCH ./main/main.go
+          fi
+
+      - name: Verify binary exists
+        run: ls -la bin/
+
+  # 使用 Makefile 构建测试
+  build-make:
+    name: Build with Makefile
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Build with make
+        run: make build
+
+      - name: Build all platforms
+        run: make build-all
+
+      - name: List built binaries
+        run: ls -la bin/
+
+  # 单元测试
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Run tests
+        run: go test -v -race -coverprofile=coverage.out ./...
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.out
+          fail_ci_if_error: false
+        continue-on-error: true
+
+  # 安全扫描
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Run govulncheck
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...
+
+      - name: Run gosec
+        uses: securego/gosec@master
+        with:
+          args: '-no-fail -fmt sarif -out results.sarif ./...'
+        continue-on-error: true
+
+  # 依赖审计
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: high
@@ -0,0 +1,38 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Run tests
+        run: go test -v ./...
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
@@ -0,0 +1,42 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/
+release/
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool
+*.out
+
+# Dependency directories
+vendor/
+
+# Go workspace file
+go.work
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS specific files
+.DS_Store
+Thumbs.db
+
+# Temporary files
+*.tmp
+*.log
+
+# Build artifacts
+
+# Config files (optional, uncomment if needed)
+# config.yaml
+
+doc
@@ -0,0 +1,134 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+project_name: kctl
+
+before:
+  hooks:
+    - go mod tidy
+    - go generate ./...
+
+builds:
+  - id: kctl
+    main: ./main/main.go
+    binary: kctl
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - amd64
+      - arm64
+    ldflags:
+      - -s -w
+      - -X kctl/cmd/version.version={{.Version}}
+      - -X kctl/cmd/version.commit={{.Commit}}
+      - -X kctl/cmd/version.date={{.Date}}
+      - -X kctl/cmd/version.builtBy=goreleaser
+    mod_timestamp: "{{ .CommitTimestamp }}"
+
+archives:
+  - id: default
+    formats:
+      - tar.gz
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- .Version }}_
+      {{- .Os }}_
+      {{- .Arch }}
+    format_overrides:
+      - goos: windows
+        formats:
+          - zip
+    files:
+      - README.md
+      - LICENSE*
+
+checksum:
+  name_template: "checksums.txt"
+  algorithm: sha256
+  ids:
+    - default
+
+snapshot:
+  version_template: "{{ incpatch .Version }}-next"
+
+changelog:
+  sort: asc
+  use: github
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+      - "^chore:"
+      - "^ci:"
+      - Merge pull request
+      - Merge branch
+  groups:
+    - title: "New Features"
+      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+      order: 0
+    - title: "Bug Fixes"
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: "Performance Improvements"
+      regexp: '^.*?perf(\([[:word:]]+\))??!?:.+$'
+      order: 2
+    - title: "Refactoring"
+      regexp: '^.*?refactor(\([[:word:]]+\))??!?:.+$'
+      order: 3
+    - title: "Other Changes"
+      order: 999
+
+release:
+  github:
+    owner: "{{ .Env.GITHUB_REPOSITORY_OWNER }}"
+    name: kctl
+  draft: false
+  prerelease: auto
+  mode: replace
+  header: |
+    ## kctl {{ .Version }}
+    
+    Kubernetes Kubelet 安全工具集
+  footer: |
+    ---
+    
+    **Full Changelog**: https://github.com/{{ .Env.GITHUB_REPOSITORY_OWNER }}/kctl/compare/{{ .PreviousTag }}...{{ .Tag }}
+    
+    ## Installation
+    
+    ### macOS (Apple Silicon)
+    ```bash
+    curl -LO https://github.com/{{ .Env.GITHUB_REPOSITORY_OWNER }}/kctl/releases/download/{{ .Tag }}/kctl_{{ .Version }}_darwin_arm64.tar.gz
+    tar -xzf kctl_{{ .Version }}_darwin_arm64.tar.gz
+    chmod +x kctl && sudo mv kctl /usr/local/bin/
+    ```
+    
+    ### macOS (Intel)
+    ```bash
+    curl -LO https://github.com/{{ .Env.GITHUB_REPOSITORY_OWNER }}/kctl/releases/download/{{ .Tag }}/kctl_{{ .Version }}_darwin_amd64.tar.gz
+    tar -xzf kctl_{{ .Version }}_darwin_amd64.tar.gz
+    chmod +x kctl && sudo mv kctl /usr/local/bin/
+    ```
+    
+    ### Linux (amd64)
+    ```bash
+    curl -LO https://github.com/{{ .Env.GITHUB_REPOSITORY_OWNER }}/kctl/releases/download/{{ .Tag }}/kctl_{{ .Version }}_linux_amd64.tar.gz
+    tar -xzf kctl_{{ .Version }}_linux_amd64.tar.gz
+    chmod +x kctl && sudo mv kctl /usr/local/bin/
+    ```
+    
+    ### Linux (arm64)
+    ```bash
+    curl -LO https://github.com/{{ .Env.GITHUB_REPOSITORY_OWNER }}/kctl/releases/download/{{ .Tag }}/kctl_{{ .Version }}_linux_arm64.tar.gz
+    tar -xzf kctl_{{ .Version }}_linux_arm64.tar.gz
+    chmod +x kctl && sudo mv kctl /usr/local/bin/
+    ```
+    
+    ### Windows
+    Download `kctl_{{ .Version }}_windows_amd64.zip` from the assets below and extract it.