feat: 添加 CI/CD 工作流和自动化发布流程，更新标签创建脚本

Author: jamiesun

.github/workflows/ci.yml

@@ -0,0 +1,89 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        go: ["1.21"]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Cache Go modules
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Run tests
+        run: go test -v -race -coverprofile=coverage.out -covermode=atomic ./...
+
+      - name: Upload coverage to Codecov
+        if: matrix.os == 'ubuntu-latest'
+        uses: codecov/codecov-action@v3
+        with:
+          files: ./coverage.out
+          flags: unittests
+          name: codecov-umbrella
+
+      - name: Build
+        run: go build -v ./cmd/sshx
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          args: --timeout=5m
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: "-no-fail -fmt sarif -out results.sarif ./..."
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif

.github/workflows/release.yml

@@ -0,0 +1,148 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    name: Build and Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+
+      - name: Get version
+        id: get_version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+      - name: Build binaries
+        run: |
+          # 创建输出目录
+          mkdir -p dist
+
+          # 定义构建函数
+          build() {
+            local os=$1
+            local arch=$2
+            local output="dist/sshx-${os}-${arch}"
+            
+            if [ "$os" = "windows" ]; then
+              output="${output}.exe"
+            fi
+            
+            echo "Building for $os/$arch..."
+            GOOS=$os GOARCH=$arch CGO_ENABLED=0 go build \
+              -ldflags="-s -w -X main.Version=${{ steps.get_version.outputs.VERSION }}" \
+              -o "$output" \
+              ./cmd/sshx
+            
+            # 压缩二进制文件
+            if [ "$os" = "windows" ]; then
+              zip "dist/sshx-${os}-${arch}.zip" "$output"
+              rm "$output"
+            else
+              tar czf "dist/sshx-${os}-${arch}.tar.gz" -C dist "$(basename $output)"
+              rm "$output"
+            fi
+          }
+
+          # 构建所有平台
+          build linux amd64
+          build linux arm64
+          build darwin amd64
+          build darwin arm64
+          build windows amd64
+
+      - name: Generate checksums
+        run: |
+          cd dist
+          sha256sum * > checksums.txt
+          cat checksums.txt
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: Release ${{ steps.get_version.outputs.VERSION }}
+          body: |
+            ## SSH & SFTP Remote Tool with MCP Support
+
+            ### 下载说明
+
+            请根据您的操作系统选择对应的二进制文件：
+
+            - **Linux (x86_64)**: `sshx-linux-amd64.tar.gz`
+            - **Linux (ARM64)**: `sshx-linux-arm64.tar.gz`
+            - **macOS (Intel)**: `sshx-darwin-amd64.tar.gz`
+            - **macOS (Apple Silicon)**: `sshx-darwin-arm64.tar.gz`
+            - **Windows (x86_64)**: `sshx-windows-amd64.zip`
+
+            ### 安装方法
+
+            #### Linux / macOS
+            ```bash
+            # 下载并解压
+            tar xzf sshx-<platform>-<arch>.tar.gz
+
+            # 移动到系统路径
+            sudo mv sshx /usr/local/bin/
+
+            # 赋予执行权限
+            sudo chmod +x /usr/local/bin/sshx
+
+            # 验证安装
+            sshx --help
+            ```
+
+            #### Windows
+            ```powershell
+            # 解压 zip 文件
+            # 将 sshx.exe 添加到系统 PATH
+            # 或直接在解压目录下使用
+            ```
+
+            ### 功能特性
+
+            - ✅ SSH 远程命令执行
+            - ✅ SFTP 文件传输（上传/下载/列表/创建目录/删除）
+            - ✅ 跨平台密码管理（系统 Keyring）
+            - ✅ 命令安全检查（防止危险操作）
+            - ✅ MCP (Model Context Protocol) 支持
+            - ✅ Sudo 密码自动填充
+
+            ### 校验和
+
+            请使用 `checksums.txt` 验证下载文件的完整性：
+            ```bash
+            sha256sum -c checksums.txt
+            ```
+
+            ### 更新日志
+
+            查看 [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md) 了解详细更新内容。
+
+          files: |
+            dist/*
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: binaries
+          path: dist/*
+          retention-days: 30

.golangci.yml

@@ -0,0 +1,47 @@
+run:
+  timeout: 5m
+  tests: true
+  modules-download-mode: readonly
+
+linters:
+  enable:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - gofmt
+    - goimports
+    - misspell
+    - unconvert
+    - unparam
+    - nakedret
+    - prealloc
+    - exportloopref
+    - noctx
+    - gosec
+
+linters-settings:
+  errcheck:
+    check-type-assertions: true
+    check-blank: true
+
+  govet:
+    check-shadowing: true
+
+  gofmt:
+    simplify: true
+
+  misspell:
+    locale: US
+
+  nakedret:
+    max-func-lines: 30
+
+issues:
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - errcheck
+        - gosec

CHANGELOG.md

@@ -0,0 +1,43 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+
+- Initial release
+- SSH remote command execution
+- SFTP file operations (upload, download, list, mkdir, remove)
+- Cross-platform password management using system keyring
+- Command safety checks to prevent dangerous operations
+- MCP (Model Context Protocol) support
+- Sudo password auto-fill from keyring
+- Environment variable support
+- Comprehensive unit tests
+
+### Changed
+
+- Code refactored into modular structure
+- Improved error handling
+
+### Fixed
+
+- N/A
+
+## [1.0.0] - 2025-01-12
+
+### Added
+
+- Initial public release
+- Core SSH/SFTP functionality
+- Password management
+- MCP support
+- Safety checks
+- Multi-platform support (Linux, macOS, Windows)
+
+[Unreleased]: https://github.com/talkincode/sshmcp/compare/v1.0.0...HEAD
+[1.0.0]: https://github.com/talkincode/sshmcp/releases/tag/v1.0.0

Makefile

@@ -150,6 +150,10 @@ check: fmt vet test ## 运行所有检查（格式化、vet、测试）
 ci: deps check test-coverage ## CI/CD 流程（依赖、检查、覆盖率）
 	@echo "CI 流程完成!"
 
+tag:
+	@echo "🏷️  开始标签创建流程..."
+	@./scripts/tag.sh
+
 dev: ## 开发模式（安装依赖、格式化、测试、构建）
 	@echo "开发模式..."
 	@$(MAKE) deps