ci: add pipeline

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+github: fang2hou
+patreon: fang2hou
+ko_fi: fang2hou
+custom: ["http://paypal.me/fang2h0u", "https://afdian.net/@fang2hou"]

.github/workflows/auto-assign.yaml

@@ -0,0 +1,20 @@
+name: 🤖 Auto Assign
+on:
+  issues:
+    types: [opened, reopened]
+  pull_request:
+    types: [opened, reopened]
+jobs:
+  run:
+    name: 👦🏻 Assign
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Assign
+        uses: pozil/auto-assign-issue@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          assignees: ${{ vars.DEFAULT_ASSIGNEE }}
+          numOfAssignee: 1

.github/workflows/auto-release.yaml

@@ -0,0 +1,44 @@
+name: 🚀 Release
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  tag-check:
+    name: 🏷️ Tag Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check tag
+        run: echo "${{ github.ref_name }}" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$'
+  check:
+    name: 🧐 Pre-release check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup toolchain
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Get dependencies
+        run: go get -v ./...
+      - name: Build
+        run: go build -v ./...
+      - name: Test
+        run: go test -v ./...
+      - name: Lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59
+  release:
+    name: 🆕 New release
+    runs-on: ubuntu-latest
+    needs: check
+    steps:
+      - name: Create release via GitHub CLI
+        env:
+          GITHUB_TOKEN: ${{ secrets.ACTIONS_PERSONAL_ACCESS_TOKEN }}
+          tag: ${{ github.ref_name }}
+        run: gh release create "$tag" --repo="$GITHUB_REPOSITORY" --title="${GITHUB_REPOSITORY#*/} v${tag#v}" --generate-notes

.github/workflows/go-check.yaml

@@ -0,0 +1,29 @@
+name: 🐭 Go
+on:
+  push:
+    branches: ["main", "master"]
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  check:
+    name: 🧐 Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup toolchain
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Get dependencies
+        run: go get -v ./...
+      - name: Build
+        run: go build -v ./...
+      - name: Test
+        run: go test -v ./...
+      - name: Lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59

.github/workflows/release-build.yaml

@@ -0,0 +1,89 @@
+name: 🏗️ Release Build
+on:
+  release:
+    types: [published]
+env:
+  CARGO_TERM_COLOR: always
+jobs:
+  check:
+    name: 🧐 Pre-build check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup toolchain
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Get dependencies
+        run: go get -v ./...
+      - name: Build
+        run: go build -v ./...
+      - name: Test
+        run: go test -v ./...
+      - name: Lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59
+  build:
+    name: 🏗️ Build ${{ matrix.os }}/${{ matrix.arch }}
+    runs-on: ubuntu-latest
+    needs: check
+    env:
+      SOURCE_DIR: .
+      APP_NAME: ${{ github.event.repository.name }}
+    permissions:
+      contents: write
+    strategy:
+      matrix:
+        include:
+          - os: linux
+            arch: amd64
+          - os: linux
+            arch: arm
+          - os: linux
+            arch: arm64
+          - os: darwin
+            arch: amd64
+          - os: darwin
+            arch: arm64
+          - os: windows
+            arch: amd64
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Setup toolchain
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Build
+        env:
+          GOOS: ${{ matrix.os }}
+          GOARCH: ${{ matrix.arch }}
+        run: |
+          EXTENSION="${{ matrix.os == 'windows' && '.exe' || '' }}"
+          BINARY_NAME="${APP_NAME}_${{ github.event.release.tag_name }}_${{ matrix.os }}-${{ matrix.arch }}"
+          echo "BINARY_NAME=$BINARY_NAME" >> $GITHUB_ENV
+          go build -ldflags="-s -w" -v -o "dist/${BINARY_NAME}${EXTENSION}" $SOURCE_DIR
+      - name: Archive
+        run: |
+          if [ "${{ matrix.os }}" = "windows" ]; then
+            cd dist && zip -r "${BINARY_NAME}.zip" "${BINARY_NAME}.exe"
+            echo "OUTPUT_FILE=${BINARY_NAME}.zip" >> $GITHUB_ENV
+          elif [ "${{ matrix.os }}" = "linux" ]; then
+            tar -czf "dist/${BINARY_NAME}.tar.gz" -C dist "${BINARY_NAME}"
+            echo "OUTPUT_FILE=${BINARY_NAME}.tar.gz" >> $GITHUB_ENV
+          else
+            zip -j "dist/${BINARY_NAME}.zip" "dist/${BINARY_NAME}"
+            echo "OUTPUT_FILE=${BINARY_NAME}.zip" >> $GITHUB_ENV
+          fi
+      - name: Upload to release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          sha256sum "dist/${OUTPUT_FILE}" > "dist/${OUTPUT_FILE}.sha256"
+          gh release upload ${{ github.ref_name }} "dist/${OUTPUT_FILE}" "dist/${OUTPUT_FILE}.sha256"

.github/workflows/release-notify.yaml

@@ -0,0 +1,23 @@
+name: 📢 Release Notify
+on:
+  release:
+    types: [published]
+jobs:
+  notify:
+    name: 📢 Notify
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout to actions repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          repository: wind-addons/actions
+          ref: main
+      - name: Send message to Discord
+        env:
+          RELEASE_EVENT_JSON: ${{ toJson(github.event.release) }}
+          REPOSITORY_NAME: ${{ github.repository }}
+          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_ALL_RELEASE }}
+          BAR_IMAGE: ${{ vars.DISCORD_MESSAGE_BAR_IMAGE }}
+          ROCKET_IMAGE: ${{ vars.DISCORD_MESSAGE_ROCKET_IMAGE }}
+        run: node discord/release-message.js

.github/workflows/snyk.yaml

@@ -0,0 +1,26 @@
+name: 🐺 Snyk
+on:
+  push:
+    branches: ['main', 'master']
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security:
+    name: 🛡️ Security Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Snyk check
+        uses: snyk/actions/golang@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif