omattsson · omattsson · Mar 28, 2026 · Mar 26, 2026 · Mar 26, 2026 · Mar 26, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,10 @@
+.git
+cli/bin
+cli/dist
+cli/coverage.out
+.github
+.claude
+.goreleaser.yml
+cli/Makefile
+*.md
+LICENSE
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,58 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    defaults:
+      run:
+        working-directory: cli
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: cli/go.mod
+          cache-dependency-path: cli/go.sum
+      - run: make test
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    defaults:
+      run:
+        working-directory: cli
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: cli/go.mod
+          cache-dependency-path: cli/go.sum
+      - run: make tools
+      - run: make lint
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    needs: [test, lint]
+    defaults:
+      run:
+        working-directory: cli
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: cli/go.mod
+          cache-dependency-path: cli/go.sum
+      - run: make build-all
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,36 @@
+name: Release
+
+on:
+  push:
+    tags: ['v*']
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: cli/go.mod
+          cache-dependency-path: cli/go.sum
+      - name: Install staticcheck
+        working-directory: cli
+        run: make tools
+      - name: Run tests and lint
+        working-directory: cli
+        run: make test && make lint
+      - name: Run goreleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
-        with:
+        with:
+          version: v2.7.0
-        with:
+        with:
+          version: v2.7.0
+          version: v2.7.0
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -0,0 +1,65 @@
+version: 2
+
+project_name: stackctl
+
+dist: cli/dist
+
+builds:
+  - dir: cli
+    main: .
+    binary: stackctl
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - amd64
+      - arm64
+    ignore:
+      - goos: windows
+        goarch: arm64
+    ldflags:
+      - -s -w
+      - -X main.version={{.Version}}
+      - -X main.commit={{.Commit}}
+      - -X main.date={{.Date}}
+
+archives:
+  - formats:
+      - tar.gz
+    format_overrides:
+      - goos: windows
+        formats:
+          - zip
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+
+checksum:
+  name_template: "checksums.txt"
+  algorithm: sha256
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^Merge"
+
+brews:
+  - repository:
+      owner: omattsson
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_TOKEN }}"
+    homepage: https://github.com/omattsson/stackctl
+    description: CLI for managing Kubernetes stack deployments via k8s-stack-manager
+    license: MIT
+    install: |
+      bin.install "stackctl"
+    test: |
+      system "#{bin}/stackctl", "version"
+
+release:
+  github:
+    owner: omattsson
+    name: stackctl
+  draft: false
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,30 @@
+# Stage 1: Build
+FROM golang:1.26.1-alpine@sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 AS builder
+
+ARG VERSION=dev
+ARG COMMIT=none
+ARG DATE=unknown
+
+WORKDIR /build
+
+# Cache dependencies
+COPY cli/go.mod cli/go.sum ./cli/
+RUN cd cli && go mod download
+
+# Copy source and build
+COPY cli/ ./cli/
+RUN cd cli && CGO_ENABLED=0 go build \
+    -ldflags "-s -w -X main.version=${VERSION} -X main.commit=${COMMIT} -X main.date=${DATE}" \
+    -o /build/stackctl .
+
+# Stage 2: Runtime
+FROM alpine:3.20@sha256:a4f4213abb84c497377b8544c81b3564f313746700372ec4fe84653e4fb03805
+
+RUN apk add --no-cache ca-certificates && \
+    adduser -D -h /home/stackctl stackctl
+
+COPY --from=builder /build/stackctl /usr/local/bin/stackctl
+
+USER stackctl
+
+ENTRYPOINT ["stackctl"]
diff --git a/cli/.gitignore b/cli/.gitignore
@@ -1,2 +1,3 @@
 bin/
+dist/
 coverage.out
diff --git a/cli/Makefile b/cli/Makefile
@@ -0,0 +1,64 @@
+# stackctl CLI Makefile
+
+BINARY_NAME = stackctl
+VERSION    ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
+COMMIT     ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo "none")
+DATE       ?= $(shell date -u +%Y-%m-%dT%H:%M:%SZ)
+LDFLAGS     = -s -w -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(DATE)
+
+STATICCHECK_VERSION ?= 2026.1
+
+# Detect Windows for .exe extension
+ifdef GOOS
+  ifeq ($(GOOS),windows)
+    EXT = .exe
+  endif
+else
+  ifeq ($(OS),Windows_NT)
+    EXT = .exe
+  endif
+endif
+
+# windows/arm64 excluded: not a common deployment target and avoids cross-compilation issues
+PLATFORMS = linux/amd64 linux/arm64 darwin/amd64 darwin/arm64 windows/amd64
+
+.PHONY: build build-all test lint coverage install clean tools
+
+build:
+	@mkdir -p bin
+	CGO_ENABLED=0 go build -ldflags "$(LDFLAGS)" -o bin/$(BINARY_NAME)$(EXT) .
+
+build-all:
+	@mkdir -p bin
+	@for platform in $(PLATFORMS); do \
+		os=$${platform%/*}; \
+		arch=$${platform#*/}; \
+		output=bin/$(BINARY_NAME)-$${os}-$${arch}; \
+		if [ "$${os}" = "windows" ]; then output=$${output}.exe; fi; \
+		echo "Building $${output}..."; \
+		CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} go build -ldflags "$(LDFLAGS)" -o $${output} . || exit 1; \
+	done
+
+test:
+	go test ./... -v
+
+lint:
+	go vet ./...
+	@if ! command -v staticcheck >/dev/null 2>&1; then \
+		echo "Error: staticcheck is not installed. Run 'make tools' to install staticcheck@$(STATICCHECK_VERSION)"; \
+		exit 1; \
+	fi
+	staticcheck ./...
+
+coverage:
+	go test ./... -coverprofile=coverage.out
+	go tool cover -func=coverage.out
+
+install:
+	CGO_ENABLED=0 go install -ldflags "$(LDFLAGS)" .
+
+tools:
+	go install honnef.co/go/tools/cmd/staticcheck@$(STATICCHECK_VERSION)
+
+clean:
+	rm -rf bin/ dist/ coverage.out
diff --git a/cli/test/e2e/cli_e2e_test.go b/cli/test/e2e/cli_e2e_test.go
@@ -152,7 +152,7 @@ func TestE2E_ConfigWorkflow(t *testing.T) {
 	}
 
 	// 7. Add another context
-	stdout, _, err = runStackctl(t, dir, "config", "use-context", "production")
+	_, _, err = runStackctl(t, dir, "config", "use-context", "production")
 	require.NoError(t, err)
 
 	_, _, err = runStackctl(t, dir, "config", "set", "api-url", "https://prod.example.com")