Add comprehensive CI/CD pipeline with validation and quality checks

  - Add pre-release validation workflow for automated testing before releases
  - Add CI workflow for pull request validation
  - Enhance release workflow with prerequisite validation and dependency checks
  - Add golangci-lint configuration for consistent code quality
  - Expand Makefile with comprehensive testing, formatting, and linting targets
  - Add test coverage reporting and CI-optimized test commands
  - Clean up test helper trailing whitespace

Author: Pradyothsp

.github/workflows/ci.yml

@@ -0,0 +1,267 @@
+name: CI
+
+on:
+  push:
+    branches: [ "*" ]
+  pull_request:
+    branches: [ "*" ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: Test
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        go-version: [1.21.x, 1.22.x, 1.23.x]
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: ${{ matrix.go-version }}
+
+    - name: Cache Go modules
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-${{ matrix.go-version }}-
+          ${{ runner.os }}-go-
+
+    - name: Download dependencies
+      run: go mod download
+
+    - name: Verify dependencies
+      run: go mod verify
+
+    - name: Run go vet
+      run: go vet ./...
+
+    - name: Run go fmt check
+      run: |
+        if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
+          echo "The following files are not formatted:"
+          gofmt -s -l .
+          echo "Please run 'go fmt ./...' to format your code."
+          exit 1
+        fi
+      shell: bash
+
+    - name: Run tests
+      run: go test -v -race -coverprofile=coverage.out ./...
+
+    - name: Run tests with coverage
+      run: go test -v -race -coverprofile=coverage.out -covermode=atomic ./...
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./coverage.out
+        flags: unittests
+        name: codecov-${{ matrix.os }}-go${{ matrix.go-version }}
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.23.x
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v3
+      with:
+        version: latest
+        args: --timeout=5m
+
+  build:
+    name: Build
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.23.x
+
+    - name: Build binary
+      run: |
+        go build -v -o pyinit ./cmd/pyinit
+      shell: bash
+
+    - name: Test binary (Unix)
+      if: runner.os != 'Windows'
+      run: ./pyinit --version
+
+    - name: Test binary (Windows)
+      if: runner.os == 'Windows'
+      run: .\pyinit.exe --version
+
+  integration:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+    needs: [test, build]
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.23.x
+
+    - name: Run integration tests
+      run: go test -v ./test/integration/...
+
+    - name: Test template rendering
+      run: go test -v ./pkg/template/...
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.23.x
+
+    - name: Run Gosec Security Scanner
+      uses: securecodewarrior/github-action-gosec@master
+      with:
+        args: '-no-fail -fmt sarif -out results.sarif ./...'
+
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: results.sarif
+
+  test-coverage:
+    name: Test Coverage Report
+    runs-on: ubuntu-latest
+    needs: test
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.23.x
+
+    - name: Run tests with coverage
+      run: |
+        go test -v -race -coverprofile=coverage.out -covermode=atomic ./...
+        go tool cover -html=coverage.out -o coverage.html
+
+    - name: Coverage Summary
+      run: |
+        echo "## Coverage Report" >> $GITHUB_STEP_SUMMARY
+        echo "| Package | Coverage |" >> $GITHUB_STEP_SUMMARY
+        echo "|---------|----------|" >> $GITHUB_STEP_SUMMARY
+        go tool cover -func=coverage.out | while read line; do
+          if [[ $line == *"total:"* ]]; then
+            coverage=$(echo $line | awk '{print $3}')
+            echo "| **Total** | **$coverage** |" >> $GITHUB_STEP_SUMMARY
+          elif [[ $line == *".go:"* ]]; then
+            file=$(echo $line | awk '{print $1}' | sed 's|.*/||')
+            coverage=$(echo $line | awk '{print $3}')
+            echo "| $file | $coverage |" >> $GITHUB_STEP_SUMMARY
+          fi
+        done
+
+    - name: Upload coverage artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: coverage-report
+        path: |
+          coverage.out
+          coverage.html
+
+  validate-release:
+    name: Validate Release Readiness
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: [test, lint, build, integration, security]
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.23.x
+
+    - name: Validate all tests pass
+      run: |
+        echo "Running final validation for release ${{ github.ref_name }}"
+        go test -v ./...
+        
+    - name: Build release binary
+      run: |
+        go build -ldflags "-X github.com/Pradyothsp/pyinit/internal/version.Version=${{ github.ref_name }} -X github.com/Pradyothsp/pyinit/internal/version.GitCommit=${{ github.sha }} -X github.com/Pradyothsp/pyinit/internal/version.BuildDate=$(date -u +%Y-%m-%dT%H:%M:%SZ)" -o pyinit ./cmd/pyinit
+
+    - name: Test release binary
+      run: |
+        ./pyinit --version
+        echo "Release binary validated successfully"
+
+    - name: Check version consistency
+      run: |
+        binary_version=$(./pyinit --version | head -1 | awk '{print $2}')
+        tag_version="${{ github.ref_name }}"
+        if [ "$binary_version" != "$tag_version" ]; then
+          echo "Version mismatch: binary=$binary_version, tag=$tag_version"
+          exit 1
+        fi
+        echo "Version consistency validated: $binary_version"
+
+  notify-status:
+    name: Notify Build Status
+    runs-on: ubuntu-latest
+    needs: [test, lint, build, integration]
+    if: always()
+    
+    steps:
+    - name: Notify Success
+      if: needs.test.result == 'success' && needs.lint.result == 'success' && needs.build.result == 'success' && needs.integration.result == 'success'
+      run: |
+        echo "✅ All CI checks passed successfully!"
+        echo "- Tests: ✅"
+        echo "- Linting: ✅" 
+        echo "- Build: ✅"
+        echo "- Integration: ✅"
+
+    - name: Notify Failure
+      if: needs.test.result == 'failure' || needs.lint.result == 'failure' || needs.build.result == 'failure' || needs.integration.result == 'failure'
+      run: |
+        echo "❌ CI checks failed!"
+        echo "- Tests: ${{ needs.test.result }}"
+        echo "- Linting: ${{ needs.lint.result }}"
+        echo "- Build: ${{ needs.build.result }}"
+        echo "- Integration: ${{ needs.integration.result }}"
+        exit 1