Add kubernetes as a container runtime

.devcontainer/devcontainer.json

@@ -13,7 +13,8 @@
     },
     "ghcr.io/devcontainers-extra/features/protoc:1": {},
     "ghcr.io/mrsimonemms/devcontainers/buf:1": {},
-    "ghcr.io/devcontainers-extra/features/grpcurl-asdf:2": {}
+    "ghcr.io/devcontainers-extra/features/grpcurl-asdf:2": {},
+    "ghcr.io/rio/features/skaffold:2": {}
   },
   "customizations": {
     "vscode": {
@@ -32,10 +33,14 @@
   "containerEnv": {
     "CLOUDEVENTS_CONFIG": "/workspaces/zigflow/cloudevents.example.yaml",
     "CONVERTER_KEY_PATH": "/workspaces/zigflow/keys.example.yaml",
+    "DOCKER_HOST1": "tcp://192.168.49.2:2376",
+    "DOCKER_CERT_PATH1": "/home/vscode/.minikube/certs",
+    "DOCKER_TLS_VERIFY1": "1",
     "GIT_REPO": "github.com/mrsimonemms/zigflow",
     "LOG_LEVEL": "trace",
-    "ZIGGY_EXAMPLE_ENVVAR": "some-example-envvar",
-    "WORKFLOW_FILE": "./workflow.example.yaml"
+    "MINIKUBE_ACTIVE_DOCKERD": "minikube",
+    "WORKFLOW_FILE": "./workflow.example.yaml",
+    "ZIGGY_EXAMPLE_ENVVAR": "some-example-envvar"
   },
   "forwardPorts": [
     3000,

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,58 @@
+name: Bug report
+description: Report something that isn't working correctly.
+title: "bug: "
+labels:
+  - bug
+body:
+  - type: markdown
+    attributes:
+      value: >
+        Before submitting, please search for existing issues to avoid
+        duplicates, and read
+        [CONTRIBUTING.md](https://github.com/mrsimonemms/zigflow/blob/main/CONTRIBUTING.md).
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: I have read CONTRIBUTING.md
+          required: true
+        - label: I have searched for existing issues
+          required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug description
+      description: A concise summary of the issue.
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+      description: How to recreate the problem.
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behaviour
+      description: What should happen instead.
+    validations:
+      required: false
+  - type: input
+    id: example
+    attributes:
+      label: Example repository
+      description: Link to a minimal reproducible example, if available.
+    validations:
+      required: false
+  - type: textarea
+    id: additional
+    attributes:
+      label: Anything else?
+      description: >
+        Theories, relevant code locations, Zigflow version, OS, or any
+        other context.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,10 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Contributing guide
+    url: https://github.com/mrsimonemms/zigflow/blob/main/CONTRIBUTING.md
+    about: >
+      Please read the contributing guide before opening an issue or pull
+      request.
+  - name: Slack community
+    url: https://slack.zigflow.dev
+    about: Ask questions and discuss ideas with the Zigflow community.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,51 @@
+name: Feature request
+description: Suggest an idea or improvement for Zigflow.
+title: "feat: "
+labels:
+  - enhancement
+body:
+  - type: markdown
+    attributes:
+      value: >
+        Before submitting, please search for existing issues to avoid
+        duplicates, and read
+        [CONTRIBUTING.md](https://github.com/mrsimonemms/zigflow/blob/main/CONTRIBUTING.md).
+        If this is a significant change, please open a discussion issue
+        first.
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      options:
+        - label: I have read CONTRIBUTING.md
+          required: true
+        - label: I have searched for existing issues
+          required: true
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem description
+      description: What problem are you trying to solve?
+    validations:
+      required: true
+  - type: textarea
+    id: desired
+    attributes:
+      label: Desired behaviour
+      description: What do you want to happen?
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternative solutions
+      description: Any alternative approaches you have considered?
+    validations:
+      required: false
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional context
+      description: Any other context, screenshots, or references.
+    validations:
+      required: false

.github/pull_request_template.md

@@ -0,0 +1,21 @@
+<!-- markdownlint-disable-file MD041 -->
+
+## Checklist
+
+- [ ] I have read [CONTRIBUTING.md](./CONTRIBUTING.md)
+- [ ] Tests pass (`pre-commit run` and `go test ./...`)
+- [ ] Documentation is updated where needed
+
+## Description
+
+<!-- Describe your changes in detail -->
+
+## Related Issue(s)
+
+<!-- An issue should be raised before creating a PR for significant changes -->
+
+Fixes #
+
+## How to test
+
+<!-- Provide steps to test this PR -->

.gitignore

@@ -19,3 +19,6 @@ wiki
 .claude
 
 cmd/schema.yaml
+
+# Temporal Cloud secrets
+dev/k8s/temporal-cloud-secret.yaml

Dockerfile

@@ -17,9 +17,11 @@ ARG GIT_COMMIT
 ARG GIT_REPO="github.com/mrsimonemms/zigflow"
 ARG PROJECT_NAME="zigflow"
 ARG VERSION
+ARG GOFLAGS=""
 ENV CGO_ENABLED=0
 ENV GOOS=linux
 ENV GOCACHE=/go/.cache
+ENV GOFLAGS="${GOFLAGS}"
 ENV PROJECT_NAME="${PROJECT_NAME}"
 ENV WORKFLOW_FILE=/go/app/workflow.example.yaml
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \

dev/k8s/README.md

@@ -0,0 +1,171 @@
+# Kubernetes Development Setup
+
+This directory contains Kubernetes manifests for running Zigflow locally with Minikube and Skaffold, connected to Temporal Cloud.
+
+## Prerequisites
+
+- [Minikube](https://minikube.sigs.k8s.io/docs/start/)
+- [Skaffold](https://skaffold.dev/docs/install/) v2.10.0 or later
+- [kubectl](https://kubernetes.io/docs/tasks/tools/)
+- [Temporal Cloud](https://temporal.io/cloud) account with namespace and mTLS certificates
+
+## Setup
+
+### 1. Configure Temporal Cloud Secrets
+
+Copy the example secret file and fill in your Temporal Cloud credentials:
+
+```bash
+cp temporal-cloud-secret.example.yaml temporal-cloud-secret.yaml
+```
+
+Edit `temporal-cloud-secret.yaml` with your Temporal Cloud information:
+- **address**: Your Temporal Cloud endpoint (e.g., `my-namespace.tmprl.cloud:7233`)
+- **namespace**: Your Temporal Cloud namespace
+- **client.pem**: Base64-encoded client certificate
+- **client.key**: Base64-encoded client key
+
+To base64 encode your certificates:
+```bash
+cat client.pem | base64 -w 0
+cat client.key | base64 -w 0
+```
+
+### 2. Start Minikube
+
+```bash
+make minikube
+# or
+minikube start
+```
+
+### 3. Create Secrets
+
+```bash
+kubectl apply -f dev/k8s/temporal-cloud-secret.yaml
+```
+
+### 4. Deploy with Skaffold
+
+**Production build (default):**
+```bash
+skaffold run
+```
+
+This builds the production image and deploys all resources.
+
+**Development mode with live reload:**
+```bash
+skaffold dev --profile=dev
+```
+
+This uses the `builder` stage with Air for hot reloading and automatically syncs Go file changes.
+
+## What's Deployed
+
+1. **Namespace**: `zigflow` - Isolated namespace for all resources
+2. **Zigflow**: The main application worker connected to Temporal Cloud
+
+## Configuration
+
+### Workflow Configuration
+
+The workflow is mounted from a ConfigMap. Edit [deployment.yaml](deployment.yaml) and update the `zigflow-workflow` ConfigMap to change the workflow definition.
+
+### Environment Variables
+
+The Zigflow deployment uses these environment variables:
+- `TEMPORAL_ADDRESS`: Temporal Cloud endpoint (from secret)
+- `TEMPORAL_NAMESPACE`: Temporal Cloud namespace (from secret)
+- `TEMPORAL_TLS_CERT`: Path to client certificate
+- `TEMPORAL_TLS_KEY`: Path to client key
+- `DISABLE_TELEMETRY`: Disable telemetry (default: `false`)
+- `WORKFLOW_FILE`: Path to workflow definition (default: `/workflow.yaml`)
+
+## Profiles
+
+### Default Profile (Production)
+
+Uses the final stage of the Dockerfile for production builds:
+
+```bash
+skaffold run
+```
+
+### Dev Profile (Development)
+
+Uses the builder stage with Air for hot reloading:
+
+```bash
+skaffold dev --profile=dev
+```
+
+## Port Forwarding
+
+To access the Zigflow health endpoint:
+```bash
+kubectl port-forward -n zigflow svc/zigflow 3000:3000
+```
+
+Then visit http://localhost:3000/health
+
+## Cleanup
+
+Stop Skaffold (Ctrl+C if running in dev mode) and clean up resources:
+
+```bash
+skaffold delete
+```
+
+Or manually delete the namespace:
+```bash
+kubectl delete namespace zigflow
+```
+
+## Troubleshooting
+
+### Check pod status
+```bash
+kubectl get pods -n zigflow
+```
+
+### View logs
+```bash
+kubectl logs -n zigflow -l app=zigflow -f
+```
+
+### Describe resources
+```bash
+kubectl describe deployment zigflow -n zigflow
+```
+
+### Check secrets
+```bash
+kubectl get secrets -n zigflow
+kubectl describe secret temporal-cloud -n zigflow
+kubectl describe secret temporal-cloud-tls -n zigflow
+```
+
+### Restart deployment
+```bash
+kubectl rollout restart deployment/zigflow -n zigflow
+```
+
+### Common Issues
+
+**Connection refused to Temporal Cloud:**
+- Verify your Temporal Cloud endpoint is correct
+- Ensure your mTLS certificates are valid and not expired
+- Check that certificates are properly base64 encoded
+
+**Pod fails to start:**
+- Check logs with `kubectl logs`
+- Verify secrets are created: `kubectl get secrets -n zigflow`
+- Ensure namespace is created first
+
+## Development Tips
+
+- Use `skaffold dev --profile=dev` for the best development experience with automatic rebuilds and log streaming
+- The dev profile uses the `builder` stage which includes Air for hot reloading
+- Go file changes are automatically synced to the container
+- Keep `temporal-cloud-secret.yaml` in `.gitignore` to avoid committing credentials