[codex] add agent CLI release workflow

[coderberry]

Summary

• Restructure slack-post into a testable Cobra-based command under cmd/slack-post with internal command logic and focused tests.
• Add Makefile targets and GitHub Actions for per-binary SemVer packaging and release publication.
• Add repo-local skills for building Go Cobra CLIs and releasing/versioning binaries through the Makefile workflow.
• Add colocated tool docs and environment templates under cmd/slack-post/.

Why

• The repo needs to host multiple agent-facing CLIs without forcing unrelated tools into a single binary or shared command namespace.
• Each binary needs an independent release/versioning flow so downstream Dockerfiles can install a pinned executable from GitHub releases.

Test Plan

• go test ./...
• go vet ./...
• make build
• make package TOOL=slack-post VERSION=v0.1.0 GOOS=linux GOARCH=amd64
• tar -tzf dist/slack-post_v0.1.0_linux_amd64.tar.gz
• dist/slack-post --version
• dist/slack-post --help
• git diff --cached --check && git diff --check
• quick_validate.py .agents/skills/release-agent-binaries in a throwaway venv with PyYAML installed

[Copilot]

Pull request overview

This PR restructures the Slack posting tool into the repository’s new multi-binary Go CLI layout and adds build, package, CI, and release automation for independently versioned agent-facing binaries.

Changes:

• Moves slack-post into a Cobra-based cmd/slack-post entrypoint with internal command logic and tests.
• Adds Go module files, Makefile targets, CI, and release workflow for per-binary SemVer archives.
• Adds command docs, environment templates, and agent skill documentation for building/releasing binaries.

Reviewed changes

Copilot reviewed 14 out of 17 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
slack-post/slack-post.go	Removes the old standalone Slack posting implementation.
README.md	Documents repository shape, build/test commands, release tags, and install example.
Makefile	Adds build, package, tag, release archive, and validation targets.
internal/cli/slackpost/command.go	Adds testable Cobra command implementation for posting Slack messages.
internal/cli/slackpost/command_test.go	Adds focused command tests for success and error behavior.
go.mod	Defines the Go module and Cobra dependency.
go.sum	Adds dependency checksums.
cmd/slack-post/main.go	Adds thin binary entrypoint with version stamping support.
cmd/slack-post/README.md	Adds usage, input, output, build, and package docs for the tool.
cmd/slack-post/.env.example	Adds Slack-related environment variable template.
.gitignore	Ignores generated distribution artifacts.
.github/workflows/ci.yml	Adds pull request/main branch test and build workflow.
.github/workflows/release.yml	Adds tag/dispatch release packaging and GitHub release publication workflow.
.agents/skills/release-agent-binaries/SKILL.md	Adds release workflow guidance for agent-operated binary publishing.
.agents/skills/release-agent-binaries/agents/openai.yaml	Adds agent metadata for the release skill.
.agents/skills/build-go-cobra-clis/SKILL.md	Updates CLI-building guidance to include colocated docs and env templates.

Comments suppressed due to low confidence (6)

Makefile:87

• TOOL is interpolated directly into shell recipes before any character validation, and the release workflow derives it from tag/dispatch input. A tool value containing shell metacharacters can break out of these quoted strings before the directory check completes; validate TOOL against the allowed binary-name pattern before using it in any recipe command.

	@if [ ! -d "cmd/$(TOOL)" ]; then \
		echo "unknown TOOL=$(TOOL); available: $(BINS)" >&2; \

Makefile:98

• VERSION is expanded into the shell command before the SemVer validation runs. A tag or workflow-dispatch value containing shell metacharacters could execute in the release job before grep rejects it; avoid interpolating raw make variables into shell syntax or validate/sanitize the value before this point.

	@if ! printf '%s\n' "$(VERSION)" | grep -Eq '$(SEMVER_PATTERN)'; then \
		echo "VERSION must be SemVer with a leading v, e.g. v0.1.0" >&2; \
		exit 2; \

Makefile:62

• The nested loop does not stop on a failed package invocation; without set -e or || exit, the target can still exit successfully if a later OS/arch package succeeds. That can leave a partial set of archives while reporting release success.

release-archives: check-tool check-version
	@for os in $(RELEASE_OSES); do \
		for arch in $(RELEASE_ARCHES); do \
			$(MAKE) --no-print-directory package TOOL="$(TOOL)" VERSION="$(VERSION)" GOOS="$$os" GOARCH="$$arch"; \
		done; \
	done

Makefile:55

• This multi-command recipe does not enable set -e, so a failed go build or tar can be followed by the final echo, causing make package to exit 0 even though no valid archive was produced. Make the shell fail fast or explicitly chain the commands so packaging errors propagate.

	@tmp_dir="$$(mktemp -d)"; \
	trap 'rm -rf "$$tmp_dir"' EXIT; \
	echo "packaging $(TOOL) $(VERSION) for $(GOOS)/$(GOARCH)"; \
	GOOS="$(GOOS)" GOARCH="$(GOARCH)" CGO_ENABLED=0 \
		go build -trimpath -ldflags "-s -w -X main.version=$(VERSION)" -o "$$tmp_dir/$(TOOL)" "./cmd/$(TOOL)"; \
	tar -C "$$tmp_dir" -czf "$(ARCHIVE)" "$(TOOL)"; \
	echo "$(ARCHIVE)"

Makefile:45

• build-tool stamps VERSION into the binary but does not run check-version, so make build-tool TOOL=slack-post VERSION=not-semver succeeds and produces a binary whose --version cannot be released. Add version validation when VERSION is provided, or document that this target intentionally accepts arbitrary build metadata.

build-tool: check-tool
	@mkdir -p "$(DIST_DIR)"
	go build -trimpath -ldflags "-s -w -X main.version=$(BUILD_VERSION)" -o "$(DIST_DIR)/$(TOOL)" "./cmd/$(TOOL)"

.github/workflows/release.yml:50

• Workflow-dispatch inputs are interpolated directly into the bash script before execution. An input containing quotes or command substitutions can alter the script; pass these values through step env variables or otherwise validate/quote them before use.

            tool="${{ inputs.tool }}"
            version="${{ inputs.version }}"

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.