Merge pull request #1 from datum-cloud/claude-poc

feat: initial commit

Author: zachsmith1

.github/workflows/ci.yaml

@@ -0,0 +1,56 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+env:
+  GO_VERSION: '1.24'
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GO_VERSION }}
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v7
+      with:
+        version: v2.1
+        args: --timeout 5m
+
+  test:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GO_VERSION }}
+
+    - name: Run tests
+      run: go test -v -race -coverprofile=coverage.out ./...
+
+    - name: Upload coverage
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: coverage
+        path: coverage.out
+        retention-days: 7
+
+  validate-kustomize:
+    name: Validate Kustomize
+    uses: datum-cloud/actions/.github/workflows/validate-kustomize.yaml@main
+
+  lint-workflows:
+    name: Lint Workflows
+    uses: datum-cloud/actions/.github/workflows/lint-workflows.yaml@main

.github/workflows/e2e.yaml

@@ -0,0 +1,50 @@
+name: E2E Tests
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+env:
+  GO_VERSION: '1.24'
+  TASK_X_REMOTE_TASKFILES: '1'
+
+jobs:
+  e2e:
+    name: E2E Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ env.GO_VERSION }}
+
+    - name: Install Task
+      run: |
+        sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
+
+    - name: Install Flux CLI
+      run: |
+        curl -s https://fluxcd.io/install.sh | bash
+
+    - name: Install Chainsaw
+      run: |
+        go install github.com/kyverno/chainsaw@latest
+
+    - name: Run E2E tests
+      run: task --yes ci:e2e
+
+    - name: Upload diagnostics
+      if: failure()
+      uses: actions/upload-artifact@v4
+      with:
+        name: e2e-diagnostics
+        path: e2e/e2e-diagnostics/
+        retention-days: 7

.github/workflows/publish.yaml

@@ -0,0 +1,35 @@
+name: Publish
+
+on:
+  push:
+  pull_request:
+  release:
+    types: ['published']
+
+jobs:
+  publish-docker:
+    name: Publish Docker Image
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
+      attestations: write
+    uses: datum-cloud/actions/.github/workflows/publish-docker.yaml@v1.9.0
+    with:
+      image-name: external-dns-webhook
+    secrets: inherit
+
+  publish-kustomize-bundle:
+    name: Publish Kustomize Bundle
+    needs: publish-docker
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
+    uses: datum-cloud/actions/.github/workflows/publish-kustomize-bundle.yaml@v1.9.0
+    with:
+      bundle-name: ghcr.io/datum-cloud/external-dns-webhook/deploy
+      bundle-path: config/base
+      image-overlays: config/base
+      image-name: ghcr.io/datum-cloud/external-dns-webhook
+    secrets: inherit

.gitignore

@@ -0,0 +1,41 @@
+# Binaries
+bin/
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binaries
+*.test
+
+# Output of the go coverage tool
+*.out
+coverage.html
+
+# Dependency directories
+vendor/
+
+# Go workspace file
+go.work
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS specific
+.DS_Store
+Thumbs.db
+
+# Task runner
+.task/
+
+# E2E test artifacts
+.test-infra/
+chainsaw-report.json
+
+# Ignore local claude settings
+.claude/settings.local.json

Dockerfile

@@ -0,0 +1,22 @@
+FROM golang:1.24-alpine AS builder
+
+WORKDIR /app
+
+# Copy go mod files
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the binary
+RUN CGO_ENABLED=0 GOOS=linux go build -o datum-dns-webhook .
+
+# Use distroless for minimal attack surface
+FROM gcr.io/distroless/static:nonroot
+
+COPY --from=builder /app/datum-dns-webhook /
+
+USER 65532:65532
+
+ENTRYPOINT ["/datum-dns-webhook"]