Stats
Actions
Tags
From golang
Release engineering for Go projects — GoReleaser v2 with version ldflags into an internal/version package, SBOMs and multi-arch container images, tag-triggered GitHub Actions releases, CI running build/vet/test -race/govulncheck with SHA-pinned actions, and Dependabot coverage for gomod, tools, npm, and Actions. Use when setting up releases or GoReleaser for a Go project, writing GitHub Actions CI or release workflows for a Go repository, stamping version metadata into a Go binary at build time, or adding Dependabot coverage to a Go repo.
How this skill is triggered — by the user, by Claude, or both
Slash command
/golang:go-releaseThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Tag-driven releases: pushing a `vX.Y.Z` tag builds cross-platform archives, checksums, SBOMs, and
Tag-driven releases: pushing a vX.Y.Z tag builds cross-platform archives, checksums, SBOMs, and
multi-arch container images via GoReleaser. CI gates every push; Dependabot keeps everything —
including the action pins — fresh. This layers on the layout and Makefile from the go-project
skill.
internal/version// Package version exposes build metadata stamped into the binary at link time.
// Keep these as vars (not consts) so -ldflags "-X ..." can rewrite them; an
// unbuilt or `go run` binary reports the defaults.
package version
var (
Version = "dev" // semver release tag, e.g. v1.2.3
Commit = "none" // short git SHA
BuildDate = "unknown" // RFC3339 UTC build timestamp
)
Both make build and GoReleaser inject the same vars at the same import path:
-ldflags "-s -w -X <module>/internal/version.Version={{ .Version }} ..."
Expose the metadata through --version output or a GET /version endpoint.
Copy templates/goreleaser.yaml to .goreleaser.yaml and replace the
myapp / OWNER/REPO placeholders. What it encodes:
CGO_ENABLED=0, -trimpath, -s -w, for linux + darwin ×
amd64 + arm64.tar.gz archives shipping the LICENSE, a checksums.txt, and an SBOM per archive —
generated by the syft pinned in tools/go.mod and invoked via go tool, so nothing needs to
be on PATH.docs: / test: / chore: / ci: conventional-commit prefixes.dockers_v2 multi-arch images (buildx) pushed to GHCR with OCI annotations.Validate locally with make snapshot (goreleaser release --snapshot --clean) — full build, no
publish.
Copy templates/ci.yaml to .github/workflows/ci.yaml. Every push and pull
request runs go build, go vet, go test -race, and govulncheck. Conventions:
go.mod (go-version-file), never hard-coded in the workflow.permissions: contents: read — the default token does nothing else.Copy templates/release.yaml to .github/workflows/release.yaml. It
triggers on v* tags, checks out with fetch-depth: 0 (GoReleaser needs full history for the
changelog), sets up QEMU + buildx for multi-arch images, logs into GHCR with the built-in
GITHUB_TOKEN, and runs goreleaser release --clean — SBOMs come from the pinned syft via
go tool, so there is no separate syft install step. Cutting a release is exactly: push a semver
tag.
Copy templates/dependabot.yaml to .github/dependabot.yaml: daily
checks with a 7-day cooldown, minor + patch bumps grouped into one PR per ecosystem (majors arrive
as individual PRs). tools/go.mod gets its own gomod entry — Dependabot does not descend into
nested modules — so developer-tool bumps never ride along with application dependency PRs, and the
github-actions entry keeps the workflow SHA pins fresh. For the rationale behind each knob and
the full ecosystem matrix (docker, docker-compose, uv, …), see reference.md.
npx claudepluginhub bitwise-media-group/skills --plugin golangProvides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.