feat: initial deployscope release

Lightweight Kubernetes deployment monitor with REST API.
Extracted from internal Helm chart project as standalone service.

Author: Test

.dockerignore

@@ -0,0 +1,10 @@
+bin/
+.git/
+.github/
+.claude/
+*.md
+!go.mod
+!go.sum
+Makefile
+deploy/
+coverage.out

.github/workflows/ci.yml

@@ -0,0 +1,59 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ['1.24', '1.25']
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - run: make deps
+      - run: make test
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+      - uses: golangci/golangci-lint-action@v7
+        with:
+          version: v2.8.0
+          args: --timeout=5m
+      - run: make fmt
+      - run: git diff --exit-code
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: fs
+          scan-ref: .
+          format: sarif
+          output: trivy-results.sarif
+      - name: Upload Trivy results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v4
+        if: always()
+        with:
+          sarif_file: trivy-results.sarif

.github/workflows/release.yml

@@ -0,0 +1,142 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release (e.g., v0.2.6)'
+        required: true
+        type: string
+
+permissions:
+  contents: write
+
+jobs:
+  test:
+    name: Test before release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.tag || github.ref }}
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+      - run: make test
+
+  release:
+    name: Release
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Resolve tag
+        id: tag
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "version=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
+          else
+            echo "version=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
+          fi
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.tag.outputs.version }}
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+
+      - name: Get project name
+        id: project
+        run: echo "name=$(basename $GITHUB_REPOSITORY)" >> $GITHUB_OUTPUT
+
+      - name: Build and package binaries
+        run: |
+          VERSION=${{ steps.tag.outputs.version }}
+          VERSION_NUM=${VERSION#v}
+          PROJECT=${{ steps.project.outputs.name }}
+          LDFLAGS="-s -w -X main.version=${VERSION_NUM}"
+
+          platforms=(
+            "linux/amd64"
+            "linux/arm64"
+            "darwin/amd64"
+            "darwin/arm64"
+            "windows/amd64"
+          )
+
+          mkdir -p dist staging
+
+          for platform in "${platforms[@]}"; do
+            GOOS="${platform%/*}"
+            GOARCH="${platform#*/}"
+            binary="${PROJECT}"
+            archive="${PROJECT}_${VERSION_NUM}_${GOOS}_${GOARCH}"
+
+            if [ "$GOOS" = "windows" ]; then
+              binary="${binary}.exe"
+              GOOS=$GOOS GOARCH=$GOARCH go build -ldflags="$LDFLAGS" -o "staging/${binary}" ./cmd/${PROJECT}/
+              cd staging && zip "../dist/${archive}.zip" "${binary}" && cd ..
+            else
+              GOOS=$GOOS GOARCH=$GOARCH go build -ldflags="$LDFLAGS" -o "staging/${binary}" ./cmd/${PROJECT}/
+              tar -czf "dist/${archive}.tar.gz" -C staging "${binary}"
+            fi
+            rm -f "staging/${binary}"
+          done
+
+      - name: Generate checksums
+        run: |
+          cd dist
+          sha256sum * > checksums.txt
+
+      - name: Extract release notes from CHANGELOG
+        id: notes
+        run: |
+          TAG=${{ steps.tag.outputs.version }}
+          VERSION=${TAG#v}
+          PROJECT=${{ steps.project.outputs.name }}
+          REPO=${{ github.repository }}
+
+          CHANGELOG=$(awk "/^## \[${VERSION}\]/{found=1; next} /^## \[/{found=0} found" CHANGELOG.md 2>/dev/null || true)
+          if [ -z "$CHANGELOG" ]; then
+            CHANGELOG="Release ${TAG}"
+          fi
+
+          {
+            echo "${CHANGELOG}"
+            echo ""
+            echo "## Install"
+            echo ""
+            echo '```bash'
+            echo "# macOS (Apple Silicon)"
+            echo "curl -LO https://github.com/${REPO}/releases/download/${TAG}/${PROJECT}_${VERSION}_darwin_arm64.tar.gz"
+            echo "tar -xzf ${PROJECT}_${VERSION}_darwin_arm64.tar.gz"
+            echo "sudo mv ${PROJECT} /usr/local/bin/"
+            echo ""
+            echo "# macOS (Intel)"
+            echo "curl -LO https://github.com/${REPO}/releases/download/${TAG}/${PROJECT}_${VERSION}_darwin_amd64.tar.gz"
+            echo "tar -xzf ${PROJECT}_${VERSION}_darwin_amd64.tar.gz"
+            echo "sudo mv ${PROJECT} /usr/local/bin/"
+            echo ""
+            echo "# Linux (amd64)"
+            echo "curl -LO https://github.com/${REPO}/releases/download/${TAG}/${PROJECT}_${VERSION}_linux_amd64.tar.gz"
+            echo "tar -xzf ${PROJECT}_${VERSION}_linux_amd64.tar.gz"
+            echo "sudo mv ${PROJECT} /usr/local/bin/"
+            echo '```'
+            echo ""
+            echo "**Verify checksums:** \`sha256sum -c checksums.txt\`"
+          } > /tmp/release-body.md
+
+          echo "notes<<EOF" >> $GITHUB_OUTPUT
+          cat /tmp/release-body.md >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.tag.outputs.version }}
+          body: ${{ steps.notes.outputs.notes }}
+          files: dist/*
+          generate_release_notes: false

.gitignore

@@ -0,0 +1,4 @@
+
+# Claude Code
+.claude/
+CLAUDE.local.md

CLAUDE.md

@@ -0,0 +1,31 @@
+# Project: deployscope
+
+## Commands
+- `make build` — Build binary
+- `make test` — Run tests with race detection
+- `make lint` — Run golangci-lint
+- `make fmt` — Format with gofmt/goimports
+- `make clean` — Clean build artifacts
+
+## Architecture
+- Entry: cmd/deployscope/main.go (minimal, delegates to internal/)
+- internal/k8s/ — Kubernetes client, cache, deployment fetching
+- internal/server/ — HTTP handlers, routes, HTML, OpenAPI spec
+
+## Conventions
+- Minimal main.go — create client, create server, ListenAndServe
+- Internal packages: short single-word names (k8s, server)
+- Struct-based domain models with json tags
+- Standard Go formatting (gofmt/goimports)
+- Version injected via LDFLAGS at build time
+
+## Anti-Patterns
+- NEVER use raw SQL without parameterization
+- NEVER skip error handling — always check returned errors
+- NEVER use init() functions unless absolutely necessary
+- NEVER use global mutable state
+
+## Verification
+- Run `make test` after code changes (includes -race)
+- Run `make lint` before marking complete
+- Run `go vet ./...` for suspicious constructs

Dockerfile

@@ -0,0 +1,25 @@
+FROM golang:1.23-alpine AS builder
+
+WORKDIR /app
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY cmd/ ./cmd/
+COPY internal/ ./internal/
+
+ARG VERSION=dev
+RUN CGO_ENABLED=0 GOOS=linux go build \
+    -ldflags "-s -w -X main.version=${VERSION}" \
+    -o deployscope ./cmd/deployscope
+
+FROM alpine:3.19
+
+RUN apk --no-cache add ca-certificates
+COPY --from=builder /app/deployscope /usr/local/bin/deployscope
+
+EXPOSE 8080
+
+USER 1001:1001
+
+ENTRYPOINT ["deployscope"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 ppiankov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,32 @@
+BINARY  := deployscope
+VERSION := $(shell git describe --tags --always --dirty 2>/dev/null | sed 's/^v//' || echo "dev")
+LDFLAGS := -ldflags "-s -w -X main.version=$(VERSION)"
+
+.PHONY: all build test lint fmt clean deps docker-build help
+
+all: deps fmt lint test build
+
+build: ## Build binary
+	CGO_ENABLED=0 go build $(LDFLAGS) -o bin/$(BINARY) ./cmd/deployscope
+
+test: ## Run tests with race detection
+	go test -race -cover ./...
+
+lint: ## Run golangci-lint
+	golangci-lint run ./...
+
+fmt: ## Format code
+	gofmt -w .
+	goimports -w .
+
+deps: ## Download dependencies
+	go mod download
+
+docker-build: ## Build Docker image
+	docker build -t $(BINARY):$(VERSION) .
+
+clean: ## Clean build artifacts
+	rm -rf bin/ coverage.out
+
+help: ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## ' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  %-15s %s\n", $$1, $$2}'