Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

nixopus/go-deploy

Name: go-deploy
Author: nixopus

skills/go-deploy/SKILL.md

npx skillsauth add nixopus/agent go-deploy

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Go Deployment

Detection

Project is Go if any of these exist:

go.mod at the build context root
go.work at the root (Go workspaces)
main.go at the root

Versions

Go version priority:

go.mod → go directive (e.g. go 1.21)
.go-version file, mise.toml, or .tool-versions
Defaults to 1.23

Build

Build Command

Single module: go build -ldflags="-w -s" -o /app/out .
CGO disabled (static): CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out .
To build a specific binary from cmd/, target it directly: go build -ldflags="-w -s" -o /app/<name> ./cmd/<name>
For workspaces, specify the module path: go build -ldflags="-w -s" -o /app/out ./<module>

Main Package Resolution

Root directory if it contains .go files
First subdirectory in cmd/ (e.g. ./cmd/server)
For workspaces (go.work): first module with a main package

Output

Binary: /app/out or /app/<name>
Static binary when CGO_ENABLED=0

Go Workspaces

For multi-module projects with go.work:

Discovers and copies all module dependencies
Builds first module with main.go by default
Specify the target module path to build a different one

CGO Support

Default: CGO disabled (CGO_ENABLED=0) for static binaries. If CGO needed:

Set CGO_ENABLED=1
Build stage needs: gcc, g++, libc6-dev
Runtime needs libc6 for dynamic linking
Use debian:bookworm-slim instead of alpine for runtime

Port Detection

PORT in .env / .env.example
Source code patterns: :8080, ListenAndServe, Run( in main.go
Default: 8080

Framework / Library Detection

| Import / package | Category | |---|---| | net/http | Standard library | | github.com/gin-gonic/gin | Gin | | github.com/labstack/echo | Echo | | github.com/go-chi/chi | Chi | | github.com/valyala/fasthttp | FastHTTP | | github.com/gofiber/fiber | Fiber |

Install Stage Optimization

Copy in order:

go.mod, go.sum (and go.work if workspace)
Workspace: copy all module directories referenced in go.work
*.go (or full source for multi-package)

Copy go.mod + go.sum first for layer caching.

Caching

Use BuildKit cache mount:

RUN --mount=type=cache,target=/go/pkg/mod \
    --mount=type=cache,target=/root/.cache/go-build \
    go build -ldflags="-w -s" -o /app/out .

Base Images

| Stage | Image | |---|---| | Build | golang:1.23-alpine or golang:1.23-bookworm | | Runtime (static) | gcr.io/distroless/static or alpine:latest | | Runtime (CGO) | debian:bookworm-slim |

Dockerfile Patterns

Static Binary (Alpine runtime)

FROM golang:1.23-alpine AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out .

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /app
COPY --from=build /app/out .
EXPOSE 8080
CMD ["./out"]

Distroless Runtime

FROM golang:1.23-bookworm AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out .

FROM gcr.io/distroless/static
WORKDIR /app
COPY --from=build /app/out .
EXPOSE 8080
CMD ["./out"]

cmd layout

FROM golang:1.23-alpine AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/server ./cmd/server

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /app
COPY --from=build /app/server .
EXPOSE 8080
CMD ["./server"]

Go workspace

FROM golang:1.23-alpine AS build
WORKDIR /app
COPY go.work go.work.sum ./
COPY api/go.mod api/go.sum ./api/
COPY shared/go.mod shared/go.sum ./shared/
RUN go mod download ./api/...
COPY api/ ./api/
COPY shared/ ./shared/
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out ./api

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /app
COPY --from=build /app/out .
EXPOSE 8080
CMD ["./out"]

Gotchas

CGO_ENABLED=0 is required for truly static binaries — without it, the binary may dynamically link glibc and fail on Alpine/distroless
go.sum must be committed to the repo — missing it causes go mod download to fail in Docker
Multi-binary repos with cmd/ layout require specifying the target: go build ./cmd/server, not just go build .
Alpine runtime images need ca-certificates for outbound HTTPS — distroless/static includes them by default
Go modules cache at /go/pkg/mod — use BuildKit cache mounts to avoid re-downloading on every build

nixopus/go-deploy

skills/go-deploy/SKILL.md

Build and deploy Go applications — version detection, static binaries, CGO, workspaces, and Dockerfile patterns. Use when deploying a Go project, or when go.mod is detected.

1 stars

development

Updated Apr 22, 2026

$ install --global

skillsauth

npx skillsauth add nixopus/agent go-deploy

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 22, 2026, 11:57 PM206.2s1 file scanned

SKILL.md

name:: go-deploy
description:: Build and deploy Go applications — version detection, static binaries, CGO, workspaces, and Dockerfile patterns. Use when deploying a Go project, or when go.mod is detected.
version:: 1.0

Go Deployment

Detection

Project is Go if any of these exist:

go.mod at the build context root
go.work at the root (Go workspaces)
main.go at the root

Versions

Go version priority:

go.mod → go directive (e.g. go 1.21)
.go-version file, mise.toml, or .tool-versions
Defaults to 1.23

Build

Build Command

Single module: go build -ldflags="-w -s" -o /app/out .
CGO disabled (static): CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out .
To build a specific binary from cmd/, target it directly: go build -ldflags="-w -s" -o /app/<name> ./cmd/<name>
For workspaces, specify the module path: go build -ldflags="-w -s" -o /app/out ./<module>

Main Package Resolution

Root directory if it contains .go files
First subdirectory in cmd/ (e.g. ./cmd/server)
For workspaces (go.work): first module with a main package

Output

Binary: /app/out or /app/<name>
Static binary when CGO_ENABLED=0

Go Workspaces

For multi-module projects with go.work:

Discovers and copies all module dependencies
Builds first module with main.go by default
Specify the target module path to build a different one

CGO Support

Default: CGO disabled (CGO_ENABLED=0) for static binaries. If CGO needed:

Set CGO_ENABLED=1
Build stage needs: gcc, g++, libc6-dev
Runtime needs libc6 for dynamic linking
Use debian:bookworm-slim instead of alpine for runtime

Port Detection

PORT in .env / .env.example
Source code patterns: :8080, ListenAndServe, Run( in main.go
Default: 8080

Framework / Library Detection

Install Stage Optimization

Copy in order:

go.mod, go.sum (and go.work if workspace)
Workspace: copy all module directories referenced in go.work
*.go (or full source for multi-package)

Copy go.mod + go.sum first for layer caching.

Caching

Use BuildKit cache mount:

RUN --mount=type=cache,target=/go/pkg/mod \
    --mount=type=cache,target=/root/.cache/go-build \
    go build -ldflags="-w -s" -o /app/out .

Base Images

| Stage | Image | |---|---| | Build | golang:1.23-alpine or golang:1.23-bookworm | | Runtime (static) | gcr.io/distroless/static or alpine:latest | | Runtime (CGO) | debian:bookworm-slim |

Dockerfile Patterns

Static Binary (Alpine runtime)

FROM golang:1.23-alpine AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out .

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /app
COPY --from=build /app/out .
EXPOSE 8080
CMD ["./out"]

Distroless Runtime

FROM golang:1.23-bookworm AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out .

FROM gcr.io/distroless/static
WORKDIR /app
COPY --from=build /app/out .
EXPOSE 8080
CMD ["./out"]

cmd layout

FROM golang:1.23-alpine AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/server ./cmd/server

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /app
COPY --from=build /app/server .
EXPOSE 8080
CMD ["./server"]

Go workspace

FROM golang:1.23-alpine AS build
WORKDIR /app
COPY go.work go.work.sum ./
COPY api/go.mod api/go.sum ./api/
COPY shared/go.mod shared/go.sum ./shared/
RUN go mod download ./api/...
COPY api/ ./api/
COPY shared/ ./shared/
RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o /app/out ./api

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /app
COPY --from=build /app/out .
EXPOSE 8080
CMD ["./out"]

Gotchas

CGO_ENABLED=0 is required for truly static binaries — without it, the binary may dynamically link glibc and fail on Alpine/distroless
go.sum must be committed to the repo — missing it causes go mod download to fail in Docker
Multi-binary repos with cmd/ layout require specifying the target: go build ./cmd/server, not just go build .
Alpine runtime images need ca-certificates for outbound HTTPS — distroless/static includes them by default
Go modules cache at /go/pkg/mod — use BuildKit cache mounts to avoid re-downloading on every build

Related Skills

nixopus/api-catalog

tools

VerifiedTrustedCommunity

Compressed catalog of all Nixopus API operations for the nixopus_api() tool

1SKILL.mdUpdated Apr 26, 2026

nixopus/static-deploy

development

VerifiedTrustedCommunity

Deploy static file sites — Caddy/nginx serving, Staticfile config, and Dockerfile patterns. Use when deploying a static HTML site with no server-side runtime, or when index.html or a Staticfile is detected at the project root.

1SKILL.mdUpdated Apr 22, 2026

nixopus/static-deploy

nixopus/shell-deploy

devops

VerifiedTrustedCommunity

Deploy shell script applications — interpreter detection, setup scripts, and Dockerfile patterns. Use when deploying a shell script project, or when start.sh is detected.

1SKILL.mdUpdated Apr 22, 2026

nixopus/self-heal

development

VerifiedTrustedCommunity

Self-healing loop for failed deployments — diagnose, fix, redeploy up to 3 attempts, then escalate or rollback. Load when a deployment fails or build errors occur.

1SKILL.mdUpdated Apr 22, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/nixopus/agent.git

# Copy into Claude Code skills folder (global)
cp -r agent/skills/go-deploy ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

nixopus/agent

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT