refine README.md, separate the CICD manuals into more isolated pages

Author: yuewang199511

.golangci.yml

@@ -3,25 +3,5 @@ run:
 
 linters:
   enable:
-    - gofmt
-    - goimports
-    - govet
-    - errcheck
-    - staticcheck
-    - unused
-    - gosec
-    - revive
-
-linters-settings:
-  gocyclo:
-    min-complexity: 15
-  
-  revive:
-    severity: warning
-
-issues:
-  exclude-rules:
-    - path: _test\.go
-      linters:
-        - errcheck
-        - gosec
+    - goimports    # Handles formatting and import organization
+    - govet        # Basic static analysis for common bugs

README.md

@@ -6,143 +6,34 @@ For each problem, I focus on the thought process rather than providing a full, f
 
 Solutions may not be optimal, but they serve as a starting point for further improvement and learning.
 
-# CI/CD setup
+# CI/CD Setup
 
-This repository uses GitHub Actions for automated testing with a **modular workflow architecture**. Instead of putting everything in one large workflow file, we separate concerns into multiple focused workflows:
+This repository uses GitHub Actions with a **modular workflow architecture** for automated testing, code quality checks, security scanning, and builds.
 
-## Workflow Architecture
+## Quick Overview
 
-### **🧪 [test.yml](.github/workflows/test.yml)** - Testing
-- Unit tests with `go test -v`
-- Race condition detection with `-race` flag
-- Coverage reporting
+- **🧪 [test.yml](.github/workflows/test.yml)** - Unit tests and race detection
+- **✨ [code-quality.yml](.github/workflows/code-quality.yml)** - Linting and formatting
+- **🔒 [security.yml](.github/workflows/security.yml)** - Vulnerability scanning
+- **🏗️ [build.yml](.github/workflows/build.yml)** - Cross-platform compilation
 
-### **✨ [code-quality.yml](.github/workflows/code-quality.yml)** - Code Standards  
-- Comprehensive linting via `golangci-lint` (includes formatting, static analysis, style checks)
-- Configured via [`.golangci.yml`](.golangci.yml) with 8 essential linters
-- Single unified tool for all code quality checks
+TODO: releasing workflow needed to be built
 
-### **🔒 [security.yml](.github/workflows/security.yml)** - Security
-- Vulnerability scanning (`govulncheck`)
-- Dependency security analysis
+All workflows trigger on pushes to `main`/`develop` and pull requests to `main`.
 
-### **🏗️ [build.yml](.github/workflows/build.yml)** - Cross-compilation
-- Linux x64, Windows x64, macOS x64/ARM64 builds
-- Ensures code compiles across platforms
+## Documentation
 
-## Benefits of Separation
+📖 **Detailed documentation available in [`docs/`](docs/):**
 
-**🎯 Single Responsibility**: Each workflow has one clear purpose  
-**⚡ Parallel Execution**: All workflows run simultaneously for faster feedback  
-**🔧 Easy Maintenance**: Modify one aspect without affecting others  
-**📊 Clear GitHub UI**: Each appears as separate status check  
-**👥 Team Scalability**: Different team members can own different workflows  
+**🚀 START HERE FOR CICD USAGE:** [**Configuration Manual**](docs/configuration-manual.md) - Setup, customization, and troubleshooting
 
-## Triggers
-All workflows trigger on:
-- **Pushes** to `main`/`develop` branches  
-- **Pull requests** targeting `main` branch
+**Additional docs:**
+- [**Workflow Architecture**](docs/workflow-architecture.md) - How workflows are organized and why
+- [**CI/CD Concepts**](docs/cicd-concepts.md) - GitHub Actions fundamentals and best practices
 
-## Auto-discovery
-Each workflow automatically finds and processes all directories containing `go.mod` files, making the setup scalable for multi-module repositories.
 
-## Configuration
 
-### Go Version Management
-To maintain consistency across all workflows, set up a repository variable:
-
-1. Go to **Repository Settings** → **Secrets and variables** → **Actions** → **Variables** tab
-2. Create new variable: `GO_VERSION` with value `1.25.6` (or your desired version)
-3. All workflows reference this via `${{ vars.GO_VERSION }}`
-
-This ensures **single source of truth** for Go version - change once in repository settings, applies everywhere automatically.
-
-### Code Quality Configuration
-The [`.golangci.yml`](.golangci.yml) file configures which linters run and their behavior:
-
-- **Essential linters**: `gofmt`, `goimports`, `govet`, `errcheck`, `staticcheck`, `unused`, `gosec`, `revive`
-- **Algorithm-friendly**: Allows reasonable complexity for coding problems
-- **Test exceptions**: Relaxed rules for test files
-- **Unified reporting**: All code quality issues in one place
-
-Modify `.golangci.yml` to customize which checks run - no workflow changes needed!
-
-**Configuration Reference:**
-- [golangci-lint Configuration Guide](https://golangci-lint.run/usage/configuration/)
-- [Available Linters](https://golangci-lint.run/usage/linters/)
-- [Example configurations](https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml)
-
-
-
-# Notes on CI/CD
-
-I only used gitlab before so this note will mention some reference to gitlab but still trying to offer the concept of how CI/CD is setup in github acitons.
-
-Please also check [text](https://docs.github.com/en/actions/tutorials/build-and-test-code/go) where it has a good starting example for go.
-
-## Key Concepts
-
-**GitHub Actions Basics:**
-- **`uses`**: Runs pre-built actions instead of custom shell commands, good to check in [text](https://github.com/marketplace?query=checkout&type=actions)
-- **`runs-on`**: Specifies what machine/VM to run the job on (like GitHub's free EC2)
-- **`actions/checkout@v4`**: Downloads repository source code to the runner like running clone - cd - checkout
-- **`.github/workflows/*.yml`**: GitHub's config location (vs GitLab's single `.gitlab-ci.yml`)
-
-**Matrix Strategy (Parallel Jobs):**
-- **`strategy` + `matrix`**: Creates parallel jobs with different configurations (like GitLab's parallel:matrix)
-- **Cross-platform testing**: Simply use multiple OS runners (ubuntu/windows/macos)
-
-**Caching (Speed Optimization):**
-- **`actions/cache@v4`**: Speeds up workflows by saving/restoring files between CI/CD runs
-- **`path`**: What directory/files to cache (~/go/pkg/mod for Go modules)
-- **`key`**: Unique identifier for the cache (includes OS, Go version, dependency hash)
-- **`restore-keys`**: Fallback cache keys to try if exact match not found
-- **Cache timing**: Restore happens on the step of actions/cache, save happens automatically at job end. go actions has its own caching mechanism, this repo use the custom cache just to show one of the machanism for caching.
-- **Cache fallback**: Uses partial matches when dependencies change incrementally, but still try to get the previous installed packages
-
-**Go Commands:**
-- **`go test -v`**: Runs tests with verbose output showing individual test names
-- **`go build`**: Compiles Go source code into executables (compilation verification)  
-- **`find . -name "go.mod" -execdir`**: Finds all Go modules and runs commands in their directories
-
-## Best Practice: Workflow Separation
-
-### ❌ **Anti-pattern: Monolithic Workflow**
-```yaml
-# DON'T: Everything in one job
-jobs:
-  everything:
-    steps:
-      - name: Test
-      - name: Lint  
-      - name: Security scan
-      - name: Build
-      - name: Deploy
-```
-
-### ✅ **Best Practice: Modular Workflows**
-```yaml
-# DO: Separate files for different concerns
-.github/workflows/
-├── test.yml          # Testing only
-├── code-quality.yml  # Linting & formatting
-├── security.yml      # Vulnerability scanning  
-├── build.yml         # Cross-compilation
-└── deploy.yml        # Deployment (if needed)
-```
-
-### **Why Separation Matters:**
-
-1. **🚀 Faster Feedback**: Get quality issues immediately without waiting for all tests
-2. **🔄 Independent Scaling**: Add more test scenarios without affecting code quality checks
-3. **🎯 Focused Debugging**: When a workflow fails, you know exactly which aspect broke
-4. **👥 Team Ownership**: Different team members can maintain different workflows
-5. **📊 Better Metrics**: Track success rates for testing vs. code quality vs. security separately
-6. **🔧 Selective Execution**: Disable specific checks (e.g., security scanning) without affecting core testing
-
-This modular approach follows the **Single Responsibility Principle** in CI/CD design, making your development process more maintainable and scalable.
-
-## Local testing
+## Local Testing
 
 To run tests locally for a specific problem:
 
@@ -155,4 +46,6 @@ To run tests with race detection:
 
 ```bash
 go test -race -v ./...
-```
+```
+
+For complete CI/CD setup instructions and concepts, see the [CI/CD documentation](docs/).

docs/cicd-concepts.md

@@ -0,0 +1,108 @@
+# CI/CD Concepts
+
+This document explains key CI/CD concepts, particularly focusing on GitHub Actions compared to other systems like GitLab CI.
+
+*Note: I only used GitLab before so this note will mention some reference to GitLab but still trying to offer the concept of how CI/CD is setup in GitHub Actions.*
+
+Please also check [GitHub's Go tutorial](https://docs.github.com/en/actions/tutorials/build-and-test-code/go) where it has a good starting example for Go.
+
+## GitHub Actions Basics
+
+### Core Concepts
+
+**Workflows vs Jobs vs Steps:**
+- **Workflow**: A complete CI/CD process defined in `.github/workflows/*.yml`
+- **Job**: A set of steps that run on the same runner machine
+- **Step**: Individual commands or actions within a job
+
+**Key Components:**
+- **`uses`**: Runs pre-built actions instead of custom shell commands, good to check in [GitHub Marketplace](https://github.com/marketplace?query=checkout&type=actions)
+- **`runs-on`**: Specifies what machine/VM to run the job on (like GitHub's free EC2)
+- **`actions/checkout@v4`**: Downloads repository source code to the runner like running `git clone && cd repo && git checkout`
+- **`.github/workflows/*.yml`**: GitHub's config location (vs GitLab's single `.gitlab-ci.yml`)
+
+### Comparison with GitLab CI (check only if you know gitlab)
+
+| GitHub Actions | GitLab CI | Purpose |
+|----------------|-----------|---------|
+| `uses: actions/checkout@v4` | `git clone` (automatic) | Get source code |
+| `runs-on: ubuntu-latest` | `image: ubuntu:latest` | Specify runner |
+| `.github/workflows/` | `.gitlab-ci.yml` | Config location |
+| Multiple workflow files | Single config file | Organization |
+
+## Caching (Speed Optimization)
+
+Caching dramatically improves workflow performance by reusing dependencies between runs.
+
+### How Caching Works
+
+**Cache Lifecycle:**
+1. **Restore**: Happens during `actions/cache@v4` step
+2. **Use**: Cached files are available for the job
+3. **Save**: Happens automatically at job end
+
+### Cache Configuration
+
+```yaml
+- uses: actions/cache@v4
+  with:
+    path: ~/go/pkg/mod           # What to cache
+    key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}  # Unique ID
+    restore-keys: |              # Fallback keys
+      ${{ runner.os }}-go-
+```
+
+**Key Components:**
+- **`path`**: What directory/files to cache (e.g., `~/go/pkg/mod` for Go modules)
+- **`key`**: Unique identifier for the cache (includes OS, Go version, dependency hash)
+- **`restore-keys`**: Fallback cache keys to try if exact match not found
+
+### Cache Strategy
+
+**Exact Match**: Uses cached dependencies when `go.sum` hasn't changed
+**Partial Match**: Uses fallback when some dependencies change
+**Cache Miss**: Downloads all dependencies fresh (slowest)
+
+**Note**: Go Actions has its own caching mechanism, this repo uses custom cache just to demonstrate one caching approach.
+
+## Exit Codes and Failure Handling
+
+### Understanding Exit Codes
+
+**Success**: Exit code `0`
+- Step shows green checkmark ✓
+- Workflow continues
+
+**Failure**: Exit code `1` (or any non-zero)
+- Step shows red X ✗
+- Workflow stops (unless configured otherwise)
+- Triggers failure notifications
+
+### Tool Behavior Examples
+
+| Tool | Success (Exit 0) | Failure (Exit 1) |
+|------|-----------------|-------------------|
+| `go test` | All tests pass | Any test fails |
+| `golangci-lint` | No issues found | Linting issues detected |
+| `govulncheck` | No vulnerabilities | Vulnerabilities found |
+| `go build` | Compilation successful | Compilation errors |
+
+## Best Practices
+
+### Workflow Organization
+
+1. **Separate Concerns**: Different workflows for different purposes
+2. **Clear Naming**: Use descriptive job and step names
+
+### Performance Optimization
+
+1. **Use Caching**: Cache dependencies and build artifacts
+2. **Minimal Runners**: Use appropriate runner sizes (don't over-provision), they have all kinds of cost (money,  and save some carbon output if you care!)
+
+### ⚠️ Security Considerations
+
+1. **Secrets Management**: Use GitHub Secrets for sensitive data
+2. **Dependency Scanning**: Regular vulnerability checks upon the packages you use, the vulnerability reports are maintained by trustworthy officials. For Go, this uses:
+   - **Go Vulnerability Database**: https://vuln.go.dev/ - Official database maintained by Go security team
+   - **Documentation fpr `govulncheck`**: https://go.dev/security/vuln/ - Go's official vulnerability management
+3. **Supply Chain Security**: Pin action versions (`@v4` not `@main`) and all dependencies, use specific version if you know that is more stable and meets the requirement rather than `@main` or `latest`!