Tech-Preta · nataliagranato · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
@@ -8,6 +8,7 @@ Dockerfile
 
 # Binaries
 kubeprobes
+bin/
 *.exe
 *.exe~
 *.dll
@@ -28,4 +29,9 @@ kubeprobes
 
 # OS
 .DS_Store
-Thumbs.db 
+Thumbs.db
+
+# Development
+vendor/
+*.tmp
+*.log
@@ -0,0 +1,141 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [1.23, 1.24]
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+
+    - name: Cache Go modules
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-${{ matrix.go-version }}-
+          ${{ runner.os }}-go-
+
+    - name: Download dependencies
+      run: go mod download
+
+    - name: Verify dependencies
+      run: go mod verify
+
+    - name: Run tests
+      run: go test -race -coverprofile=coverage.out ./...
+
+    - name: Generate coverage report
+      run: go tool cover -html=coverage.out -o=coverage.html
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      if: matrix.go-version == '1.24'
+      with:
+        file: ./coverage.out
+        fail_ci_if_error: false
+
+    - name: Check coverage threshold
+      if: matrix.go-version == '1.24'
+      run: |
+        COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//')
+        echo "Total coverage: $COVERAGE%"
+        if (( $(echo "$COVERAGE < 75" | bc -l) )); then
+          echo "Error: Coverage $COVERAGE% is below required threshold of 75%"
+          exit 1
+        fi
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.24
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v6
+      with:
+        version: latest
+        args: --timeout=5m
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        goos: [linux, darwin, windows]
+        goarch: [amd64, arm64]
+        exclude:
+          - goos: windows
+            goarch: arm64
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.24
+
+    - name: Build binary
+      env:
+        GOOS: ${{ matrix.goos }}
+        GOARCH: ${{ matrix.goarch }}
+      run: |
+        if [ "$GOOS" = "windows" ]; then
+          go build -o kubeprobes-${{ matrix.goos }}-${{ matrix.goarch }}.exe ./cmd/kubeprobes
+        else
+          go build -o kubeprobes-${{ matrix.goos }}-${{ matrix.goarch }} ./cmd/kubeprobes
+        fi
+
+    - name: Upload build artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: kubeprobes-${{ matrix.goos }}-${{ matrix.goarch }}
+        path: kubeprobes-*
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.24
+
+    - name: Run govulncheck
+      run: |
+        go install golang.org/x/vuln/cmd/govulncheck@latest
+        govulncheck ./...
@@ -4,6 +4,7 @@ name: Release
 permissions:
   contents: write
   packages: write
+  id-token: write
 
 'on':
   push:
@@ -25,6 +26,16 @@ jobs:
           go-version: '1.24.5'
           cache: true
 
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.USER_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v5
         with:

@@ -44,6 +44,33 @@ release:
   prerelease: auto
   name_template: "{{.ProjectName}}-v{{.Version}}"
 
+dockers:
+  - image_templates:
+      - "ghcr.io/tech-preta/kubeprobes:{{ .Tag }}"
+      - "ghcr.io/tech-preta/kubeprobes:v{{ .Major }}"
+      - "ghcr.io/tech-preta/kubeprobes:v{{ .Major }}.{{ .Minor }}"
+      - "ghcr.io/tech-preta/kubeprobes:latest"
+    dockerfile: Dockerfile
+    build_contexts:
+      kubeprobes: "{{ .Path }}"
+    extra_files:
+      - go.mod
+      - go.sum
+      - cmd/
+      - internal/
+      - pkg/
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.description=Kubernetes health checks and probe analysis tool"
+      - "--label=org.opencontainers.image.url=https://github.com/Tech-Preta/kubeprobes"
+      - "--label=org.opencontainers.image.source=https://github.com/Tech-Preta/kubeprobes"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.created={{ time \"2006-01-02T15:04:05Z07:00\" }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.licenses=Apache-2.0"
+
 changelog:
   sort: asc
   filters:

@@ -14,16 +14,61 @@ Obrigado por considerar contribuir com o projeto! Este documento fornece diretri
 
 - Siga as [boas práticas de Go](https://golang.org/doc/effective_go)
 - Use `gofmt` para formatar seu código
-- Execute os testes antes de submeter (`go test ./...`)
-- Mantenha a cobertura de testes alta
+- Execute `go vet` para análise estática
+- Execute os linters com `make lint`
+- **Testes são obrigatórios** para novas funcionalidades e correções de bugs
+- Mantenha a cobertura de testes acima de 75%
+
+## Requisitos de Testes
+
+### Testes Obrigatórios
+
+Todas as contribuições devem incluir testes adequados:
+
+1. **Novas funcionalidades**: Devem ter testes unitários cobrindo cenários de sucesso, erro e casos extremos
+2. **Correções de bugs**: Devem incluir um teste que reproduza o bug e verifique a correção
+3. **Refatorações**: Devem manter ou melhorar a cobertura de testes existente
+
+### Executando Testes
+
+```bash
+# Executar todos os testes
+make test
+
+# Executar testes com cobertura
+go test -coverprofile=coverage.out ./...
+go tool cover -html=coverage.out
+
+# Executar testes de um pacote específico
+go test -v ./internal/scanner/
+```
+
+### Padrões de Testes
+
+- Use **testes baseados em tabela** para múltiplos cenários
+- **Nomeie testes** de forma descritiva (ex: `TestScanner_InvalidProbeType`)
+- **Mock dependências externas** (ex: API do Kubernetes)
+- **Teste cenários de erro** além de casos de sucesso
+- **Mantenha testes rápidos** (< 1 segundo por teste)
 
 ## Processo de Pull Request
 
-1. Atualize a documentação se necessário
-2. Adicione testes para novas funcionalidades
-3. Certifique-se de que todos os testes passam
-4. Atualize o CHANGELOG.md
-5. Descreva suas mudanças no PR
+1. **Execute todos os testes** e certifique-se de que passam (`make test`)
+2. **Verifique a cobertura de testes** (`go test -coverprofile=coverage.out ./...`)
+3. Atualize a documentação se necessário
+4. **Adicione testes** para novas funcionalidades ou correções de bugs
+5. Execute o linter (`make lint`) e corrija quaisquer problemas
+6. Atualize o CHANGELOG.md
+7. Descreva suas mudanças no PR de forma clara e detalhada
+
+### Checklist do Pull Request
+
+- [ ] Testes adicionados/atualizados e passando
+- [ ] Cobertura de testes mantida/melhorada
+- [ ] Código formatado (`gofmt`)
+- [ ] Linter sem erros (`make lint`)
+- [ ] Documentação atualizada (se aplicável)
+- [ ] CHANGELOG.md atualizado
 
 ## Relatando Bugs
 

@@ -1,31 +1,33 @@
 # Build stage
-FROM cgr.dev/chainguard/go:1.24 AS builder
+FROM golang:1.24-alpine AS builder
 
-WORKDIR /app
-
-# Copy go mod files
-COPY go.mod ./
-COPY go.sum ./
+# Install ca-certificates for HTTPS requests during build
+RUN apk --no-cache add ca-certificates
 
-# Download dependencies and generate go.sum
-RUN go mod download && go mod tidy
+WORKDIR /app
 
-# Copy source code
+# Copy everything first
 COPY . .
 
 # Build the application
 RUN CGO_ENABLED=0 GOOS=linux go build -o /app/kubeprobes ./cmd/kubeprobes
 
-# Final stage
-FROM cgr.dev/chainguard/static:20241227
+# Final stage - using alpine for better compatibility
+FROM alpine:3.22.0
 
-# Create a non-root user
-# Note: chainguard/static already includes a non-root user 'nonroot' with UID 65532
-USER 65532:65532
+# Install ca-certificates for HTTPS requests
+RUN apk --no-cache add ca-certificates
+
+# Create non-root user
+RUN addgroup -g 1001 -S kubeprobes && \
+    adduser -u 1001 -S kubeprobes -G kubeprobes
 
 # Copy the binary from builder
 COPY --from=builder /app/kubeprobes /usr/local/bin/kubeprobes
 
+# Set user
+USER kubeprobes:kubeprobes
+
 # Set the entrypoint
 ENTRYPOINT ["kubeprobes"]