Agent skill
packaging
Package Go CLIs as minimal secure containers with distroless base images. Static binaries, non-root users, read-only filesystems for production.
Install this agent skill to your Project
npx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/main/plugins/build/skills/packaging
SKILL.md
Packaging
When to Use This Skill
Packaging a Go CLI involves creating distributable artifacts that run anywhere. This section covers:
- Container Builds - Multi-stage Dockerfiles with distroless
- Helm Charts - Deploy your CLI with Helm
- Release Automation - Multi-arch builds and GoReleaser
- GitHub Actions - Distribute as a reusable GitHub Action
- Pre-commit Hooks - Distribute as pre-commit hooks
Implementation
See the full implementation guide in the source documentation.
Key Principles
| Practice | Description |
|---|---|
| Static binaries | Use CGO_ENABLED=0 for portable builds |
| Non-root user | Always run as non-root in containers |
| Read-only filesystem | Set readOnlyRootFilesystem: true |
| Drop capabilities | Remove all capabilities with drop: ALL |
| Version in binary | Inject version at build time |
| Multi-arch support | Build for both amd64 and arm64 |
Ship binaries that run anywhere Kubernetes runs.
References
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
github-token-permissions-overview
Understanding GITHUB_TOKEN scope, default permissions, and implementing least-privilege principle for GitHub Actions workflows.
secure
Find and fix security issues before they become incidents. Vulnerability scanning, SBOM generation, supply chain security, and secure authentication workflows.
complete-workflow-examples
Copy-paste hardened CI/CD workflows with SHA-pinned actions, minimal GITHUB_TOKEN permissions, OIDC authentication, and comprehensive security scanning for GitHub Actions.
ephemeral-runner-patterns
Disposable runner patterns for GitHub Actions. Container-based, VM-based, and ARC deployment strategies with complete state isolation between jobs.
action-pinning-overview
Why pinning GitHub Actions to SHA-256 commits matters for supply chain security. Attack vectors from unpinned actions and comparison of tag vs SHA pinning.
github-actions-security-patterns-hub
Complete security patterns for GitHub Actions covering action pinning, GITHUB_TOKEN permissions, third-party action risks, secret management, and runner security.
Didn't find tool you were looking for?