chore: enhance project infrastructure

- Pin GitHub Actions to tag SHAs instead of commit SHAs
- Use make targets in CI workflows instead of raw commands
- Add vulncheck to Makefile and CI
- Simplify golangci-lint config for v2 compatibility
- Fix README hallucinations (remove non-existent file references)
- Add Dependabot configuration for GitHub Actions and Go modules

Author: mortezaPRK

.github/dependabot.yml

@@ -1,15 +1,29 @@
 version: 2
 updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  # Maintain dependencies for Go modules
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 1
+      day: "monday"
     groups:
       go-dependencies:
         patterns:
           - "*"
-        update-types:
-          - "major"
-          - "minor"
-          - "patch"
+    labels:
+      - "dependencies"
+      - "go"

.github/workflows/ci.yml

@@ -0,0 +1,76 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Set up Go
+        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
+        with:
+          go-version: '1.24'
+          cache: true
+          cache-dependency-path: go.sum
+
+      - name: Install golangci-lint
+        uses: golangci/golangci-lint-action@8564da7cb3c6866ed1da648ca8f00a258ef0c802 # v6.5.2
+        with:
+          version: v2.11.4
+          skip-install: true
+
+      - name: Run linter
+        run: make lint
+
+  vulncheck:
+    name: Vulnerability Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Set up Go
+        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
+        with:
+          go-version: '1.24'
+          cache: true
+          cache-dependency-path: go.sum
+
+      - name: Run vulnerability check
+        run: make vulncheck
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Set up Go
+        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
+        with:
+          go-version: '1.24'
+          cache: true
+          cache-dependency-path: go.sum
+
+      - name: Run tests
+        run: make test
+
+      - name: Upload coverage to artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: coverage-report
+          path: |
+            coverage.out
+            coverage.html
+
+      - name: Display coverage summary
+        run: make coverage-func

.github/workflows/publish.yml

@@ -15,22 +15,22 @@ jobs:
       contents: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           push: true
@@ -49,12 +49,12 @@ jobs:
           done
 
       - name: Upload Release Assets
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2
         with:
           files: built/*
-      
+
       - name: Update repo description
-        uses: peter-evans/dockerhub-description@v4
+        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}

.golangci.yml

@@ -0,0 +1,23 @@
+version: "2"
+
+run:
+  timeout: 5m
+  tests: true
+  modules-download-mode: readonly
+
+linters:
+  enable:
+    - govet
+    - staticcheck
+    - errcheck
+    - ineffassign
+    - unused
+    - misspell
+    - gocritic
+    - gosec
+    - revive
+
+formatters:
+  enable:
+    - gofmt
+    - goimports

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Morteza Pourseif
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,70 @@
+.PHONY: lint fix clean vulncheck ci deps deps-update run help
+
+# Variables
+BINARY_NAME=kmir
+GO=go
+GOFLAGS=-v
+LINTER=golangci-lint
+
+help: ## Show this help message
+	@echo 'Usage: make [target]'
+	@echo ''
+	@echo 'Available targets:'
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "  %-15s %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+build: ## Build the binary
+	@echo "Building $(BINARY_NAME)..."
+	$(GO) build $(GOFLAGS) -o $(BINARY_NAME) .
+
+test: ## Run tests
+	@echo "Running tests..."
+	$(GO) test -v -race -coverprofile=coverage.out -covermode=atomic ./...
+
+test-short: ## Run short tests only
+	@echo "Running short tests..."
+	$(GO) test -v -short ./...
+
+lint: ## Run linters
+	@echo "Running linters..."
+	$(LINTER) run --timeout 5m ./...; \
+
+fix: ## Auto-fix linting issues
+	@echo "Fixing linting issues..."
+	$(LINTER) run --fix --timeout 5m ./...; \
+
+coverage: ## Generate coverage report
+	@echo "Generating coverage report..."
+	$(GO) test -coverprofile=coverage.out -covermode=atomic ./...
+	$(GO) tool cover -html=coverage.out -o coverage.html
+	@echo "Coverage report generated: coverage.html"
+
+coverage-func: ## Show coverage by function
+	@echo "Coverage by function:"
+	$(GO) test -coverprofile=coverage.out -covermode=atomic ./...
+	$(GO) tool cover -func=coverage.out
+
+clean: ## Clean build artifacts
+	@echo "Cleaning..."
+	rm -f $(BINARY_NAME)
+	rm -f coverage.out coverage.html
+	rm -f *.test
+
+vulncheck: ## Check for security vulnerabilities
+	@echo "Checking for vulnerabilities..."
+	$(GO) tool govulncheck ./...
+
+ci: lint vulncheck test ## Run CI checks (lint + vulncheck + test)
+
+deps: ## Download dependencies
+	@echo "Downloading dependencies..."
+	$(GO) mod download
+	$(GO) mod tidy
+
+deps-update: ## Update dependencies
+	@echo "Updating dependencies..."
+	$(GO) get -u ./...
+	$(GO) mod tidy
+
+run: build ## Build and run the binary
+	@echo "Running $(BINARY_NAME)..."
+	./$(BINARY_NAME)

README.md

@@ -68,3 +68,64 @@ The positional arguments, which specify the topic information, can be in any of
 ```sh
 kmir --source-brokers=localhost:9092 --sink-brokers=localhost:9093 --client-id=my-client --kafka-version=2.7.0 topic1 topic2@-1 topic3@0:100,1:200
 ```
+
+## Development
+
+### Prerequisites
+
+- Go 1.24 or later
+- golangci-lint v2.11.4 or later
+
+### Setup
+
+```bash
+# Clone the repository
+git clone https://github.com/mortezaPRK/kmir.git
+cd kmir
+
+# Install dependencies
+make deps
+```
+
+### Building
+
+```bash
+# Build the binary
+make build
+```
+
+### Testing
+
+```bash
+# Run all tests
+make test
+
+# Run short tests only
+make test-short
+
+# Generate coverage report
+make coverage
+
+# Run all CI checks
+make ci
+```
+
+### Available Make Commands
+
+| Command | Description |
+|---------|-------------|
+| `make build` | Build the binary |
+| `make test` | Run tests with race detection |
+| `make test-short` | Run short tests only |
+| `make lint` | Run linters (golangci-lint) |
+| `make fix` | Auto-fix formatting issues |
+| `make coverage` | Generate coverage report |
+| `make clean` | Clean build artifacts |
+| `make ci` | Run full CI checks (lint, vulncheck, test) |
+| `make deps` | Download dependencies |
+| `make deps-update` | Update dependencies |
+| `make vulncheck` | Check for security vulnerabilities |
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.