Skip to content

go-devops

forge.lthn.ai/core/go-devops is the build, release, and infrastructure automation library for the Lethean ecosystem. It replaces goreleaser with a native Go pipeline that auto-detects project types, cross-compiles, signs artefacts, generates changelogs, and publishes to eight distribution targets.

Module: forge.lthn.ai/core/go-devops Go: 1.26 Licence: EUPL-1.2

What it does

Area Summary
Build system Auto-detect project type from marker files, cross-compile for multiple OS/arch targets, archive and checksum artefacts
Code signing macOS codesign, GPG detached signatures, Windows signtool
Release publishers GitHub Releases, Docker, Homebrew, npm, AUR, Scoop, Chocolatey, LinuxKit
SDK generation Generate typed API clients from OpenAPI specs (TypeScript, Python, Go, PHP) with breaking change detection
Ansible executor Native Go playbook runner with ~30 modules over SSH — no ansible-playbook shell-out
Infrastructure Hetzner Cloud/Robot provisioning, CloudNS DNS management
Container/VM LinuxKit-based VMs via QEMU (Linux) or Hyperkit (macOS)
Developer toolkit Cyclomatic complexity analysis, vulnerability scanning, coverage trending, secret scanning
Doc sync Collect documentation from multi-repo workspaces into a central location

Package layout

go-devops/
├── ansible/          Ansible playbook execution engine (native Go, no shell-out)
├── build/            Build system: project detection, archives, checksums
│   ├── builders/     Builders: Go, Wails, Docker, C++, LinuxKit, Taskfile
│   ├── signing/      Code signing: macOS codesign, GPG, Windows signtool
│   └── buildcmd/     CLI handlers for core build / core release
├── container/        LinuxKit VM management, hypervisor abstraction
├── deploy/           Deployment integrations (Coolify PaaS, embedded Python)
├── devkit/           Code quality, security, coverage trending
├── devops/           Portable dev environment management
│   └── sources/      Image download: GitHub Releases, S3/CDN
├── infra/            Infrastructure APIs: Hetzner Cloud, Hetzner Robot, CloudNS
├── release/          Release orchestration: version, changelog, publishing
│   └── publishers/   8 publisher backends
├── sdk/              OpenAPI SDK generation and breaking change detection
│   └── generators/   Language generators: TypeScript, Python, Go, PHP
├── snapshot/         Frozen release manifest generation (core.json)
└── cmd/              CLI command registrations
    ├── dev/          Multi-repo workflow commands (work, health, commit, push, pull)
    ├── docs/         Documentation sync and listing
    ├── deploy/       Coolify deployment commands
    ├── setup/        Repository and CI bootstrapping
    └── gitcmd/       Git helpers

CLI commands

go-devops registers commands into the core CLI binary (built from forge.lthn.ai/core/cli). Key commands:

# Build
core build                     # Auto-detect project type, build for configured targets
core build --ci                # All targets, JSON output
core build sdk                 # Generate SDKs from OpenAPI spec

# Release
core build release             # Build + changelog + publish (requires --we-are-go-for-launch)

# Multi-repo development
core dev health                # Quick summary across all repos
core dev work                  # Combined status, commit, push workflow
core dev commit                # Claude-assisted commits for dirty repos
core dev push                  # Push repos with unpushed commits
core dev pull                  # Pull repos behind remote

# GitHub integration
core dev issues                # List open issues across repos
core dev reviews               # PRs needing review
core dev ci                    # GitHub Actions status

# Documentation
core docs list                 # Scan repos for docs
core docs sync                 # Copy docs to central location
core docs sync --target gohelp # Sync to go-help format

# Deployment
core deploy servers            # List Coolify servers
core deploy apps               # List Coolify applications

# Setup
core setup repo                # Generate .core/ configuration for a repo
core setup ci                  # Bootstrap CI configuration

Configuration

Two YAML files in .core/ at the project root control build and release behaviour:

File Purpose
.core/build.yaml Project name, binary, build flags, cross-compilation targets
.core/release.yaml Repository, changelog rules, publisher configs, SDK settings

See Build System and Publishers for full configuration reference.

Core interfaces

Every extensible subsystem is defined by a small interface:

// Builder — project type plugin (build/builders/)
type Builder interface {
    Name() string
    Detect(fs io.Medium, dir string) (bool, error)
    Build(ctx context.Context, cfg *Config, targets []Target) ([]Artifact, error)
}

// Publisher — distribution target plugin (release/publishers/)
type Publisher interface {
    Name() string
    Publish(ctx context.Context, release *Release, pubCfg PublisherConfig,
            relCfg ReleaseConfig, dryRun bool) error
}

// Generator — SDK language generator (sdk/generators/)
type Generator interface {
    Language() string
    Generate(ctx context.Context, spec, outputDir string, config *Config) error
}

// Signer — code signing plugin (build/signing/)
type Signer interface {
    Name() string
    Available() bool
    Sign(filePath, keyID string) ([]byte, error)
}

Further reading

  • Build System — Builders, project detection, .core/build.yaml reference
  • Publishers — Release publishers, .core/release.yaml reference
  • SDK Generation — OpenAPI client generation and breaking change detection
  • Doc Sync — Documentation sync across multi-repo workspaces
  • Architecture — Full architecture deep-dive (Ansible, infra, devkit, containers)
  • Development Guide — Building, testing, coding standards