First commit.

.github/workflows/disabled.yaml

@@ -0,0 +1,57 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: false
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Cache Docker layers
+      uses: actions/cache@v2
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-buildx-
+
+    - name: Log in to GitHub Container Registry
+      run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
+
+    - name: Build Docker image
+      run: |
+        docker build --build-arg TERRAFORM_VERSION=1.9.3 --build-arg ANSIBLE_VERSION=10.2.0 -t ghcr.io/${{ github.repository_owner }}/kado:latest .
+
+    - name: Push Docker image
+      run: |
+        docker push ghcr.io/${{ github.repository_owner }}/kado:latest
+
+  run-kado:
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Copy .kdconfig to Home Directory
+      run: |
+        mkdir -p $HOME
+        cp .kdconfig $HOME/
+
+    - name: Run Kado in Docker
+      run: |
+        docker run --rm -v ${{ github.workspace }}:/workspace -v $HOME/.kdconfig:/root/.kdconfig ghcr.io/${{ github.repository_owner }}/kado:latest ai

.github/workflows/docker-release.yaml

@@ -0,0 +1,57 @@
+name: Build, Docker, and Release
+
+on:
+  push:
+    branches:
+      - main
+      - 'feature/*'
+      - 'fix/*'
+
+env:
+  VERSION_FILE: VERSION
+  DOCKER_IMAGE: ghcr.io/${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: '1.22.x'
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.x'
+
+    - name: Log in to GitHub Container Registry
+      run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
+
+    - name: Bump version
+      run: make version-bump
+
+    - name: Read version
+      id: version
+      run: echo "::set-output name=version::$(cat $(VERSION_FILE))"
+
+    - name: Build Docker image
+      run: make docker-build
+
+    - name: Push Docker image to GitHub Packages
+      run: |
+        docker push ${{ env.DOCKER_IMAGE }}:latest
+        docker push ${{ env.DOCKER_IMAGE }}:${{ steps.version.outputs.version }}
+
+    - name: Create GitHub release
+      uses: softprops/action-gh-release@v1
+      with:
+        tag_name: v${{ steps.version.outputs.version }}
+        name: Release ${{ steps.version.outputs.version }}
+        files: kado
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/kdlinter.go

@@ -0,0 +1,133 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+type LintError struct {
+	File    string
+	Line    int
+	Message string
+}
+
+func (e LintError) Error() string {
+	return fmt.Sprintf("%s:%d: %s", e.File, e.Line, e.Message)
+}
+
+func LintKDFile(filePath string) ([]LintError, error) {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	var lintErrors []LintError
+	scanner := bufio.NewScanner(file)
+	lineNumber := 0
+	insideBead := false
+	commentRegex := regexp.MustCompile(`^\s*#`)
+	emptyLineCount := 0
+
+	for scanner.Scan() {
+		lineNumber++
+		line := scanner.Text()
+		trimmedLine := strings.TrimSpace(line)
+
+		if strings.HasPrefix(trimmedLine, "bead ") && strings.HasSuffix(trimmedLine, "{") {
+			if insideBead {
+				lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Nested beads are not allowed"})
+			}
+			insideBead = true
+			if !strings.HasPrefix(line, "bead ") {
+				lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Bead declaration should start at the beginning of the line"})
+			}
+		} else if trimmedLine == "}" && insideBead {
+			insideBead = false
+			if !strings.HasPrefix(line, "}") {
+				lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Closing brace should be at the beginning of the line"})
+			}
+		} else if insideBead {
+			if !strings.HasPrefix(line, "  ") {
+				lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Bead content should be indented with two spaces"})
+			}
+		} else {
+			if commentRegex.MatchString(trimmedLine) {
+				if !strings.HasPrefix(trimmedLine, "#") {
+					lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Comments should start at the beginning of the line"})
+				}
+			} else if trimmedLine != "" && strings.HasPrefix(line, " ") {
+				lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Non-bead content should not be indented"})
+			}
+		}
+
+		if trimmedLine == "" {
+			emptyLineCount++
+			if emptyLineCount > 1 {
+				lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Multiple consecutive empty lines are not allowed"})
+			}
+		} else {
+			emptyLineCount = 0
+		}
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
+	if insideBead {
+		lintErrors = append(lintErrors, LintError{filePath, lineNumber, "Unclosed bead at end of file"})
+	}
+
+	return lintErrors, nil
+}
+
+func LintKDFilesInDir(dir string) ([]LintError, error) {
+	var allErrors []LintError
+
+	err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if !info.IsDir() && strings.HasSuffix(info.Name(), ".kd") {
+			errors, err := LintKDFile(path)
+			if err != nil {
+				return fmt.Errorf("failed to lint %s: %v", path, err)
+			}
+			allErrors = append(allErrors, errors...)
+		}
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return allErrors, nil
+}
+
+func main() {
+	if len(os.Args) < 2 {
+		fmt.Println("Usage: kdlinter <directory>")
+		os.Exit(1)
+	}
+
+	dir := os.Args[1]
+	errors, err := LintKDFilesInDir(dir)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+		os.Exit(1)
+	}
+
+	for _, e := range errors {
+		fmt.Println(e)
+	}
+
+	if len(errors) > 0 {
+		os.Exit(1)
+	}
+}

.github/workflows/kdlinter.yaml

@@ -0,0 +1,38 @@
+name: KD Linter
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  lint:
+    name: Lint KD Files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+
+      - name: Build KD Linter
+        run: |
+          go build -o kdlinter kdlinter.go
+
+      - name: Run KD Linter
+        run: |
+          ./kdlinter .
+        continue-on-error: true
+
+      - name: Check Linter Output
+        run: |
+          if [ -s lint_output.txt ]; then
+            echo "Linter found issues:"
+            cat lint_output.txt
+            exit 1
+          else
+            echo "No linting issues found."
+          fi

.github/workflows/sensitive-data-check.yml

@@ -0,0 +1,29 @@
+name: Sensitive Data Check
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  gitleaks:
+    name: Gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+
+      - name: Check Gitleaks output
+        if: ${{ failure() }}
+        run: |
+          echo "Gitleaks has detected potential sensitive data in your PR."
+          echo "Please review the Gitleaks output and remove any sensitive information before merging."
+          exit 1