Add CI pipeline for testing and style checks

Author: mtodor

.github/CONTRIBUTING.md

@@ -8,26 +8,41 @@ Thank you for your interest in contributing to StackRox MCP! This document provi
 
 All code must pass the following checks before being merged:
 
-- **Formatting:** Run `go fmt ./...` to format your code
-- **Linting:** Run `golint ./...` to check for style issues
-- **Vetting:** Run `go vet ./...` to check for suspicious constructs
-- **Testing:** All tests must pass with `go test ./...`
+- **Formatting:** Run `make fmt` to format your code
+- **Format Check:** Run `make fmt-check` to verify code is formatted
+- **Linting:** Run `make lint` to check for style issues
+- **Testing:** All tests must pass with `make test`
 
 These checks are automatically run in CI for all pull requests.
 
+### Available Make Targets
+
+View all available make commands:
+```bash
+make help
+```
+
+Common development commands:
+- `make build` - Build the binary
+- `make test` - Run unit tests with coverage
+- `make coverage-html` - Generate and view HTML coverage report
+- `make fmt` - Format code
+- `make fmt-check` - Check code formatting (fails if not formatted)
+- `make lint` - Run golangci-lint
+- `make clean` - Clean build artifacts and coverage files
+
 ### Testing
 
 - Write unit tests for all new functionality
 - Aim for 80% code coverage
-- All error paths tested
+- All error paths should be tested
 - Run tests with coverage:
   ```bash
-  go test -cover ./...
+  make test
   ```
-- Generate detailed coverage report:
+- Generate and view detailed coverage report:
   ```bash
-  go test -coverprofile=coverage.out ./...
-  go tool cover -html=coverage.out
+  make coverage-html
   ```
 
 ## Pull Request Guidelines

.github/workflows/style.yml

@@ -0,0 +1,35 @@
+name: Style
+
+on:
+  push:
+    tags:
+      - '*'
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  style:
+    name: Code Style Checks
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+
+      - name: Check code formatting
+        run: make fmt-check
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v8
+        with:
+          version: v2.6

.github/workflows/test.yml

@@ -0,0 +1,40 @@
+name: Test
+
+on:
+  push:
+    tags:
+      - '*'
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Run tests with coverage
+        run: make test
+
+#      - name: Upload coverage to Codecov
+#        uses: codecov/codecov-action@v4
+#        with:
+#          file: ./coverage.out
+#          token: ${{ secrets.CODECOV_TOKEN }}
+#          fail_ci_if_error: false

.gitignore

@@ -8,3 +8,6 @@
 
 # Build output
 /stackrox-mcp
+
+# Lint output
+/report.xml

.golangci.yml

@@ -0,0 +1,205 @@
+version: "2"
+run:
+  timeout: 240m
+  go: "1.24"
+  build-tags:
+    - integration
+    - scanner_db_integration
+    - sql_integration
+    - test_e2e
+  modules-download-mode: readonly
+output:
+  formats:
+    text:
+      path: stdout
+    junit-xml:
+      path: report.xml
+linters:
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  default: none
+  enable:
+    - asciicheck
+    - copyloopvar
+    - errcheck
+    - forbidigo
+    - gocritic
+    - exptostd
+    - gosec
+    - govet
+    - ineffassign
+    - nolintlint
+    - protogetter
+    - revive # replaces golint
+    - rowserrcheck
+    - staticcheck
+    - wrapcheck
+  # - nakedret TODO: add in follow-up
+  # - unconvert TODO: add in follow-up
+  # - unparam TODO: add in follow-up
+  # - unused // enabled in Makefile as it fails with release tag
+    - usestdlibvars
+  settings:
+    errcheck:
+      disable-default-exclusions: false
+      check-type-assertions: false
+      check-blank: false
+      exclude-functions:
+        - (*bytes.Buffer).WriteString
+        - (*strings.Builder).WriteByte
+        - (*strings.Builder).WriteRune
+        - (*strings.Builder).WriteString
+        - fmt.Fprint
+        - fmt.Fprintf
+        - fmt.Fprintln
+        - fmt.Print
+        - fmt.Printf
+        - fmt.Println
+        - github.com/stackrox/rox/pkg/utils.Should
+    forbidigo:
+      forbid:
+        - pattern: ^print\(.*\)$
+        - pattern: fmt\.Print.*(# Disallowed function used\. Use environments functions for printing or to a specific writer from environment\.InputOutput\(\)\.)?
+        - pattern: os\.Stdout(# Disallowed output streams used\. Use environment\.InputOutput\(\).Out instead\.)?
+        - pattern: os\.Stderr(# Disallowed output streams used\. Use environment\.InputOutput\(\).ErrOut instead\.)?
+        - pattern: os\.Stdin(# Disallowed output streams used\. Use environment\.InputOutput\(\).In instead\.)?
+    gocritic:
+      disabled-checks:
+        - appendAssign
+        - argOrder
+        - assignOp
+        - captLocal
+        - dupArg
+        - elseif
+        - exitAfterDefer
+        - ifElseChain
+        - mapKey
+        - singleCaseSwitch
+        - unlambda
+        - wrapperFunc
+    gosec:
+      includes:
+        - G101
+        - G102
+        - G103
+        - G104
+        - G106
+        - G108
+        - G109
+        - G111
+        - G201
+        - G202
+        - G203
+        - G303
+        - G307
+        - G403
+        - G502
+        - G503
+        - G504
+        - G601
+    govet:
+      disable:
+        - shadow
+        - fieldalignment
+      enable-all: true
+      settings:
+        printf:
+          funcs:
+            - Print
+            - Printf
+            - Println
+            - Debug
+            - Debugf
+            - Info
+            - Infof
+            - Warn
+            - Warnf
+            - Error
+            - Errorf
+            - github.com/stackrox/rox/migrator/log.WritetoStderr
+            - github.com/stackrox/rox/migrator/log.WritetoStderrf
+    nolintlint:
+      require-explanation: false
+      require-specific: true
+      allow-unused: false
+    revive:
+      rules:
+        - name: package-comments
+          disabled: true
+        - name: error-strings
+          disabled: true
+        - name: unexported-return
+          disabled: true
+    staticcheck:
+      checks:
+      - all
+      - -QF1001
+      - -QF1002
+      - -QF1003
+      - -QF1006
+      - -QF1007
+      - -QF1008
+      - -QF1009
+      - -QF1011
+      - -QF1012
+      - -SA1019
+      - -SA4001
+      - -ST1000
+      - -ST1001
+      - -ST1003
+      - -ST1005
+      - -ST1017
+      - -ST1019
+      - -ST1020
+      - -ST1021
+      - -ST1022
+      - -ST1023
+    wrapcheck:
+      ignore-sig-regexps:
+        - \(\*github\.com\/stackrox\/rox\/pkg\/errorhelpers\.ErrorList\)\.ToError\(\)
+        - backoff.Retry.*
+        - concurrency\.WithLock.*
+        - errox\..+\.CausedBy(f)?
+        - policy\.NewErr.*
+        - retry\.MakeRetryable
+        - retry\.WithRetry
+        - status\.Error
+        - utils\.Should
+  exclusions:
+    generated: lax
+    rules:
+      - linters:
+          - wrapcheck
+        path: ^(central|compliance|integration-tests|local|migrator|operator|pkg|scanner|sensor/tests/helper|tests|tools|scale)/
+      - linters:
+          - forbidigo
+        path: (central/graphql/schema/print|compliance|integration-tests|local|migrator|operator|pkg|scanner|sensor|tests|tools|scale|govulncheck|compliance/virtualmachines/agent)/
+      - linters:
+          - forbidigo
+        path: roxctl/central/generate/interactive.go
+      - linters:
+          - forbidigo
+          - wrapcheck
+        path: _test\.go
+      - linters:
+          - forbidigo
+        path: roxctl/common/io/io\.go # io.go will by default use os.Stdin/os.StdErr.
+    paths:
+      - pkg/complianceoperator/api
+      - third_party$
+      - builtin$
+      - examples$
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - pkg/complianceoperator/api
+      - third_party$
+      - builtin$
+      - examples$