feat: Add GHA testing

.github/dependabot.yml

@@ -0,0 +1,25 @@
+---
+version: 2
+
+updates:
+  # Keep Go module dependencies up to date
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    groups:
+      go-dependencies:
+        patterns:
+          - "*"
+
+  # Keep GitHub Actions up to date
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/ci.yml

@@ -0,0 +1,112 @@
+---
+name: CI
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run yamllint
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          config_file: .yamllint.yml
+          file_or_dir: .
+          strict: true
+  markdownlint:
+    name: markdownlint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Run markdownlint-cli2
+        uses: DavidAnson/markdownlint-cli2-action@v23
+        with:
+          globs: "**/*.md"
+
+  golangci-lint:
+    name: golangci-lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          # golangci-lint manages its own cache; disable setup-go's to avoid
+          # double-caching.
+          cache: false
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest
+          args: --timeout 5m
+
+  tidy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Check go.mod is tidy
+        run: |
+          go mod tidy
+          if ! git diff --exit-code go.mod go.sum; then
+            echo "go.mod or go.sum is not tidy — run 'go mod tidy' and commit the result."
+            exit 1
+          fi
+  fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Check formatting
+        run: |
+          unformatted=$(gofmt -l $(find . -name '*.go' -not -path './vendor/*'))
+          if [ -n "$unformatted" ]; then
+            echo "The following files are not gofmt-formatted:"
+            echo "$unformatted"
+            echo "Run 'gofmt -w .' to fix them."
+            exit 1
+          fi
+
+  vet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Vet
+        run: go vet ./...
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Unit tests
+        run: go test -mod=vendor -race -count=1 -timeout 5m ./...
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Build
+        run: GO111MODULE=on CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -mod=vendor -o bin/ ./

.github/workflows/pr-title.yml

@@ -0,0 +1,25 @@
+---
+name: PR Title
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+
+jobs:
+  validate:
+    name: Validate conventional commit title
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check PR title follows Conventional Commits
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          pattern='^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\(.+\))?(!)?: .+'
+          if ! echo "$PR_TITLE" | grep -qP "$pattern"; then
+            echo "PR title does not follow Conventional Commits format."
+            echo "Title: $PR_TITLE"
+            echo "Expected format: <type>[optional scope][!]: <description>"
+            echo "Valid types: build, chore, ci, docs, feat, fix, perf, refactor, revert, style, test"
+            exit 1
+          fi
+          echo "PR title is valid: $PR_TITLE"

.github/workflows/release-please.yml

@@ -0,0 +1,22 @@
+---
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write       # create tags and commits on the Release PR
+  pull-requests: write  # open and update the Release PR
+
+jobs:
+  release-please:
+    name: Release Please
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: googleapis/release-please-action@v4
+        with:
+          config-file: release-please-config.json
+          manifest-file: .release-please-manifest.json

.github/workflows/release.yml

@@ -0,0 +1,62 @@
+---
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write  # needed to create GitHub releases
+
+jobs:
+  release:
+    name: Build and Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      # Cross-compile the binary for each target platform.
+      - name: Build release binaries
+        run: |
+          VERSION="${{ github.ref_name }}"
+          LDFLAGS="-X github.com/chef/chef-load/lib.VERSION=${VERSION}"
+
+          CGO_ENABLED=0 GOOS=linux   GOARCH=amd64 go build -mod=vendor -ldflags "${LDFLAGS}" -o chef-load-linux-amd64        ./
+          CGO_ENABLED=0 GOOS=linux   GOARCH=arm64 go build -mod=vendor -ldflags "${LDFLAGS}" -o chef-load-linux-arm64        ./
+          CGO_ENABLED=0 GOOS=darwin  GOARCH=amd64 go build -mod=vendor -ldflags "${LDFLAGS}" -o chef-load-darwin-amd64       ./
+          CGO_ENABLED=0 GOOS=darwin  GOARCH=arm64 go build -mod=vendor -ldflags "${LDFLAGS}" -o chef-load-darwin-arm64       ./
+          CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod=vendor -ldflags "${LDFLAGS}" -o chef-load-windows-amd64.exe ./
+          CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -mod=vendor -ldflags "${LDFLAGS}" -o chef-load-windows-arm64.exe ./
+
+      # Produce a SHA-256 checksum file so users can verify downloads.
+      - name: Generate checksums
+        run: |
+          sha256sum \
+            chef-load-linux-amd64 \
+            chef-load-linux-arm64 \
+            chef-load-darwin-amd64 \
+            chef-load-darwin-arm64 \
+            chef-load-windows-amd64.exe \
+            chef-load-windows-arm64.exe \
+            > checksums.txt
+          cat checksums.txt
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          files: |
+            chef-load-linux-amd64
+            chef-load-linux-arm64
+            chef-load-darwin-amd64
+            chef-load-darwin-arm64
+            chef-load-windows-amd64.exe
+            chef-load-windows-arm64.exe
+            checksums.txt

.golangci.yml

@@ -0,0 +1,59 @@
+---
+# golangci-lint configuration for chef-load.
+# Run with: golangci-lint run ./...
+# See: https://golangci-lint.run/usage/configuration/
+
+version: "2"
+
+linters:
+  # Start from the default set (errcheck, govet, ineffassign, staticcheck, unused)
+  # and enable additional linters.
+  enable:
+    - bodyclose       # check for unclosed HTTP response bodies
+    - gosec           # security issues
+    - misspell        # catch common misspellings in comments and strings
+    - noctx           # detect HTTP requests sent without a context
+    - revive          # drop-in golint replacement
+    - unconvert       # remove unnecessary type conversions
+    - unparam         # detect unused function parameters
+
+  settings:
+    misspell:
+      locale: US
+    revive:
+      rules:
+        # Don't require exported-symbol doc comments in this project.
+        - name: exported
+          disabled: true
+
+  exclusions:
+    rules:
+      # Test files: relax security checks and return-error strictness.
+      - path: "_test\\.go"
+        linters: [gosec, errcheck]
+
+      # TLS InsecureSkipVerify: used when connecting to Chef Server / Automate
+      # with self-signed certificates; operator opting in via config.
+      - linters: [gosec]
+        text: "G402"
+
+      # G304: file path from config is trusted operator input, not user-supplied.
+      - linters: [gosec]
+        text: "G304"
+
+      # defer Close: returning errors from defer is not idiomatic Go.
+      - source: 'defer .*\.Close'
+        linters: [errcheck]
+
+      # fmt.Fprintf/Fprintln to open file handles: errors writing to local log
+      # files are non-actionable mid-run.
+      - source: 'fmt\.(Fprintf|Fprintln)\('
+        linters: [errcheck]
+
+formatters:
+  enable:
+    - goimports
+  settings:
+    goimports:
+      local-prefixes:
+        - github.com/chef/chef-load

.markdownlint-cli2.yaml

@@ -0,0 +1,7 @@
+---
+config:
+  line-length: false
+
+ignores:
+  # Ignore third-party vendor files — they are not owned by this project.
+  - "vendor/**"

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "4.0.0"
+}

.yamllint.yml

@@ -0,0 +1,15 @@
+---
+extends: default
+
+# Ignore third-party vendor files — they are not owned by this project.
+ignore: |
+  vendor/
+
+rules:
+  line-length: false
+
+  # GitHub Actions workflows use 'on:' as a mapping key; yamllint would flag
+  # it as a truthy value without this override.
+  truthy:
+    allowed-values: ["true", "false", "on", "off"]
+    check-keys: false

CHANGELOG.md

@@ -1,4 +1,9 @@
-# chef-load Change Log 
+# chef-load Change Log
+
+## 4.0.0 (2026-04-09)
+
+* Added support for policyfile based load simulations
+* Added compliance phase reporting capability to load simulations
 
 ## 3.0.0 (2017-08-31)