From 97465886337da90971f1fff9f5c0ede77852aae8 Mon Sep 17 00:00:00 2001
From: "Xinwei Xiong (cubxxw)" <3293172751nss@gmail.com>
Date: Sat, 16 Mar 2024 16:20:49 +0800
Subject: [PATCH 1/3] build: init project

---
 .gitignore         | 372 ++++++++++++++++++++++++++++++++++++++++++---
 README.md          |   1 +
 checker/checker.go | 104 +++++++++++++
 config.yaml        |  21 +++
 config/config.go   |  49 ++++++
 go.mod             |   5 +
 6 files changed, 534 insertions(+), 18 deletions(-)
 create mode 100644 checker/checker.go
 create mode 100644 config.yaml
 create mode 100644 config/config.go
 create mode 100644 go.mod

diff --git a/.gitignore b/.gitignore
index 5d947ca..3c74105 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,18 +1,354 @@
-# Build and Release Folders
-bin-debug/
-bin-release/
-[Oo]bj/
-[Bb]in/
-
-# Other files and folders
-.settings/
-
-# Executables
-*.swf
-*.air
-*.ipa
-*.apk
-
-# Project files, i.e. `.project`, `.actionScriptProperties` and `.flexProperties`
-# should NOT be excluded as they contain compiler settings and other important
-# information for Eclipse / Flash Builder.
+# Created by https://www.toptal.com/developers/gitignore/api/vim,jetbrains,vscode,git,go,tags,backup,test,emacs
+# Edit at https://www.toptal.com/developers/gitignore?templates=vim,jetbrains,vscode,git,go,tags,backup,test,emacs
+
+### Backup ###
+*.bak
+*.gho
+*.ori
+*.orig
+*.tmp
+
+### Git ###
+# Created by git for backups. To disable backups in Git:
+# $ git config --global mergetool.keepBackup false
+
+# Created by git when using merge tools for conflicts
+*.BACKUP.*
+*.BASE.*
+*.LOCAL.*
+*.REMOTE.*
+*_BACKUP_*.txt
+*_BASE_*.txt
+*_LOCAL_*.txt
+*_REMOTE_*.txt
+
+
+### Go ###
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+_output/
+bin/
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+### Go Patch ###
+/vendor/
+/Godeps/
+
+### JetBrains ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+.idea
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### JetBrains Patch ###
+# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
+
+# *.iml
+# modules.xml
+# .idea/misc.xml
+# *.ipr
+
+# Sonarlint plugin
+# https://plugins.jetbrains.com/plugin/7973-sonarlint
+.idea/**/sonarlint/
+
+# SonarQube Plugin
+# https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin
+.idea/**/sonarIssues.xml
+
+# Markdown Navigator plugin
+# https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced
+.idea/**/markdown-navigator.xml
+.idea/**/markdown-navigator-enh.xml
+.idea/**/markdown-navigator/
+
+# Cache file creation bug
+# See https://youtrack.jetbrains.com/issue/JBR-2257
+.idea/$CACHE_FILE$
+
+# CodeStream plugin
+# https://plugins.jetbrains.com/plugin/12206-codestream
+.idea/codestream.xml
+
+### Tags ###
+# Ignore tags created by etags, ctags, gtags (GNU global) and cscope
+TAGS
+.TAGS
+!TAGS/
+tags
+.tags
+!tags/
+gtags.files
+GTAGS
+GRTAGS
+GPATH
+GSYMS
+cscope.files
+cscope.out
+cscope.in.out
+cscope.po.out
+
+
+### Test ###
+### Ignore all files that could be used to test your code and
+### you wouldn't want to push
+
+# Reference https://en.wikipedia.org/wiki/Metasyntactic_variable
+
+# Most common
+*foo
+*bar
+*fubar
+*foobar
+*baz
+
+# Less common
+*qux
+*quux
+*bongo
+*bazola
+*ztesch
+
+# UK, Australia
+*wibble
+*wobble
+*wubble
+*flob
+*blep
+*blah
+*boop
+*beep
+
+# Japanese
+*hoge
+*piyo
+*fuga
+*hogera
+*hogehoge
+
+# Portugal, Spain
+*fulano
+*sicrano
+*beltrano
+*mengano
+*perengano
+*zutano
+
+# France, Italy, the Netherlands
+*toto
+*titi
+*tata
+*tutu
+*pipppo
+*pluto
+*paperino
+*aap
+*noot
+*mies
+
+# Other names that would make sense
+*tests
+*testsdir
+*testsfile
+*testsfiles
+*testdir
+*testfile
+*testfiles
+*testing
+*testingdir
+*testingfile
+*testingfiles
+*temp
+*tempdir
+*tempfile
+*tempfiles
+*tmp
+*tmpdir
+*tmpfile
+*tmpfiles
+*lol
+
+### Vim ###
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+# Persistent undo
+[._]*.un~
+
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+
+# Org-mode
+.org-id-locations
+*_archive
+ltximg/**
+
+# flymake-mode
+*_flymake.*
+
+# eshell files
+/eshell/history
+/eshell/lastdir
+
+# elpa packages
+/elpa/
+
+# reftex files
+*.rel
+
+# AUCTeX auto folder
+/auto/
+
+# cask packages
+.cask/
+dist/
+
+# Flycheck
+flycheck_*.el
+
+# server auth directory
+/server/
+
+# projectiles files
+.projectile
+
+# directory configuration
+.dir-locals.el
+
+# network security
+/network-security.data
+
+### vscode ###
+.vscode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# End of https://www.toptal.com/developers/gitignore/api/vim,jetbrains,vscode,git,go,tags,backup,test
+
+# Start by kubecub
+
+# log
+*.log
+
+# Output of backend and frontend
+/_output
+/_debug
+
+# Misc
+.DS_Store
+# *.env
+# .env
+dist
+
+# files used by the developer
+.idea.md
+.todo.md
+.note.md
+
+# config files, may contain sensitive information
+dist/
diff --git a/README.md b/README.md
index e9f6d35..16d60aa 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,3 @@
 # comment-lang-detector
+
 A GitHub Action for detecting specified languages (e.g., Chinese or Japanese) in comments within code files across multiple programming languages (YAML, Go, Java, Rust). Ideal for projects aiming to adhere to internationalization standards or maintain language-specific coding guidelines.
diff --git a/checker/checker.go b/checker/checker.go
new file mode 100644
index 0000000..1120d49
--- /dev/null
+++ b/checker/checker.go
@@ -0,0 +1,104 @@
+// Copyright © 2024 OpenIM. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package checker
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"github.com/kubecub/comment-lang-detector/config"
+)
+
+type CheckResult struct {
+	FilePath string
+	Lines    []int
+}
+
+func checkFileForChineseComments(filePath string) ([]CheckResult, error) {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	var results []CheckResult
+	scanner := bufio.NewScanner(file)
+	reg := regexp.MustCompile(`[\p{Han}]+`)
+	lineNumber := 0
+
+	var linesWithChinese []int
+	for scanner.Scan() {
+		lineNumber++
+		if reg.FindString(scanner.Text()) != "" {
+			linesWithChinese = append(linesWithChinese, lineNumber)
+		}
+	}
+
+	if len(linesWithChinese) > 0 {
+		results = append(results, CheckResult{
+			FilePath: filePath,
+			Lines:    linesWithChinese,
+		})
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
+	return results, nil
+}
+
+func WalkDirAndCheckComments(cfg config.Config) error {
+	var allResults []CheckResult
+	err := filepath.Walk(cfg.Directory, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			return nil
+		}
+		for _, fileType := range cfg.FileTypes {
+			if filepath.Ext(path) == fileType {
+				results, err := checkFileForChineseComments(path)
+				if err != nil {
+					return err
+				}
+				if len(results) > 0 {
+					allResults = append(allResults, results...)
+				}
+			}
+		}
+		return nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if len(allResults) > 0 {
+		var errMsg strings.Builder
+		errMsg.WriteString("Files containing Chinese comments:\n")
+		for _, result := range allResults {
+			errMsg.WriteString(fmt.Sprintf("%s: Lines %v\n", result.FilePath, result.Lines))
+		}
+		return fmt.Errorf(errMsg.String())
+	}
+
+	return nil
+}
diff --git a/config.yaml b/config.yaml
new file mode 100644
index 0000000..32a8c1f
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2024 OpenIM. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+directory: ./
+file_types:
+  - .go
+  - .yaml
+  - .yml
+languages:
+  - Chinese
\ No newline at end of file
diff --git a/config/config.go b/config/config.go
new file mode 100644
index 0000000..aebf0d4
--- /dev/null
+++ b/config/config.go
@@ -0,0 +1,49 @@
+// Copyright © 2024 OpenIM. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"flag"
+	"log"
+	"os"
+
+	"gopkg.in/yaml.v2"
+)
+
+type Config struct {
+	Directory string   `yaml:"directory"`
+	FileTypes []string `yaml:"file_types"`
+	Languages []string `yaml:"languages"`
+}
+
+func ParseConfig() (Config, error) {
+	var configPath string
+	flag.StringVar(&configPath, "config", "./", "Path to config file")
+	flag.Parse()
+
+	var config Config
+	if configPath != "" {
+		configFile, err := os.ReadFile(configPath)
+		if err != nil {
+			return Config{}, err
+		}
+		if err := yaml.Unmarshal(configFile, &config); err != nil {
+			return Config{}, err
+		}
+	} else {
+		log.Fatal("Config file must be provided")
+	}
+	return config, nil
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..aa75f88
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,5 @@
+module github.com/kubecub/comment-lang-detector
+
+go 1.19
+
+require gopkg.in/yaml.v2 v2.4.0

From cc37d6e2a24bb6c06c561ee9ddd4a39f65788832 Mon Sep 17 00:00:00 2001
From: "Xinwei Xiong (cubxxw)" <3293172751nss@gmail.com>
Date: Sat, 16 Mar 2024 16:20:53 +0800
Subject: [PATCH 2/3] build: init project

---
 .chglog/CHANGELOG.tpl.md                    |   56 +
 .chglog/config.yml                          |   31 +
 .github/CONTRIBUTING.md                     |    2 +
 .github/FUNDING.yml                         |    9 +
 .github/OWNERS                              |    4 +
 .github/PULL_REQUEST_TEMPLATE.md            |   72 +
 .github/labeler.yml                         |   31 +
 .github/labels.yml                          |   32 +
 .github/sync_labeler.yml                    | 1440 +++++++++++++++++++
 .github/sync_labels.yml                     | 1440 +++++++++++++++++++
 .github/workflows/auto-assign-issue.yml     |   30 +
 .github/workflows/auto-invite.yml           |   50 +
 .github/workflows/cla.yml                   |   52 +
 .github/workflows/codeql-analysis.yml       |   76 +
 .github/workflows/create-release-branch.yml |   47 +
 .github/workflows/cron.yml                  |   46 +
 .github/workflows/depsreview.yaml           |   18 +
 .github/workflows/gpt-translate.yml         |   27 +
 .github/workflows/grype.yml                 |   28 +
 .github/workflows/help-comment-issue.yml    |   24 +
 .github/workflows/issue-robot.yml           |   22 +
 .github/workflows/labeler.yml               |   18 +
 .github/workflows/link-pr.yml               |   49 +
 .github/workflows/main.yaml                 |   22 +
 .github/workflows/main.yml                  |   26 +
 .github/workflows/milestone.yml             |   62 +
 .github/workflows/opencommit.yml            |   43 +
 .github/workflows/release.yml               |  125 ++
 .github/workflows/script.yml                |   33 +
 .github/workflows/setup.yml                 |   29 +
 .github/workflows/spell-check.yml           |   45 +
 .github/workflows/stale.yml                 |   38 +
 .github/workflows/sync_labels.yml           |   29 +
 .github/workflows/test.yml                  |   25 +
 .github/workflows/typos-check.yml           |   18 +
 .github/workflows/typos.yml                 |   19 +
 .golangci.yml                               |  934 ++++++++++++
 .goreleaser.yaml                            |  373 +++++
 .kodiak.toml                                |    3 +
 CHANGELOG.md                                |  110 ++
 CONTRIBUTING.md                             |  372 +++++
 Dockerfile                                  |   17 +
 Makefile                                    |  485 +++++++
 action.yml                                  |    4 +
 cmd/OWNERS.md                               |    4 +
 cmd/README.md                               |   19 +
 cmd/cld/main.go                             |   34 +
 docs/CODEOWNERS                             |   59 +
 docs/OWNERS                                 |    4 +
 docs/README.md                              |    9 +
 go.sum                                      |    4 +
 scripts/LICENSE/LICENSE.md                  |   21 +
 scripts/LICENSE/LICENSE_TEMPLATES           |   13 +
 scripts/LICENSE/license_templates.txt       |    3 +
 scripts/OWNERS                              |    4 +
 scripts/README.md                           |   11 +
 scripts/common.sh                           |  497 +++++++
 scripts/ensure_tag.sh                       |   14 +
 scripts/githooks/commit-msg                 |   81 ++
 scripts/githooks/pre-commit                 |  103 ++
 scripts/githooks/pre-push                   |   41 +
 scripts/install/common.sh                   |   24 +
 scripts/install/environment.sh              |   93 ++
 scripts/install/iam-apiserver.sh            |   86 ++
 scripts/install/iam-authz-server.sh         |   86 ++
 scripts/install/iam-pump.sh                 |   78 +
 scripts/install/iam-watcher.sh              |   78 +
 scripts/install/iamctl.sh                   |   80 ++
 scripts/install/install.sh                  |  419 ++++++
 scripts/install/man.sh                      |   54 +
 scripts/install/mariadb.sh                  |   80 ++
 scripts/install/mariadb_for_ubuntu.sh       |   75 +
 scripts/install/mongodb.sh                  |  111 ++
 scripts/install/mongodb_for_ubuntu.sh       |  103 ++
 scripts/install/redis.sh                    |   79 +
 scripts/install/redis_for_ubuntu.sh         |   81 ++
 scripts/install/release.sh                  |   28 +
 scripts/install/test.sh                     |  250 ++++
 scripts/install/vimrc                       |   97 ++
 scripts/lib/color.sh                        |   38 +
 scripts/lib/golang.sh                       |  193 +++
 scripts/lib/init.sh                         |   28 +
 scripts/lib/logging.sh                      |  161 +++
 scripts/lib/release.sh                      |  596 ++++++++
 scripts/lib/util.sh                         |  683 +++++++++
 scripts/lib/version.sh                      |  137 ++
 scripts/release.sh                          |   26 +
 scripts/templates/project_README.md         |   41 +
 88 files changed, 11142 insertions(+)
 create mode 100755 .chglog/CHANGELOG.tpl.md
 create mode 100755 .chglog/config.yml
 create mode 100644 .github/CONTRIBUTING.md
 create mode 100644 .github/FUNDING.yml
 create mode 100644 .github/OWNERS
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
 create mode 100644 .github/labeler.yml
 create mode 100644 .github/labels.yml
 create mode 100644 .github/sync_labeler.yml
 create mode 100644 .github/sync_labels.yml
 create mode 100644 .github/workflows/auto-assign-issue.yml
 create mode 100644 .github/workflows/auto-invite.yml
 create mode 100644 .github/workflows/cla.yml
 create mode 100644 .github/workflows/codeql-analysis.yml
 create mode 100644 .github/workflows/create-release-branch.yml
 create mode 100644 .github/workflows/cron.yml
 create mode 100644 .github/workflows/depsreview.yaml
 create mode 100644 .github/workflows/gpt-translate.yml
 create mode 100644 .github/workflows/grype.yml
 create mode 100644 .github/workflows/help-comment-issue.yml
 create mode 100644 .github/workflows/issue-robot.yml
 create mode 100644 .github/workflows/labeler.yml
 create mode 100644 .github/workflows/link-pr.yml
 create mode 100644 .github/workflows/main.yaml
 create mode 100644 .github/workflows/main.yml
 create mode 100644 .github/workflows/milestone.yml
 create mode 100644 .github/workflows/opencommit.yml
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/script.yml
 create mode 100644 .github/workflows/setup.yml
 create mode 100644 .github/workflows/spell-check.yml
 create mode 100644 .github/workflows/stale.yml
 create mode 100644 .github/workflows/sync_labels.yml
 create mode 100644 .github/workflows/test.yml
 create mode 100644 .github/workflows/typos-check.yml
 create mode 100644 .github/workflows/typos.yml
 create mode 100644 .golangci.yml
 create mode 100644 .goreleaser.yaml
 create mode 100644 .kodiak.toml
 create mode 100644 CHANGELOG.md
 create mode 100644 CONTRIBUTING.md
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100644 action.yml
 create mode 100644 cmd/OWNERS.md
 create mode 100644 cmd/README.md
 create mode 100644 cmd/cld/main.go
 create mode 100644 docs/CODEOWNERS
 create mode 100644 docs/OWNERS
 create mode 100644 docs/README.md
 create mode 100644 go.sum
 create mode 100644 scripts/LICENSE/LICENSE.md
 create mode 100644 scripts/LICENSE/LICENSE_TEMPLATES
 create mode 100644 scripts/LICENSE/license_templates.txt
 create mode 100644 scripts/OWNERS
 create mode 100644 scripts/README.md
 create mode 100755 scripts/common.sh
 create mode 100755 scripts/ensure_tag.sh
 create mode 100644 scripts/githooks/commit-msg
 create mode 100644 scripts/githooks/pre-commit
 create mode 100644 scripts/githooks/pre-push
 create mode 100755 scripts/install/common.sh
 create mode 100755 scripts/install/environment.sh
 create mode 100755 scripts/install/iam-apiserver.sh
 create mode 100755 scripts/install/iam-authz-server.sh
 create mode 100755 scripts/install/iam-pump.sh
 create mode 100755 scripts/install/iam-watcher.sh
 create mode 100755 scripts/install/iamctl.sh
 create mode 100755 scripts/install/install.sh
 create mode 100755 scripts/install/man.sh
 create mode 100755 scripts/install/mariadb.sh
 create mode 100755 scripts/install/mariadb_for_ubuntu.sh
 create mode 100755 scripts/install/mongodb.sh
 create mode 100755 scripts/install/mongodb_for_ubuntu.sh
 create mode 100755 scripts/install/redis.sh
 create mode 100755 scripts/install/redis_for_ubuntu.sh
 create mode 100755 scripts/install/release.sh
 create mode 100755 scripts/install/test.sh
 create mode 100644 scripts/install/vimrc
 create mode 100755 scripts/lib/color.sh
 create mode 100755 scripts/lib/golang.sh
 create mode 100755 scripts/lib/init.sh
 create mode 100755 scripts/lib/logging.sh
 create mode 100755 scripts/lib/release.sh
 create mode 100755 scripts/lib/util.sh
 create mode 100755 scripts/lib/version.sh
 create mode 100755 scripts/release.sh
 create mode 100644 scripts/templates/project_README.md

diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md
new file mode 100755
index 0000000..5683d03
--- /dev/null
+++ b/.chglog/CHANGELOG.tpl.md
@@ -0,0 +1,56 @@
+{{ if .Versions -}}
+<a name="unreleased"></a>
+## [Unreleased]
+
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+
+{{- if .RevertCommits -}}
+### Reverts
+{{ range .RevertCommits -}}
+- {{ .Revert.Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .MergeCommits -}}
+### Pull Requests
+{{ range .MergeCommits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
\ No newline at end of file
diff --git a/.chglog/config.yml b/.chglog/config.yml
new file mode 100755
index 0000000..6a0bae7
--- /dev/null
+++ b/.chglog/config.yml
@@ -0,0 +1,31 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/kubecub/comment-lang-detector
+options:
+  commits:
+    # filters:
+    #   Type:
+    #     - feat
+    #     - fix
+    #     - perf
+    #     - refactor
+  commit_groups:
+    # title_maps:
+    #   feat: Features
+    #   fix: Bug Fixes
+    #   perf: Performance Improvements
+    #   refactor: Code Refactoring
+  header:
+    pattern: "^(\\w*)\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE
\ No newline at end of file
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
new file mode 100644
index 0000000..95365e3
--- /dev/null
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,2 @@
+
+Read the [contributor guide](../CONTRIBUTING.md) for more details.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 0000000..e43b12e
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1,9 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+github: [cubxxw]
+liberapay: "xiongxinwei/donate"
+paypal: ["paypal.me/cubxxw", paypal.me]
+custom: ["https://www.paypal.me/cubxxw", nsddd.top]
\ No newline at end of file
diff --git a/.github/OWNERS b/.github/OWNERS
new file mode 100644
index 0000000..a9521f7
--- /dev/null
+++ b/.github/OWNERS
@@ -0,0 +1,4 @@
+reviewers:
+  - cubxxw
+approvers:
+  - cubxxw
\ No newline at end of file
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..440053a
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,72 @@
+</br>
+<!--
+🫰 Thanks for sending a pull request!  Here are some tips for you:
+
+1. If this is your first time, please read our contributor guidelines: 
+📇 https://github.com/kubecub/community/blob/main/CONTRIBUTING.md
+
+2. Ensure you have added or ran the appropriate tests for your PR:
+-->
+
+#### 🔍 What type of PR is this?
+<!--
+We need to tag this PR, which you should learn about in the contributor guide.
+
+Add one of the following kinds:
+/kind bug
+/kind cleanup
+/kind documentation
+/kind feature
+
+Optionally add one or more of the following kinds if applicable:
+/kind api-change
+/kind deprecation
+/kind failing-test
+/kind flake
+/kind regression
+-->
+
+
+#### 👀 What this PR does / why we need it:
+<!-- Make sure your pr passes the CI checks and do check the following fields as needed - -->
+- [ ] My pull request adheres to the code style of this project
+- [ ] My code requires changes to the documentation
+- [ ] I have updated the documentation as required
+- [ ] All the tests have passed
+
+<!--Why do we need this PR?-->
+
+
+#### 🅰 Which issue(s) this PR fixes:
+<!--
+*Automatically closes linked issue when PR is merged.
+Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
+If there are multiple PRS, use Fixes: #{ID_1}, #{ID_2}
+If there is a relevant PR, use Link #{ID}
+-->
+
+Fixes #
+
+
+#### 📝 Special notes for your reviewer:
+
+
+
+
+#### 🎯 Describe how to verify it
+
+
+
+#### 📑 Additional documentation e.g., RFC, notion, Google docs, usage docs, etc.:
+<!--
+This section can be blank if this pull request does not require a release note.
+
+When adding links which point to resources within git repositories, like
+KEPs or supporting documentation, please reference a specific commit and avoid
+linking directly to the master branch. This ensures that links reference a
+specific point in time, rather than a document that may change over time.
+
+In the sharers Guide, we recommend the following documents:
+1. Using GitHub RFCs template: https://github.com/kubecub/community/blob/main/0000-template.md
+2. Use Google Docs OR Notion and share it with the community.
+-->
\ No newline at end of file
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 0000000..b58be65
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,31 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+command:
+- any: ['cmd/**/*', 'docs/commandline/**/*']
+
+area/doc:
+- any: ['docs/**/*']
+
+faq:
+- 'FAQ.md'
+
+test:
+- any: ['**/*_test.go']
+
+e2e-test:
+- any: ['test/**/*']
+
+plugin:
+- any: ['pkg/plugin/**/*']
+
+Clusterfile:
+- any: ['types/**/*']
+
+Adopter-Info:
+- 'Adopters.md'
+
+ImageBuilding:
+- any: ['build/**/*']
diff --git a/.github/labels.yml b/.github/labels.yml
new file mode 100644
index 0000000..5ee20eb
--- /dev/null
+++ b/.github/labels.yml
@@ -0,0 +1,32 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+XS:
+  name: size/XS
+  lines: 0
+  color: 3CBF00
+S:
+  name: size/S
+  lines: 10
+  color: 5D9801
+M:
+  name: size/M
+  lines: 30
+  color: 7F7203
+L:
+  name: size/L
+  lines: 100
+  color: A14C05
+XL:
+  name: size/XL
+  lines: 500
+  color: C32607
+XXL:
+  name: size/XXL
+  lines: 1000
+  color: E50009
+  comment: |
+    # Whoa! Easy there, Partner!🤖 
+    This `PR` is too big. Please break it up into smaller `PRs`🥰.
\ No newline at end of file
diff --git a/.github/sync_labeler.yml b/.github/sync_labeler.yml
new file mode 100644
index 0000000..3e0d4c2
--- /dev/null
+++ b/.github/sync_labeler.yml
@@ -0,0 +1,1440 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+- color: f9d0c4
+  default: false
+  description: ¯\\\_(ツ)_/¯
+  id: 682916056
+  name: ¯\_(ツ)_/¯
+  node_id: MDU6TGFiZWw2ODI5MTYwNTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/%C2%AF%5C_(%E3%83%84)_/%C2%AF
+- color: e11d21
+  default: false
+  description: Categorizes an issue or PR as actively needing an API review.
+  id: 1242861616
+  name: api-review
+  node_id: MDU6TGFiZWwxMjQyODYxNjE2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/api-review
+- color: 0ffa16
+  default: false
+  description: Indicates a PR has been approved by an approver from all required OWNERS
+    files.
+  id: 414883982
+  name: approved
+  node_id: MDU6TGFiZWw0MTQ4ODM5ODI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/approved
+- color: 0052cc
+  default: false
+  description: Indicates an issue on admin area.
+  id: 286411323
+  name: area/admin
+  node_id: MDU6TGFiZWwyODY0MTEzMjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/admin
+- color: 0052cc
+  default: false
+  description: ""
+  id: 486445796
+  name: area/admission-control
+  node_id: MDU6TGFiZWw0ODY0NDU3OTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/admission-control
+- color: 0052cc
+  default: false
+  description: Indicates an issue on api area.
+  id: 125063986
+  name: area/api
+  node_id: MDU6TGFiZWwxMjUwNjM5ODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/api
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136601536
+  name: area/apiserver
+  node_id: MDU6TGFiZWwxMzY2MDE1MzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/apiserver
+- color: 0052cc
+  default: false
+  description: ""
+  id: 126701924
+  name: area/app-lifecycle
+  node_id: MDU6TGFiZWwxMjY3MDE5MjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/app-lifecycle
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to the hosting of release artifacts for subprojects
+  id: 2554671205
+  name: area/artifacts
+  node_id: MDU6TGFiZWwyNTU0NjcxMjA1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/artifacts
+- color: 0052cc
+  default: false
+  description: ""
+  id: 680704582
+  name: area/audit
+  node_id: MDU6TGFiZWw2ODA3MDQ1ODI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/audit
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136892195
+  name: area/batch
+  node_id: MDU6TGFiZWwxMzY4OTIxOTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/batch
+- color: 0052cc
+  default: false
+  description: ""
+  id: 125299793
+  name: area/build-release
+  node_id: MDU6TGFiZWwxMjUyOTk3OTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/build-release
+- color: 0052cc
+  default: false
+  description: ""
+  id: 148734898
+  name: area/cadvisor
+  node_id: MDU6TGFiZWwxNDg3MzQ4OTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/cadvisor
+- color: 0052cc
+  default: false
+  description: ""
+  id: 127257422
+  name: area/client-libraries
+  node_id: MDU6TGFiZWwxMjcyNTc0MjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/client-libraries
+- color: 0052cc
+  default: false
+  description: ""
+  id: 154660912
+  name: area/cloudprovider
+  node_id: MDU6TGFiZWwxNTQ2NjA5MTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/cloudprovider
+- color: 0052cc
+  default: false
+  description: ""
+  id: 732478758
+  name: area/code-generation
+  node_id: MDU6TGFiZWw3MzI0Nzg3NTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/code-generation
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to kubernetes code organization
+  id: 1315281643
+  name: area/code-organization
+  node_id: MDU6TGFiZWwxMzE1MjgxNjQz
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/code-organization
+- color: 0052cc
+  default: false
+  description: Issues or PRs that should potentially be discussed in a Kubernetes
+    community meeting.
+  id: 4582490420
+  name: area/community-meeting
+  node_id: LA_kwDOAToIks8AAAABESNBNA
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/community-meeting
+- color: 0052cc
+  default: false
+  description: ""
+  id: 433825251
+  name: area/configmap-api
+  node_id: MDU6TGFiZWw0MzM4MjUyNTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/configmap-api
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to kubernetes conformance tests
+  id: 717986501
+  name: area/conformance
+  node_id: MDU6TGFiZWw3MTc5ODY1MDE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/conformance
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136601472
+  name: area/controller-manager
+  node_id: MDU6TGFiZWwxMzY2MDE0NzI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/controller-manager
+- color: 0052cc
+  default: false
+  description: ""
+  id: 556590057
+  name: area/custom-resources
+  node_id: MDU6TGFiZWw1NTY1OTAwNTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/custom-resources
+- color: 0052cc
+  default: false
+  description: ""
+  id: 496768026
+  name: area/declarative-configuration
+  node_id: MDU6TGFiZWw0OTY3NjgwMjY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/declarative-configuration
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to deflaking kubernetes tests
+  id: 1180678886
+  name: area/deflake
+  node_id: MDU6TGFiZWwxMTgwNjc4ODg2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/deflake
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to dependency changes
+  id: 1305786977
+  name: area/dependency
+  node_id: MDU6TGFiZWwxMzA1Nzg2OTc3
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/dependency
+- color: 0052cc
+  default: false
+  description: ""
+  id: 390273825
+  name: area/dns
+  node_id: MDU6TGFiZWwzOTAyNzM4MjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/dns
+- color: 0052cc
+  default: false
+  description: ""
+  id: 116712229
+  name: area/docker
+  node_id: MDU6TGFiZWwxMTY3MTIyMjk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/docker
+- color: 0052cc
+  default: false
+  description: ""
+  id: 130978978
+  name: area/downward-api
+  node_id: MDU6TGFiZWwxMzA5Nzg5Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/downward-api
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to refactoring the kubernetes e2e test framework
+  id: 1285569325
+  name: area/e2e-test-framework
+  node_id: MDU6TGFiZWwxMjg1NTY5MzI1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/e2e-test-framework
+- color: 0052cc
+  default: false
+  description: ""
+  id: 335282747
+  name: area/ecosystem
+  node_id: MDU6TGFiZWwzMzUyODI3NDc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ecosystem
+- color: 0052cc
+  default: false
+  description: ""
+  id: 127257343
+  name: area/etcd
+  node_id: MDU6TGFiZWwxMjcyNTczNDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/etcd
+- color: 0052cc
+  default: false
+  description: ""
+  id: 134675059
+  name: area/example
+  node_id: MDU6TGFiZWwxMzQ2NzUwNTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/example
+- color: 0052cc
+  default: false
+  description: ""
+  id: 358362557
+  name: area/example/cassandra
+  node_id: MDU6TGFiZWwzNTgzNjI1NTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/example/cassandra
+- color: 0052cc
+  default: false
+  description: ""
+  id: 138151954
+  name: area/extensibility
+  node_id: MDU6TGFiZWwxMzgxNTE5NTQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/extensibility
+- color: 0052cc
+  default: false
+  description: ""
+  id: 715868252
+  name: area/federation
+  node_id: MDU6TGFiZWw3MTU4NjgyNTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/federation
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136908839
+  name: area/HA
+  node_id: MDU6TGFiZWwxMzY5MDg4Mzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/HA
+- color: 0052cc
+  default: false
+  description: ""
+  id: 644163893
+  name: area/hw-accelerators
+  node_id: MDU6TGFiZWw2NDQxNjM4OTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/hw-accelerators
+- color: 0052cc
+  default: false
+  description: ""
+  id: 135360517
+  name: area/images-registry
+  node_id: MDU6TGFiZWwxMzUzNjA1MTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/images-registry
+- color: 0052cc
+  default: false
+  description: ""
+  id: 500254090
+  name: area/ingress
+  node_id: MDU6TGFiZWw1MDAyNTQwOTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ingress
+- color: 0052cc
+  default: false
+  description: ""
+  id: 125010631
+  name: area/introspection
+  node_id: MDU6TGFiZWwxMjUwMTA2MzE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/introspection
+- color: 0052cc
+  default: false
+  description: ""
+  id: 608460743
+  name: area/ipv6
+  node_id: MDU6TGFiZWw2MDg0NjA3NDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ipv6
+- color: 0052cc
+  default: false
+  description: ""
+  id: 755527763
+  name: area/ipvs
+  node_id: MDU6TGFiZWw3NTU1Mjc3NjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ipvs
+- color: 0052cc
+  default: false
+  description: ""
+  id: 125550324
+  name: area/isolation
+  node_id: MDU6TGFiZWwxMjU1NTAzMjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/isolation
+- color: 0052cc
+  default: false
+  description: ""
+  id: 128716589
+  name: area/kube-proxy
+  node_id: MDU6TGFiZWwxMjg3MTY1ODk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kube-proxy
+- color: 0052cc
+  default: false
+  description: ""
+  id: 451459590
+  name: area/kubeadm
+  node_id: MDU6TGFiZWw0NTE0NTk1OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubeadm
+- color: 0052cc
+  default: false
+  description: ""
+  id: 138247961
+  name: area/kubectl
+  node_id: MDU6TGFiZWwxMzgyNDc5NjE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubectl
+- color: 0052cc
+  default: false
+  description: ""
+  id: 116719829
+  name: area/kubelet
+  node_id: MDU6TGFiZWwxMTY3MTk4Mjk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubelet
+- color: 0052cc
+  default: false
+  description: ""
+  id: 134645591
+  name: area/kubelet-api
+  node_id: MDU6TGFiZWwxMzQ2NDU1OTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubelet-api
+- color: 0052cc
+  default: false
+  description: ""
+  id: 148734819
+  name: area/logging
+  node_id: MDU6TGFiZWwxNDg3MzQ4MTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/logging
+- color: 0052cc
+  default: false
+  description: ""
+  id: 148734755
+  name: area/monitoring
+  node_id: MDU6TGFiZWwxNDg3MzQ3NTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/monitoring
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to Network Policy subproject
+  id: 2873200929
+  name: area/network-policy
+  node_id: MDU6TGFiZWwyODczMjAwOTI5
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/network-policy
+- color: 0052cc
+  default: false
+  description: ""
+  id: 381925990
+  name: area/node-e2e
+  node_id: MDU6TGFiZWwzODE5MjU5OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/node-e2e
+- color: 0052cc
+  default: false
+  description: ""
+  id: 567844235
+  name: area/node-lifecycle
+  node_id: MDU6TGFiZWw1Njc4NDQyMzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/node-lifecycle
+- color: 0052cc
+  default: false
+  description: ""
+  id: 140091046
+  name: area/nodecontroller
+  node_id: MDU6TGFiZWwxNDAwOTEwNDY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/nodecontroller
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646924
+  name: area/os/coreos
+  node_id: MDU6TGFiZWwxMzQ2NDY5MjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/os/coreos
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646888
+  name: area/os/fedora
+  node_id: MDU6TGFiZWwxMzQ2NDY4ODg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/os/fedora
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 130317730
+  name: area/os/ubuntu
+  node_id: MDU6TGFiZWwxMzAzMTc3MzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/os/ubuntu
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646230
+  name: area/platform/gce
+  node_id: MDU6TGFiZWwxMzQ2NDYyMzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/platform/gce
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 189591106
+  name: area/platform/mesos
+  node_id: MDU6TGFiZWwxODk1OTExMDY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/platform/mesos
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646415
+  name: area/platform/vagrant
+  node_id: MDU6TGFiZWwxMzQ2NDY0MTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/platform/vagrant
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to aws provider
+  id: 852130657
+  name: area/provider/aws
+  node_id: MDU6TGFiZWw4NTIxMzA2NTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/aws
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to azure provider
+  id: 852130786
+  name: area/provider/azure
+  node_id: MDU6TGFiZWw4NTIxMzA3ODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/azure
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to digitalocean provider
+  id: 1946559194
+  name: area/provider/digitalocean
+  node_id: MDU6TGFiZWwxOTQ2NTU5MTk0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/digitalocean
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to gcp provider
+  id: 158907408
+  name: area/provider/gcp
+  node_id: MDU6TGFiZWwxNTg5MDc0MDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/gcp
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to ibmcloud provider
+  id: 884249241
+  name: area/provider/ibmcloud
+  node_id: MDU6TGFiZWw4ODQyNDkyNDE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/ibmcloud
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to openstack provider
+  id: 239914558
+  name: area/provider/openstack
+  node_id: MDU6TGFiZWwyMzk5MTQ1NTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/openstack
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to vmware provider
+  id: 874113778
+  name: area/provider/vmware
+  node_id: MDU6TGFiZWw4NzQxMTM3Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/vmware
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to the Release Engineering subproject
+  id: 268190668
+  name: area/release-eng
+  node_id: MDU6TGFiZWwyNjgxOTA2Njg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/release-eng
+- color: 0052cc
+  default: false
+  description: ""
+  id: 159151142
+  name: area/reliability
+  node_id: MDU6TGFiZWwxNTkxNTExNDI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/reliability
+- color: 0052cc
+  default: false
+  description: ""
+  id: 203010486
+  name: area/rkt
+  node_id: MDU6TGFiZWwyMDMwMTA0ODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/rkt
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483309897
+  name: area/secret-api
+  node_id: MDU6TGFiZWw0ODMzMDk4OTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/secret-api
+- color: d93f0b
+  default: false
+  description: ""
+  id: 116712923
+  name: area/security
+  node_id: MDU6TGFiZWwxMTY3MTI5MjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/security
+- color: 0052cc
+  default: false
+  description: Issues or PRs involving stable metrics
+  id: 3967150925
+  name: area/stable-metrics
+  node_id: LA_kwDOAToIks7sdetN
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/stable-metrics
+- color: 0052cc
+  default: false
+  description: ""
+  id: 353400216
+  name: area/stateful-apps
+  node_id: MDU6TGFiZWwzNTM0MDAyMTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/stateful-apps
+- color: 0052cc
+  default: false
+  description: ""
+  id: 254871849
+  name: area/swagger
+  node_id: MDU6TGFiZWwyNTQ4NzE4NDk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/swagger
+- color: 0052cc
+  default: false
+  description: ""
+  id: 269078649
+  name: area/system-requirement
+  node_id: MDU6TGFiZWwyNjkwNzg2NDk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/system-requirement
+- color: 0052cc
+  default: false
+  description: ""
+  id: 463533491
+  name: area/teardown
+  node_id: MDU6TGFiZWw0NjM1MzM0OTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/teardown
+- color: 0052cc
+  default: false
+  description: ""
+  id: 105152717
+  name: area/test
+  node_id: MDU6TGFiZWwxMDUxNTI3MTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/test
+- color: 0052cc
+  default: false
+  description: ""
+  id: 178071252
+  name: area/test-infra
+  node_id: MDU6TGFiZWwxNzgwNzEyNTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/test-infra
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136601677
+  name: area/ui
+  node_id: MDU6TGFiZWwxMzY2MDE2Nzc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ui
+- color: 0052cc
+  default: false
+  description: ""
+  id: 192801498
+  name: area/upgrade
+  node_id: MDU6TGFiZWwxOTI4MDE0OTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/upgrade
+- color: 0052cc
+  default: false
+  description: ""
+  id: 134645162
+  name: area/usability
+  node_id: MDU6TGFiZWwxMzQ2NDUxNjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/usability
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483268583
+  name: area/workload-api/cronjob
+  node_id: MDU6TGFiZWw0ODMyNjg1ODM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/cronjob
+- color: 0052cc
+  default: false
+  description: ""
+  id: 410265116
+  name: area/workload-api/daemonset
+  node_id: MDU6TGFiZWw0MTAyNjUxMTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/daemonset
+- color: 0052cc
+  default: false
+  description: ""
+  id: 382474515
+  name: area/workload-api/deployment
+  node_id: MDU6TGFiZWwzODI0NzQ1MTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/deployment
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483268648
+  name: area/workload-api/job
+  node_id: MDU6TGFiZWw0ODMyNjg2NDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/job
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483066283
+  name: area/workload-api/replicaset
+  node_id: MDU6TGFiZWw0ODMwNjYyODM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/replicaset
+- color: fef2c0
+  default: false
+  description: Indicates a cherry-pick PR into a release branch has been approved
+    by the release branch manager.
+  id: 339502903
+  name: cherry-pick-approved
+  node_id: MDU6TGFiZWwzMzk1MDI5MDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/cherry-pick-approved
+- color: e11d21
+  default: false
+  description: Indicates the PR's author has not signed the CNCF CLA.
+  id: 477397085
+  name: 'cncf-cla: no'
+  node_id: MDU6TGFiZWw0NzczOTcwODU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/cncf-cla:%20no
+- color: bfe5bf
+  default: false
+  description: Indicates the PR's author has signed the CNCF CLA.
+  id: 477397086
+  name: 'cncf-cla: yes'
+  node_id: MDU6TGFiZWw0NzczOTcwODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/cncf-cla:%20yes
+- color: c0ff4a
+  default: false
+  description: Denotes an issue or PR intended to be handled by the code of conduct
+    committee.
+  id: 815657036
+  name: committee/code-of-conduct
+  node_id: MDU6TGFiZWw4MTU2NTcwMzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/committee/code-of-conduct
+- color: c0ff4a
+  default: false
+  description: Denotes an issue or PR intended to be handled by the product security
+    committee.
+  id: 1199275492
+  name: committee/security-response
+  node_id: MDU6TGFiZWwxMTk5Mjc1NDky
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/committee/security-response
+- color: c0ff4a
+  default: false
+  description: Denotes an issue or PR intended to be handled by the steering committee.
+  id: 815656936
+  name: committee/steering
+  node_id: MDU6TGFiZWw4MTU2NTY5MzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/committee/steering
+- color: 0366d6
+  default: false
+  description: Pull requests that update a dependency file
+  id: 2207995975
+  name: dependencies
+  node_id: MDU6TGFiZWwyMjA3OTk1OTc1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/dependencies
+- color: e11d21
+  default: false
+  description: DEPRECATED. Indicates that a PR should not merge. Label can only be
+    manually applied/removed.
+  id: 335674843
+  name: do-not-merge
+  node_id: MDU6TGFiZWwzMzU2NzQ4NDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it touches files in blocked
+    paths.
+  id: 689109191
+  name: do-not-merge/blocked-paths
+  node_id: MDU6TGFiZWw2ODkxMDkxOTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/blocked-paths
+- color: e11d21
+  default: false
+  description: Indicates that a PR is not yet approved to merge into a release branch.
+  id: 680154135
+  name: do-not-merge/cherry-pick-not-approved
+  node_id: MDU6TGFiZWw2ODAxNTQxMzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/cherry-pick-not-approved
+- color: e11d21
+  default: false
+  description: Indicates a PR which contains merge commits.
+  id: 1391972461
+  name: do-not-merge/contains-merge-commits
+  node_id: MDU6TGFiZWwxMzkxOTcyNDYx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/contains-merge-commits
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because someone has issued a /hold
+    command.
+  id: 687565804
+  name: do-not-merge/hold
+  node_id: MDU6TGFiZWw2ODc1NjU4MDQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/hold
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it has an invalid commit
+    message.
+  id: 1322574295
+  name: do-not-merge/invalid-commit-message
+  node_id: MDU6TGFiZWwxMzIyNTc0Mjk1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/invalid-commit-message
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it has an invalid OWNERS
+    file in it.
+  id: 969564572
+  name: do-not-merge/invalid-owners-file
+  node_id: MDU6TGFiZWw5Njk1NjQ1NzI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/invalid-owners-file
+- color: e11d21
+  default: false
+  description: Indicates a PR lacks a `kind/foo` label and requires one.
+  id: 2480789134
+  name: do-not-merge/needs-kind
+  node_id: MDU6TGFiZWwyNDgwNzg5MTM0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/needs-kind
+- color: e11d21
+  default: false
+  description: Indicates an issue or PR lacks a `sig/foo` label and requires one.
+  id: 2480789133
+  name: do-not-merge/needs-sig
+  node_id: MDU6TGFiZWwyNDgwNzg5MTMz
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/needs-sig
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it's missing one of the
+    release note labels.
+  id: 680152113
+  name: do-not-merge/release-note-label-needed
+  node_id: MDU6TGFiZWw2ODAxNTIxMTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/release-note-label-needed
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it is a work in progress.
+  id: 687500047
+  name: do-not-merge/work-in-progress
+  node_id: MDU6TGFiZWw2ODc1MDAwNDc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/work-in-progress
+- color: 7057ff
+  default: true
+  description: Denotes an issue ready for a new contributor, according to the "help
+    wanted" guidelines.
+  id: 954672878
+  name: good first issue
+  node_id: MDU6TGFiZWw5NTQ2NzI4Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/good%20first%20issue
+- color: 006b75
+  default: true
+  description: Denotes an issue that needs help from a contributor. Must meet "help
+    wanted" guidelines.
+  id: 433686790
+  name: help wanted
+  node_id: MDU6TGFiZWw0MzM2ODY3OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/help%20wanted
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to adding, removing, or otherwise
+    changing an API
+  id: 261005360
+  name: kind/api-change
+  node_id: MDU6TGFiZWwyNjEwMDUzNjA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/api-change
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a bug.
+  id: 105146071
+  name: kind/bug
+  node_id: MDU6TGFiZWwxMDUxNDYwNzE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/bug
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to cleaning up code, process, or
+    technical debt.
+  id: 122775691
+  name: kind/cleanup
+  node_id: MDU6TGFiZWwxMjI3NzU2OTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/cleanup
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a feature/enhancement marked
+    for deprecation.
+  id: 1740258266
+  name: kind/deprecation
+  node_id: MDU6TGFiZWwxNzQwMjU4MjY2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/deprecation
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to design.
+  id: 114509261
+  name: kind/design
+  node_id: MDU6TGFiZWwxMTQ1MDkyNjE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/design
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to documentation.
+  id: 116801185
+  name: kind/documentation
+  node_id: MDU6TGFiZWwxMTY4MDExODU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/documentation
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a consistently or frequently
+    failing test.
+  id: 496752468
+  name: kind/failing-test
+  node_id: MDU6TGFiZWw0OTY3NTI0Njg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/failing-test
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to a new feature.
+  id: 267761362
+  name: kind/feature
+  node_id: MDU6TGFiZWwyNjc3NjEzNjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/feature
+- color: f7c6c7
+  default: false
+  description: Categorizes issue or PR as related to a flaky test.
+  id: 264749912
+  name: kind/flake
+  node_id: MDU6TGFiZWwyNjQ3NDk5MTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/flake
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a regression from a prior release.
+  id: 1967276560
+  name: kind/regression
+  node_id: MDU6TGFiZWwxOTY3Mjc2NTYw
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/regression
+- color: d455d0
+  default: false
+  description: Categorizes issue or PR as a support question.
+  id: 130318610
+  name: kind/support
+  node_id: MDU6TGFiZWwxMzAzMTg2MTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/support
+- color: 15dd18
+  default: false
+  description: Indicates that a PR is ready to be merged.
+  id: 148225179
+  name: lgtm
+  node_id: MDU6TGFiZWwxNDgyMjUxNzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lgtm
+- color: 8fc951
+  default: false
+  description: Indicates that an issue or PR is actively being worked on by a contributor.
+  id: 1007207688
+  name: lifecycle/active
+  node_id: MDU6TGFiZWwxMDA3MjA3Njg4
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/active
+- color: d3e2f0
+  default: false
+  description: Indicates that an issue or PR should not be auto-closed due to staleness.
+  id: 778118403
+  name: lifecycle/frozen
+  node_id: MDU6TGFiZWw3NzgxMTg0MDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/frozen
+- color: "604460"
+  default: false
+  description: Denotes an issue or PR that has aged beyond stale and will be auto-closed.
+  id: 778118402
+  name: lifecycle/rotten
+  node_id: MDU6TGFiZWw3NzgxMTg0MDI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/rotten
+- color: "795548"
+  default: false
+  description: Denotes an issue or PR has remained open with no activity and has become
+    stale.
+  id: 778118404
+  name: lifecycle/stale
+  node_id: MDU6TGFiZWw3NzgxMTg0MDQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/stale
+- color: ededed
+  default: false
+  description: ""
+  id: 711852570
+  name: milestone/incomplete-labels
+  node_id: MDU6TGFiZWw3MTE4NTI1NzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/incomplete-labels
+- color: ededed
+  default: false
+  description: ""
+  id: 711852621
+  name: milestone/needs-approval
+  node_id: MDU6TGFiZWw3MTE4NTI2MjE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/needs-approval
+- color: ededed
+  default: false
+  description: ""
+  id: 680168330
+  name: milestone/needs-attention
+  node_id: MDU6TGFiZWw2ODAxNjgzMzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/needs-attention
+- color: ededed
+  default: false
+  description: ""
+  id: 687345274
+  name: milestone/removed
+  node_id: MDU6TGFiZWw2ODczNDUyNzQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/removed
+- color: ededed
+  default: false
+  description: Indicates a PR lacks a `kind/foo` label and requires one.
+  id: 1047217136
+  name: needs-kind
+  node_id: MDU6TGFiZWwxMDQ3MjE3MTM2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-kind
+- color: b60205
+  default: false
+  description: Indicates a PR that requires an org member to verify it is safe to
+    test.
+  id: 573014062
+  name: needs-ok-to-test
+  node_id: MDU6TGFiZWw1NzMwMTQwNjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-ok-to-test
+- color: ededed
+  default: false
+  description: Indicates a PR lacks a `priority/foo` label and requires one.
+  id: 1111992057
+  name: needs-priority
+  node_id: MDU6TGFiZWwxMTExOTkyMDU3
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-priority
+- color: e11d21
+  default: false
+  description: Indicates a PR cannot be merged because it has merge conflicts with
+    HEAD.
+  id: 240247879
+  name: needs-rebase
+  node_id: MDU6TGFiZWwyNDAyNDc4Nzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-rebase
+- color: ededed
+  default: false
+  description: Indicates an issue or PR lacks a `sig/foo` label and requires one.
+  id: 617149945
+  name: needs-sig
+  node_id: MDU6TGFiZWw2MTcxNDk5NDU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-sig
+- color: ededed
+  default: false
+  description: Indicates an issue or PR lacks a `triage/foo` label and requires one.
+  id: 2389815605
+  name: needs-triage
+  node_id: MDU6TGFiZWwyMzg5ODE1NjA1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-triage
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to CVEs officially announced by Security Response
+    Committee (SRC)
+  id: 3603068678
+  name: official-cve-feed
+  node_id: LA_kwDOAToIks7WwncG
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/official-cve-feed
+- color: 15dd18
+  default: false
+  description: Indicates a non-member PR verified by an org member that is safe to
+    test.
+  id: 1086787260
+  name: ok-to-test
+  node_id: MDU6TGFiZWwxMDg2Nzg3MjYw
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/ok-to-test
+- color: fef2c0
+  default: false
+  description: Lowest priority. Possibly useful, but not yet enough support to actually
+    get it done.
+  id: 149621825
+  name: priority/awaiting-more-evidence
+  node_id: MDU6TGFiZWwxNDk2MjE4MjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/awaiting-more-evidence
+- color: fbca04
+  default: false
+  description: Higher priority than priority/awaiting-more-evidence.
+  id: 114528273
+  name: priority/backlog
+  node_id: MDU6TGFiZWwxMTQ1MjgyNzM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/backlog
+- color: e11d21
+  default: false
+  description: Highest priority. Must be actively worked on as someone's top priority
+    right now.
+  id: 114528068
+  name: priority/critical-urgent
+  node_id: MDU6TGFiZWwxMTQ1MjgwNjg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/critical-urgent
+- color: eb6420
+  default: false
+  description: Important over the long term, but may not be staffed and/or may need
+    multiple releases to complete.
+  id: 496752236
+  name: priority/important-longterm
+  node_id: MDU6TGFiZWw0OTY3NTIyMzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/important-longterm
+- color: eb6420
+  default: false
+  description: Must be staffed and worked on either currently, or very soon, ideally
+    in time for the next release.
+  id: 114528223
+  name: priority/important-soon
+  node_id: MDU6TGFiZWwxMTQ1MjgyMjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/important-soon
+- color: d93f0b
+  default: false
+  description: ""
+  id: 435667038
+  name: release-blocker
+  node_id: MDU6TGFiZWw0MzU2NjcwMzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-blocker
+- color: c2e0c6
+  default: false
+  description: Denotes a PR that will be considered when it comes time to generate
+    release notes.
+  id: 200149833
+  name: release-note
+  node_id: MDU6TGFiZWwyMDAxNDk4MzM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-note
+- color: c2e0c6
+  default: false
+  description: Denotes a PR that introduces potentially breaking changes that require
+    user action.
+  id: 354968448
+  name: release-note-action-required
+  node_id: MDU6TGFiZWwzNTQ5Njg0NDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-note-action-required
+- color: c2e0c6
+  default: false
+  description: Denotes a PR that doesn't merit a release note.
+  id: 349530249
+  name: release-note-none
+  node_id: MDU6TGFiZWwzNDk1MzAyNDk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-note-none
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG API Machinery.
+  id: 173493835
+  name: sig/api-machinery
+  node_id: MDU6TGFiZWwxNzM0OTM4MzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/api-machinery
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Apps.
+  id: 404091735
+  name: sig/apps
+  node_id: MDU6TGFiZWw0MDQwOTE3MzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/apps
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Architecture.
+  id: 636152047
+  name: sig/architecture
+  node_id: MDU6TGFiZWw2MzYxNTIwNDc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/architecture
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Auth.
+  id: 357119284
+  name: sig/auth
+  node_id: MDU6TGFiZWwzNTcxMTkyODQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/auth
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Autoscaling.
+  id: 238245616
+  name: sig/autoscaling
+  node_id: MDU6TGFiZWwyMzgyNDU2MTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/autoscaling
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG CLI.
+  id: 450823910
+  name: sig/cli
+  node_id: MDU6TGFiZWw0NTA4MjM5MTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/cli
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Cloud Provider.
+  id: 958178286
+  name: sig/cloud-provider
+  node_id: MDU6TGFiZWw5NTgxNzgyODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/cloud-provider
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Cluster Lifecycle.
+  id: 173494222
+  name: sig/cluster-lifecycle
+  node_id: MDU6TGFiZWwxNzM0OTQyMjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/cluster-lifecycle
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Contributor Experience.
+  id: 261778410
+  name: sig/contributor-experience
+  node_id: MDU6TGFiZWwyNjE3Nzg0MTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/contributor-experience
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Docs.
+  id: 496761699
+  name: sig/docs
+  node_id: MDU6TGFiZWw0OTY3NjE2OTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/docs
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Instrumentation.
+  id: 482207917
+  name: sig/instrumentation
+  node_id: MDU6TGFiZWw0ODIyMDc5MTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/instrumentation
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG K8s Infra.
+  id: 3373472731
+  name: sig/k8s-infra
+  node_id: LA_kwDOAToIks7JExvb
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/k8s-infra
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Multicluster.
+  id: 711861754
+  name: sig/multicluster
+  node_id: MDU6TGFiZWw3MTE4NjE3NTQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/multicluster
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Network.
+  id: 116712108
+  name: sig/network
+  node_id: MDU6TGFiZWwxMTY3MTIxMDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/network
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Node.
+  id: 173493665
+  name: sig/node
+  node_id: MDU6TGFiZWwxNzM0OTM2NjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/node
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Release.
+  id: 614023989
+  name: sig/release
+  node_id: MDU6TGFiZWw2MTQwMjM5ODk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/release
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Scalability.
+  id: 125010198
+  name: sig/scalability
+  node_id: MDU6TGFiZWwxMjUwMTAxOTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/scalability
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Scheduling.
+  id: 125550211
+  name: sig/scheduling
+  node_id: MDU6TGFiZWwxMjU1NTAyMTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/scheduling
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Security.
+  id: 2315011126
+  name: sig/security
+  node_id: MDU6TGFiZWwyMzE1MDExMTI2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/security
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Service Catalog.
+  id: 433740132
+  name: sig/service-catalog
+  node_id: MDU6TGFiZWw0MzM3NDAxMzI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/service-catalog
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Storage.
+  id: 169428334
+  name: sig/storage
+  node_id: MDU6TGFiZWwxNjk0MjgzMzQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/storage
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Testing.
+  id: 483069764
+  name: sig/testing
+  node_id: MDU6TGFiZWw0ODMwNjk3NjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/testing
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG UI.
+  id: 618574759
+  name: sig/ui
+  node_id: MDU6TGFiZWw2MTg1NzQ3NTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/ui
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Usability.
+  id: 1476695221
+  name: sig/usability
+  node_id: MDU6TGFiZWwxNDc2Njk1MjIx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/usability
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Windows.
+  id: 422106010
+  name: sig/windows
+  node_id: MDU6TGFiZWw0MjIxMDYwMTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/windows
+- color: ee9900
+  default: false
+  description: Denotes a PR that changes 100-499 lines, ignoring generated files.
+  id: 253450978
+  name: size/L
+  node_id: MDU6TGFiZWwyNTM0NTA5Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/L
+- color: eebb00
+  default: false
+  description: Denotes a PR that changes 30-99 lines, ignoring generated files.
+  id: 253450934
+  name: size/M
+  node_id: MDU6TGFiZWwyNTM0NTA5MzQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/M
+- color: 77bb00
+  default: false
+  description: Denotes a PR that changes 10-29 lines, ignoring generated files.
+  id: 253450895
+  name: size/S
+  node_id: MDU6TGFiZWwyNTM0NTA4OTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/S
+- color: ee5500
+  default: false
+  description: Denotes a PR that changes 500-999 lines, ignoring generated files.
+  id: 253451057
+  name: size/XL
+  node_id: MDU6TGFiZWwyNTM0NTEwNTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/XL
+- color: "009900"
+  default: false
+  description: Denotes a PR that changes 0-9 lines, ignoring generated files.
+  id: 253450793
+  name: size/XS
+  node_id: MDU6TGFiZWwyNTM0NTA3OTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/XS
+- color: ee0000
+  default: false
+  description: Denotes a PR that changes 1000+ lines, ignoring generated files.
+  id: 253451093
+  name: size/XXL
+  node_id: MDU6TGFiZWwyNTM0NTEwOTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/XXL
+- color: ededed
+  default: false
+  description: ""
+  id: 1150509281
+  name: status/approved-for-milestone
+  node_id: MDU6TGFiZWwxMTUwNTA5Mjgx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/status/approved-for-milestone
+- color: e11d21
+  default: false
+  description: Denotes an issue that blocks the tide merge queue for a branch while
+    it is open.
+  id: 1313645094
+  name: tide/merge-blocker
+  node_id: MDU6TGFiZWwxMzEzNjQ1MDk0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-blocker
+- color: ffaa00
+  default: false
+  description: Denotes a PR that should use a standard merge by tide when it merges.
+  id: 1299699582
+  name: tide/merge-method-merge
+  node_id: MDU6TGFiZWwxMjk5Njk5NTgy
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-method-merge
+- color: ffaa00
+  default: false
+  description: Denotes a PR that should be rebased by tide when it merges.
+  id: 1299699756
+  name: tide/merge-method-rebase
+  node_id: MDU6TGFiZWwxMjk5Njk5NzU2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-method-rebase
+- color: ffaa00
+  default: false
+  description: Denotes a PR that should be squashed by tide when it merges.
+  id: 1049624783
+  name: tide/merge-method-squash
+  node_id: MDU6TGFiZWwxMDQ5NjI0Nzgz
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-method-squash
+- color: 8fc951
+  default: false
+  description: Indicates an issue or PR is ready to be actively worked on.
+  id: 2389856656
+  name: triage/accepted
+  node_id: MDU6TGFiZWwyMzg5ODU2NjU2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/accepted
+- color: d455d0
+  default: false
+  description: Indicates an issue is a duplicate of other open issue.
+  id: 862108568
+  name: triage/duplicate
+  node_id: MDU6TGFiZWw4NjIxMDg1Njg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/duplicate
+- color: d455d0
+  default: false
+  description: Indicates an issue needs more information in order to work on it.
+  id: 862108635
+  name: triage/needs-information
+  node_id: MDU6TGFiZWw4NjIxMDg2MzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/needs-information
+- color: d455d0
+  default: false
+  description: Indicates an issue can not be reproduced as described.
+  id: 862108684
+  name: triage/not-reproducible
+  node_id: MDU6TGFiZWw4NjIxMDg2ODQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/not-reproducible
+- color: d455d0
+  default: false
+  description: Indicates an issue that can not or will not be resolved.
+  id: 862108765
+  name: triage/unresolved
+  node_id: MDU6TGFiZWw4NjIxMDg3NjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/unresolved
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to ug-big-data.
+  id: 528770718
+  name: ug/big-data
+  node_id: MDU6TGFiZWw1Mjg3NzA3MTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/ug/big-data
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to ug-vmware.
+  id: 1596573758
+  name: ug/vmware
+  node_id: MDU6TGFiZWwxNTk2NTczNzU4
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/ug/vmware
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG API Expression.
+  id: 1985744519
+  name: wg/api-expression
+  node_id: MDU6TGFiZWwxOTg1NzQ0NTE5
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/api-expression
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Batch.
+  id: 3984790042
+  name: wg/batch
+  node_id: LA_kwDOAToIks7tgxIa
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/batch
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to wg-cluster-api.
+  id: 971786582
+  name: wg/cluster-api
+  node_id: MDU6TGFiZWw5NzE3ODY1ODI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/cluster-api
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Component Standard.
+  id: 1188415049
+  name: wg/component-standard
+  node_id: MDU6TGFiZWwxMTg4NDE1MDQ5
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/component-standard
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Data Protection.
+  id: 3959367156
+  name: wg/data-protection
+  node_id: LA_kwDOAToIks7r_yX0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/data-protection
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG IOT Edge.
+  id: 971786579
+  name: wg/iot-edge
+  node_id: MDU6TGFiZWw5NzE3ODY1Nzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/iot-edge
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG LTS.
+  id: 1246937041
+  name: wg/lts
+  node_id: MDU6TGFiZWwxMjQ2OTM3MDQx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/lts
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Machine Learning.
+  id: 971786592
+  name: wg/machine-learning
+  node_id: MDU6TGFiZWw5NzE3ODY1OTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/machine-learning
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Multitenancy.
+  id: 971786584
+  name: wg/multitenancy
+  node_id: MDU6TGFiZWw5NzE3ODY1ODQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/multitenancy
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Naming.
+  id: 2175214396
+  name: wg/naming
+  node_id: MDU6TGFiZWwyMTc1MjE0Mzk2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/naming
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Policy.
+  id: 971786590
+  name: wg/policy
+  node_id: MDU6TGFiZWw5NzE3ODY1OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/policy
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Reliability
+  id: 2681759667
+  name: wg/reliability
+  node_id: MDU6TGFiZWwyNjgxNzU5NjY3
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/reliability
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Security Audit.
+  id: 1086787146
+  name: wg/security-audit
+  node_id: MDU6TGFiZWwxMDg2Nzg3MTQ2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/security-audit
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Structured Logging.
+  id: 3025055720
+  name: wg/structured-logging
+  node_id: MDU6TGFiZWwzMDI1MDU1NzIw
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/structured-logging
diff --git a/.github/sync_labels.yml b/.github/sync_labels.yml
new file mode 100644
index 0000000..3e0d4c2
--- /dev/null
+++ b/.github/sync_labels.yml
@@ -0,0 +1,1440 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+- color: f9d0c4
+  default: false
+  description: ¯\\\_(ツ)_/¯
+  id: 682916056
+  name: ¯\_(ツ)_/¯
+  node_id: MDU6TGFiZWw2ODI5MTYwNTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/%C2%AF%5C_(%E3%83%84)_/%C2%AF
+- color: e11d21
+  default: false
+  description: Categorizes an issue or PR as actively needing an API review.
+  id: 1242861616
+  name: api-review
+  node_id: MDU6TGFiZWwxMjQyODYxNjE2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/api-review
+- color: 0ffa16
+  default: false
+  description: Indicates a PR has been approved by an approver from all required OWNERS
+    files.
+  id: 414883982
+  name: approved
+  node_id: MDU6TGFiZWw0MTQ4ODM5ODI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/approved
+- color: 0052cc
+  default: false
+  description: Indicates an issue on admin area.
+  id: 286411323
+  name: area/admin
+  node_id: MDU6TGFiZWwyODY0MTEzMjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/admin
+- color: 0052cc
+  default: false
+  description: ""
+  id: 486445796
+  name: area/admission-control
+  node_id: MDU6TGFiZWw0ODY0NDU3OTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/admission-control
+- color: 0052cc
+  default: false
+  description: Indicates an issue on api area.
+  id: 125063986
+  name: area/api
+  node_id: MDU6TGFiZWwxMjUwNjM5ODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/api
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136601536
+  name: area/apiserver
+  node_id: MDU6TGFiZWwxMzY2MDE1MzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/apiserver
+- color: 0052cc
+  default: false
+  description: ""
+  id: 126701924
+  name: area/app-lifecycle
+  node_id: MDU6TGFiZWwxMjY3MDE5MjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/app-lifecycle
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to the hosting of release artifacts for subprojects
+  id: 2554671205
+  name: area/artifacts
+  node_id: MDU6TGFiZWwyNTU0NjcxMjA1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/artifacts
+- color: 0052cc
+  default: false
+  description: ""
+  id: 680704582
+  name: area/audit
+  node_id: MDU6TGFiZWw2ODA3MDQ1ODI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/audit
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136892195
+  name: area/batch
+  node_id: MDU6TGFiZWwxMzY4OTIxOTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/batch
+- color: 0052cc
+  default: false
+  description: ""
+  id: 125299793
+  name: area/build-release
+  node_id: MDU6TGFiZWwxMjUyOTk3OTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/build-release
+- color: 0052cc
+  default: false
+  description: ""
+  id: 148734898
+  name: area/cadvisor
+  node_id: MDU6TGFiZWwxNDg3MzQ4OTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/cadvisor
+- color: 0052cc
+  default: false
+  description: ""
+  id: 127257422
+  name: area/client-libraries
+  node_id: MDU6TGFiZWwxMjcyNTc0MjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/client-libraries
+- color: 0052cc
+  default: false
+  description: ""
+  id: 154660912
+  name: area/cloudprovider
+  node_id: MDU6TGFiZWwxNTQ2NjA5MTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/cloudprovider
+- color: 0052cc
+  default: false
+  description: ""
+  id: 732478758
+  name: area/code-generation
+  node_id: MDU6TGFiZWw3MzI0Nzg3NTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/code-generation
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to kubernetes code organization
+  id: 1315281643
+  name: area/code-organization
+  node_id: MDU6TGFiZWwxMzE1MjgxNjQz
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/code-organization
+- color: 0052cc
+  default: false
+  description: Issues or PRs that should potentially be discussed in a Kubernetes
+    community meeting.
+  id: 4582490420
+  name: area/community-meeting
+  node_id: LA_kwDOAToIks8AAAABESNBNA
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/community-meeting
+- color: 0052cc
+  default: false
+  description: ""
+  id: 433825251
+  name: area/configmap-api
+  node_id: MDU6TGFiZWw0MzM4MjUyNTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/configmap-api
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to kubernetes conformance tests
+  id: 717986501
+  name: area/conformance
+  node_id: MDU6TGFiZWw3MTc5ODY1MDE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/conformance
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136601472
+  name: area/controller-manager
+  node_id: MDU6TGFiZWwxMzY2MDE0NzI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/controller-manager
+- color: 0052cc
+  default: false
+  description: ""
+  id: 556590057
+  name: area/custom-resources
+  node_id: MDU6TGFiZWw1NTY1OTAwNTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/custom-resources
+- color: 0052cc
+  default: false
+  description: ""
+  id: 496768026
+  name: area/declarative-configuration
+  node_id: MDU6TGFiZWw0OTY3NjgwMjY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/declarative-configuration
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to deflaking kubernetes tests
+  id: 1180678886
+  name: area/deflake
+  node_id: MDU6TGFiZWwxMTgwNjc4ODg2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/deflake
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to dependency changes
+  id: 1305786977
+  name: area/dependency
+  node_id: MDU6TGFiZWwxMzA1Nzg2OTc3
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/dependency
+- color: 0052cc
+  default: false
+  description: ""
+  id: 390273825
+  name: area/dns
+  node_id: MDU6TGFiZWwzOTAyNzM4MjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/dns
+- color: 0052cc
+  default: false
+  description: ""
+  id: 116712229
+  name: area/docker
+  node_id: MDU6TGFiZWwxMTY3MTIyMjk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/docker
+- color: 0052cc
+  default: false
+  description: ""
+  id: 130978978
+  name: area/downward-api
+  node_id: MDU6TGFiZWwxMzA5Nzg5Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/downward-api
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to refactoring the kubernetes e2e test framework
+  id: 1285569325
+  name: area/e2e-test-framework
+  node_id: MDU6TGFiZWwxMjg1NTY5MzI1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/e2e-test-framework
+- color: 0052cc
+  default: false
+  description: ""
+  id: 335282747
+  name: area/ecosystem
+  node_id: MDU6TGFiZWwzMzUyODI3NDc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ecosystem
+- color: 0052cc
+  default: false
+  description: ""
+  id: 127257343
+  name: area/etcd
+  node_id: MDU6TGFiZWwxMjcyNTczNDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/etcd
+- color: 0052cc
+  default: false
+  description: ""
+  id: 134675059
+  name: area/example
+  node_id: MDU6TGFiZWwxMzQ2NzUwNTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/example
+- color: 0052cc
+  default: false
+  description: ""
+  id: 358362557
+  name: area/example/cassandra
+  node_id: MDU6TGFiZWwzNTgzNjI1NTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/example/cassandra
+- color: 0052cc
+  default: false
+  description: ""
+  id: 138151954
+  name: area/extensibility
+  node_id: MDU6TGFiZWwxMzgxNTE5NTQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/extensibility
+- color: 0052cc
+  default: false
+  description: ""
+  id: 715868252
+  name: area/federation
+  node_id: MDU6TGFiZWw3MTU4NjgyNTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/federation
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136908839
+  name: area/HA
+  node_id: MDU6TGFiZWwxMzY5MDg4Mzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/HA
+- color: 0052cc
+  default: false
+  description: ""
+  id: 644163893
+  name: area/hw-accelerators
+  node_id: MDU6TGFiZWw2NDQxNjM4OTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/hw-accelerators
+- color: 0052cc
+  default: false
+  description: ""
+  id: 135360517
+  name: area/images-registry
+  node_id: MDU6TGFiZWwxMzUzNjA1MTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/images-registry
+- color: 0052cc
+  default: false
+  description: ""
+  id: 500254090
+  name: area/ingress
+  node_id: MDU6TGFiZWw1MDAyNTQwOTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ingress
+- color: 0052cc
+  default: false
+  description: ""
+  id: 125010631
+  name: area/introspection
+  node_id: MDU6TGFiZWwxMjUwMTA2MzE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/introspection
+- color: 0052cc
+  default: false
+  description: ""
+  id: 608460743
+  name: area/ipv6
+  node_id: MDU6TGFiZWw2MDg0NjA3NDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ipv6
+- color: 0052cc
+  default: false
+  description: ""
+  id: 755527763
+  name: area/ipvs
+  node_id: MDU6TGFiZWw3NTU1Mjc3NjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ipvs
+- color: 0052cc
+  default: false
+  description: ""
+  id: 125550324
+  name: area/isolation
+  node_id: MDU6TGFiZWwxMjU1NTAzMjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/isolation
+- color: 0052cc
+  default: false
+  description: ""
+  id: 128716589
+  name: area/kube-proxy
+  node_id: MDU6TGFiZWwxMjg3MTY1ODk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kube-proxy
+- color: 0052cc
+  default: false
+  description: ""
+  id: 451459590
+  name: area/kubeadm
+  node_id: MDU6TGFiZWw0NTE0NTk1OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubeadm
+- color: 0052cc
+  default: false
+  description: ""
+  id: 138247961
+  name: area/kubectl
+  node_id: MDU6TGFiZWwxMzgyNDc5NjE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubectl
+- color: 0052cc
+  default: false
+  description: ""
+  id: 116719829
+  name: area/kubelet
+  node_id: MDU6TGFiZWwxMTY3MTk4Mjk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubelet
+- color: 0052cc
+  default: false
+  description: ""
+  id: 134645591
+  name: area/kubelet-api
+  node_id: MDU6TGFiZWwxMzQ2NDU1OTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/kubelet-api
+- color: 0052cc
+  default: false
+  description: ""
+  id: 148734819
+  name: area/logging
+  node_id: MDU6TGFiZWwxNDg3MzQ4MTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/logging
+- color: 0052cc
+  default: false
+  description: ""
+  id: 148734755
+  name: area/monitoring
+  node_id: MDU6TGFiZWwxNDg3MzQ3NTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/monitoring
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to Network Policy subproject
+  id: 2873200929
+  name: area/network-policy
+  node_id: MDU6TGFiZWwyODczMjAwOTI5
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/network-policy
+- color: 0052cc
+  default: false
+  description: ""
+  id: 381925990
+  name: area/node-e2e
+  node_id: MDU6TGFiZWwzODE5MjU5OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/node-e2e
+- color: 0052cc
+  default: false
+  description: ""
+  id: 567844235
+  name: area/node-lifecycle
+  node_id: MDU6TGFiZWw1Njc4NDQyMzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/node-lifecycle
+- color: 0052cc
+  default: false
+  description: ""
+  id: 140091046
+  name: area/nodecontroller
+  node_id: MDU6TGFiZWwxNDAwOTEwNDY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/nodecontroller
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646924
+  name: area/os/coreos
+  node_id: MDU6TGFiZWwxMzQ2NDY5MjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/os/coreos
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646888
+  name: area/os/fedora
+  node_id: MDU6TGFiZWwxMzQ2NDY4ODg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/os/fedora
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 130317730
+  name: area/os/ubuntu
+  node_id: MDU6TGFiZWwxMzAzMTc3MzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/os/ubuntu
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646230
+  name: area/platform/gce
+  node_id: MDU6TGFiZWwxMzQ2NDYyMzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/platform/gce
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 189591106
+  name: area/platform/mesos
+  node_id: MDU6TGFiZWwxODk1OTExMDY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/platform/mesos
+- color: d4c5f9
+  default: false
+  description: ""
+  id: 134646415
+  name: area/platform/vagrant
+  node_id: MDU6TGFiZWwxMzQ2NDY0MTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/platform/vagrant
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to aws provider
+  id: 852130657
+  name: area/provider/aws
+  node_id: MDU6TGFiZWw4NTIxMzA2NTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/aws
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to azure provider
+  id: 852130786
+  name: area/provider/azure
+  node_id: MDU6TGFiZWw4NTIxMzA3ODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/azure
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to digitalocean provider
+  id: 1946559194
+  name: area/provider/digitalocean
+  node_id: MDU6TGFiZWwxOTQ2NTU5MTk0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/digitalocean
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to gcp provider
+  id: 158907408
+  name: area/provider/gcp
+  node_id: MDU6TGFiZWwxNTg5MDc0MDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/gcp
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to ibmcloud provider
+  id: 884249241
+  name: area/provider/ibmcloud
+  node_id: MDU6TGFiZWw4ODQyNDkyNDE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/ibmcloud
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to openstack provider
+  id: 239914558
+  name: area/provider/openstack
+  node_id: MDU6TGFiZWwyMzk5MTQ1NTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/openstack
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to vmware provider
+  id: 874113778
+  name: area/provider/vmware
+  node_id: MDU6TGFiZWw4NzQxMTM3Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/provider/vmware
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to the Release Engineering subproject
+  id: 268190668
+  name: area/release-eng
+  node_id: MDU6TGFiZWwyNjgxOTA2Njg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/release-eng
+- color: 0052cc
+  default: false
+  description: ""
+  id: 159151142
+  name: area/reliability
+  node_id: MDU6TGFiZWwxNTkxNTExNDI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/reliability
+- color: 0052cc
+  default: false
+  description: ""
+  id: 203010486
+  name: area/rkt
+  node_id: MDU6TGFiZWwyMDMwMTA0ODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/rkt
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483309897
+  name: area/secret-api
+  node_id: MDU6TGFiZWw0ODMzMDk4OTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/secret-api
+- color: d93f0b
+  default: false
+  description: ""
+  id: 116712923
+  name: area/security
+  node_id: MDU6TGFiZWwxMTY3MTI5MjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/security
+- color: 0052cc
+  default: false
+  description: Issues or PRs involving stable metrics
+  id: 3967150925
+  name: area/stable-metrics
+  node_id: LA_kwDOAToIks7sdetN
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/stable-metrics
+- color: 0052cc
+  default: false
+  description: ""
+  id: 353400216
+  name: area/stateful-apps
+  node_id: MDU6TGFiZWwzNTM0MDAyMTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/stateful-apps
+- color: 0052cc
+  default: false
+  description: ""
+  id: 254871849
+  name: area/swagger
+  node_id: MDU6TGFiZWwyNTQ4NzE4NDk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/swagger
+- color: 0052cc
+  default: false
+  description: ""
+  id: 269078649
+  name: area/system-requirement
+  node_id: MDU6TGFiZWwyNjkwNzg2NDk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/system-requirement
+- color: 0052cc
+  default: false
+  description: ""
+  id: 463533491
+  name: area/teardown
+  node_id: MDU6TGFiZWw0NjM1MzM0OTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/teardown
+- color: 0052cc
+  default: false
+  description: ""
+  id: 105152717
+  name: area/test
+  node_id: MDU6TGFiZWwxMDUxNTI3MTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/test
+- color: 0052cc
+  default: false
+  description: ""
+  id: 178071252
+  name: area/test-infra
+  node_id: MDU6TGFiZWwxNzgwNzEyNTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/test-infra
+- color: 0052cc
+  default: false
+  description: ""
+  id: 136601677
+  name: area/ui
+  node_id: MDU6TGFiZWwxMzY2MDE2Nzc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/ui
+- color: 0052cc
+  default: false
+  description: ""
+  id: 192801498
+  name: area/upgrade
+  node_id: MDU6TGFiZWwxOTI4MDE0OTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/upgrade
+- color: 0052cc
+  default: false
+  description: ""
+  id: 134645162
+  name: area/usability
+  node_id: MDU6TGFiZWwxMzQ2NDUxNjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/usability
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483268583
+  name: area/workload-api/cronjob
+  node_id: MDU6TGFiZWw0ODMyNjg1ODM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/cronjob
+- color: 0052cc
+  default: false
+  description: ""
+  id: 410265116
+  name: area/workload-api/daemonset
+  node_id: MDU6TGFiZWw0MTAyNjUxMTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/daemonset
+- color: 0052cc
+  default: false
+  description: ""
+  id: 382474515
+  name: area/workload-api/deployment
+  node_id: MDU6TGFiZWwzODI0NzQ1MTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/deployment
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483268648
+  name: area/workload-api/job
+  node_id: MDU6TGFiZWw0ODMyNjg2NDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/job
+- color: 0052cc
+  default: false
+  description: ""
+  id: 483066283
+  name: area/workload-api/replicaset
+  node_id: MDU6TGFiZWw0ODMwNjYyODM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/area/workload-api/replicaset
+- color: fef2c0
+  default: false
+  description: Indicates a cherry-pick PR into a release branch has been approved
+    by the release branch manager.
+  id: 339502903
+  name: cherry-pick-approved
+  node_id: MDU6TGFiZWwzMzk1MDI5MDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/cherry-pick-approved
+- color: e11d21
+  default: false
+  description: Indicates the PR's author has not signed the CNCF CLA.
+  id: 477397085
+  name: 'cncf-cla: no'
+  node_id: MDU6TGFiZWw0NzczOTcwODU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/cncf-cla:%20no
+- color: bfe5bf
+  default: false
+  description: Indicates the PR's author has signed the CNCF CLA.
+  id: 477397086
+  name: 'cncf-cla: yes'
+  node_id: MDU6TGFiZWw0NzczOTcwODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/cncf-cla:%20yes
+- color: c0ff4a
+  default: false
+  description: Denotes an issue or PR intended to be handled by the code of conduct
+    committee.
+  id: 815657036
+  name: committee/code-of-conduct
+  node_id: MDU6TGFiZWw4MTU2NTcwMzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/committee/code-of-conduct
+- color: c0ff4a
+  default: false
+  description: Denotes an issue or PR intended to be handled by the product security
+    committee.
+  id: 1199275492
+  name: committee/security-response
+  node_id: MDU6TGFiZWwxMTk5Mjc1NDky
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/committee/security-response
+- color: c0ff4a
+  default: false
+  description: Denotes an issue or PR intended to be handled by the steering committee.
+  id: 815656936
+  name: committee/steering
+  node_id: MDU6TGFiZWw4MTU2NTY5MzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/committee/steering
+- color: 0366d6
+  default: false
+  description: Pull requests that update a dependency file
+  id: 2207995975
+  name: dependencies
+  node_id: MDU6TGFiZWwyMjA3OTk1OTc1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/dependencies
+- color: e11d21
+  default: false
+  description: DEPRECATED. Indicates that a PR should not merge. Label can only be
+    manually applied/removed.
+  id: 335674843
+  name: do-not-merge
+  node_id: MDU6TGFiZWwzMzU2NzQ4NDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it touches files in blocked
+    paths.
+  id: 689109191
+  name: do-not-merge/blocked-paths
+  node_id: MDU6TGFiZWw2ODkxMDkxOTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/blocked-paths
+- color: e11d21
+  default: false
+  description: Indicates that a PR is not yet approved to merge into a release branch.
+  id: 680154135
+  name: do-not-merge/cherry-pick-not-approved
+  node_id: MDU6TGFiZWw2ODAxNTQxMzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/cherry-pick-not-approved
+- color: e11d21
+  default: false
+  description: Indicates a PR which contains merge commits.
+  id: 1391972461
+  name: do-not-merge/contains-merge-commits
+  node_id: MDU6TGFiZWwxMzkxOTcyNDYx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/contains-merge-commits
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because someone has issued a /hold
+    command.
+  id: 687565804
+  name: do-not-merge/hold
+  node_id: MDU6TGFiZWw2ODc1NjU4MDQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/hold
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it has an invalid commit
+    message.
+  id: 1322574295
+  name: do-not-merge/invalid-commit-message
+  node_id: MDU6TGFiZWwxMzIyNTc0Mjk1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/invalid-commit-message
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it has an invalid OWNERS
+    file in it.
+  id: 969564572
+  name: do-not-merge/invalid-owners-file
+  node_id: MDU6TGFiZWw5Njk1NjQ1NzI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/invalid-owners-file
+- color: e11d21
+  default: false
+  description: Indicates a PR lacks a `kind/foo` label and requires one.
+  id: 2480789134
+  name: do-not-merge/needs-kind
+  node_id: MDU6TGFiZWwyNDgwNzg5MTM0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/needs-kind
+- color: e11d21
+  default: false
+  description: Indicates an issue or PR lacks a `sig/foo` label and requires one.
+  id: 2480789133
+  name: do-not-merge/needs-sig
+  node_id: MDU6TGFiZWwyNDgwNzg5MTMz
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/needs-sig
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it's missing one of the
+    release note labels.
+  id: 680152113
+  name: do-not-merge/release-note-label-needed
+  node_id: MDU6TGFiZWw2ODAxNTIxMTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/release-note-label-needed
+- color: e11d21
+  default: false
+  description: Indicates that a PR should not merge because it is a work in progress.
+  id: 687500047
+  name: do-not-merge/work-in-progress
+  node_id: MDU6TGFiZWw2ODc1MDAwNDc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/do-not-merge/work-in-progress
+- color: 7057ff
+  default: true
+  description: Denotes an issue ready for a new contributor, according to the "help
+    wanted" guidelines.
+  id: 954672878
+  name: good first issue
+  node_id: MDU6TGFiZWw5NTQ2NzI4Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/good%20first%20issue
+- color: 006b75
+  default: true
+  description: Denotes an issue that needs help from a contributor. Must meet "help
+    wanted" guidelines.
+  id: 433686790
+  name: help wanted
+  node_id: MDU6TGFiZWw0MzM2ODY3OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/help%20wanted
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to adding, removing, or otherwise
+    changing an API
+  id: 261005360
+  name: kind/api-change
+  node_id: MDU6TGFiZWwyNjEwMDUzNjA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/api-change
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a bug.
+  id: 105146071
+  name: kind/bug
+  node_id: MDU6TGFiZWwxMDUxNDYwNzE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/bug
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to cleaning up code, process, or
+    technical debt.
+  id: 122775691
+  name: kind/cleanup
+  node_id: MDU6TGFiZWwxMjI3NzU2OTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/cleanup
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a feature/enhancement marked
+    for deprecation.
+  id: 1740258266
+  name: kind/deprecation
+  node_id: MDU6TGFiZWwxNzQwMjU4MjY2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/deprecation
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to design.
+  id: 114509261
+  name: kind/design
+  node_id: MDU6TGFiZWwxMTQ1MDkyNjE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/design
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to documentation.
+  id: 116801185
+  name: kind/documentation
+  node_id: MDU6TGFiZWwxMTY4MDExODU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/documentation
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a consistently or frequently
+    failing test.
+  id: 496752468
+  name: kind/failing-test
+  node_id: MDU6TGFiZWw0OTY3NTI0Njg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/failing-test
+- color: c7def8
+  default: false
+  description: Categorizes issue or PR as related to a new feature.
+  id: 267761362
+  name: kind/feature
+  node_id: MDU6TGFiZWwyNjc3NjEzNjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/feature
+- color: f7c6c7
+  default: false
+  description: Categorizes issue or PR as related to a flaky test.
+  id: 264749912
+  name: kind/flake
+  node_id: MDU6TGFiZWwyNjQ3NDk5MTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/flake
+- color: e11d21
+  default: false
+  description: Categorizes issue or PR as related to a regression from a prior release.
+  id: 1967276560
+  name: kind/regression
+  node_id: MDU6TGFiZWwxOTY3Mjc2NTYw
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/regression
+- color: d455d0
+  default: false
+  description: Categorizes issue or PR as a support question.
+  id: 130318610
+  name: kind/support
+  node_id: MDU6TGFiZWwxMzAzMTg2MTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/kind/support
+- color: 15dd18
+  default: false
+  description: Indicates that a PR is ready to be merged.
+  id: 148225179
+  name: lgtm
+  node_id: MDU6TGFiZWwxNDgyMjUxNzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lgtm
+- color: 8fc951
+  default: false
+  description: Indicates that an issue or PR is actively being worked on by a contributor.
+  id: 1007207688
+  name: lifecycle/active
+  node_id: MDU6TGFiZWwxMDA3MjA3Njg4
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/active
+- color: d3e2f0
+  default: false
+  description: Indicates that an issue or PR should not be auto-closed due to staleness.
+  id: 778118403
+  name: lifecycle/frozen
+  node_id: MDU6TGFiZWw3NzgxMTg0MDM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/frozen
+- color: "604460"
+  default: false
+  description: Denotes an issue or PR that has aged beyond stale and will be auto-closed.
+  id: 778118402
+  name: lifecycle/rotten
+  node_id: MDU6TGFiZWw3NzgxMTg0MDI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/rotten
+- color: "795548"
+  default: false
+  description: Denotes an issue or PR has remained open with no activity and has become
+    stale.
+  id: 778118404
+  name: lifecycle/stale
+  node_id: MDU6TGFiZWw3NzgxMTg0MDQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/lifecycle/stale
+- color: ededed
+  default: false
+  description: ""
+  id: 711852570
+  name: milestone/incomplete-labels
+  node_id: MDU6TGFiZWw3MTE4NTI1NzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/incomplete-labels
+- color: ededed
+  default: false
+  description: ""
+  id: 711852621
+  name: milestone/needs-approval
+  node_id: MDU6TGFiZWw3MTE4NTI2MjE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/needs-approval
+- color: ededed
+  default: false
+  description: ""
+  id: 680168330
+  name: milestone/needs-attention
+  node_id: MDU6TGFiZWw2ODAxNjgzMzA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/needs-attention
+- color: ededed
+  default: false
+  description: ""
+  id: 687345274
+  name: milestone/removed
+  node_id: MDU6TGFiZWw2ODczNDUyNzQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/milestone/removed
+- color: ededed
+  default: false
+  description: Indicates a PR lacks a `kind/foo` label and requires one.
+  id: 1047217136
+  name: needs-kind
+  node_id: MDU6TGFiZWwxMDQ3MjE3MTM2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-kind
+- color: b60205
+  default: false
+  description: Indicates a PR that requires an org member to verify it is safe to
+    test.
+  id: 573014062
+  name: needs-ok-to-test
+  node_id: MDU6TGFiZWw1NzMwMTQwNjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-ok-to-test
+- color: ededed
+  default: false
+  description: Indicates a PR lacks a `priority/foo` label and requires one.
+  id: 1111992057
+  name: needs-priority
+  node_id: MDU6TGFiZWwxMTExOTkyMDU3
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-priority
+- color: e11d21
+  default: false
+  description: Indicates a PR cannot be merged because it has merge conflicts with
+    HEAD.
+  id: 240247879
+  name: needs-rebase
+  node_id: MDU6TGFiZWwyNDAyNDc4Nzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-rebase
+- color: ededed
+  default: false
+  description: Indicates an issue or PR lacks a `sig/foo` label and requires one.
+  id: 617149945
+  name: needs-sig
+  node_id: MDU6TGFiZWw2MTcxNDk5NDU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-sig
+- color: ededed
+  default: false
+  description: Indicates an issue or PR lacks a `triage/foo` label and requires one.
+  id: 2389815605
+  name: needs-triage
+  node_id: MDU6TGFiZWwyMzg5ODE1NjA1
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/needs-triage
+- color: 0052cc
+  default: false
+  description: Issues or PRs related to CVEs officially announced by Security Response
+    Committee (SRC)
+  id: 3603068678
+  name: official-cve-feed
+  node_id: LA_kwDOAToIks7WwncG
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/official-cve-feed
+- color: 15dd18
+  default: false
+  description: Indicates a non-member PR verified by an org member that is safe to
+    test.
+  id: 1086787260
+  name: ok-to-test
+  node_id: MDU6TGFiZWwxMDg2Nzg3MjYw
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/ok-to-test
+- color: fef2c0
+  default: false
+  description: Lowest priority. Possibly useful, but not yet enough support to actually
+    get it done.
+  id: 149621825
+  name: priority/awaiting-more-evidence
+  node_id: MDU6TGFiZWwxNDk2MjE4MjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/awaiting-more-evidence
+- color: fbca04
+  default: false
+  description: Higher priority than priority/awaiting-more-evidence.
+  id: 114528273
+  name: priority/backlog
+  node_id: MDU6TGFiZWwxMTQ1MjgyNzM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/backlog
+- color: e11d21
+  default: false
+  description: Highest priority. Must be actively worked on as someone's top priority
+    right now.
+  id: 114528068
+  name: priority/critical-urgent
+  node_id: MDU6TGFiZWwxMTQ1MjgwNjg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/critical-urgent
+- color: eb6420
+  default: false
+  description: Important over the long term, but may not be staffed and/or may need
+    multiple releases to complete.
+  id: 496752236
+  name: priority/important-longterm
+  node_id: MDU6TGFiZWw0OTY3NTIyMzY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/important-longterm
+- color: eb6420
+  default: false
+  description: Must be staffed and worked on either currently, or very soon, ideally
+    in time for the next release.
+  id: 114528223
+  name: priority/important-soon
+  node_id: MDU6TGFiZWwxMTQ1MjgyMjM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/priority/important-soon
+- color: d93f0b
+  default: false
+  description: ""
+  id: 435667038
+  name: release-blocker
+  node_id: MDU6TGFiZWw0MzU2NjcwMzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-blocker
+- color: c2e0c6
+  default: false
+  description: Denotes a PR that will be considered when it comes time to generate
+    release notes.
+  id: 200149833
+  name: release-note
+  node_id: MDU6TGFiZWwyMDAxNDk4MzM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-note
+- color: c2e0c6
+  default: false
+  description: Denotes a PR that introduces potentially breaking changes that require
+    user action.
+  id: 354968448
+  name: release-note-action-required
+  node_id: MDU6TGFiZWwzNTQ5Njg0NDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-note-action-required
+- color: c2e0c6
+  default: false
+  description: Denotes a PR that doesn't merit a release note.
+  id: 349530249
+  name: release-note-none
+  node_id: MDU6TGFiZWwzNDk1MzAyNDk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/release-note-none
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG API Machinery.
+  id: 173493835
+  name: sig/api-machinery
+  node_id: MDU6TGFiZWwxNzM0OTM4MzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/api-machinery
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Apps.
+  id: 404091735
+  name: sig/apps
+  node_id: MDU6TGFiZWw0MDQwOTE3MzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/apps
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Architecture.
+  id: 636152047
+  name: sig/architecture
+  node_id: MDU6TGFiZWw2MzYxNTIwNDc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/architecture
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Auth.
+  id: 357119284
+  name: sig/auth
+  node_id: MDU6TGFiZWwzNTcxMTkyODQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/auth
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Autoscaling.
+  id: 238245616
+  name: sig/autoscaling
+  node_id: MDU6TGFiZWwyMzgyNDU2MTY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/autoscaling
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG CLI.
+  id: 450823910
+  name: sig/cli
+  node_id: MDU6TGFiZWw0NTA4MjM5MTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/cli
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Cloud Provider.
+  id: 958178286
+  name: sig/cloud-provider
+  node_id: MDU6TGFiZWw5NTgxNzgyODY=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/cloud-provider
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Cluster Lifecycle.
+  id: 173494222
+  name: sig/cluster-lifecycle
+  node_id: MDU6TGFiZWwxNzM0OTQyMjI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/cluster-lifecycle
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Contributor Experience.
+  id: 261778410
+  name: sig/contributor-experience
+  node_id: MDU6TGFiZWwyNjE3Nzg0MTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/contributor-experience
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Docs.
+  id: 496761699
+  name: sig/docs
+  node_id: MDU6TGFiZWw0OTY3NjE2OTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/docs
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Instrumentation.
+  id: 482207917
+  name: sig/instrumentation
+  node_id: MDU6TGFiZWw0ODIyMDc5MTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/instrumentation
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG K8s Infra.
+  id: 3373472731
+  name: sig/k8s-infra
+  node_id: LA_kwDOAToIks7JExvb
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/k8s-infra
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Multicluster.
+  id: 711861754
+  name: sig/multicluster
+  node_id: MDU6TGFiZWw3MTE4NjE3NTQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/multicluster
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Network.
+  id: 116712108
+  name: sig/network
+  node_id: MDU6TGFiZWwxMTY3MTIxMDg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/network
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Node.
+  id: 173493665
+  name: sig/node
+  node_id: MDU6TGFiZWwxNzM0OTM2NjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/node
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Release.
+  id: 614023989
+  name: sig/release
+  node_id: MDU6TGFiZWw2MTQwMjM5ODk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/release
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Scalability.
+  id: 125010198
+  name: sig/scalability
+  node_id: MDU6TGFiZWwxMjUwMTAxOTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/scalability
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Scheduling.
+  id: 125550211
+  name: sig/scheduling
+  node_id: MDU6TGFiZWwxMjU1NTAyMTE=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/scheduling
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Security.
+  id: 2315011126
+  name: sig/security
+  node_id: MDU6TGFiZWwyMzE1MDExMTI2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/security
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Service Catalog.
+  id: 433740132
+  name: sig/service-catalog
+  node_id: MDU6TGFiZWw0MzM3NDAxMzI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/service-catalog
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Storage.
+  id: 169428334
+  name: sig/storage
+  node_id: MDU6TGFiZWwxNjk0MjgzMzQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/storage
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Testing.
+  id: 483069764
+  name: sig/testing
+  node_id: MDU6TGFiZWw0ODMwNjk3NjQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/testing
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG UI.
+  id: 618574759
+  name: sig/ui
+  node_id: MDU6TGFiZWw2MTg1NzQ3NTk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/ui
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Usability.
+  id: 1476695221
+  name: sig/usability
+  node_id: MDU6TGFiZWwxNDc2Njk1MjIx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/usability
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to SIG Windows.
+  id: 422106010
+  name: sig/windows
+  node_id: MDU6TGFiZWw0MjIxMDYwMTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/sig/windows
+- color: ee9900
+  default: false
+  description: Denotes a PR that changes 100-499 lines, ignoring generated files.
+  id: 253450978
+  name: size/L
+  node_id: MDU6TGFiZWwyNTM0NTA5Nzg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/L
+- color: eebb00
+  default: false
+  description: Denotes a PR that changes 30-99 lines, ignoring generated files.
+  id: 253450934
+  name: size/M
+  node_id: MDU6TGFiZWwyNTM0NTA5MzQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/M
+- color: 77bb00
+  default: false
+  description: Denotes a PR that changes 10-29 lines, ignoring generated files.
+  id: 253450895
+  name: size/S
+  node_id: MDU6TGFiZWwyNTM0NTA4OTU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/S
+- color: ee5500
+  default: false
+  description: Denotes a PR that changes 500-999 lines, ignoring generated files.
+  id: 253451057
+  name: size/XL
+  node_id: MDU6TGFiZWwyNTM0NTEwNTc=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/XL
+- color: "009900"
+  default: false
+  description: Denotes a PR that changes 0-9 lines, ignoring generated files.
+  id: 253450793
+  name: size/XS
+  node_id: MDU6TGFiZWwyNTM0NTA3OTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/XS
+- color: ee0000
+  default: false
+  description: Denotes a PR that changes 1000+ lines, ignoring generated files.
+  id: 253451093
+  name: size/XXL
+  node_id: MDU6TGFiZWwyNTM0NTEwOTM=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/size/XXL
+- color: ededed
+  default: false
+  description: ""
+  id: 1150509281
+  name: status/approved-for-milestone
+  node_id: MDU6TGFiZWwxMTUwNTA5Mjgx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/status/approved-for-milestone
+- color: e11d21
+  default: false
+  description: Denotes an issue that blocks the tide merge queue for a branch while
+    it is open.
+  id: 1313645094
+  name: tide/merge-blocker
+  node_id: MDU6TGFiZWwxMzEzNjQ1MDk0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-blocker
+- color: ffaa00
+  default: false
+  description: Denotes a PR that should use a standard merge by tide when it merges.
+  id: 1299699582
+  name: tide/merge-method-merge
+  node_id: MDU6TGFiZWwxMjk5Njk5NTgy
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-method-merge
+- color: ffaa00
+  default: false
+  description: Denotes a PR that should be rebased by tide when it merges.
+  id: 1299699756
+  name: tide/merge-method-rebase
+  node_id: MDU6TGFiZWwxMjk5Njk5NzU2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-method-rebase
+- color: ffaa00
+  default: false
+  description: Denotes a PR that should be squashed by tide when it merges.
+  id: 1049624783
+  name: tide/merge-method-squash
+  node_id: MDU6TGFiZWwxMDQ5NjI0Nzgz
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/tide/merge-method-squash
+- color: 8fc951
+  default: false
+  description: Indicates an issue or PR is ready to be actively worked on.
+  id: 2389856656
+  name: triage/accepted
+  node_id: MDU6TGFiZWwyMzg5ODU2NjU2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/accepted
+- color: d455d0
+  default: false
+  description: Indicates an issue is a duplicate of other open issue.
+  id: 862108568
+  name: triage/duplicate
+  node_id: MDU6TGFiZWw4NjIxMDg1Njg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/duplicate
+- color: d455d0
+  default: false
+  description: Indicates an issue needs more information in order to work on it.
+  id: 862108635
+  name: triage/needs-information
+  node_id: MDU6TGFiZWw4NjIxMDg2MzU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/needs-information
+- color: d455d0
+  default: false
+  description: Indicates an issue can not be reproduced as described.
+  id: 862108684
+  name: triage/not-reproducible
+  node_id: MDU6TGFiZWw4NjIxMDg2ODQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/not-reproducible
+- color: d455d0
+  default: false
+  description: Indicates an issue that can not or will not be resolved.
+  id: 862108765
+  name: triage/unresolved
+  node_id: MDU6TGFiZWw4NjIxMDg3NjU=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/triage/unresolved
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to ug-big-data.
+  id: 528770718
+  name: ug/big-data
+  node_id: MDU6TGFiZWw1Mjg3NzA3MTg=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/ug/big-data
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to ug-vmware.
+  id: 1596573758
+  name: ug/vmware
+  node_id: MDU6TGFiZWwxNTk2NTczNzU4
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/ug/vmware
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG API Expression.
+  id: 1985744519
+  name: wg/api-expression
+  node_id: MDU6TGFiZWwxOTg1NzQ0NTE5
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/api-expression
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Batch.
+  id: 3984790042
+  name: wg/batch
+  node_id: LA_kwDOAToIks7tgxIa
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/batch
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to wg-cluster-api.
+  id: 971786582
+  name: wg/cluster-api
+  node_id: MDU6TGFiZWw5NzE3ODY1ODI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/cluster-api
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Component Standard.
+  id: 1188415049
+  name: wg/component-standard
+  node_id: MDU6TGFiZWwxMTg4NDE1MDQ5
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/component-standard
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Data Protection.
+  id: 3959367156
+  name: wg/data-protection
+  node_id: LA_kwDOAToIks7r_yX0
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/data-protection
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG IOT Edge.
+  id: 971786579
+  name: wg/iot-edge
+  node_id: MDU6TGFiZWw5NzE3ODY1Nzk=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/iot-edge
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG LTS.
+  id: 1246937041
+  name: wg/lts
+  node_id: MDU6TGFiZWwxMjQ2OTM3MDQx
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/lts
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Machine Learning.
+  id: 971786592
+  name: wg/machine-learning
+  node_id: MDU6TGFiZWw5NzE3ODY1OTI=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/machine-learning
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Multitenancy.
+  id: 971786584
+  name: wg/multitenancy
+  node_id: MDU6TGFiZWw5NzE3ODY1ODQ=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/multitenancy
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Naming.
+  id: 2175214396
+  name: wg/naming
+  node_id: MDU6TGFiZWwyMTc1MjE0Mzk2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/naming
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Policy.
+  id: 971786590
+  name: wg/policy
+  node_id: MDU6TGFiZWw5NzE3ODY1OTA=
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/policy
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Reliability
+  id: 2681759667
+  name: wg/reliability
+  node_id: MDU6TGFiZWwyNjgxNzU5NjY3
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/reliability
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Security Audit.
+  id: 1086787146
+  name: wg/security-audit
+  node_id: MDU6TGFiZWwxMDg2Nzg3MTQ2
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/security-audit
+- color: d2b48c
+  default: false
+  description: Categorizes an issue or PR as relevant to WG Structured Logging.
+  id: 3025055720
+  name: wg/structured-logging
+  node_id: MDU6TGFiZWwzMDI1MDU1NzIw
+  url: https://api.github.com/repos/kubernetes/kubernetes/labels/wg/structured-logging
diff --git a/.github/workflows/auto-assign-issue.yml b/.github/workflows/auto-assign-issue.yml
new file mode 100644
index 0000000..00a865c
--- /dev/null
+++ b/.github/workflows/auto-assign-issue.yml
@@ -0,0 +1,30 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Assign issue to comment author
+on:
+  issue_comment:
+    types: [created]
+jobs:
+  assign-issue:
+    if: contains(github.event.comment.body, '/assign') || contains(github.event.comment.body, '/accept')
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Assign the issue
+        run: |
+          export LETASE_MILESTONES=$(curl "https://api.github.com/repos/$OWNER/$REPO/milestones" | jq -r 'last(.[]).title')
+          gh issue edit ${{ github.event.issue.number }} --add-assignee "${{ github.event.comment.user.login }}"
+          gh issue edit ${{ github.event.issue.number }} --add-label "triage/accepted"
+          gh issue edit ${{ github.event.issue.number }} --milestone "$LETASE_MILESTONES"
+          gh issue comment $ISSUE --body "@${{ github.event.comment.user.login }} Glad to see you accepted this issue🤲, this issue has been assigned to you. <br>I set the milestones for this issue to $LETASE_MILESTONES, we are looking forward to your PR!"
+        env:
+          GH_TOKEN: ${{ secrets.REDBOT_GITHUB_TOKEN }}
+          ISSUE: ${{ github.event.issue.html_url }}
+          OWNER: ${{ github.repository_owner }}
+          REPO: ${{ github.event.repository.name }}
diff --git a/.github/workflows/auto-invite.yml b/.github/workflows/auto-invite.yml
new file mode 100644
index 0000000..f16687a
--- /dev/null
+++ b/.github/workflows/auto-invite.yml
@@ -0,0 +1,50 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Invite users to join our group
+on:
+  issue_comment:
+    types:
+      - created
+jobs:
+  issue_comment:
+    name: Invite users to join our group
+    if: ${{ github.event.comment.body == '/invite' || github.event.comment.body == '/close' || github.event.comment.body == '/comment' }}
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+
+      - name: Invite user to join our group
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          token: "${{ secrets.BOT_GITHUB_TOKEN }}"
+          body: |
+            We value close connections with our users, developers, and contributors here at kubecub. With a large community and maintainer team, we're always here to help and support you. Whether you're looking to join our community or have any questions or suggestions, we welcome you to get in touch with us.
+
+            Our most recommended way to get in touch is through [Slack](https://join.slack.com/t/c-ub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ). Even if you're in China, Slack is usually not blocked by firewalls, making it an easy way to connect with us. Our Slack community is the ideal place to discuss and share ideas and suggestions with other users and developers of kubecub. You can ask technical questions, seek help, or share your experiences with other users of kubecub.
+
+            In addition to Slack, we also offer the following ways to get in touch:
+
+            + <a href="https://join.slack.com/t/kubecub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ" target="_blank"><img src="https://img.shields.io/badge/Slack-automation%2B-blueviolet?logo=slack&amp;logoColor=white"></a> We also have Slack channels for you to communicate and discuss. To join, visit https://slack.com/ and join our [👀 kubecub slack](https://join.slack.com/t/kubecub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ) team channel.
+            + <a href="https://mail.google.com/mail/u/0/?fs=1&tf=cm&to=3293172751nss@gmail.com" target="_blank"><img src="https://img.shields.io/badge/gmail-%40kubecub-blue?style=social&kubecubo=gmail&logo=gmail"></a> Get in touch with us on [📨Gmail: 3293172751nss@gmail.com](mailto:3293172751nss@gmail.com).  If you have any questions or issues that need resolving, or any suggestions and feedback for our open source projects, please feel free to contact us via email.
+            + <a href="nsddd.top" target="_blank"><img src="https://img.shields.io/badge/%E5%8D%9A%E5%AE%A2-%40kubecub-blue?style=social&logo=Octopus%20Deploy&logoColor=red"></a> Read our [🤖kubecub](nsddd.top). Our kubecub is a great place to stay up-to-date with kubecub projects and trends. On the kubecub, we share our latest developments, tech trends, and other interesting information.
+            + <a href="https://twitter.com/xxw3293172751" target="_blank"><img src="https://img.shields.io/badge/twitter-%40kubecub-informational?kubecubo=twitter&style=flat-square&logo=twitter"></a> Add [🕊️Twitter](https://twitter.com/xxw3293172751) . If you prefer social media, our Twitter account is a great way to stay up-to-date with kubecub project news and trends. On Twitter, we share our latest tech and trends, as well as relevant news and events.
+            + <a href="http://sm.nsddd.top/sm0d220ad72063197b9875379403f6c88.jpg" target="_blank"><img src="https://img.shields.io/badge/%E5%BE%AE%E4%BF%A1-smile-brightgreen?kubecubo=wechat&style=flat-square?logo=wechat"></a> Add [📲Wechat](https://img.shields.io/badge/%E5%BE%AE%E4%BF%A1-smile-brightgreen?kubecubo=wechat&style=flat-square) and indicate that you are a user or developer of kubecub. We will process your request as soon as possible.
+
+            Whether you're looking to join our community or have any questions or suggestions, we welcome you to get in touch with us.
+
+      - name: Close Issue
+        uses: peter-evans/close-issue@v3
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          comment: 🤖 Auto-closing issue, if you still need help please reopen the issue or ask for help in the community above
+          labels: |
+            triage/accepted
+          token: "${{ secrets.BOT_GITHUB_TOKEN }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          
diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
new file mode 100644
index 0000000..5473785
--- /dev/null
+++ b/.github/workflows/cla.yml
@@ -0,0 +1,52 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: "OpenIM CLA Assistant"
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened,closed,synchronize]
+
+# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
+permissions:
+  actions: write
+  contents: write
+  pull-requests: write
+  statuses: write
+
+env:
+  # Define Open-IM-Server variables here
+  OPEN_IM_SERVER_REMOTE_ORGANIZATION: openim-sigs
+  REMOTE_REPOSITORY: cla
+  OPEN_IM_SERVER_CLA_DOCUMENT: https://github.com/openim-sigs/cla/blob/main/README.md
+  OPEN_IM_SERVER_SIGNATURES_PATH: signatures/${{ github.event.repository.name }}/cla.json
+
+  OPEN_IM_SERVER_ALLOWLIST: kubbot,bot* 
+
+jobs:
+  CLAAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action@v2.3.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.REDBOT_GITHUB_TOKEN }}
+        with:
+          path-to-signatures: ${{ env.OPEN_IM_SERVER_SIGNATURES_PATH }}
+          path-to-document: ${{ env.OPEN_IM_SERVER_CLA_DOCUMENT }}
+          branch: 'main'
+          allowlist: ${{ env.OPEN_IM_SERVER_ALLOWLIST }}
+
+          remote-organization-name: ${{ env.OPEN_IM_SERVER_REMOTE_ORGANIZATION }}
+          remote-repository-name: ${{ env.REMOTE_REPOSITORY }}
+
+          create-file-commit-message: '📚 Docs: Creating file for storing ${{ github.event.repository.name }} CLA Signatures'
+          custom-notsigned-prcomment: '💕 Thank you for your contribution and please kindly read and sign our [🎯https://github.com/openim-sigs/cla/blob/main/README.md](https://github.com/openim-sigs/cla/blob/main/README.md)'
+          custom-pr-sign-comment: 'I have read the CLA Document and I hereby sign the CLA'
+          custom-allsigned-prcomment: '🤖 All Contributors have signed the [${{ github.event.repository.name }} CLA](https://github.com/openim-sigs/cla/blob/main/README.md).\n 🤖 The signed information is recorded [here](https://github.com/openim-sigs/cla/tree/main/signatures/cla.json)'
+        #   lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
+        #   use-dco-flag: true - If you are using DCO instead of CLA
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..de86c18
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,76 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: "*"
+#   schedule:
+#     - cron: '23 2 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml
new file mode 100644
index 0000000..d77a505
--- /dev/null
+++ b/.github/workflows/create-release-branch.yml
@@ -0,0 +1,47 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Create Release Branch
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+
+jobs:
+  create_release_branch:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Create release branch
+        run: |
+          # Gets the currently pushed tag
+          TAG_NAME=$(echo "${GITHUB_REF}" | sed -e 's,.*/\(.*\),\1,')
+          
+          # Check whether the tag format meets expectations
+          if [[ "${TAG_NAME}" =~ ^v([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
+            MAJOR_VERSION=${BASH_REMATCH[1]}
+            MINOR_VERSION=${BASH_REMATCH[2]}
+            PATCH_VERSION=${BASH_REMATCH[3]}
+            
+            # 检查是否满足创建分支的条件
+            if [[ ${PATCH_VERSION} -eq 0 && ! ${TAG_NAME} =~ [A-Za-z-] ]]; then
+              RELEASE_BRANCH_NAME="release-v${MAJOR_VERSION}.0"
+              
+              # 创建分支
+              git branch "${RELEASE_BRANCH_NAME}" "${TAG_NAME}"
+              git push origin "${RELEASE_BRANCH_NAME}"
+              
+              echo "Created release branch: ${RELEASE_BRANCH_NAME}"
+            else
+              echo "Tag format is invalid or does not meet the conditions. Release branch not created."
+            fi
+          else
+            echo "Tag format is invalid. Release branch not created."
+          fi
diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
new file mode 100644
index 0000000..c3bf7ac
--- /dev/null
+++ b/.github/workflows/cron.yml
@@ -0,0 +1,46 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Daily Build and Push
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: "0 8 * * *"
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Go environment
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.18
+
+      - name: Set up Git
+        run: |
+          git config --global user.name "Your Name"
+          git config --global user.email "your-email@example.com"
+
+      - name: Build
+        run: make build
+
+      - name: Set environment variable
+        run: echo "GITHUB_TOKEN=${{ secrets.BOT_GITHUB_TOKEN }}" >> $GITHUB_ENV
+
+      - name: Execute script
+        run: |
+          export GITHUB_TOKEN="${{ secrets.BOT_GITHUB_TOKEN }}"
+          ./script.sh
+
+      - name: Commit and push changes
+        run: |
+          git add .
+          git commit -m "Daily build"
+          git push
diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
new file mode 100644
index 0000000..bdbbdc5
--- /dev/null
+++ b/.github/workflows/depsreview.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: dependency-review
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+      - uses: actions/dependency-review-action@v3
+        with:
+          allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0
diff --git a/.github/workflows/gpt-translate.yml b/.github/workflows/gpt-translate.yml
new file mode 100644
index 0000000..1382bb3
--- /dev/null
+++ b/.github/workflows/gpt-translate.yml
@@ -0,0 +1,27 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+# .github/workflows/gpt-translate.yml
+name: GPT Translate
+
+on:
+  issue_comment:
+    types: [ created ]
+
+jobs:
+  gpt_translate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run GPT Translate
+        if: |
+          contains(github.event.comment.body, '/gpt-translate') || 
+          contains(github.event.comment.body, '/gt')
+        uses: 3ru/gpt-translate@v1.0
+        with:
+          apikey: ${{ secrets.OPENAI_API_KEY }}
+          token: "${{ secrets.BOT_GITHUB_TOKEN }}"
diff --git a/.github/workflows/grype.yml b/.github/workflows/grype.yml
new file mode 100644
index 0000000..a4e8907
--- /dev/null
+++ b/.github/workflows/grype.yml
@@ -0,0 +1,28 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: "grype"
+
+on:
+  push:
+    branches: ['main']
+    tags: ['v*']
+  pull_request:
+
+jobs:
+  scan-source:
+    name: scan-source
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
+    steps:
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+    - uses: anchore/scan-action@v3
+      with:
+        path: "."
+        fail-build: true
\ No newline at end of file
diff --git a/.github/workflows/help-comment-issue.yml b/.github/workflows/help-comment-issue.yml
new file mode 100644
index 0000000..f4fd59e
--- /dev/null
+++ b/.github/workflows/help-comment-issue.yml
@@ -0,0 +1,24 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Good frist issue add comment
+on:
+  issues:
+    types:
+      - labeled
+jobs:
+  add-comment:
+    if: github.event.label.name == 'help wanted' || github.event.label.name == 'good first issue'
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Add comment
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          body: |
+            This issue is available for anyone to work on. **Make sure to reference this issue in your pull request.** :sparkles: Thank you for your contribution! :sparkles:
+            If you wish to accept this assignment, please leave a comment in the comments section: `/accept`.🎯
diff --git a/.github/workflows/issue-robot.yml b/.github/workflows/issue-robot.yml
new file mode 100644
index 0000000..de6daab
--- /dev/null
+++ b/.github/workflows/issue-robot.yml
@@ -0,0 +1,22 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: 'issue translator'
+on:
+  issue_comment:
+    types: [created]
+  issues:
+    types: [opened]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: usthe/issues-translate-action@v2.7
+        with:
+          # it is not necessary to decide whether you need to modify the issue header content
+          IS_MODIFY_TITLE: true
+          BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          # Required, input your bot github token
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
new file mode 100644
index 0000000..3fc42ad
--- /dev/null
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,18 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Pull request labeler
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.BOT_GITHUB_TOKEN }}"
diff --git a/.github/workflows/link-pr.yml b/.github/workflows/link-pr.yml
new file mode 100644
index 0000000..a5c7d49
--- /dev/null
+++ b/.github/workflows/link-pr.yml
@@ -0,0 +1,49 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Github Rebot for Link check error
+
+on:
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '**.md'
+      - 'docs/**'
+      - '.lycheeignore'
+  push:
+    branches: [ main ]
+
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Link Checker
+        id: lychee
+        uses: lycheeverse/lychee-action@v1.7.0
+        with:
+            # For parameter description, see https://github.com/lycheeverse/lychee#commandline-parameters
+            # Actions Link address -> https://github.com/lycheeverse/lychee-action
+            # -E, --exclude-all-private    Exclude all private IPs from checking.
+            # -i, --insecure               Proceed for server connections considered insecure (invalid TLS)
+            # -n, --no-progress            Do not show progress bar.
+            # -t, --timeout <timeout>      Website timeout in seconds from connect to response finished [default:20]
+            # --max-concurrency <max-concurrency>    Maximum number of concurrent network requests [default: 128]
+            # -a --accept <accept>                      Comma-separated list of accepted status codes for valid links
+            # docs/.vitepress/dist the site directory to check
+            # ./*.md all markdown files in the root directory
+          args: --verbose  -E -i --no-progress --exclude-path './CHANGELOG' './**/*.md'
+        env:
+          GITHUB_TOKEN: ${{secrets.GH_PAT}}
+
+      - name: Create Issue From File
+        if: env.lychee_exit_code != 0
+        uses: peter-evans/create-issue-from-file@v4
+        with:
+          title: Bug reports for links in kubecub docs
+          content-filepath: ./lychee/out.md
+          labels: kind/documentation, triage/unresolved, report
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
new file mode 100644
index 0000000..98e0f66
--- /dev/null
+++ b/.github/workflows/main.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: CI
+on: [push]
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go 1.18
+        uses: actions/setup-go@v1
+        with:
+          go-version: '1.18'
+        id: go
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+      - name: Download modules
+        run: go get -d -v ./...
+      - name: Build
+        run: make build
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..b2a95ce
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,26 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Main Workflow
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.16
+
+    - name: Install go-gitlint
+      run: make tools
+
+    - name: Run githooks
+      run: ./scripts/githooks/commit-msg
diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml
new file mode 100644
index 0000000..cb827c7
--- /dev/null
+++ b/.github/workflows/milestone.yml
@@ -0,0 +1,62 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+# shamelessly copied from https://github.com/sigstore/cosign/blob/main/.github/workflows/milestone.yaml
+
+name: milestone
+
+on:
+  pull_request_target:
+    types: [closed]
+    branches:
+      - main
+
+jobs:
+  milestone:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: none
+      checks: none
+      contents: read
+      deployments: none
+      issues: write
+      packages: none
+      pull-requests: write
+      repository-projects: none
+      security-events: none
+      statuses: none
+
+    steps:
+      - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
+        with:
+          script: |
+            if (!context.payload.pull_request.merged) {
+              console.log('PR was not merged, skipping.');
+              return;
+            }
+
+            if (!!context.payload.pull_request.milestone) {
+              console.log('PR has existing milestone, skipping.');
+              return;
+            }
+
+            milestones = await github.rest.issues.listMilestones({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              sort: 'due_on',
+              direction: 'asc'
+            })
+            if (milestones.data.length === 0) {
+              console.log('There are no milestones, skipping.');
+              return;
+            }
+
+            await github.rest.issues.update({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              milestone: milestones.data[0].number
+            });
\ No newline at end of file
diff --git a/.github/workflows/opencommit.yml b/.github/workflows/opencommit.yml
new file mode 100644
index 0000000..7c6b5ed
--- /dev/null
+++ b/.github/workflows/opencommit.yml
@@ -0,0 +1,43 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: 'OpenCommit Action'
+
+on:
+  push:
+    # this list of branches is often enough,
+    # but you may still ignore other public branches
+    branches-ignore: [main master dev development release]
+
+jobs:
+  opencommit:
+    timeout-minutes: 10
+    name: OpenCommit
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      - name: Setup Node.js Environment
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: di-sukharev/opencommit@github-action-v1.0.4
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+        env:
+          # set openAI api key in repo actions secrets,
+          # for openAI keys go to: https://platform.openai.com/account/api-keys
+          # for repo secret go to: https://github.com/kuebcub/settings/secrets/actions
+          OCO_OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+
+          # customization
+          OCO_OPENAI_MAX_TOKENS: 500
+          OCO_OPENAI_BASE_PATH: ''
+          OCO_DESCRIPTION: false
+          OCO_EMOJI: false
+          OCO_MODEL: gpt-3.5-turbo
+          OCO_LANGUAGE: en
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..198a52e
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,125 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Github labels syncer release
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  packages: write
+  issues: write
+  id-token: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_CLI_EXPERIMENTAL: "enabled"
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Golang with cache
+        uses: magnetikonline/action-golang-cache@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - run: git fetch --force --tags
+      - uses: actions/setup-go@v4
+        with:
+          go-version: stable
+
+      - name: Install Dependencies
+        run: |
+          sudo apt update && sudo apt install -y gcc-aarch64-linux-gnu \
+            libbtrfs-dev libgpgme-dev libdevmapper-dev \
+            qemu-user-static binfmt-support
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.BOT_GITHUB_TOKEN }}
+
+      # More assembly might be required: Docker logins, GPG, etc. It all depends
+      # on your needs.
+      - uses: goreleaser/goreleaser-action@v4
+        with:
+          # either 'goreleaser' (default) or 'goreleaser-pro':
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+
+        env:
+          GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          USERNAME: ${{ github.repository_owner }}
+          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
+
+  gorelease2:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_CLI_EXPERIMENTAL: "enabled"
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          fetch-depth: 0
+      - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1
+        with:
+          version: 3.x
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
+      - uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2
+      - name: setup-snapcraft
+        # FIXME: the mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715
+        run: |
+          sudo apt-get update
+          sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft
+          mkdir -p $HOME/.cache/snapcraft/download
+          mkdir -p $HOME/.cache/snapcraft/stage-packages
+      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4
+        with:
+          go-version: stable
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
+        with:
+          path: |
+            ./_output/dist/*.deb
+            ./_output/dist/*.rpm
+          key: ${{ github.ref }}
+      - uses: sigstore/cosign-installer@v3.1.1
+      - uses: anchore/sbom-action/download-syft@v0.14.3
+      - uses: crazy-max/ghaction-upx@v2
+        with:
+          install-only: true
+      - uses: cachix/install-nix-action@v22
+        with:
+          github_access_token: ${{ secrets.BOT_GITHUB_TOKEN }}
+      - name: dockerhub-login
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: ghcr-login
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.BOT_GITHUB_TOKEN }}
+      - name: snapcraft-login
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: snapcraft login --with <(echo "${{ secrets.SNAPCRAFT_TOKEN }}")
+      - name: goreleaser-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
+        run: task goreleaser
\ No newline at end of file
diff --git a/.github/workflows/script.yml b/.github/workflows/script.yml
new file mode 100644
index 0000000..4a98a66
--- /dev/null
+++ b/.github/workflows/script.yml
@@ -0,0 +1,33 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Execute script and push changes
+
+on:
+  push:
+  schedule:
+    - cron: '0 * * * *' # Runs every hour
+
+env:
+  GITHUB_TOKEN: ${{ secrets.REDBOT_GITHUB_TOKEN }} # Specify your token here
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0  # Fetch all history for all branches and tags.
+
+    - name: Execute script
+      run: |
+        chmod +x ./script.sh
+        ./script.sh
+
+    - name: Commit and push if it has changed 
+      run: |
+        git config --global user.email "3293172751ysy@gmail.com"
+        git config --global user.name "openimbot"
+        git diff --quiet && git diff --staged --quiet || (git add .; git commit -m "Auto update from Github Action"; git push origin main;)
diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml
new file mode 100644
index 0000000..2df2edf
--- /dev/null
+++ b/.github/workflows/setup.yml
@@ -0,0 +1,29 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Setup
+
+on: [push, pull_request]
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Install go-gitlint
+      run: |
+        go install github.com/llorllale/go-gitlint/cmd/go-gitlint@latest
+        mkdir -p ./_output/tools/
+        cp $(go env GOPATH)/bin/go-gitlint ./_output/tools/
+
+    - name: Setup Git hooks
+      run: |
+        cp scripts/githooks/commit-msg .git/hooks/
+        cp scripts/githooks/pre-commit .git/hooks/
+
+    - name: Add files
+      run: git add .
diff --git a/.github/workflows/spell-check.yml b/.github/workflows/spell-check.yml
new file mode 100644
index 0000000..ea6b88c
--- /dev/null
+++ b/.github/workflows/spell-check.yml
@@ -0,0 +1,45 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Test repository spelling check
+on:
+    push:
+        branches:
+          - main
+    pull_request:
+        branches:
+          - main
+    workflow_dispatch:
+
+jobs:
+  run:
+    name: Spell Check with Typos
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Actions Repository
+      uses: actions/checkout@v2
+
+    - name: Check spelling of md
+      uses: crate-ci/typos@master
+      with: 
+        files: 
+            ./CONTIRIBUTING.md
+            ./README.md
+            
+    - name: Use custom config file
+      uses: crate-ci/typos@master
+      with: 
+        files: ./file.txt
+        config: ./myconfig.toml
+
+    - name: Ignore implicit configuration file
+      uses: crate-ci/typos@master
+      with: 
+        files: ./file.txt
+        isolated: true
+
+    - name: Writes changes in the local checkout
+      uses: crate-ci/typos@master
+      with: 
+        write_changes: true
\ No newline at end of file
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 0000000..17ece50
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,38 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '0 8 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.BOT_GITHUB_TOKEN }}
+        days-before-stale: 7
+        days-before-close: 5
+        stale-issue-message: 'This issue is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
+        stale-pr-message: 'This issue is stale because it has been open 7 days with no activity.'
+        close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.'
+        close-pr-message: 'This PR was closed because it has been stalled for 5 days with no activity. You can reopen it if you want.'
+        stale-pr-label: lifecycle/stale
+        stale-issue-label: lifecycle/stale
+        exempt-issue-labels: 'kubecub'
+        exempt-pr-labels: 'kubecub'
+        exempt-draft-pr: true
diff --git a/.github/workflows/sync_labels.yml b/.github/workflows/sync_labels.yml
new file mode 100644
index 0000000..70307fe
--- /dev/null
+++ b/.github/workflows/sync_labels.yml
@@ -0,0 +1,29 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Test Sync labels
+
+on:
+  push:
+    branches:
+      - main
+    # paths:
+    #   - .github/sync_labels.yml
+
+jobs:
+    build:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@1.0.0
+        - name: Github lables pull and synchronize
+          uses: kubecub/comment-lang-detector@main
+          with:
+            manifest: .github/sync_labeler.yml
+            token: ${{ secrets.BOT_GITHUB_TOKEN }}
+            repository: |
+              kubecub/comment-lang-detector
+              kubecub/log
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..0b53454
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,25 @@
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Test Makefile build
+
+on: [push]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      
+      - name: Install dependencies
+        run: sudo apt-get update && sudo apt-get install -y make
+      
+      - name: Build project
+        run: make build
+      
+      - name: Test build artifacts
+        run: |
+          # Add your tests here to check the build artifacts
diff --git a/.github/workflows/typos-check.yml b/.github/workflows/typos-check.yml
new file mode 100644
index 0000000..11bda61
--- /dev/null
+++ b/.github/workflows/typos-check.yml
@@ -0,0 +1,18 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Check for typos
+
+on: [push, pull_request]
+
+jobs:
+  check_typos:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Check for typos
+      run: ./tools/typos ./CONTRIBUTING.md ./README.md
+      working-directory: ./
+
diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml
new file mode 100644
index 0000000..48816c7
--- /dev/null
+++ b/.github/workflows/typos.yml
@@ -0,0 +1,19 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+name: Check for typos
+on: [push, pull_request]
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Check for typos
+      uses: codespell-project/actions-codespell@master
+      with:
+        check_filenames: true
+        skip: .git,*.png,*.jpg
+        ignore_words_file: .github/workflows/codespell_ignore_words.txt
+        paths: ./CONTRIBUTING.md ./README.md
+
diff --git a/.golangci.yml b/.golangci.yml
new file mode 100644
index 0000000..ef7c1f8
--- /dev/null
+++ b/.golangci.yml
@@ -0,0 +1,934 @@
+# Copyright © 2023 OpenIMSDK open source community. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file contains all available configuration options
+# with their default values.
+
+# options for analysis running
+run:
+  # default concurrency is a available CPU number
+  concurrency: 4
+
+  # timeout for analysis, e.g. 30s, 5m, default is 1m
+  timeout: 5m
+
+  # exit code when at least one issue was found, default is 1
+  issues-exit-code: 1
+
+  # include test files or not, default is true
+  tests: true
+
+  # list of build tags, all linters use it. Default is empty list.
+  build-tags:
+    - mytag
+
+  # which dirs to skip: issues from them won't be reported;
+  # can use regexp here: generated.*, regexp is applied on full path;
+  # default value is empty list, but default dirs are skipped independently
+  # from this option's value (see skip-dirs-use-default).
+  # "/" will be replaced by current OS file path separator to properly work
+  # on Windows.
+  skip-dirs:
+    - util
+    - .*~
+    - api/swagger/docs
+    - server/docs
+
+  # default is true. Enables skipping of directories:
+  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  skip-dirs-use-default: true
+
+  # which files to skip: they will be analyzed, but issues from them
+  # won't be reported. Default value is empty list, but there is
+  # no need to include all autogenerated files, we confidently recognize
+  # autogenerated files. If it's not please let us know.
+  # "/" will be replaced by current OS file path separator to properly work
+  # on Windows.
+  skip-files:
+    - ".*\\.my\\.go$"
+    - _test.go
+
+  # by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules":
+  # If invoked with -mod=readonly, the go command is disallowed from the implicit
+  # automatic updating of go.mod described above. Instead, it fails when any changes
+  # to go.mod are needed. This setting is most useful to check that go.mod does
+  # not need updates, such as in a continuous integration and testing system.
+  # If invoked with -mod=vendor, the go command assumes that the vendor
+  # directory holds the correct copies of dependencies and ignores
+  # the dependency descriptions in go.mod.
+  #modules-download-mode: release|readonly|vendor
+
+  # Allow multiple parallel golangci-lint instances running.
+  # If false (default) - golangci-lint acquires file lock on start.
+  allow-parallel-runners: true
+
+
+# output configuration options
+output:
+  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
+  format: colored-line-number
+
+  # print lines of code with issue, default is true
+  print-issued-lines: true
+
+  # print linter name in the end of issue text, default is true
+  print-linter-name: true
+
+  # make issues output unique by line, default is true
+  uniq-by-line: true
+
+  # add a prefix to the output file references; default is no prefix
+  path-prefix: ""
+
+  # sorts results by: filepath, line and column
+  sort-results: true
+
+# all available settings of specific linters
+linters-settings:
+  bidichk:
+    # The following configurations check for all mentioned invisible unicode
+    # runes. It can be omitted because all runes are enabled by default.
+    left-to-right-embedding: true
+    right-to-left-embedding: true
+    pop-directional-formatting: true
+    left-to-right-override: true
+    right-to-left-override: true
+    left-to-right-isolate: true
+    right-to-left-isolate: true
+    first-strong-isolate: true
+    pop-directional-isolate: true
+  dogsled:
+    # checks assignments with too many blank identifiers; default is 2
+    max-blank-identifiers: 2
+  dupl:
+    # tokens count to trigger issue, 150 by default
+    threshold: 100
+  errcheck:
+    # report about not checking of errors in type assertions: `a := b.(MyStruct)`;
+    # default is false: such cases aren't reported by default.
+    check-type-assertions: false
+
+    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
+    # default is false: such cases aren't reported by default.
+    check-blank: false
+
+    # [deprecated] comma-separated list of pairs of the form pkg:regex
+    # the regex is used to ignore names within pkg. (default "fmt:.*").
+    # see https://github.com/kisielk/errcheck#the-deprecated-method for details
+    #ignore: GenMarkdownTree,os:.*,BindPFlags,WriteTo,Help
+    #ignore: (os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv
+
+    # path to a file containing a list of functions to exclude from checking
+    # see https://github.com/kisielk/errcheck#excluding-functions for details
+    #exclude: errcheck.txt
+    
+  errorlint:
+    # Check whether fmt.Errorf uses the %w verb for formatting errors. See the readme for caveats
+    errorf: true
+    # Check for plain type assertions and type switches
+    asserts: true
+    # Check for plain error comparisons
+    comparison: true
+
+  exhaustive:
+    # check switch statements in generated files also
+    check-generated: false
+    # indicates that switch statements are to be considered exhaustive if a
+    # 'default' case is present, even if all enum members aren't listed in the
+    # switch
+    default-signifies-exhaustive: false
+    # enum members matching the supplied regex do not have to be listed in
+    # switch statements to satisfy exhaustiveness
+    ignore-enum-members: ""
+    # consider enums only in package scopes, not in inner scopes
+    package-scope-only: false
+  exhaustivestruct:
+    struct-patterns:
+      - '*.Test'
+      - '*.Test2'
+      - '*.Embedded'
+      - '*.External'
+
+  # forbidigo:
+  #   # Forbid the following identifiers (identifiers are written using regexp):
+  #   forbid:
+  #     - ^print.*$
+  #     - 'fmt\.Print.*'
+  #     - fmt.Println.* # too much log noise
+  #     - ginkgo\\.F.* # these are used just for local development
+  #   # Exclude godoc examples from forbidigo checks.  Default is true.
+  #   exclude_godoc_examples: false
+  funlen:
+    lines: 150
+    statements: 50
+  gci:
+    # put imports beginning with prefix after 3rd-party packages;
+    # only support one prefix
+    # if not set, use goimports.local-prefixes
+    prefix: github.com/OpenIMSDK/OpenKF
+  gocognit:
+    # minimal code complexity to report, 30 by default (but we recommend 10-20)
+    min-complexity: 30
+  goconst:
+    # minimal length of string constant, 3 by default
+    min-len: 3
+    # minimal occurrences count to trigger, 3 by default
+    min-occurrences: 3
+    # ignore test files, false by default
+    ignore-tests: false
+    # look for existing constants matching the values, true by default
+    match-constant: true
+    # search also for duplicated numbers, false by default
+    numbers: false
+    # minimum value, only works with goconst.numbers, 3 by default
+    min: 3
+    # maximum value, only works with goconst.numbers, 3 by default
+    max: 3
+    # ignore when constant is not used as function argument, true by default
+    ignore-calls: true
+
+  gocritic:
+    # Which checks should be enabled; can't be combined with 'disabled-checks';
+    # See https://go-critic.github.io/overview#checks-overview
+    # To check which checks are enabled run `GL_DEBUG=gocritic golangci-lint run`
+    # By default list of stable checks is used.
+    enabled-checks:
+      #- rangeValCopy
+      - nestingreduce
+      - truncatecmp
+      - unnamedresult
+      - ruleguard
+
+    # Which checks should be disabled; can't be combined with 'enabled-checks'; default is empty
+    disabled-checks:
+      - regexpMust
+      - ifElseChain
+      #- exitAfterDefer
+
+    # Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint run` to see all tags and checks.
+    # Empty list by default. See https://github.com/go-critic/go-critic#usage -> section "Tags".
+    enabled-tags:
+      - performance
+    disabled-tags:
+      - experimental
+
+    # Settings passed to gocritic.
+    # The settings key is the name of a supported gocritic checker.
+    # The list of supported checkers can be find in https://go-critic.github.io/overview.
+    settings:
+      captLocal: # must be valid enabled check name
+        # whether to restrict checker to params only (default true)
+        paramsOnly: true
+      elseif:
+        # whether to skip balanced if-else pairs (default true)
+        skipBalanced: true
+      hugeParam:
+        # size in bytes that makes the warning trigger (default 80)
+        sizeThreshold: 80
+      nestingReduce:
+        # min number of statements inside a branch to trigger a warning (default 5)
+        bodyWidth: 5
+      rangeExprCopy:
+        # size in bytes that makes the warning trigger (default 512)
+        sizeThreshold: 512
+        # whether to check test functions (default true)
+        skipTestFuncs: true
+      rangeValCopy:
+        # size in bytes that makes the warning trigger (default 128)
+        sizeThreshold: 32
+        # whether to check test functions (default true)
+        skipTestFuncs: true
+      ruleguard:
+        # path to a gorules file for the ruleguard checker
+        rules: ''
+      truncateCmp:
+        # whether to skip int/uint/uintptr types (default true)
+        skipArchDependent: true
+      underef:
+        # whether to skip (*x).method() calls where x is a pointer receiver (default true)
+        skipRecvDeref: true
+      unnamedResult:
+        # whether to check exported functions
+        checkExported: true
+  gocyclo:
+    # minimal code complexity to report, 30 by default (but we recommend 10-20)
+    min-complexity: 30
+  cyclop:
+    # the maximal code complexity to report
+    max-complexity: 50
+    # the maximal average package complexity. If it's higher than 0.0 (float) the check is enabled (default 0.0)
+    package-average: 0.0
+    # should ignore tests (default false)
+    skip-tests: false
+  godot:
+    # comments to be checked: `declarations`, `toplevel`, or `all`
+    scope: declarations
+    # list of regexps for excluding particular comment lines from check
+    exclude:
+      # example: exclude comments which contain numbers
+      # - '[0-9]+'
+    # check that each sentence starts with a capital letter
+    capital: false
+  godox:
+    # report any comments starting with keywords, this is useful for TODO or FIXME comments that
+    # might be left in the code accidentally and should be resolved before merging
+    keywords: # default keywords are TODO, BUG, and FIXME, these can be overwritten by this setting
+      #- TODO
+      - BUG
+      - FIXME
+      #- NOTE
+      - OPTIMIZE # marks code that should be optimized before merging
+      - HACK # marks hack-arounds that should be removed before merging
+  gofmt:
+    # simplify code: gofmt with `-s` option, true by default
+    simplify: true
+
+  gofumpt:
+    # Select the Go version to target. The default is `1.18`.
+    lang-version: "1.20"
+
+    # Choose whether or not to use the extra rules that are disabled
+    # by default
+    extra-rules: false
+
+  goheader:
+    values:
+      const:
+        # define here const type values in format k:v, for example:
+        # COMPANY: MY COMPANY
+      regexp:
+        # define here regexp type values, for example
+        # AUTHOR: .*@mycompany\.com
+    template: # |-
+      # put here copyright header template for source code files, for example:
+      # Note: {{ YEAR }} is a builtin value that returns the year relative to the current machine time.
+      #
+      # {{ AUTHOR }} {{ COMPANY }} {{ YEAR }}
+      # SPDX-License-Identifier: Apache-2.0
+
+      # Licensed under the Apache License, Version 2.0 (the "License");
+      # you may not use this file except in compliance with the License.
+      # You may obtain a copy of the License at:
+
+      #   http://www.apache.org/licenses/LICENSE-2.0
+
+      # Unless required by applicable law or agreed to in writing, software
+      # distributed under the License is distributed on an "AS IS" BASIS,
+      # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+      # See the License for the specific language governing permissions and
+      # limitations under the License.
+    template-path:
+      # also as alternative of directive 'template' you may put the path to file with the template source
+  goimports:
+    # put imports beginning with prefix after 3rd-party packages;
+    # it's a comma-separated list of prefixes
+    local-prefixes: github.com/OpenIMSDK/OpenKF
+  golint:
+    # minimal confidence for issues, default is 0.8
+    min-confidence: 0.9
+  gomnd:
+    settings:
+      mnd:
+        # the list of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description.
+        checks: argument,case,condition,operation,return,assign
+        # ignored-numbers: 1000
+        # ignored-files: magic_.*.go
+        # ignored-functions: math.*
+  gomoddirectives:
+    # Allow local `replace` directives. Default is false.
+    replace-local: true
+    # List of allowed `replace` directives. Default is empty.
+    replace-allow-list:
+      - google.golang.org/grpc
+
+    # Allow to not explain why the version has been retracted in the `retract` directives. Default is false.
+    retract-allow-no-explanation: false
+    # Forbid the use of the `exclude` directives. Default is false.
+    exclude-forbidden: false
+  gomodguard:
+    allowed:
+      modules:    
+        - gorm.io/gen                                                    # List of allowed modules
+        - gorm.io/gorm
+        - gorm.io/driver/mysql
+        - k8s.io/klog
+        # - gopkg.in/yaml.v2
+      domains:                                                        # List of allowed module domains
+        - google.golang.org
+        - gopkg.in
+        - golang.org
+        - github.com
+        - go.uber.org
+        - go.etcd.io
+    blocked:
+      versions:
+        - github.com/MakeNowJust/heredoc:
+            version: "> 2.0.9"
+            reason: "use the latest version"
+      local_replace_directives: false     # Set to true to raise lint issues for packages that are loaded from a local path via replace directive
+
+  gosec:
+    # To select a subset of rules to run.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    includes:
+      - G401
+      - G306
+      - G101
+    # To specify a set of rules to explicitly exclude.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    excludes:
+      - G204
+    # Exclude generated files
+    exclude-generated: true
+    # Filter out the issues with a lower severity than the given value. Valid options are: low, medium, high.
+    severity: "low"
+    # Filter out the issues with a lower confidence than the given value. Valid options are: low, medium, high.
+    confidence: "low"
+    # To specify the configuration of rules.
+    # The configuration of rules is not fully documented by gosec:
+    # https://github.com/securego/gosec#configuration
+    # https://github.com/securego/gosec/blob/569328eade2ccbad4ce2d0f21ee158ab5356a5cf/rules/rulelist.go#L60-L102
+    config:
+      G306: "0600"
+      G101:
+        pattern: "(?i)example"
+        ignore_entropy: false
+        entropy_threshold: "80.0"
+        per_char_threshold: "3.0"
+        truncate: "32"
+
+  gosimple:
+    # Select the Go version to target. The default is '1.13'.
+    go: "1.20"
+    # https://staticcheck.io/docs/options#checks
+    checks: [ "all" ]
+
+  govet:
+    # report about shadowed variables
+    check-shadowing: true
+
+    # settings per analyzer
+    settings:
+      printf: # analyzer name, run `go tool vet help` to see all analyzers
+        funcs: # run `go tool vet help printf` to see available settings for `printf` analyzer
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
+
+    # enable or disable analyzers by name
+    enable:
+      - atomicalign
+    enable-all: false
+    disable:
+      - shadow
+    disable-all: false
+  # depguard:
+  #   list-type: blacklist
+  #   include-go-root: false
+  #   packages:
+  #     - github.com/Sirupsen/logrus
+  #   packages-with-error-message:
+  #     # specify an error message to output when a blacklisted package is used
+  #     - github.com/Sirupsen/logrus: "logging is allowed only by logutils.Log"
+  ifshort:
+    # Maximum length of variable declaration measured in number of lines, after which linter won't suggest using short syntax.
+    # Has higher priority than max-decl-chars.
+    max-decl-lines: 1
+    # Maximum length of variable declaration measured in number of characters, after which linter won't suggest using short syntax.
+    max-decl-chars: 30
+
+  importas:
+    # if set to `true`, force to use alias.
+    no-unaliased: true
+    # List of aliases
+    alias:
+      # using `servingv1` alias for `knative.dev/serving/pkg/apis/serving/v1` package
+      - pkg: knative.dev/serving/pkg/apis/serving/v1
+        alias: servingv1
+      # using `autoscalingv1alpha1` alias for `knative.dev/serving/pkg/apis/autoscaling/v1alpha1` package
+      - pkg: knative.dev/serving/pkg/apis/autoscaling/v1alpha1
+        alias: autoscalingv1alpha1
+      # You can specify the package path by regular expression,
+      # and alias by regular expression expansion syntax like below.
+      # see https://github.com/julz/importas#use-regular-expression for details
+      - pkg: knative.dev/serving/pkg/apis/(\w+)/(v[\w\d]+)
+        alias: $1$2
+    # using `jwt` alias for `github.com/appleboy/gin-jwt/v2` package
+    jwt: github.com/appleboy/gin-jwt/v2
+
+  ireturn:
+    # ireturn allows using `allow` and `reject` settings at the same time.
+    # Both settings are lists of the keywords and regular expressions matched to interface or package names.
+    # keywords:
+    # - `empty` for `interface{}`
+    # - `error` for errors
+    # - `stdlib` for standard library
+    # - `anon` for anonymous interfaces
+
+    # By default, it allows using errors, empty interfaces, anonymous interfaces,
+    # and interfaces provided by the standard library.
+    allow:
+    - anon
+    - error
+    - empty
+    - stdlib
+    # You can specify idiomatic endings for interface
+    - (or|er)$
+
+    # Reject patterns
+    reject:
+    - github.com\/user\/package\/v4\.Type
+
+  lll:
+    # max line length, lines longer will be reported. Default is 120.
+    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
+    line-length: 240
+    # tab width in spaces. Default to 1.
+    tab-width: 4
+  maligned:
+    # print struct with more effective memory layout or not, false by default
+    suggest-new: true
+  misspell:
+    # Correct spellings using locale preferences for US or UK.
+    # Default is to use a neutral variety of English.
+    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+    locale: US
+    ignore-words:
+      - someword
+  nakedret:
+    # make an issue if func has more lines of code than this setting and it has naked returns; default is 30
+    max-func-lines: 30
+
+  nestif:
+    # minimal complexity of if statements to report, 5 by default
+    min-complexity: 4
+
+  nilnil:
+    # By default, nilnil checks all returned types below.
+    checked-types:
+      - ptr
+      - func
+      - iface
+      - map
+      - chan
+
+  nlreturn:
+    # size of the block (including return statement that is still "OK")
+    # so no return split required.
+    block-size: 1
+
+  nolintlint:
+    # Disable to ensure that all nolint directives actually have an effect. Default is true.
+    allow-unused: false
+    # Disable to ensure that nolint directives don't have a leading space. Default is true.
+    allow-leading-space: true
+    # Exclude following linters from requiring an explanation.  Default is [].
+    allow-no-explanation: [ ]
+    # Enable to require an explanation of nonzero length after each nolint directive. Default is false.
+    require-explanation: false
+    # Enable to require nolint directives to mention the specific linter being suppressed. Default is false.
+    require-specific: true
+
+  prealloc:
+    # XXX: we don't recommend using this linter before doing performance profiling.
+    # For most programs usage of prealloc will be a premature optimization.
+
+    # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them.
+    # True by default.
+    simple: true
+    range-loops: true # Report preallocation suggestions on range loops, true by default
+    for-loops: false # Report preallocation suggestions on for loops, false by default
+
+  promlinter:
+    # Promlinter cannot infer all metrics name in static analysis.
+    # Enable strict mode will also include the errors caused by failing to parse the args.
+    strict: false
+    # Please refer to https://github.com/yeya24/promlinter#usage for detailed usage.
+    disabled-linters:
+    #  - "Help"
+    #  - "MetricUnits"
+    #  - "Counter"
+    #  - "HistogramSummaryReserved"
+    #  - "MetricTypeInName"
+    #  - "ReservedChars"
+    #  - "CamelCase"
+    #  - "lintUnitAbbreviations"
+    
+  predeclared:
+    # comma-separated list of predeclared identifiers to not report on
+    ignore: ""
+    # include method names and field names (i.e., qualified names) in checks
+    q: false
+  rowserrcheck:
+    packages:
+      - github.com/jmoiron/sqlx
+  revive:
+    # see https://github.com/mgechev/revive#available-rules for details.
+    ignore-generated-header: true
+    severity: warning
+    rules:
+      - name: indent-error-flow
+        severity: warning
+  staticcheck:
+    # Select the Go version to target. The default is '1.13'.
+    go: "1.16"
+    # https://staticcheck.io/docs/options#checks
+    checks: [ "all" ]
+
+  stylecheck:
+    # Select the Go version to target. The default is '1.13'.
+    go: "1.16"
+
+    # https://staticcheck.io/docs/options#checks
+    checks: [ "all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022" ]
+    # https://staticcheck.io/docs/options#dot_import_whitelist
+    dot-import-whitelist:
+      - fmt
+    # https://staticcheck.io/docs/options#initialisms
+    initialisms: [ "ACL", "API", "ASCII", "CPU", "CSS", "DNS", "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", "IP", "JSON", "QPS", "RAM", "RPC", "SLA", "SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", "UDP", "UI", "GID", "UID", "UUID", "URI", "URL", "UTF8", "VM", "XML", "XMPP", "XSRF", "XSS" ]
+    # https://staticcheck.io/docs/options#http_status_code_whitelist
+    http-status-code-whitelist: [ "200", "400", "404", "500" ]
+
+
+  tagliatelle:
+    # check the struck tag name case
+    case:
+      # use the struct field name to check the name of the struct tag
+      use-field-name: true
+      rules:
+        # any struct tag type can be used.
+        # support string case: `camel`, `pascal`, `kebab`, `snake`, `goCamel`, `goPascal`, `goKebab`, `goSnake`, `upper`, `lower`
+        json: camel
+        yaml: camel
+        xml: camel
+        bson: camel
+        avro: snake
+        mapstructure: kebab
+
+  testpackage:
+    # regexp pattern to skip files
+    skip-regexp: (id|export|internal)_test\.go
+  thelper:
+    # The following configurations enable all checks. It can be omitted because all checks are enabled by default.
+    # You can enable only required checks deleting unnecessary checks.
+    test:
+      first: true
+      name: true
+      begin: true
+    benchmark:
+      first: true
+      name: true
+      begin: true
+    tb:
+      first: true
+      name: true
+      begin: true
+
+  tenv:
+    # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures.
+    # By default, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked.
+    all: false
+
+  unparam:
+    # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
+    # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
+    # if it's called for subdir of a project it can't find external interfaces. All text editor integrations
+    # with golangci-lint call it on a directory with the changed file.
+    check-exported: false
+  unused:
+    # treat code as a program (not a library) and report unused exported identifiers; default is false.
+    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
+    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
+    # with golangci-lint call it on a directory with the changed file.
+    check-exported: false
+  whitespace:
+    multi-if: false   # Enforces newlines (or comments) after every multi-line if statement
+    multi-func: false # Enforces newlines (or comments) after every multi-line function signature
+
+  wrapcheck:
+    # An array of strings that specify substrings of signatures to ignore.
+    # If this set, it will override the default set of ignored signatures.
+    # See https://github.com/tomarrell/wrapcheck#configuration for more information.
+    ignoreSigs:
+      - .Errorf(
+      - errors.New(
+      - errors.Unwrap(
+      - .Wrap(
+      - .Wrapf(
+      - .WithMessage(
+      - .WithMessagef(
+      - .WithStack(
+    ignorePackageGlobs:
+        - encoding/*
+        - github.com/pkg/*
+
+  wsl:
+    # If true append is only allowed to be cuddled if appending value is
+    # matching variables, fields or types on line above. Default is true.
+    strict-append: true
+    # Allow calls and assignments to be cuddled as long as the lines have any
+    # matching variables, fields or types. Default is true.
+    allow-assign-and-call: true
+    # Allow assignments to be cuddled with anything. Default is false.
+    allow-assign-and-anything: false
+    # Allow multiline assignments to be cuddled. Default is true.
+    allow-multiline-assign: true
+    # Allow declarations (var) to be cuddled.
+    allow-cuddle-declarations: false
+    # Allow trailing comments in ending of blocks
+    allow-trailing-comment: false
+    # Force newlines in end of case at this limit (0 = never).
+    force-case-trailing-whitespace: 0
+    # Force cuddling of err checks with err var assignment
+    force-err-cuddling: false
+    # Allow leading comments to be separated with empty liens
+    allow-separated-leading-comment: false
+  makezero:
+    # Allow only slices initialized with a length of zero. Default is false.
+    always: false
+
+
+  # The custom section can be used to define linter plugins to be loaded at runtime. See README doc
+  #  for more info.
+  #custom:
+    # Each custom linter should have a unique name.
+    #example:
+      # The path to the plugin *.so. Can be absolute or local. Required for each custom linter
+      #path: /path/to/example.so
+      # The description of the linter. Optional, just for documentation purposes.
+      #description: This is an example usage of a plugin linter.
+      # Intended to point to the repo location of the linter. Optional, just for documentation purposes.
+      #original-url: github.com/golangci/example-linter
+
+linters:
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  # enable-all: true
+  disable-all: true
+  enable:
+    - typecheck
+    - asciicheck
+    - bodyclose
+    - cyclop
+    - deadcode
+    # - depguard
+    - dogsled
+    - dupl
+    - durationcheck
+    - errcheck
+    - errorlint
+    - exhaustive
+    - exportloopref
+    # - forbidigo
+    - funlen
+    # - gci
+    # - gochecknoinits
+    - gocognit
+    - goconst
+    - gocyclo
+    - godot
+    - godox
+    - gofmt
+    - gofumpt
+    - goheader
+    - goimports
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - ifshort
+    - importas
+    - ineffassign
+    - lll
+    - makezero
+    - misspell
+    - nakedret
+    - nestif
+    - nilerr
+    - nlreturn
+    - noctx
+    - nolintlint
+    - paralleltest
+    - prealloc
+    - predeclared
+    - promlinter
+    - revive
+    - rowserrcheck
+    - sqlclosecheck
+    - staticcheck
+    - structcheck
+    - stylecheck
+    - thelper
+    - tparallel
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - wastedassign
+    - whitespace
+    - bidichk
+    - wastedassign
+    - golint
+    - execinquery
+    - nosprintfhostport
+    - grouper
+    - decorder
+    - errchkjson
+    - maintidx
+      #- containedctx
+      #- tagliatelle
+      #- nonamedreturns
+      #- nilnil
+      #- tenv
+      #- varnamelen
+      #- contextcheck
+      #- errname
+      #- ForceTypeAssert
+      #- nilassign
+  fast: false
+
+issues:
+  # List of regexps of issue texts to exclude, empty list by default.
+  # But independently from this option we use default exclude patterns,
+  # it can be disabled by `exclude-use-default: false`. To list all
+  # excluded by default patterns execute `golangci-lint run --help`
+  exclude:
+    - tools/.*
+    - test/.*
+    - third_party/.*
+
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - linters:
+      - golint
+      path: (internal/api/.*)\.go # exclude golint for internal/api/... files
+
+    - linters:
+      - revive
+      path: (log/.*)\.go
+
+    - linters:
+      - wrapcheck
+      path: (cmd/.*|pkg/.*)\.go
+
+    - linters:
+      - typecheck
+        #path: (pkg/storage/.*)\.go
+      path: (internal/.*|pkg/.*)\.go
+
+    - path: (cmd/.*|test/.*|tools/.*|internal/pump/pumps/.*)\.go
+      linters:
+        - forbidigo
+
+    - path: (cmd/[a-z]*/.*|store/.*)\.go
+      linters:
+        - dupl
+
+    - linters:
+        - gocritic
+      text: (hugeParam:|rangeValCopy:)
+
+    - path: (cmd/[a-z]*/.*)\.go
+      linters:
+        - lll
+
+    - path: (validator/.*|code/.*|validator/.*|watcher/watcher/.*)
+      linters:
+        - gochecknoinits
+
+    - path: (internal/.*/options|internal/pump|pkg/log/options.go|internal/authzserver|tools/)
+      linters:
+        - tagliatelle
+
+    - path: (pkg/app/.*)\.go
+      linters:
+        - deadcode
+        - unused
+        - varcheck
+        - forbidigo
+
+    # Exclude some staticcheck messages
+    - linters:
+        - staticcheck
+      text: "SA9003:"
+
+    # Exclude lll issues for long lines with go:generate
+    - linters:
+        - lll
+      source: "^//go:generate "
+
+  # Independently from option `exclude` we use default exclude patterns,
+  # it can be disabled by this option. To list all
+  # excluded by default patterns execute `golangci-lint run --help`.
+  # Default value for this option is true.
+  exclude-use-default: true
+
+  # The default value is false. If set to true exclude and exclude-rules
+  # regular expressions become case sensitive.
+  exclude-case-sensitive: false
+
+  # The list of ids of default excludes to include or disable. By default it's empty.
+  include:
+    - EXC0002 # disable excluding of issues about comments from golint
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0
+
+  # Show only new issues: if there are unstaged changes or untracked files,
+  # only those changes are analyzed, else only changes in HEAD~ are analyzed.
+  # It's a super-useful option for integration of golangci-lint into existing
+  # large codebase. It's not practical to fix all existing issues at the moment
+  # of integration: much better don't allow issues in new code.
+  # Default is false.
+  new: false
+
+  # Show only new issues created after git revision `REV`
+  # new-from-rev: REV
+
+  # Show only new issues created in git patch with set file path.
+  #new-from-patch: path/to/patch/file
+
+  # Fix found issues (if it's supported by the linter)
+  fix: true
+
+severity:
+  # Default value is empty string.
+  # Set the default severity for issues. If severity rules are defined and the issues
+  # do not match or no severity is provided to the rule this will be the default
+  # severity applied. Severities should match the supported severity names of the
+  # selected out format.
+  # - Code climate: https://docs.codeclimate.com/docs/issues#issue-severity
+  # -   Checkstyle: https://checkstyle.sourceforge.io/property_types.html#severity
+  # -       Github: https://help.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-error-message
+  default-severity: error
+
+  # The default value is false.
+  # If set to true severity-rules regular expressions become case sensitive.
+  case-sensitive: false
+
+  # Default value is empty list.
+  # When a list of severity rules are provided, severity information will be added to lint
+  # issues. Severity rules have the same filtering capability as exclude rules except you
+  # are allowed to specify one matcher per severity rule.
+  # Only affects out formats that support setting severity information.
+  rules:
+    - linters:
+      - dupl
+      severity: info
\ No newline at end of file
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
new file mode 100644
index 0000000..b262ea0
--- /dev/null
+++ b/.goreleaser.yaml
@@ -0,0 +1,373 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - make clean
+    - make tidy
+    - make copyright-add
+    # you may remove this if you don't need go generate
+    - make generate
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+
+report_sizes: true
+
+# metadata:
+#   mod_timestamp: "{{ .CommitTimestamp }}"
+
+# Default: './dist'
+dist: _output/dist
+
+builds:
+  - binary: syncer
+    id: syncer
+    main: ./cmd/syncer/main.go
+    goos:
+      - windows
+      - darwin
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+      - arm
+      - arm64
+    goarm:
+      - 6
+      - 7
+  - binary: exporter
+    id: exporter
+    main: ./cmd/exporter/main.go
+    goos:
+      - windows
+      - darwin
+      - linux
+      - freebsd
+    goarch:
+      - amd64
+      - 386
+      - arm
+      - arm64
+    goarm:
+      - 6
+      - 7
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    files:
+      - LICENSE
+      - README.md
+      - CHANGELOG/*
+      - docs/*
+      # a more complete example, check the globbing deep dive below
+      - src: "*.md"
+        dst: docs
+
+        # Strip parent folders when adding files to the archive.
+        strip_parent: true
+
+        # File info.
+        # Not all fields are supported by all formats available formats.
+        #
+        # Default: copied from the source file
+        info:
+          # Templates: allowed (since v1.14)
+          owner: root
+
+          # Templates: allowed (since v1.14)
+          group: root
+
+          # Must be in time.RFC3339Nano format.
+          #
+          # Templates: allowed (since v1.14)
+          mtime: "{{ .CommitDate }}"
+
+          # File mode.
+          mode: 0644
+
+    format_overrides:
+    - goos: windows
+      format: zip
+
+nfpms:
+  - id: packages
+    builds:
+      - syncer
+    # Your app's vendor.
+    vendor: kubecub
+    homepage: https://github.com/kubecub/comment-lang-detector
+    maintainer: kubbot <https://github.com/kubbot>
+    description: |-
+      Auto sync github labels
+      Kubecub && cubxxw
+    license: MIT
+    formats:
+      - apk
+      - deb
+      - rpm
+      - termux.deb # Since: v1.11
+      - archlinux # Since: v1.13
+    dependencies:
+      - git
+    recommends:
+      - golang
+
+changelog:
+  sort: asc
+  use: github
+  filters:
+    exclude:
+      - "^test:"
+      - "^chore"
+      - "merge conflict"
+      - Merge pull request
+      - Merge remote-tracking branch
+      - Merge branch
+      - go mod tidy
+  groups:
+    - title: Dependency updates
+      regexp: '^.*?(feat|fix)\(deps\)!?:.+$'
+      order: 300
+    - title: "New Features"
+      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
+      order: 100
+    - title: "Security updates"
+      regexp: '^.*?sec(\([[:word:]]+\))??!?:.+$'
+      order: 150
+    - title: "Bug fixes"
+      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
+      order: 200
+    - title: "Documentation updates"
+      regexp: ^.*?doc(\([[:word:]]+\))??!?:.+$
+      order: 400
+    - title: "Build process updates"
+      regexp: ^.*?build(\([[:word:]]+\))??!?:.+$
+      order: 400
+    - title: Other work
+      order: 9999
+
+# # semantization
+# snapcrafts:
+#   - name_template: "{{ .ProjectName }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+#     summary: sync labels
+#     description: |
+#       sync labels
+#     grade: stable
+#     confinement: classic
+#     publish: true
+
+# sboms:
+  # - artifacts: archive
+
+# signs:
+# - cmd: cosign
+#   stdin: '{{ .Env.COSIGN_PWD }}'
+#   args:
+#   - "sign-blob"
+#   - "--key=cosign.key"
+#   - "--output-signature=${signature}"
+#   - "${artifact}"
+#   - "--yes" # needed on cosign 2.0.0+
+#   artifacts: all
+
+# docker_signs:
+
+
+kos:
+  - repository: ghcr.io/kubecub/syncer
+    id: syncer
+    tags:
+    - '{{.Version}}'
+    - latest
+    bare: true
+    main: ./cmd/syncer/main.go
+    preserve_import_paths: false
+    base_image: alpine
+    platforms:
+    - linux/amd64
+    - linux/arm64
+
+  - repository: ghcr.io/kubecub/exporter
+    id: exporter
+    tags:
+    - '{{.Version}}'
+    - latest
+    bare: true
+    main: ./cmd/exporter/main.go
+    base_image: alpine
+    preserve_import_paths: false
+    platforms:
+    - linux/amd64
+    - linux/arm64
+
+# .goreleaser.yaml
+milestones:
+  # You can have multiple milestone configs
+  -
+    # Repository for the milestone
+    # Default is extracted from the origin remote URL
+    repo:
+      owner: user
+      name: repo
+
+    # Whether to close the milestone
+    close: true
+
+    # Fail release on errors, such as missing milestone.
+    fail_on_error: false
+
+    # Name of the milestone
+    #
+    # Default: '{{ .Tag }}'
+    name_template: "Current Release"
+
+publishers:
+  - name: "fury.io"
+    ids:
+      - packages
+    dir: "{{ dir .ArtifactPath }}"
+    cmd: |
+      bash -c '
+      if [[ "{{ .Tag }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        curl -F package=@{{ .ArtifactName }} https://{{ .Env.FURY_TOKEN }}@push.fury.io/{{ .Env.USERNAME }}/
+      else
+        echo "Skipping deployment: Non-production release detected"
+      fi'
+
+checksum:
+  name_template: "{{ .ProjectName }}_checksums.txt"
+  algorithm: sha256
+
+# dockers:
+#   - use: buildx
+#     ids:
+#       - syncer
+#     goos: linux
+#     goarch: amd64
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-amd64
+#     dockerfile: deploy/syncer/Dockerfile.syncer
+#     build_flag_templates:
+#       - --pull
+#       - --platform=linux/amd64
+#       - --label=io.syncer.image.created={{.Date}}
+#       - --label=io.syncer.image.title=syncer
+#       - --label=io.syncer.image.revision={{.ShortCommit}}
+#       - --label=io.syncer.image.version={{.Tag }}
+#       - --label=io.syncer.image.auth={{ .Env.USERNAME }}
+
+#   - use: buildx
+#     ids:
+#       - syncer
+#     goos: linux
+#     goarch: arm64
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-amd64
+#     dockerfile: docker/syncer/Dockerfile.syncer
+#     build_flag_templates:
+#       - --pull
+#       - --platform=linux/amd64
+#       - --label=io.syncer.image.created={{.Date}}
+#       - --label=io.syncer.image.title=syncer
+#       - --label=io.syncer.image.revision={{.ShortCommit}}
+#       - --label=io.syncer.image.version={{.Tag }}
+#       - --label=io.syncer.image.auth={{ .Env.USERNAME }}
+
+#   - use: buildx
+#     ids:
+#       - exporter
+#     goos: linux
+#     goarch: amd64
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-amd64
+#     dockerfile: deploy/exporter/Dockerfile.exporter
+#     build_flag_templates:
+#       - --pull
+#       - --platform=linux/amd64
+#       - --label=io.exporter.image.created={{.Date}}
+#       - --label=io.exporter.image.title=exporter
+#       - --label=io.exporter.image.revision={{.ShortCommit}}
+#       - --label=io.exporter.image.version={{.Tag }}
+#       - --label=io.exporter.image.auth={{ .Env.USERNAME }}
+
+#   - use: buildx
+#     ids:
+#       - exporter
+#     goos: linux
+#     goarch: arm64
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-arm64
+#     dockerfile: docker/exporter/Dockerfile.exporter
+#     build_flag_templates:
+#       - --pull
+#       - --platform=linux/arm64
+#       - --label=io.exporter.image.created={{.Date}}
+#       - --label=io.exporter.image.title=exporter
+#       - --label=io.exporter.image.revision={{.ShortCommit}}
+#       - --label=io.exporter.image.version={{.Tag }}
+#       - --label=io.exporter.image.auth={{ .Env.USERNAME }}
+
+
+# docker_manifests:
+#   - name_template: ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-amd64
+#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-arm64
+#   - name_template: ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-amd64
+#       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-arm64
+
+#   - name_template: ghcr.io/{{ .Env.USERNAME }}/exporter:latest
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-amd64
+#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-arm64
+#   - name_template: ghcr.io/{{ .Env.USERNAME }}/syncer:latest
+#     image_templates:
+#       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-amd64
+#       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-arm64
+
+# docker_signs:
+#   - cmd: cosign
+#     artifacts: manifests
+#     output: true
+#     args:
+#       - "sign"
+#       - "${artifact}@${digest}"
+#       - --yes
+
+release:
+  footer: |
+    **Full Changelog**: https://github.com/kubecub/goreleaser/compare/{{ .PreviousTag }}...{{ .Tag }}
+
+    ## Helping out
+
+    This release is only possible thanks to **all** the support of some **awesome people**!
+
+    Want to be one of them?
+    You can [sponsor](https://goreleaser.com/sponsors/), get a [Pro License](https://goreleaser.com/pro) or [contribute with code](https://goreleaser.com/contributing).
+
+    ## Where to go next?
+
+    * Find examples and commented usage of all options in our [website](https://goreleaser.com/intro/).
+    * Reach out on [Discord](https://discord.gg/RGEBtg8vQ6) and [Twitter](https://twitter.com/goreleaser)!
+
+    <a href="https://goreleaser.com"><img src="https://raw.githubusercontent.com/goreleaser/artwork/master/opencollective-header.png" with="100%" alt="GoReleaser logo"></a>
diff --git a/.kodiak.toml b/.kodiak.toml
new file mode 100644
index 0000000..8594dfa
--- /dev/null
+++ b/.kodiak.toml
@@ -0,0 +1,3 @@
+# .kodiak.toml
+# Minimal config. version is the only required field.
+version = 1
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..8a89535
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,110 @@
+<a name="unreleased"></a>
+## [Unreleased]
+
+
+<a name="v1.0.0"></a>
+## [v1.0.0] - 2023-07-14
+### Feat
+- add openim and kubecub actions labels sync
+- add openim and kubecub actions labels sync
+- add pr
+
+
+<a name="v2.0.0"></a>
+## [v2.0.0] - 2023-06-29
+### Feat
+- git hub token
+- git hub token
+- git hub token
+- test github labels
+- add tools
+- add tools
+- git hook
+- git hook
+- git hook
+
+### Pull Requests
+- Merge pull request [#63](https://github.com/kubecub/comment-lang-detector/issues/63) from kubecub/feat/test
+
+
+<a name="v1.4.0"></a>
+## [v1.4.0] - 2023-06-25
+### Feat
+- add labels
+- add labels
+- about sync
+
+
+<a name="v1.3.0"></a>
+## [v1.3.0] - 2023-06-25
+### Feat
+- more feature
+- branch save
+- labels sync
+- syncer docker file
+- test labels
+- test labels
+- test labels
+- test labels
+- test labels
+- test labels
+- test labels
+- test labels
+- test labels
+- test labels
+
+### Style
+- catalog design
+
+
+<a name="v1.2.0"></a>
+## [v1.2.0] - 2023-06-20
+### Feat
+- commit the basic code
+- commit the basic code
+
+
+<a name="v1.1.0"></a>
+## [v1.1.0] - 2023-06-20
+
+<a name="list"></a>
+## [list] - 2023-06-20
+### Chore
+- delete issue template
+
+### Feat
+- complete base exporter
+- add labels standard
+- synchronous tag
+- partial optimization
+- make
+- makefile optimization
+- Automatic PR title AI fix
+- spell check
+- optimize makefile
+- add copy addlicense
+- log feature
+
+### Fix
+- sync fix
+
+### Test
+- delele env
+- text opencommit
+
+
+<a name="v1.0.2"></a>
+## [v1.0.2] - 2023-05-22
+
+<a name="v1.0.1"></a>
+## v1.0.1 - 2023-05-22
+
+[Unreleased]: https://github.com/kubecub/comment-lang-detector/compare/v1.0.0...HEAD
+[v1.0.0]: https://github.com/kubecub/comment-lang-detector/compare/v2.0.0...v1.0.0
+[v2.0.0]: https://github.com/kubecub/comment-lang-detector/compare/v1.4.0...v2.0.0
+[v1.4.0]: https://github.com/kubecub/comment-lang-detector/compare/v1.3.0...v1.4.0
+[v1.3.0]: https://github.com/kubecub/comment-lang-detector/compare/v1.2.0...v1.3.0
+[v1.2.0]: https://github.com/kubecub/comment-lang-detector/compare/v1.1.0...v1.2.0
+[v1.1.0]: https://github.com/kubecub/comment-lang-detector/compare/list...v1.1.0
+[list]: https://github.com/kubecub/comment-lang-detector/compare/v1.0.2...list
+[v1.0.2]: https://github.com/kubecub/comment-lang-detector/compare/v1.0.1...v1.0.2
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..b3e260c
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,372 @@
+#  Contributing to comment-lang-detector
+
+So, you want to hack on comment-lang-detector? Yay!
+
+First of all, thank you for considering contributing to our project! We appreciate your time and effort, and we value any contribution, whether it's reporting a bug, suggesting a new feature, or submitting a pull request.
+
+This document provides guidelines and best practices to help you contribute effectively.
+
+## 📇Topics
+
+- [Contributing to comment-lang-detector](#contributing-to-comment-lang-detector)
+  - [📇Topics](#topics)
+  - [What we expect of you](#what-we-expect-of-you)
+  - [Code of ConductCode of Conduct](#code-of-conductcode-of-conduct)
+      - [Code and doc contribution](#code-and-doc-contribution)
+      - [Where should I start?](#where-should-i-start)
+      - [Design documents](#design-documents)
+  - [Getting Started](#getting-started)
+  - [Style and Specification](#style-and-specification)
+      - [Reporting security issues](#reporting-security-issues)
+      - [Reporting general issues](#reporting-general-issues)
+      - [Commit Rules](#commit-rules)
+      - [PR Description](#pr-description)
+      - [Docs Contribution](#docs-contribution)
+  - [Engage to help anything](#engage-to-help-anything)
+  - [Release version](#release-version)
+  - [Contact Us](#contact-us)
+
+## What we expect of you
+
+We hope that anyone can join comment-lang-detector , even if you are a student, writer, translator
+
+Please meet the minimum version of the Go language published in [go.mod](https://github.com/kubecub/comment-lang-detector/tree/main/go.mod). If you want to manage the Go language version, we provide tools to install [gvm](https://github.com/moovweb/gvm) in our [Makefile](./Makefile)
+
+You'd better use Linux OR WSL as the development environment, Linux with [Makefile](./Makefile) can help you quickly build and test comment-lang-detector project.
+
+If you are familiar with [Makefile](./Makefile) , you can easily see the clever design of the comment-lang-detector Makefile. Storing the necessary tools such as golangci in the `/tools` directory can avoid some tool version issues.
+
+The [Makefile](./Makefile) is for every developer, even if you don't know how to use the Makefile tool, don't worry, we provide two great commands to get you up to speed with the Makefile architecture, `make help` and `make help-all`, it can reduce problems of the developing environment.
+
+## Code of ConductCode of Conduct
+
+#### Code and doc contribution
+
+Every action to make project comment-lang-detector better is encouraged. On GitHub, every improvement for comment-lang-detector could be via a [PR](https://github.com/kubecub/comment-lang-detector/pulls) (short for pull request).
+
++ If you find a typo, try to fix it!
++ If you find a bug, try to fix it!
++ If you find some redundant codes, try to remove them!
++ If you find some test cases missing, try to add them!
++ If you could enhance a feature, please **DO NOT** hesitate!
++ If you find code implicit, try to add comments to make it clear!
++ If you find code ugly, try to refactor that!
++ If you can help to improve documents, it could not be better!
++ If you find document incorrect, just do it and fix that!
++ ...
+
+#### Where should I start?
+
++ If you are new to the project, don't know how to contribute comment-lang-detector, please check out the [good first issue](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aopen+label%3A"good+first+issue"+sort%3Aupdated-desc) label.
++ You should be good at filtering the comment-lang-detector issue tags and finding the ones you like, such as [RFC](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+is%3Aopen+RFC+label%3ARFC) for big initiatives, features for [feature](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+label%3Afeature) proposals, and [bug](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+label%3Abug+) fixes.
++ If you are looking for something to work on, check out our [open issues](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc).
++ If you have an idea for a new feature, please [open an issue](https://github.com/kubecub/comment-lang-detector/issues/new/choose), and we can discuss it.
+
+#### Design documents
+
+For any substantial design, there should be a well-crafted design document. This document is not just a simple record, but also a detailed description and manifestation, which can help team members better understand the design thinking and grasp the design direction. In the process of writing the design document, we can choose to use tools such as `Google Docs` or `Notion`, and even mark RFC in [issues](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+is%3Aopen+RFC+label%3ARFC) or [discussions](https://github.com/kubecub/comment-lang-detector/discussions) for better collaboration. Of course, after completing the design document, we should also add it to our [Shared Drive](https://drive.google.com/drive/) and notify the appropriate working group to let everyone know of its existence. Only by doing so can we maximize the effectiveness of the design document and provide strong support for the smooth progress of the project.
+
+Anybody can access the shared Drive for reading. To get access to comment. Once you've done that, head to the [shared Drive](https://drive.google.com/) and behold all the docs.
+
+In addition to that, we'd love to invite you to [join our Slack](https://join.slack.com/t/c-ub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ) where you can play with your imagination, tell us what you're working on, and get a quick response.
+
+When documenting a new design, we recommend a 2-step approach:
+
+1. Use the short-form RFC template to outline your ideas and get early feedback.
+2. Once you have received sufficient feedback and consensus, you may use the longer-form design doc template to specify and discuss your design in more details.
+
+In order to contribute a feature to comment-lang-detector you'll need to go through the following steps:
+
++ Discuss your idea with the appropriate [working groups](https://join.slack.com/t/c-ub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ) on the working group's Slack channel.
++ Once there is general agreement that the feature is useful, create a GitHub issue to track the discussion. The issue should include information about the requirements and use cases that it is trying to address.
++ Include a discussion of the proposed design and technical details of the implementation in the issue.
+
+But keep in mind that there is no guarantee of it being accepted and so it is usually best to get agreement on the idea/design before time is spent coding it. However, sometimes seeing the exact code change can help focus discussions, so the choice is up to you.
+
+## Getting Started
+
+To propose PR for the comment-lang-detector item, we assume you have registered a GitHub ID. Then you could finish the preparation in the following steps:
+
+1. Fork the repository(comment-lang-detector)
+
+2. **CLONE** your own repository to master locally. Use `git clone https://github.com/<your-username>/comment-lang-detector.git` to clone repository to your local machine. Then you can create new branches to finish the change you wish to make.
+
+3. **Set Remote** upstream to be `https://github.com/kubecub/comment-lang-detector.git` using the following two commands:
+
+   ```bash
+   ❯ git remote add upstream https://github.com/kubecub/comment-lang-detector.git
+   ❯ git remote set-url --push upstream no-pushing
+   ```
+
+   With this remote setting, you can check your git remote configuration like this:
+
+   ```bash
+   ❯ git remote -v
+   origin     https://github.com/<your-username>/comment-lang-detector.git (fetch)
+   origin     https://github.com/<your-username>/comment-lang-detector.git (push)
+   upstream   https://github.com/kubecub/comment-lang-detector.git (fetch)
+   upstream   no-pushing (push)
+   ```
+
+   Adding this, we can easily synchronize local branches with upstream branches.
+
+4. Create a new branch for your changes (use a descriptive name, such as `fix-bug-123` or `add-new-feature`).
+
+   ```bash
+   ❯ cd comment-lang-detector
+   ❯ git fetch upstream
+   ❯ git checkout upstream/main
+   ```
+
+   Create a new branch: 
+
+   ```bash
+   ❯ git checkout -b <new-branch>
+   ```
+
+   Make any change on the `new-branch` then use [Makefile](./Makefile) build and test your codes.
+
+5. **Commit your changes** to your local branch, lint before committing and commit with sign-off
+
+   ```bash
+   ❯ git rebase upstream/main
+   ❯ make link	  # golangci-lint run -c .golangci.yml
+   ❯ git add -A  # add changes to staging
+   ❯ git commit -a -s -m "message for your changes" # -s adds a Signed-off-by trailer
+   ```
+
+6. **Push your branch**  to your forked repository, it is recommended to have only one commit for a PR.
+
+   ```bash
+   # sync up with upstream
+   ❯ git fetch upstream main
+   ❯ git rebase upstream/main
+   ❯ 
+   ❯ git rebase -i	<commit-id> # rebase with interactive mode to squash your commits into a single one
+   ❯ git push # push to the remote repository, if it's a first time push, run git push --set-upstream origin <new-branch>
+   ```
+
+   You can also use `git commit -s --amend && git push -f` to update modifications on the previous commit.
+
+   If you have developed multiple features in the same branch, you should create PR separately by rebasing to the main branch between each push:
+
+   ```bash
+   # create new branch, for example git checkout -b feature/infra
+   ❯ git checkout -b <new branch>
+   # update some code, feature1
+   ❯ git add -A
+   ❯ git commit -m -s "feat: feature one"
+   ❯ git push # if it's first time push, run git push --set-upstream origin <new-branch>
+   # then create pull request, and merge
+   # update some new feature, feature2, rebase main branch first.
+   ❯ git rebase upstream/main # rebase the current branch to upstream/main branch
+   ❯ git add -A
+   ❯ git commit -m -s "feat: feature two"
+   # then create pull request, and merge
+   ```
+
+7. **Open a pull request** to `kubecub/comment-lang-detector:main`
+
+   It is recommended to review your changes before filing a pull request. Check if your code doesn't conflict with the main branch and no redundant code is included.
+
+## Style and Specification
+
+We divide the problem into security and general problems:
+
+#### Reporting security issues
+
+Security issues are always treated seriously. As our usual principle, we discourage anyone to spread security issues. If you find a security issue of comment-lang-detector, please do not discuss it in public and even do not open a public issue.
+
+Instead we encourage you to send us a private email to [3293172751nss@gmail.com](mailto:3293172751nss@gmail.com) to report this.
+
+#### Reporting general issues
+
+To be honest, we regard every user of comment-lang-detectoras a very kind contributor. After experiencing comment-lang-detector, you may have some feedback for the project. Then feel free to open an issue via [NEW ISSUE](https://github.com/kubecub/comment-lang-detector/issues/new/choose).
+
+Since we collaborate project comment-lang-detector in a distributed way, we appreciate **WELL-WRITTEN**, **DETAILED**, **EXPLICIT** issue reports. To make the communication more efficient, we wish everyone could search if your issue is an existing one in the searching list. If you find it existing, please add your details in comments under the existing issue instead of opening a brand new one.
+
+To make the issue details as standard as possible, we setup an [ISSUE TEMPLATE](https://github.com/kubecub/.github/tree/main/.github/ISSUE_TEMPLATE) for issue reporters. You can find three kinds of issue templates there: question, bug report and feature request. Please **BE SURE** to follow the instructions to fill fields in template.
+
+**There are a lot of cases when you could open an issue:**
+
++ bug report
++ feature request
++ comment-lang-detector performance issues 
++ feature proposal
++ feature design
++ help wanted
++ doc incomplete
++ test improvement
++ any questions on comment-lang-detector project 
++ and so on 
+
+Also, we must be reminded when submitting a new question about comment-lang-detector, please remember to remove the sensitive data from your post. Sensitive data could be password, secret key, network locations, private business data and so on.
+
+#### Commit Rules
+
+Actually in comment-lang-detector, we take two rules serious when committing:
+
+**🥇 Commit Message:**
+
+Commit message could help reviewers better understand what the purpose of submitted PR is. It could help accelerate the code review procedure as well. We encourage contributors to use **EXPLICIT** commit message rather than ambiguous message. In general, we advocate the following commit message type:
+
+We use [Semantic Commits](https://www.conventionalcommits.org/en/v1.0.0/) to make it easier to understand what a commit does and to build pretty changecomment-lang-detectors. Please use the following prefixes for your commits:
+
++ `docs: xxxx`. For example, "docs: add docs about storage installation".
++ `feature: xxxx`.For example, "feature: make result show in sorted order".
++ `bugfix: xxxx`. For example, "bugfix: fix panic when input nil parameter".
++ `style: xxxx`. For example, "style: format the code style of Constants.java".
++ `refactor: xxxx.` For example, "refactor: simplify to make codes more readable".
++ `test: xxx`. For example, "test: add unit test case for func InsertIntoArray".
++ `chore: xxx.` For example, "chore: integrate travis-ci". It's the type of mantainance change.
++ other readable and explicit expression ways.
+
+On the other side, we discourage contributors from committing message like the following ways:
+
++ ~~fix bug~~
++ ~~update~~
++ ~~add doc~~
+
+**🥈 Commit Content:**
+
+Commit content represents all content changes included in one commit. We had better include things in one single commit which could support reviewer's complete review without any other commits' help.
+
+In another word, contents in one single commit can pass the CI to avoid code mess. In brief, there are two minor rules for us to keep in mind:
+
+1. avoid very large change in a commit.
+2. complete and reviewable for each commit.
+3. words are written in lowercase English, not uppercase English or other languages such as Chinese.
+
+No matter what the commit message, or commit content is, we do take more emphasis on code review.
+
+An example for this could be:
+
+```bash
+❯ git commit -a -s -m "docs: add a new section to the README"
+```
+
+#### PR Description
+
+PR is the only way to make change to comment-lang-detector project files. To help reviewers better get your purpose, PR description could not be too detailed. We encourage contributors to follow the [PR template](https://github.com/kubecub/comment-lang-detector/tree/main/.github/PULL_REQUEST_TEMPLATE.md) to finish the pull request.
+
+You can find some very formal PR in [RFC](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+is%3Aopen+RFC+label%3ARFC) issues and learn about them.
+
+**📖 Opening PRs:**
+
++ As long as you are working on your PR, please mark it as a draft
++ Please make sure that your PR is up-to-date with the latest changes in `main`
++ Mention the issue that your PR is addressing (Fix: #{ID_1}, #{ID_2})
++ Make sure that your PR passes all checks
+
+**🈴 Reviewing PRs:**
+
++ Be respectful and constructive 
++ Assign yourself to the PR 
++ Check if all checks are passing
++ Suggest changes instead of simply commenting on found issues
++ If you are unsure about something, ask the author
++ If you are not sure if the changes work, try them out
++ Reach out to other reviewers if you are unsure about something
++ If you are happy with the changes, approve the PR
++ Merge the PR once it has all approvals and the checks are passing
+
+**⚠️ DCO check:**
+
+We have a DCO check that runs on every pull request to ensure code quality and maintainability. This check verifies that the commit has been signed off, indicating that you have read and agreed to the provisions of the Developer Certificate of Origin. If you have not yet signed off on the commit, you can use the following command to sign off on the last commit you made:
+
+```bash
+❯ git commit --amend --signoff
+```
+
+Please note that signing off on a commit is a commitment that you have read and agreed to the provisions of the Developer Certificate of Origin. If you have not yet read this document, we strongly recommend that you take some time to read it carefully. If you have any questions about the content of this document, or if you need further assistance, please contact an administrator or relevant personnel.
+
+You can also automate signing off your commits by adding the following to your `.zshrc` or `.bashrc`:
+
+```go
+git() {
+  if [ $# -gt 0 ] && [[ "$1" == "commit" ]] ; then
+     shift
+     command git commit --signoff "$@"
+  else
+     command git "$@"
+  fi
+}
+```
+
+
+#### Docs Contribution
+
+The documentation for comment-lang-detector includes:
+
++ [README.md](https://github.com/kubecub/comment-lang-detector/blob/main/README.md): This file includes the basic information and instructions for getting started with comment-lang-detector.
++ [README_zh-CN.md](https://github.com/kubecub/comment-lang-detector/blob/main/README_zh-CN.md): This file includes the basic information and instructions for getting started with OpenIM in Chinese.
++ [CONTRIBUTING.md](https://github.com/kubecub/comment-lang-detector/blob/main/CONTRIBUTING.md): This file contains guidelines for contributing to comment-lang-detector's codebase, such as how to submit issues, pull requests, and code reviews.
++ [Official Documentation](https://nsddd.top): This is the official documentation for comment-lang-detector, which includes comprehensive information on all of its features, configuration options, and troubleshooting tips.
+
+Please obey the following rules to better format the docs, which would greatly improve the reading experience.
+
+1. Please do not use Chinese punctuations in English docs, and vice versa.
+2. Please use upper case letters where applicable, like the first letter of sentences / headings, etc.
+3. Please specify a language for each Markdown code blocks, unless there's no associated languages.
+4. Please insert a whitespace between Chinese and English words.
+5. Please use the correct case for technical terms, such as using `HTTP` instead of http, `MySQL` rather than mysql, `Kubernetes` instead of kubernetes, etc.
+6. Please check if there's any typos in the docs before submitting PRs.
+
+## Engage to help anything
+
+We choose GitHub as the primary place for comment-lang-detector to collaborate. So the latest updates of comment-lang-detector are always here. Although contributions via PR is an explicit way to help, we still call for any other ways.
+
++ reply to other's [issues](https://github.com/kubecub/comment-lang-detector/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc) if you could;
++ help solve other user's problems;
++ help review other's [PR](https://github.com/kubecub/comment-lang-detector/pulls) design; 
++ discuss about comment-lang-detector to make things clearer;
++ advocate [comment-lang-detector](https://google.com/search?q=comment-lang-detector) technocomment-lang-detectory beyond GitHub;
++ write bcomment-lang-detectors on comment-lang-detector and so on.
+
+In a word, **ANY HELP IS CONTRIBUTION.**
+
+## Release version
+
+Releases of comment-lang-detector are done using [Release Please](https://github.com/googleapis/release-please) and [GoReleaser](https://goreleaser.com/). The workflow looks like this:
+
+🎯 A PR is merged to the `main` branch:
+
++ Release please is triggered, creates or updates a new release PR
++ This is done with every merge to main, the current release PR is updated every time
+
+🎯 Merging the 'release please' PR to `main`:
+
++ Release please is triggered, creates a new release and updates the changecomment-lang-detector based on the commit messages
++ GoReleaser is triggered, builds the binaries and attaches them to the release
++ Containers are created and pushed to the container registry
+
+With the next relevant merge, a new release PR will be created and the process starts again
+
+**👀 Manually setting the version:**
+
+If you want to manually set the version, you can create a PR with an empty commit message that contains the version number in the commit message. For example:
+
+Such a commit can get produced as follows: 
+
+````bash
+❯ git commit --allow-empty -m "chore: release 0.0.3" -m "Release-As: 0.0.3
+````
+
+## Contact Us
+
+We value close connections with our users, developers, and contributors here at kubecub. With a large community and maintainer team, we're always here to help and support you. Whether you're looking to join our community or have any questions or suggestions, we welcome you to get in touch with us.
+
+Our most recommended way to get in touch is through [Slack](https://join.slack.com/t/c-ub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ). Even if you're in China, Slack is usually not blocked by firewalls, making it an easy way to connect with us. Our Slack community is the ideal place to discuss and share ideas and suggestions with other users and developers of kubecub. You can ask technical questions, seek help, or share your experiences with other users of kubecub.
+
+In addition to Slack, we also offer the following ways to get in touch:
+
++ <a href="https://join.slack.com/t/kubecub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ" target="_blank"><img src="https://img.shields.io/badge/Slack-automation%2B-blueviolet?logo=slack&amp;logoColor=white"></a> We also have Slack channels for you to communicate and discuss. To join, visit https://slack.com/ and join our [👀 kubecub slack](https://join.slack.com/t/kubecub/shared_invite/zt-1se0k2bae-lkYzz0_T~BYh3rjkvlcUqQ) team channel.
++ <a href="https://mail.google.com/mail/u/0/?fs=1&tf=cm&to=3293172751nss@gmail.com" target="_blank"><img src="https://img.shields.io/badge/gmail-%40kubecub-blue?style=social&kubecubo=gmail&logo=gmail"></a> Get in touch with us on [📨Gmail: 3293172751nss@gmail.com](mailto:3293172751nss@gmail.com).  If you have any questions or issues that need resolving, or any suggestions and feedback for our open source projects, please feel free to contact us via email.
++ <a href="https://nsddd.top" target="_blank"><img src="https://img.shields.io/badge/%E5%8D%9A%E5%AE%A2-%40kubecub-blue?style=social&logo=Octopus%20Deploy&logoColor=red"></a> Read our [🤖kubecub](https://nsddd.top). Our kubecub is a great place to stay up-to-date with kubecub projects and trends. On the kubecub, we share our latest developments, tech trends, and other interesting information.
++ <a href="https://twitter.com/xxw3293172751" target="_blank"><img src="https://img.shields.io/badge/twitter-%40kubecub-informational?kubecubo=twitter&style=flat-square&logo=twitter"></a> Add [🕊️Twitter](https://twitter.com/xxw3293172751) . If you prefer social media, our Twitter account is a great way to stay up-to-date with kubecub project news and trends. On Twitter, we share our latest tech and trends, as well as relevant news and events.
++ <a href="http://sm.nsddd.top/sm0d220ad72063197b9875379403f6c88.jpg" target="_blank"><img src="https://img.shields.io/badge/%E5%BE%AE%E4%BF%A1-smile-brightgreen?kubecubo=wechat&style=flat-square?logo=wechat"></a> Add [📲Wechat](https://img.shields.io/badge/%E5%BE%AE%E4%BF%A1-smile-brightgreen?kubecubo=wechat&style=flat-square) and indicate that you are a user or developer of kubecub. We will process your request as soon as possible.
+
+Whether you're looking to join our community or have any questions or suggestions, we welcome you to get in touch with us.
+
+> **Note**
+> This is not a private repository, kubecub's purpose is to help more people learn and progress. The sponsorship and contribution of kubecub will be open and transparent, and all the sponsorship proceeds will be used for good causes.
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a9445a2
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+FROM golang AS build
+ENV GOPROXY=https://goproxy.cn
+
+WORKDIR /go/src/app
+
+COPY . /go/src/app
+
+# RUN go build -o /go/bin/app cmd/exporter/main.go
+RUN make build
+
+FROM alpine
+COPY --from=build /go/bin/app/_output /
+CMD ["/app"]
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a870e74
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,485 @@
+# Copyright 2023 KubeCub. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+###################################=> common commands <=#############################################
+# ========================== Capture Environment ===============================
+# get the repo root and output path
+ROOT_PACKAGE=github.com/kubecub/comment-lang-detector
+OUT_DIR=$(REPO_ROOT)/_output
+# ==============================================================================
+
+# define the default goal
+#
+
+SHELL := /bin/bash
+DIRS=$(shell ls)
+GO=go
+
+.DEFAULT_GOAL := help
+
+# include the common makefile
+COMMON_SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
+# ROOT_DIR: root directory of the code base
+ifeq ($(origin ROOT_DIR),undefined)
+ROOT_DIR := $(abspath $(shell cd $(COMMON_SELF_DIR)/. && pwd -P))
+endif
+# OUTPUT_DIR: The directory where the build output is stored.
+ifeq ($(origin OUTPUT_DIR),undefined)
+OUTPUT_DIR := $(ROOT_DIR)/_output
+$(shell mkdir -p $(OUTPUT_DIR))
+endif
+
+# BIN_DIR: The directory where the build output is stored.
+ifeq ($(origin BIN_DIR),undefined)
+BIN_DIR := $(OUTPUT_DIR)/bin
+$(shell mkdir -p $(BIN_DIR))
+endif
+
+ifeq ($(origin TOOLS_DIR),undefined)
+TOOLS_DIR := $(OUTPUT_DIR)/tools
+$(shell mkdir -p $(TOOLS_DIR))
+endif
+
+ifeq ($(origin TMP_DIR),undefined)
+TMP_DIR := $(OUTPUT_DIR)/tmp
+$(shell mkdir -p $(TMP_DIR))
+endif
+
+ifeq ($(origin VERSION), undefined)
+VERSION := $(shell git describe --tags --always --match="v*" --dirty | sed 's/-/./g')	#v2.3.3.631.g00abdc9b.dirty
+endif
+
+# Check if the tree is dirty. default to dirty(maybe u should commit?)
+GIT_TREE_STATE:="dirty"
+ifeq (, $(shell git status --porcelain 2>/dev/null))
+	GIT_TREE_STATE="clean"
+endif
+GIT_COMMIT:=$(shell git rev-parse HEAD)
+
+IMG ?= ghcr.io/kubecub/comment-lang-detector:latest
+
+BUILDFILE = "./main.go"
+BUILDAPP = "$(OUTPUT_DIR)/"
+
+# Define the directory you want to copyright
+CODE_DIRS := $(ROOT_DIR)/ #$(ROOT_DIR)/pkg $(ROOT_DIR)/core $(ROOT_DIR)/integrationtest $(ROOT_DIR)/lib $(ROOT_DIR)/mock $(ROOT_DIR)/db $(ROOT_DIR)/openapi
+FINDS := find $(CODE_DIRS)
+
+ifndef V
+MAKEFLAGS += --no-print-directory
+endif
+
+# The OS must be linux when building docker images
+PLATFORMS ?= linux_amd64 linux_arm64
+# The OS can be linux/windows/darwin when building binaries
+# PLATFORMS ?= darwin_amd64 windows_amd64 linux_amd64 linux_arm64
+
+# Set a specific PLATFORM
+ifeq ($(origin PLATFORM), undefined)
+	ifeq ($(origin GOOS), undefined)
+		GOOS := $(shell go env GOOS)
+	endif
+	ifeq ($(origin GOARCH), undefined)
+		GOARCH := $(shell go env GOARCH)
+	endif
+	PLATFORM := $(GOOS)_$(GOARCH)
+	# Use linux as the default OS when building images
+	IMAGE_PLAT := linux_$(GOARCH)
+else
+	GOOS := $(word 1, $(subst _, ,$(PLATFORM)))
+	GOARCH := $(word 2, $(subst _, ,$(PLATFORM)))
+	IMAGE_PLAT := $(PLATFORM)
+endif
+
+# Copy githook scripts when execute makefile
+# TODO! GIT_FILE_SIZE_LIMIT=42000000 git commit -m "This commit is allowed file sizes up to 42MB"
+COPY_GITHOOK:=$(shell cp -f scripts/githooks/* .git/hooks/; chmod +x .git/hooks/*)
+
+# Linux command settings
+FIND := find . ! -path './image/*' ! -path './vendor/*' ! -path './bin/*'
+XARGS := xargs -r
+
+# ==============================================================================
+# TODO: License selection
+LICENSE_TEMPLATE ?= $(ROOT_DIR)/scripts/LICENSE/license_templates.txt	# MIT License
+# LICENSE_TEMPLATE ?= $(ROOT_DIR)/scripts/LICENSE/LICENSE_TEMPLATES  # Apache License
+
+# COMMA: Concatenate multiple strings to form a list of strings
+COMMA := ,
+# SPACE: Used to separate strings
+SPACE :=
+# SPACE: Replace multiple consecutive Spaces with a single space
+SPACE +=
+
+# ==============================================================================
+# Build definition
+
+GO_SUPPORTED_VERSIONS ?= 1.19|1.20|1.21|1.22|1.23
+GO_LDFLAGS += -X $(VERSION_PACKAGE).GitVersion=$(VERSION) \
+	-X $(VERSION_PACKAGE).GitCommit=$(GIT_COMMIT) \
+	-X $(VERSION_PACKAGE).GitTreeState=$(GIT_TREE_STATE) \
+	-X $(VERSION_PACKAGE).BuildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
+ifneq ($(DLV),)
+	GO_BUILD_FLAGS += -gcflags "all=-N -l"
+	LDFLAGS = ""
+endif
+GO_BUILD_FLAGS += -ldflags "$(GO_LDFLAGS)"
+
+ifeq ($(GOOS),windows)
+	GO_OUT_EXT := .exe
+endif
+
+ifeq ($(ROOT_PACKAGE),)
+	$(error the variable ROOT_PACKAGE must be set prior to including golang.mk)
+endif
+
+GOPATH := $(shell go env GOPATH)
+ifeq ($(origin GOBIN), undefined)
+	GOBIN := $(GOPATH)/bin
+endif
+
+COMMANDS ?= $(filter-out %.md, $(wildcard ${ROOT_DIR}/cmd/*))
+BINS ?= $(foreach cmd,${COMMANDS},$(notdir ${cmd}))
+
+ifeq (${COMMANDS},)
+  $(error Could not determine COMMANDS, set ROOT_DIR or run in source dir)
+endif
+ifeq (${BINS},)
+  $(error Could not determine BINS, set ROOT_DIR or run in source dir)
+endif
+
+EXCLUDE_TESTS=github.com/kubecub/comment-lang-detector/test
+
+# ==============================================================================
+# Build
+
+## all: Build all the necessary targets.
+.PHONY: all
+all: copyright-verify build # tidy lint cover
+## build: Build binaries by default.
+
+.PHONY: build
+build: go.build.verify $(addprefix go.build., $(addprefix $(PLATFORM)., $(BINS)))
+
+.PHONY: build.%
+build.%:
+	@echo "$(shell go version)"
+	@echo "===========> Building binary $(BUILDAPP) *[Git Info]: $(VERSION)-$(GIT_COMMIT)"
+	@export CGO_ENABLED=0 && GOOS=linux go build -o $(BUILDAPP)/$*/ -ldflags '-s -w' $*/example/$(BUILDFILE)
+
+.PHONY: go.build.verify
+go.build.verify:
+ifneq ($(shell $(GO) version | grep -q -E '\bgo($(GO_SUPPORTED_VERSIONS))\b' && echo 0 || echo 1), 0)
+	$(error unsupported go version. Please make install one of the following supported version: '$(GO_SUPPORTED_VERSIONS)')
+endif
+
+## go.build: Build the binary file of the specified platform.
+.PHONY: go.build.%
+go.build.%:
+	$(eval COMMAND := $(word 2,$(subst ., ,$*)))
+	$(eval PLATFORM := $(word 1,$(subst ., ,$*)))
+	$(eval OS := $(word 1,$(subst _, ,$(PLATFORM))))
+	$(eval ARCH := $(word 2,$(subst _, ,$(PLATFORM))))
+	@echo "=====> COMMAND=$(COMMAND)"
+	@echo "=====> PLATFORM=$(PLATFORM)"
+	@echo "=====> BIN_DIR=$(BIN_DIR)"
+	@echo "===========> Building binary $(COMMAND) $(VERSION) for $(OS)_$(ARCH)"
+	@mkdir -p $(BIN_DIR)/platforms/$(OS)/$(ARCH)
+	@CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) $(GO) build $(GO_BUILD_FLAGS) -o $(BIN_DIR)/platforms/$(OS)/$(ARCH)/$(COMMAND)$(GO_OUT_EXT) $(ROOT_PACKAGE)/cmd/$(COMMAND)
+
+## build-multiarch: Build binaries for multiple platforms.
+.PHONY: build-multiarch
+build-multiarch: go.build.verify $(foreach p,$(PLATFORMS),$(addprefix go.build., $(addprefix $(p)., $(BINS))))
+# ==============================================================================
+# Targets
+.PHONY: release
+release: release.verify release.ensure-tag
+	@scripts/release.sh
+
+.PHONY: install.gsemver
+release.verify: install.git-chglog install.github-release install.coscmd
+
+.PHONY: release.tag
+release.tag: install.gsemver release.ensure-tag
+	@git push origin `git describe --tags --abbrev=0`
+
+.PHONY: release.ensure-tag
+release.ensure-tag: install.gsemver
+	@scripts/ensure_tag.sh
+
+## tidy: tidy go.mod
+.PHONY: tidy
+tidy:
+	@$(GO) mod tidy
+
+## style: Code style -> fmt,vet,lint
+.PHONY: style
+style: fmt vet lint
+
+## fmt: Run go fmt against code.
+.PHONY: fmt
+fmt:
+	@$(GO) fmt ./...
+
+## vet: Run go vet against code.
+.PHONY: vet
+vet:
+	@$(GO) vet ./...
+
+## generate: Run go generate against code.
+.PHONY: generate
+generate:
+	@$(GO) generate ./...
+
+## lint: Run go lint against code.
+.PHONY: lint
+lint:
+	@echo "===========> Run golangci to lint source codes"
+	@golangci-lint run -c $(ROOT_DIR)/.golangci.yml $(ROOT_DIR)/...
+
+## test: Run unit test
+.PHONY: test
+test: 
+	@$(GO) test ./... 
+
+## cover: Run unit test with coverage.
+.PHONY: cover
+cover: test
+	@$(GO) test -cover
+
+## docker-build: Build docker image with the manager.
+.PHONY: docker-build
+docker-build: test
+	docker build -t ${IMG} .
+
+## docker-push: Push docker image with the manager.
+.PHONY: docker-push
+docker-push:
+	docker push ${IMG}
+
+## docker-buildx-push: Push docker image with the manager using buildx.
+.PHONY: docker-buildx-push
+docker-buildx-push:
+	docker buildx build --platform linux/arm64,linux/amd64 -t ${IMG} . --push
+
+## copyright-verify: Validate boilerplate headers for assign files.
+.PHONY: copyright-verify
+copyright-verify: tools.verify.addlicense copyright-add
+	@echo "===========> Validate boilerplate headers for assign files starting in the $(ROOT_DIR) directory"
+	@$(TOOLS_DIR)/addlicense -v -check -ignore **/test/** -f $(LICENSE_TEMPLATE) $(CODE_DIRS)
+	@echo "===========> End of boilerplate headers check..."
+
+## copyright-add: Add the boilerplate headers for all files.
+.PHONY: copyright-add
+copyright-add: tools.verify.addlicense
+	@echo "===========> Adding $(LICENSE_TEMPLATE) the boilerplate headers for all files"
+	@$(TOOLS_DIR)/addlicense -y $(shell date +"%Y") -v -c "KubeCub open source community." -f $(LICENSE_TEMPLATE) $(CODE_DIRS)
+	@echo "===========> End the copyright is added..."
+
+## clean: Clean all builds.
+.PHONY: clean
+clean:
+	@echo "===========> Cleaning all builds TMP_DIR($(TMP_DIR)) AND BIN_DIR($(BIN_DIR))"
+	@-rm -vrf $(TMP_DIR) $(BIN_DIR)
+	@echo "===========> End clean..."
+
+## help: Show this help info.
+.PHONY: help
+help: Makefile
+	@printf "\n\033[1mUsage: make <TARGETS> ...\033[0m\n\n\\033[1mTargets:\\033[0m\n\n"
+	@sed -n 's/^##//p' $< | awk -F':' '{printf "\033[36m%-28s\033[0m %s\n", $$1, $$2}' | sed -e 's/^/ /'
+	
+######################################=> common tools<= ############################################
+# tools
+
+BUILD_TOOLS ?= go-gitlint golangci-lint goimports addlicense deepcopy-gen conversion-gen ginkgo go-junit-report 
+
+## tools: Install a must tools
+.PHONY: tools
+tools: $(addprefix tools.verify., $(BUILD_TOOLS))
+
+## tools.verify.%: Check if a tool is installed and install it
+.PHONY: tools.verify.%
+tools.verify.%:
+	@echo "===========> Verifying $* is installed"
+	@if [ ! -f $(TOOLS_DIR)/$* ]; then GOBIN=$(TOOLS_DIR) $(MAKE) tools.install.$*; fi
+	@echo "===========> $* is install in $(TOOLS_DIR)/$*"
+
+## tools.install.%: Install a single tool in $GOBIN/
+.PHONY: tools.install.%
+tools.install.%:
+	@echo "===========> Installing $,The default installation path is $(GOBIN)/$*"
+	@$(MAKE) install.$*
+
+## install: Install all tools
+.PHONY: install.golangci-lint
+install.golangci-lint:
+	@$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+
+## install.goimports: Install goimports, used to format go source files
+.PHONY: install.goimports
+install.goimports:
+	@$(GO) install golang.org/x/tools/cmd/goimports@latest
+
+## install.addlicense: Install addlicense, used to add license header to source files
+.PHONY: install.addlicense
+install.addlicense:
+	@$(GO) install github.com/google/addlicense@latest
+
+## install.deepcopy-gen: Install deepcopy-gen, used to generate deepcopy functions
+.PHONY: install.deepcopy-gen
+install.deepcopy-gen:
+	@$(GO) install k8s.io/code-generator/cmd/deepcopy-gen@latest
+
+## install.conversion-gen: Install conversion-gen, used to generate conversion functions
+.PHONY: install.conversion-gen
+install.conversion-gen:
+	@$(GO) install k8s.io/code-generator/cmd/conversion-gen@latest
+
+## install.ginkgo: Install ginkgo, used to run go tests
+.PHONY: install.ginkgo
+install.ginkgo:
+	@$(GO) install github.com/onsi/ginkgo/ginkgo@v1.16.2
+
+## install.go-junit-report: Install go-junit-report, used to generate junit report
+.PHONY: install.go-gitlint
+# wget -P _output/tools/ https://openim-1306374445.cos.ap-guangzhou.myqcloud.com/openim/tools/go-gitlint
+# go install github.com/antham/go-gitlint/cmd/gitlint@latest
+install.go-gitlint:
+	@wget -q https://openim-1306374445.cos.ap-guangzhou.myqcloud.com/openim/tools/go-gitlint -O ${TOOLS_DIR}/go-gitlint
+	@chmod +x ${TOOLS_DIR}/go-gitlint
+
+## install.go-junit-report: Install go-junit-report, used to generate junit report
+.PHONY: install.go-junit-report
+install.go-junit-report:
+	@$(GO) install github.com/jstemmer/go-junit-report@latest
+
+# ==============================================================================
+# Tools that might be used include go gvm, cos
+#
+
+## install.kube-score: Install kube-score, used to check kubernetes yaml files
+.PHONY: install.kube-score
+install.kube-score:
+	@$(GO) install github.com/zegl/kube-score/cmd/kube-score@latest
+
+## install.kubeconform: Install kubeconform, used to check kubernetes yaml files
+.PHONY: install.kubeconform
+install.kubeconform:
+	@$(GO) install github.com/yannh/kubeconform/cmd/kubeconform@latest
+
+## install.gsemver: Install gsemver, used to generate semver
+.PHONY: install.gsemver
+install.gsemver:
+	@$(GO) install github.com/arnaud-deprez/gsemver@latest
+
+## install.git-chglog: Install git-chglog, used to generate changelog
+.PHONY: install.git-chglog
+install.git-chglog:
+	@$(GO) install github.com/git-chglog/git-chglog/cmd/git-chglog@latest
+
+## install.github-release: Install github-release, used to create github release
+.PHONY: install.github-release
+install.github-release:
+	@$(GO) install github.com/github-release/github-release@latest
+
+## install.coscli: Install coscli, used to upload files to cos
+# example: ./coscli  cp/sync -r /root/workspaces/kubecub/comment-lang-detector/ cos://kubecub-1306374445/code/ -e cos.ap-hongkong.myqcloud.com
+# https://cloud.tencent.com/document/product/436/71763
+# kubecub/*
+# - code/
+# - docs/
+# - images/
+# - scripts/
+.PHONY: install.coscli
+install.coscli:
+	@wget -q https://github.com/tencentyun/coscli/releases/download/v0.13.0-beta/coscli-linux -O ${TOOLS_DIR}/coscli
+	@chmod +x ${TOOLS_DIR}/coscli
+
+## install.coscmd: Install coscmd, used to upload files to cos
+.PHONY: install.coscmd
+install.coscmd:
+	@if which pip &>/dev/null; then pip install coscmd; else pip3 install coscmd; fi
+
+## install.minio: Install minio, used to upload files to minio
+.PHONY: install.minio
+install.minio:
+	@$(GO) install github.com/minio/minio@latest
+
+## install.delve: Install delve, used to debug go program
+.PHONY: install.delve
+install.delve:
+	@$(GO) install github.com/go-delve/delve/cmd/dlv@latest
+
+## install.air: Install air, used to hot reload go program
+.PHONY: install.air
+install.air:
+	@$(GO) install github.com/cosmtrek/air@latest
+
+## install.gvm: Install gvm, gvm is a Go version manager, built on top of the official go tool.
+.PHONY: install.gvm
+install.gvm:
+	@echo "===========> Installing gvm,The default installation path is ~/.gvm/script/gvm"
+	@bash < <(curl -s -S -L https://raw.gitee.com/moovweb/gvm/master/binscripts/gvm-installer)
+	@$(shell source /root/.gvm/script/gvm)
+
+## install.golines: Install golines, used to format long lines
+.PHONY: install.golines
+install.golines:
+	@$(GO) install github.com/segmentio/golines@latest
+
+## install.go-mod-outdated: Install go-mod-outdated, used to check outdated dependencies
+.PHONY: install.go-mod-outdated
+install.go-mod-outdated:
+	@$(GO) install github.com/psampaz/go-mod-outdated@latest
+
+## install.mockgen: Install mockgen, used to generate mock functions
+.PHONY: install.mockgen
+install.mockgen:
+	@$(GO) install github.com/golang/mock/mockgen@latest
+
+## install.gotests: Install gotests, used to generate test functions
+.PHONY: install.gotests
+install.gotests:
+	@$(GO) install github.com/cweill/gotests/gotests@latest
+
+## install.protoc-gen-go: Install protoc-gen-go, used to generate go source files from protobuf files
+.PHONY: install.protoc-gen-go
+install.protoc-gen-go:
+	@$(GO) install github.com/golang/protobuf/protoc-gen-go@latest
+
+## install.cfssl: Install cfssl, used to generate certificates
+.PHONY: install.cfssl
+install.cfssl:
+	@$(ROOT_DIR)/script/install/install.sh kubecub::install::install_cfssl
+
+## install.depth: Install depth, used to check dependency tree
+.PHONY: install.depth
+install.depth:
+	@$(GO) install github.com/KyleBanks/depth/cmd/depth@latest
+
+## install.ko: Install ko, used to build go program into container images
+.PHONY: install.ko
+install.ko:
+	@$(GO) install github.com/google/ko@latest
+
+## install.go-callvis: Install go-callvis, used to visualize call graph
+.PHONY: install.go-callvis
+install.go-callvis:
+	@$(GO) install github.com/ofabry/go-callvis@latest
+
+## install.gothanks: Install gothanks, used to thank go dependencies
+.PHONY: install.gothanks
+install.gothanks:
+	@$(GO) install github.com/psampaz/gothanks@latest
+
+## install.richgo: Install richgo
+.PHONY: install.richgo
+install.richgo:
+	@$(GO) install github.com/kyoh86/richgo@latest
+
+## install.rts: Install rts
+.PHONY: install.rts
+install.rts:
+	@$(GO) install github.com/galeone/rts/cmd/rts@latest
\ No newline at end of file
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..067e5d2
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,4 @@
+# Copyright © 2024 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
diff --git a/cmd/OWNERS.md b/cmd/OWNERS.md
new file mode 100644
index 0000000..a9521f7
--- /dev/null
+++ b/cmd/OWNERS.md
@@ -0,0 +1,4 @@
+reviewers:
+  - cubxxw
+approvers:
+  - cubxxw
\ No newline at end of file
diff --git a/cmd/README.md b/cmd/README.md
new file mode 100644
index 0000000..194e966
--- /dev/null
+++ b/cmd/README.md
@@ -0,0 +1,19 @@
+# `/cmd`
+
+Main applications for this project.
+
+The directory name for each application should match the name of the executable you want to have (e.g., `/cmd/myapp`).
+
+Don't put a lot of code in the application directory. If you think the code can be imported and used in other projects, then it should live in the `/pkg` directory. If the code is not reusable or if you don't want others to reuse it, put that code in the `/internal` directory. You'll be surprised what others will do, so be explicit about your intentions!
+
+It's common to have a small `main` function that imports and invokes the code from the `/internal` and `/pkg` directories and nothing else.
+
+Examples:
+
+* https://github.com/vmware-tanzu/velero/tree/main/cmd (just a really small `main` function with everything else in packages)
+* https://github.com/moby/moby/tree/master/cmd
+* https://github.com/prometheus/prometheus/tree/main/cmd
+* https://github.com/influxdata/influxdb/tree/master/cmd
+* https://github.com/kubernetes/kubernetes/tree/master/cmd
+* https://github.com/dapr/dapr/tree/master/cmd
+* https://github.com/ethereum/go-ethereum/tree/master/cmd
\ No newline at end of file
diff --git a/cmd/cld/main.go b/cmd/cld/main.go
new file mode 100644
index 0000000..94c0b18
--- /dev/null
+++ b/cmd/cld/main.go
@@ -0,0 +1,34 @@
+// Copyright © 2024 OpenIM. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"log"
+
+	"github.com/kubecub/comment-lang-detector/checker"
+	"github.com/kubecub/comment-lang-detector/config"
+)
+
+func main() {
+	cfg, err := config.ParseConfig()
+	if err != nil {
+		log.Fatalf("Error parsing config: %v", err)
+	}
+
+	err = checker.WalkDirAndCheckComments(cfg)
+	if err != nil {
+		panic(err)
+	}
+}
diff --git a/docs/CODEOWNERS b/docs/CODEOWNERS
new file mode 100644
index 0000000..ac95910
--- /dev/null
+++ b/docs/CODEOWNERS
@@ -0,0 +1,59 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @cubxxw and @kubbot will be requested for
+# review when someone opens a pull request.
+*       @cubxxw  @kubbot
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# modifies JS files, only @js-owner and not the global
+# owner(s) will be requested for a review.
+*.js    @cubxxw #This is an inline comment.
+
+# You can also use email addresses if you prefer. They'll be
+# used to look up users just like we do for commit author
+# emails.
+*.go 3293172751nss@gmail.com
+
+# Teams can be specified as code owners as well. Teams should
+# be identified in the format @org/team-name. Teams must have
+# explicit write access to the repository. In this example,
+# the kubecub team in the github organization owns all .txt files.
+*.txt @cubxxw
+
+# In this example, @cubxxw owns any files in the build/
+# directory at the root of the repository and any of its
+# subdirectories.
+/build/* @cubxxw
+
+# The `docs/*` pattern will match files like
+# `docs/getting-started.md` but not further nested files like
+# `docs/build-app/troubleshooting.md`.
+docs/*  3293172751nss@gmail.com
+
+# In this example, @octocat owns any file in an apps directory
+# anywhere in your repository.
+api/ @cubxxw
+
+# In this example, @cubxxw owns any file in the `/docs`
+# directory in the root of your repository and any of its
+# subdirectories.
+/docs/ @cubxxw
+
+# In this example, any change inside the `/scripts` directory
+# will require approval from @cubxxw or @octocat.
+/scripts/ @cubxxw @kubbot
+
+# In this example, @octocat owns any file in a `/logs` directory such as
+# `/build/logs`, `/scripts/logs`, and `/deeply/nested/logs`. Any changes
+# in a `/logs` directory will require approval from @octocat.
+**/logs @cubxxw
+
+# In this example, @octocat owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as its owners are left empty.
+/apps/ @cubxxw
+/apps/github
\ No newline at end of file
diff --git a/docs/OWNERS b/docs/OWNERS
new file mode 100644
index 0000000..a9521f7
--- /dev/null
+++ b/docs/OWNERS
@@ -0,0 +1,4 @@
+reviewers:
+  - cubxxw
+approvers:
+  - cubxxw
\ No newline at end of file
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000..5933803
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,9 @@
+# `/docs`
+
+Design and user documents (in addition to your godoc generated documentation).
+
+Examples:
+
+* https://github.com/gohugoio/hugo/tree/master/docs
+* https://github.com/openshift/origin/tree/master/docs
+* https://github.com/dapr/dapr/tree/master/docs
\ No newline at end of file
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..dd0bc19
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,4 @@
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/scripts/LICENSE/LICENSE.md b/scripts/LICENSE/LICENSE.md
new file mode 100644
index 0000000..93029cd
--- /dev/null
+++ b/scripts/LICENSE/LICENSE.md
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 kubecub open source community
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/scripts/LICENSE/LICENSE_TEMPLATES b/scripts/LICENSE/LICENSE_TEMPLATES
new file mode 100644
index 0000000..dbc5ce2
--- /dev/null
+++ b/scripts/LICENSE/LICENSE_TEMPLATES
@@ -0,0 +1,13 @@
+Copyright © {{.Year}} {{.Holder}} All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/scripts/LICENSE/license_templates.txt b/scripts/LICENSE/license_templates.txt
new file mode 100644
index 0000000..5546f57
--- /dev/null
+++ b/scripts/LICENSE/license_templates.txt
@@ -0,0 +1,3 @@
+Copyright © {{.Year}} {{.Holder}} All rights reserved.
+Licensed under the MIT License (the "License");
+you may not use this file except in compliance with the License.
\ No newline at end of file
diff --git a/scripts/OWNERS b/scripts/OWNERS
new file mode 100644
index 0000000..a9521f7
--- /dev/null
+++ b/scripts/OWNERS
@@ -0,0 +1,4 @@
+reviewers:
+  - cubxxw
+approvers:
+  - cubxxw
\ No newline at end of file
diff --git a/scripts/README.md b/scripts/README.md
new file mode 100644
index 0000000..edb724e
--- /dev/null
+++ b/scripts/README.md
@@ -0,0 +1,11 @@
+# `/scripts`
+
+Scripts to perform various build, install, analysis, etc operations.
+
+These scripts keep the root level Makefile small and simple.
+
+Examples:
+
+* https://github.com/kubernetes/helm/tree/master/scripts
+* https://github.com/cockroachdb/cockroach/tree/master/scripts
+* https://github.com/hashicorp/terraform/tree/master/scripts
\ No newline at end of file
diff --git a/scripts/common.sh b/scripts/common.sh
new file mode 100755
index 0000000..0fd27a6
--- /dev/null
+++ b/scripts/common.sh
@@ -0,0 +1,497 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+# shellcheck disable=SC2034 # Variables sourced in other scripts.
+
+# Common utilities, variables and checks for all build scripts.
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Unset CDPATH, having it set messes up with script import paths
+unset CDPATH
+
+USER_ID=$(id -u)
+GROUP_ID=$(id -g)
+
+DOCKER_OPTS=${DOCKER_OPTS:-""}
+IFS=" " read -r -a DOCKER <<< "docker ${DOCKER_OPTS}"
+DOCKER_HOST=${DOCKER_HOST:-""}
+DOCKER_MACHINE_NAME=${DOCKER_MACHINE_NAME:-"kubecub-dev"}
+readonly DOCKER_MACHINE_DRIVER=${DOCKER_MACHINE_DRIVER:-"virtualbox --virtualbox-cpu-count -1"}
+
+# This will canonicalize the path
+KUBECUB_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd -P)
+
+source "${KUBECUB_ROOT}/scripts/lib/init.sh"
+
+# Constants
+readonly KUBECUB_BUILD_IMAGE_REPO=kubecub-build
+#readonly KUBECUB_BUILD_IMAGE_CROSS_TAG="$(cat "${KUBECUB_ROOT}/build/build-image/cross/VERSION")"
+
+readonly KUBECUB_DOCKER_REGISTRY="${KUBECUB_DOCKER_REGISTRY:-k8s.gcr.io}"
+readonly KUBECUB_BASE_IMAGE_REGISTRY="${KUBECUB_BASE_IMAGE_REGISTRY:-us.gcr.io/k8s-artifacts-prod/build-image}"
+
+# This version number is used to cause everyone to rebuild their data containers
+# and build image.  This is especially useful for automated build systems like
+# Jenkins.
+#
+# Increment/change this number if you change the build image (anything under
+# build/build-image) or change the set of volumes in the data container.
+#readonly KUBECUB_BUILD_IMAGE_VERSION_BASE="$(cat "${KUBECUB_ROOT}/build/build-image/VERSION")"
+#readonly KUBECUB_BUILD_IMAGE_VERSION="${KUBECUB_BUILD_IMAGE_VERSION_BASE}-${KUBECUB_BUILD_IMAGE_CROSS_TAG}"
+
+# Here we map the output directories across both the local and remote _output
+# directories:
+#
+# *_OUTPUT_ROOT    - the base of all output in that environment.
+# *_OUTPUT_SUBPATH - location where golang stuff is built/cached.  Also
+#                    persisted across docker runs with a volume mount.
+# *_OUTPUT_BINPATH - location where final binaries are placed.  If the remote
+#                    is really remote, this is the stuff that has to be copied
+#                    back.
+# OUT_DIR can come in from the Makefile, so honor it.
+readonly LOCAL_OUTPUT_ROOT="${KUBECUB_ROOT}/${OUT_DIR:-_output}"
+readonly LOCAL_OUTPUT_SUBPATH="${LOCAL_OUTPUT_ROOT}/platforms"
+readonly LOCAL_OUTPUT_BINPATH="${LOCAL_OUTPUT_SUBPATH}"
+readonly LOCAL_OUTPUT_GOPATH="${LOCAL_OUTPUT_SUBPATH}/go"
+readonly LOCAL_OUTPUT_IMAGE_STAGING="${LOCAL_OUTPUT_ROOT}/images"
+
+# This is the port on the workstation host to expose RSYNC on.  Set this if you
+# are doing something fancy with ssh tunneling.
+readonly KUBECUB_RSYNC_PORT="${KUBECUB_RSYNC_PORT:-}"
+
+# This is the port that rsync is running on *inside* the container. This may be
+# mapped to KUBECUB_RSYNC_PORT via docker networking.
+readonly KUBECUB_CONTAINER_RSYNC_PORT=8730
+
+# Get the set of master binaries that run in Docker (on Linux)
+# Entry format is "<name-of-binary>,<base-image>".
+# Binaries are placed in /usr/local/bin inside the image.
+#
+# $1 - server architecture
+kubecub::build::get_docker_wrapped_binaries() {
+  local arch=$1
+  local debian_base_version=v2.1.0
+  local debian_iptables_version=v12.1.0
+  ### If you change any of these lists, please also update DOCKERIZED_BINARIES
+  ### in build/BUILD. And kubecub::golang::server_image_targets
+  local targets=(
+    "kubecub-apiserver,${KUBECUB_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
+    "kubecub-controller-manager,${KUBECUB_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
+    "kubecub-scheduler,${KUBECUB_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
+    "kubecub-proxy,${KUBECUB_BASE_IMAGE_REGISTRY}/debian-iptables-${arch}:${debian_iptables_version}"
+  )
+
+  echo "${targets[@]}"
+}
+
+# ---------------------------------------------------------------------------
+# Basic setup functions
+
+# Verify that the right utilities and such are installed for building kubecub. Set
+# up some dynamic constants.
+# Args:
+#   $1 - boolean of whether to require functioning docker (default true)
+#
+# Vars set:
+#   KUBECUB_ROOT_HASH
+#   KUBECUB_BUILD_IMAGE_TAG_BASE
+#   KUBECUB_BUILD_IMAGE_TAG
+#   KUBECUB_BUILD_IMAGE
+#   KUBECUB_BUILD_CONTAINER_NAME_BASE
+#   KUBECUB_BUILD_CONTAINER_NAME
+#   KUBECUB_DATA_CONTAINER_NAME_BASE
+#   KUBECUB_DATA_CONTAINER_NAME
+#   KUBECUB_RSYNC_CONTAINER_NAME_BASE
+#   KUBECUB_RSYNC_CONTAINER_NAME
+#   DOCKER_MOUNT_ARGS
+#   LOCAL_OUTPUT_BUILD_CONTEXT
+function kubecub::build::verify_prereqs() {
+  local -r require_docker=${1:-true}
+  kubecub::log::status "Verifying Prerequisites...."
+  kubecub::build::ensure_tar || return 1
+  kubecub::build::ensure_rsync || return 1
+  if ${require_docker}; then
+    kubecub::build::ensure_docker_in_path || return 1
+    kubecub::util::ensure_docker_daemon_connectivity || return 1
+
+    if (( KUBECUB_VERBOSE > 6 )); then
+      kubecub::log::status "Docker Version:"
+      "${DOCKER[@]}" version | kubecub::log::info_from_stdin
+    fi
+  fi
+
+  KUBECUB_GIT_BRANCH=$(git symbolic-ref --short -q HEAD 2>/dev/null || true)
+  KUBECUB_ROOT_HASH=$(kubecub::build::short_hash "${HOSTNAME:-}:${KUBECUB_ROOT}:${KUBECUB_GIT_BRANCH}")
+  KUBECUB_BUILD_IMAGE_TAG_BASE="build-${KUBECUB_ROOT_HASH}"
+  #KUBECUB_BUILD_IMAGE_TAG="${KUBECUB_BUILD_IMAGE_TAG_BASE}-${KUBECUB_BUILD_IMAGE_VERSION}"
+  #KUBECUB_BUILD_IMAGE="${KUBECUB_BUILD_IMAGE_REPO}:${KUBECUB_BUILD_IMAGE_TAG}"
+  KUBECUB_BUILD_CONTAINER_NAME_BASE="kubecub-build-${KUBECUB_ROOT_HASH}"
+  #KUBECUB_BUILD_CONTAINER_NAME="${KUBECUB_BUILD_CONTAINER_NAME_BASE}-${KUBECUB_BUILD_IMAGE_VERSION}"
+  KUBECUB_RSYNC_CONTAINER_NAME_BASE="kubecub-rsync-${KUBECUB_ROOT_HASH}"
+  #KUBECUB_RSYNC_CONTAINER_NAME="${KUBECUB_RSYNC_CONTAINER_NAME_BASE}-${KUBECUB_BUILD_IMAGE_VERSION}"
+  KUBECUB_DATA_CONTAINER_NAME_BASE="kubecub-build-data-${KUBECUB_ROOT_HASH}"
+  #KUBECUB_DATA_CONTAINER_NAME="${KUBECUB_DATA_CONTAINER_NAME_BASE}-${KUBECUB_BUILD_IMAGE_VERSION}"
+  #DOCKER_MOUNT_ARGS=(--volumes-from "${KUBECUB_DATA_CONTAINER_NAME}")
+  #LOCAL_OUTPUT_BUILD_CONTEXT="${LOCAL_OUTPUT_IMAGE_STAGING}/${KUBECUB_BUILD_IMAGE}"
+
+  kubecub::version::get_version_vars
+  #kubecub::version::save_version_vars "${KUBECUB_ROOT}/.dockerized-kubecub-version-defs"
+}
+
+# ---------------------------------------------------------------------------
+# Utility functions
+
+function kubecub::build::docker_available_on_osx() {
+  if [[ -z "${DOCKER_HOST}" ]]; then
+    if [[ -S "/var/run/docker.sock" ]]; then
+      kubecub::log::status "Using Docker for MacOS"
+      return 0
+    fi
+
+    kubecub::log::status "No docker host is set. Checking options for setting one..."
+    if [[ -z "$(which docker-machine)" ]]; then
+      kubecub::log::status "It looks like you're running Mac OS X, yet neither Docker for Mac nor docker-machine can be found."
+      kubecub::log::status "See: https://docs.docker.com/engine/installation/mac/ for installation instructions."
+      return 1
+    elif [[ -n "$(which docker-machine)" ]]; then
+      kubecub::build::prepare_docker_machine
+    fi
+  fi
+}
+
+function kubecub::build::prepare_docker_machine() {
+  kubecub::log::status "docker-machine was found."
+
+  local available_memory_bytes
+  available_memory_bytes=$(sysctl -n hw.memsize 2>/dev/null)
+
+  local bytes_in_mb=1048576
+
+  # Give virtualbox 1/2 the system memory. Its necessary to divide by 2, instead
+  # of multiple by .5, because bash can only multiply by ints.
+  local memory_divisor=2
+
+  local virtualbox_memory_mb=$(( available_memory_bytes / (bytes_in_mb * memory_divisor) ))
+
+  docker-machine inspect "${DOCKER_MACHINE_NAME}" &> /dev/null || {
+    kubecub::log::status "Creating a machine to build kubecub"
+    docker-machine create --driver "${DOCKER_MACHINE_DRIVER}" \
+      --virtualbox-memory "${virtualbox_memory_mb}" \
+      --engine-env HTTP_PROXY="${kubecubRNETES_HTTP_PROXY:-}" \
+      --engine-env HTTPS_PROXY="${kubecubRNETES_HTTPS_PROXY:-}" \
+      --engine-env NO_PROXY="${kubecubRNETES_NO_PROXY:-127.0.0.1}" \
+      "${DOCKER_MACHINE_NAME}" > /dev/null || {
+      kubecub::log::error "Something went wrong creating a machine."
+      kubecub::log::error "Try the following: "
+      kubecub::log::error "docker-machine create -d ${DOCKER_MACHINE_DRIVER} --virtualbox-memory ${virtualbox_memory_mb} ${DOCKER_MACHINE_NAME}"
+      return 1
+    }
+  }
+  docker-machine start "${DOCKER_MACHINE_NAME}" &> /dev/null
+  # it takes `docker-machine env` a few seconds to work if the machine was just started
+  local docker_machine_out
+  while ! docker_machine_out=$(docker-machine env "${DOCKER_MACHINE_NAME}" 2>&1); do
+    if [[ ${docker_machine_out} =~ "Error checking TLS connection" ]]; then
+      echo "${docker_machine_out}"
+      docker-machine regenerate-certs "${DOCKER_MACHINE_NAME}"
+    else
+      sleep 1
+    fi
+  done
+  eval "$(docker-machine env "${DOCKER_MACHINE_NAME}")"
+  kubecub::log::status "A Docker host using docker-machine named '${DOCKER_MACHINE_NAME}' is ready to go!"
+  return 0
+}
+
+function kubecub::build::is_gnu_sed() {
+  [[ $(sed --version 2>&1) == *GNU* ]]
+}
+
+function kubecub::build::ensure_rsync() {
+  if [[ -z "$(which rsync)" ]]; then
+    kubecub::log::error "Can't find 'rsync' in PATH, please fix and retry."
+    return 1
+  fi
+}
+
+function kubecub::build::update_dockerfile() {
+  if kubecub::build::is_gnu_sed; then
+    sed_opts=(-i)
+  else
+    sed_opts=(-i '')
+  fi
+  sed "${sed_opts[@]}" "s/KUBECUB_BUILD_IMAGE_CROSS_TAG/${KUBECUB_BUILD_IMAGE_CROSS_TAG}/" "${LOCAL_OUTPUT_BUILD_CONTEXT}/Dockerfile"
+}
+
+function  kubecub::build::set_proxy() {
+  if [[ -n "${kubecubRNETES_HTTPS_PROXY:-}" ]]; then
+    echo "ENV https_proxy $kubecubRNETES_HTTPS_PROXY" >> "${LOCAL_OUTPUT_BUILD_CONTEXT}/Dockerfile"
+  fi
+  if [[ -n "${kubecubRNETES_HTTP_PROXY:-}" ]]; then
+    echo "ENV http_proxy $kubecubRNETES_HTTP_PROXY" >> "${LOCAL_OUTPUT_BUILD_CONTEXT}/Dockerfile"
+  fi
+  if [[ -n "${kubecubRNETES_NO_PROXY:-}" ]]; then
+    echo "ENV no_proxy $kubecubRNETES_NO_PROXY" >> "${LOCAL_OUTPUT_BUILD_CONTEXT}/Dockerfile"
+  fi
+}
+
+function kubecub::build::ensure_docker_in_path() {
+  if [[ -z "$(which docker)" ]]; then
+    kubecub::log::error "Can't find 'docker' in PATH, please fix and retry."
+    kubecub::log::error "See https://docs.docker.com/installation/#installation for installation instructions."
+    return 1
+  fi
+}
+
+function kubecub::build::ensure_tar() {
+  if [[ -n "${TAR:-}" ]]; then
+    return
+  fi
+
+  # Find gnu tar if it is available, bomb out if not.
+  TAR=tar
+  if which gtar &>/dev/null; then
+      TAR=gtar
+  else
+      if which gnutar &>/dev/null; then
+	  TAR=gnutar
+      fi
+  fi
+  if ! "${TAR}" --version | grep -q GNU; then
+    echo "  !!! Cannot find GNU tar. Build on Linux or install GNU tar"
+    echo "      on Mac OS X (brew install gnu-tar)."
+    return 1
+  fi
+}
+
+function kubecub::build::has_docker() {
+  which docker &> /dev/null
+}
+
+function kubecub::build::has_ip() {
+  which ip &> /dev/null && ip -Version | grep 'iproute2' &> /dev/null
+}
+
+# Detect if a specific image exists
+#
+# $1 - image repo name
+# $2 - image tag
+function kubecub::build::docker_image_exists() {
+  [[ -n $1 && -n $2 ]] || {
+    kubecub::log::error "Internal error. Image not specified in docker_image_exists."
+    exit 2
+  }
+
+  [[ $("${DOCKER[@]}" images -q "${1}:${2}") ]]
+}
+
+# Delete all images that match a tag prefix except for the "current" version
+#
+# $1: The image repo/name
+# $2: The tag base. We consider any image that matches $2*
+# $3: The current image not to delete if provided
+function kubecub::build::docker_delete_old_images() {
+  # In Docker 1.12, we can replace this with
+  #    docker images "$1" --format "{{.Tag}}"
+  for tag in $("${DOCKER[@]}" images "${1}" | tail -n +2 | awk '{print $2}') ; do
+    if [[ "${tag}" != "${2}"* ]] ; then
+      V=3 kubecub::log::status "Keeping image ${1}:${tag}"
+      continue
+    fi
+
+    if [[ -z "${3:-}" || "${tag}" != "${3}" ]] ; then
+      V=2 kubecub::log::status "Deleting image ${1}:${tag}"
+      "${DOCKER[@]}" rmi "${1}:${tag}" >/dev/null
+    else
+      V=3 kubecub::log::status "Keeping image ${1}:${tag}"
+    fi
+  done
+}
+
+# Stop and delete all containers that match a pattern
+#
+# $1: The base container prefix
+# $2: The current container to keep, if provided
+function kubecub::build::docker_delete_old_containers() {
+  # In Docker 1.12 we can replace this line with
+  #   docker ps -a --format="{{.Names}}"
+  for container in $("${DOCKER[@]}" ps -a | tail -n +2 | awk '{print $NF}') ; do
+    if [[ "${container}" != "${1}"* ]] ; then
+      V=3 kubecub::log::status "Keeping container ${container}"
+      continue
+    fi
+    if [[ -z "${2:-}" || "${container}" != "${2}" ]] ; then
+      V=2 kubecub::log::status "Deleting container ${container}"
+      kubecub::build::destroy_container "${container}"
+    else
+      V=3 kubecub::log::status "Keeping container ${container}"
+    fi
+  done
+}
+
+# Takes $1 and computes a short has for it. Useful for unique tag generation
+function kubecub::build::short_hash() {
+  [[ $# -eq 1 ]] || {
+    kubecub::log::error "Internal error.  No data based to short_hash."
+    exit 2
+  }
+
+  local short_hash
+  if which md5 >/dev/null 2>&1; then
+    short_hash=$(md5 -q -s "$1")
+  else
+    short_hash=$(echo -n "$1" | md5sum)
+  fi
+  echo "${short_hash:0:10}"
+}
+
+# Pedantically kill, wait-on and remove a container. The -f -v options
+# to rm don't actually seem to get the job done, so force kill the
+# container, wait to ensure it's stopped, then try the remove. This is
+# a workaround for bug https://github.com/docker/docker/issues/3968.
+function kubecub::build::destroy_container() {
+  "${DOCKER[@]}" kill "$1" >/dev/null 2>&1 || true
+  if [[ $("${DOCKER[@]}" version --format '{{.Server.Version}}') = 17.06.0* ]]; then
+    # Workaround https://github.com/moby/moby/issues/33948.
+    # TODO: remove when 17.06.0 is not relevant anymore
+    DOCKER_API_VERSION=v1.29 "${DOCKER[@]}" wait "$1" >/dev/null 2>&1 || true
+  else
+    "${DOCKER[@]}" wait "$1" >/dev/null 2>&1 || true
+  fi
+  "${DOCKER[@]}" rm -f -v "$1" >/dev/null 2>&1 || true
+}
+
+# ---------------------------------------------------------------------------
+# Building
+
+
+function kubecub::build::clean() {
+  if kubecub::build::has_docker ; then
+    kubecub::build::docker_delete_old_containers "${KUBECUB_BUILD_CONTAINER_NAME_BASE}"
+    kubecub::build::docker_delete_old_containers "${KUBECUB_RSYNC_CONTAINER_NAME_BASE}"
+    kubecub::build::docker_delete_old_containers "${KUBECUB_DATA_CONTAINER_NAME_BASE}"
+    kubecub::build::docker_delete_old_images "${KUBECUB_BUILD_IMAGE_REPO}" "${KUBECUB_BUILD_IMAGE_TAG_BASE}"
+
+    V=2 kubecub::log::status "Cleaning all untagged docker images"
+    "${DOCKER[@]}" rmi "$("${DOCKER[@]}" images -q --filter 'dangling=true')" 2> /dev/null || true
+  fi
+
+  if [[ -d "${LOCAL_OUTPUT_ROOT}" ]]; then
+    kubecub::log::status "Removing _output directory"
+    rm -rf "${LOCAL_OUTPUT_ROOT}"
+  fi
+}
+
+# Set up the context directory for the kubecub-build image and build it.
+function kubecub::build::build_image() {
+  mkdir -p "${LOCAL_OUTPUT_BUILD_CONTEXT}"
+  # Make sure the context directory owned by the right user for syncing sources to container.
+  chown -R "${USER_ID}":"${GROUP_ID}" "${LOCAL_OUTPUT_BUILD_CONTEXT}"
+
+  cp /etc/localtime "${LOCAL_OUTPUT_BUILD_CONTEXT}/"
+
+  cp "${KUBECUB_ROOT}/build/build-image/Dockerfile" "${LOCAL_OUTPUT_BUILD_CONTEXT}/Dockerfile"
+  cp "${KUBECUB_ROOT}/build/build-image/rsyncd.sh" "${LOCAL_OUTPUT_BUILD_CONTEXT}/"
+  dd if=/dev/urandom bs=512 count=1 2>/dev/null | LC_ALL=C tr -dc 'A-Za-z0-9' | dd bs=32 count=1 2>/dev/null > "${LOCAL_OUTPUT_BUILD_CONTEXT}/rsyncd.password"
+  chmod go= "${LOCAL_OUTPUT_BUILD_CONTEXT}/rsyncd.password"
+
+  kubecub::build::update_dockerfile
+  kubecub::build::set_proxy
+  kubecub::build::docker_build "${KUBECUB_BUILD_IMAGE}" "${LOCAL_OUTPUT_BUILD_CONTEXT}" 'false'
+
+  # Clean up old versions of everything
+  kubecub::build::docker_delete_old_containers "${KUBECUB_BUILD_CONTAINER_NAME_BASE}" "${KUBECUB_BUILD_CONTAINER_NAME}"
+  kubecub::build::docker_delete_old_containers "${KUBECUB_RSYNC_CONTAINER_NAME_BASE}" "${KUBECUB_RSYNC_CONTAINER_NAME}"
+  kubecub::build::docker_delete_old_containers "${KUBECUB_DATA_CONTAINER_NAME_BASE}" "${KUBECUB_DATA_CONTAINER_NAME}"
+  kubecub::build::docker_delete_old_images "${KUBECUB_BUILD_IMAGE_REPO}" "${KUBECUB_BUILD_IMAGE_TAG_BASE}" "${KUBECUB_BUILD_IMAGE_TAG}"
+
+  kubecub::build::ensure_data_container
+  kubecub::build::sync_to_container
+}
+
+# Build a docker image from a Dockerfile.
+# $1 is the name of the image to build
+# $2 is the location of the "context" directory, with the Dockerfile at the root.
+# $3 is the value to set the --pull flag for docker build; true by default
+function kubecub::build::docker_build() {
+  local -r image=$1
+  local -r context_dir=$2
+  local -r pull="${3:-true}"
+  local -ra build_cmd=("${DOCKER[@]}" build -t "${image}" "--pull=${pull}" "${context_dir}")
+
+  kubecub::log::status "Building Docker image ${image}"
+  local docker_output
+  docker_output=$("${build_cmd[@]}" 2>&1) || {
+    cat <<EOF >&2
++++ Docker build command failed for ${image}
+
+${docker_output}
+
+To retry manually, run:
+
+${build_cmd[*]}
+
+EOF
+    return 1
+  }
+}
+
+function kubecub::build::ensure_data_container() {
+  # If the data container exists AND exited successfully, we can use it.
+  # Otherwise nuke it and start over.
+  local ret=0
+  local code=0
+
+  code=$(docker inspect \
+      -f '{{.State.ExitCode}}' \
+      "${KUBECUB_DATA_CONTAINER_NAME}" 2>/dev/null) || ret=$?
+  if [[ "${ret}" == 0 && "${code}" != 0 ]]; then
+    kubecub::build::destroy_container "${KUBECUB_DATA_CONTAINER_NAME}"
+    ret=1
+  fi
+  if [[ "${ret}" != 0 ]]; then
+    kubecub::log::status "Creating data container ${KUBECUB_DATA_CONTAINER_NAME}"
+    # We have to ensure the directory exists, or else the docker run will
+    # create it as root.
+    mkdir -p "${LOCAL_OUTPUT_GOPATH}"
+    # We want this to run as root to be able to chown, so non-root users can
+    # later use the result as a data container.  This run both creates the data
+    # container and chowns the GOPATH.
+    #
+    # The data container creates volumes for all of the directories that store
+    # intermediates for the Go build. This enables incremental builds across
+    # Docker sessions. The *_cgo paths are re-compiled versions of the go std
+    # libraries for true static building.
+    local -ra docker_cmd=(
+      "${DOCKER[@]}" run
+      --volume "${REMOTE_ROOT}"   # white-out the whole output dir
+      --volume /usr/local/go/pkg/linux_386_cgo
+      --volume /usr/local/go/pkg/linux_amd64_cgo
+      --volume /usr/local/go/pkg/linux_arm_cgo
+      --volume /usr/local/go/pkg/linux_arm64_cgo
+      --volume /usr/local/go/pkg/linux_ppc64le_cgo
+      --volume /usr/local/go/pkg/darwin_amd64_cgo
+      --volume /usr/local/go/pkg/darwin_386_cgo
+      --volume /usr/local/go/pkg/windows_amd64_cgo
+      --volume /usr/local/go/pkg/windows_386_cgo
+      --name "${KUBECUB_DATA_CONTAINER_NAME}"
+      --hostname "${HOSTNAME}"
+      "${KUBECUB_BUILD_IMAGE}"
+      chown -R "${USER_ID}":"${GROUP_ID}"
+        "${REMOTE_ROOT}"
+        /usr/local/go/pkg/
+    )
+    "${docker_cmd[@]}"
+  fi
+}
+
+# Build all kubecub commands.
+function kubecub::build::build_command() {
+  kubecub::log::status "Running build command..."
+  make -C "${KUBECUB_ROOT}" build.multiarch BINS="kubecubctl kubecub-apiserver kubecub-authz-server kubecub-pump kubecub-watcher"
+}
diff --git a/scripts/ensure_tag.sh b/scripts/ensure_tag.sh
new file mode 100755
index 0000000..6406f6c
--- /dev/null
+++ b/scripts/ensure_tag.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+version="${VERSION}"
+if [ "${version}" == "" ];then
+  version=v`gsemver bump`
+fi
+
+if [ -z "`git tag -l ${version}`" ];then
+  git tag -a -m "release version ${version}" ${version}
+fi
diff --git a/scripts/githooks/commit-msg b/scripts/githooks/commit-msg
new file mode 100644
index 0000000..bc76a56
--- /dev/null
+++ b/scripts/githooks/commit-msg
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+#
+# ==============================================================================
+#
+# Store this file as .git/hooks/commit-msg in your repository in order to
+# enforce checking for proper commit message format before actual commits.
+# You may need to make the script executable by 'chmod +x .git/hooks/commit-msg'.
+
+# commit-msg use go-gitlint tool, install go-gitlint via `go get github.com/llorllale/go-gitlint/cmd/go-gitlint`
+# go-gitlint --msg-file="$1"
+
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+
+YELLOW="\e[93m"
+GREEN="\e[32m"
+RED="\e[31m"
+ENDCOLOR="\e[0m"
+
+printMessage() {
+   printf "${YELLOW}kubecub : $1${ENDCOLOR}\n"
+}
+
+printSuccess() {
+   printf "${GREEN}kubecub : $1${ENDCOLOR}\n"
+}
+
+printError() {
+   printf "${RED}kubecub : $1${ENDCOLOR}\n"
+}
+
+printMessage "Running the kubecub commit-msg hook."
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}
+
+# TODO: go-gitlint dir set
+GITLINT_DIR="./_output/tools/go-gitlint"
+
+if ! command -v $GITLINT_DIR &>/dev/null; then
+    echo "$GITLINT_DIR not found. Attempting to install it..."
+    # Add the commands to download and install the go-gitlint tool here
+    if [ $? -ne 0 ]; then
+        printError "Failed to install $GITLINT_DIR. Please run 'make tools' OR 'make tools.verify.go-gitlint' make verto install it manually."
+        exit 1
+    fi
+fi
+
+$GITLINT_DIR \
+    --msg-file=$1 \
+    --subject-regex="^(build|chore|ci|docs|feat|feature|fix|perf|refactor|revert|style|test)(.*)?:\s?.*" \
+    --subject-maxlen=150 \
+    --subject-minlen=10 \
+    --body-regex=".*" \
+    --max-parents=1
+
+if [ $? -ne 0 ]
+then
+    if ! command -v $GITLINT_DIR &>/dev/null; then
+        printError "$GITLINT_DIR not found. Installing the go-gitlint tool..."
+    make tools
+    printError "Please make sure the installation was successful and re-run the commit-msg hook."
+    fi
+    printError "Please fix your commit message to match kubecub coding standards"
+    printError "https://gist.github.com/cubxxw/126b72104ac0b0ca484c9db09c3e5694#file-githook-md"
+    exit 1
+fi
\ No newline at end of file
diff --git a/scripts/githooks/pre-commit b/scripts/githooks/pre-commit
new file mode 100644
index 0000000..7660e5d
--- /dev/null
+++ b/scripts/githooks/pre-commit
@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+# ==============================================================================
+# This is a pre-commit hook that ensures attempts to commit files that are
+# are larger than $limit to your _local_ repo fail, with a helpful error message.
+
+# You can override the default limit of 2MB by supplying the environment variable:
+# GIT_FILE_SIZE_LIMIT=50000000 git commit -m "test: this commit is allowed file sizes up to 50MB"
+#
+# ==============================================================================
+
+LC_ALL=C
+
+local_branch="$(git rev-parse --abbrev-ref HEAD)"
+valid_branch_regex="^(main|master|develop)$|(feature|feat|release|hotfix|test|bug|ci|style|)\/[a-z0-9._-]+$|^HEAD$"
+
+
+YELLOW="\e[93m"
+GREEN="\e[32m"
+RED="\e[31m"
+ENDCOLOR="\e[0m"
+
+printMessage() {
+   printf "${YELLOW}kubecub : $1${ENDCOLOR}\n"
+}
+
+printSuccess() {
+   printf "${GREEN}kubecub : $1${ENDCOLOR}\n"
+}
+
+printError() {
+   printf "${RED}kubecub : $1${ENDCOLOR}\n"
+}
+
+printMessage "Running local kubecub pre-commit hook."
+
+# flutter format .
+# https://gist.github.com/cubxxw/126b72104ac0b0ca484c9db09c3e5694#file-githook-md
+# TODO! GIT_FILE_SIZE_LIMIT=50000000 git commit -m "test: this commit is allowed file sizes up to 50MB"
+# Maximum file size limit in bytes
+limit=${GIT_FILE_SIZE_LIMIT:-2000000} # Default 2MB
+limitInMB=$(( $limit / 1000000 ))
+
+function file_too_large(){
+	filename=$0
+	filesize=$(( $1 / 2**20 ))
+
+	cat <<HEREDOC
+
+	File $filename is $filesize MB, which is larger than github's maximum
+        file size (2 MB). We will not be able to push this file to GitHub.
+	Commit aborted
+
+HEREDOC
+    git status
+
+}
+
+# Move to the repo root so git files paths make sense
+repo_root=$( git rev-parse --show-toplevel )
+cd $repo_root
+
+empty_tree=$( git hash-object -t tree /dev/null )
+
+if git rev-parse --verify HEAD > /dev/null 2>&1
+then
+	against=HEAD
+else
+	against="$empty_tree"
+fi
+
+# Set split so that for loop below can handle spaces in file names by splitting on line breaks
+IFS='
+'
+
+shouldFail=false
+for file in $( git diff-index --cached --name-only $against ); do
+	file_size=$(([ ! -f $file ] && echo 0) || (ls -la $file | awk '{ print $5 }'))
+	if [ "$file_size" -gt  "$limit" ]; then
+	    printError "File $file is $(( $file_size / 10**6 )) MB, which is larger than our configured limit of $limitInMB MB"
+        shouldFail=true
+	fi
+done
+
+if $shouldFail
+then
+    printMessage "If you really need to commit this file, you can override the size limit by setting the GIT_FILE_SIZE_LIMIT environment variable, e.g. GIT_FILE_SIZE_LIMIT=42000000 for 42MB. Or, commit with the --no-verify switch to skip the check entirely."
+	  printError "Commit aborted"
+    exit 1;
+fi
+
+if [[ ! $local_branch =~ $valid_branch_regex ]]
+then
+    printError "There is something wrong with your branch name. Branch names in this project must adhere to this contract: $valid_branch_regex. 
+Your commit will be rejected. You should rename your branch to a valid name(feat/name OR bug/name) and try again."
+    printError "For more on this, read on: https://gist.github.com/cubxxw/126b72104ac0b0ca484c9db09c3e5694"
+    exit 1
+fi
\ No newline at end of file
diff --git a/scripts/githooks/pre-push b/scripts/githooks/pre-push
new file mode 100644
index 0000000..1d9d67c
--- /dev/null
+++ b/scripts/githooks/pre-push
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Copyright © 2023 KubeCub & Xinwei Xiong(cubxxw). All rights reserved.
+#
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+YELLOW="\e[93m"
+GREEN="\e[32m"
+RED="\e[31m"
+ENDCOLOR="\e[0m"
+
+printMessage() {
+   printf "${YELLOW}kubecub : $1${ENDCOLOR}\n"
+}
+
+printSuccess() {
+   printf "${GREEN}kubecub : $1${ENDCOLOR}\n"
+}
+
+printError() {
+   printf "${RED}kubecub : $1${ENDCOLOR}\n"
+}
+
+printMessage "Running local kubecub pre-push hook."
+
+if [[ `git status --porcelain` ]]; then
+  printError "This script needs to run against committed code only. Please commit or stash you changes."
+  exit 1
+fi
+
+#
+#printMessage "Running the Flutter analyzer"
+#flutter analyze
+#
+#if [ $? -ne 0 ]; then
+#  printError "Flutter analyzer error"
+#  exit 1
+#fi
+#
+#printMessage "Finished running the Flutter analyzer"
diff --git a/scripts/install/common.sh b/scripts/install/common.sh
new file mode 100755
index 0000000..2a175f4
--- /dev/null
+++ b/scripts/install/common.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# Common utilities, variables and checks for all build scripts.
+set -o errexit
+set +o nounset
+set -o pipefail
+
+# Sourced flag
+COMMON_SOURCED=true
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+source "${IAM_ROOT}/scripts/lib/init.sh"
+source "${IAM_ROOT}/scripts/install/environment.sh"
+
+# 不输入密码执行需要 root 权限的命令
+function iam::common::sudo {
+  echo ${LINUX_PASSWORD} | sudo -S $1
+}
diff --git a/scripts/install/environment.sh b/scripts/install/environment.sh
new file mode 100755
index 0000000..7d23a04
--- /dev/null
+++ b/scripts/install/environment.sh
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+
+# IAM 项目源码根目录
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+
+# 生成文件存放目录
+LOCAL_OUTPUT_ROOT="${IAM_ROOT}/${OUT_DIR:-_output}"
+
+# 设置统一的密码，方便记忆
+readonly PASSWORD=${PASSWORD:-'iam59!z$'}
+
+# Linux系统 going 用户
+readonly LINUX_USERNAME=${LINUX_USERNAME:-going}
+# Linux root & going 用户密码
+readonly LINUX_PASSWORD=${LINUX_PASSWORD:-${PASSWORD}}
+
+# 设置安装目录
+readonly INSTALL_DIR=${INSTALL_DIR:-/tmp/installation}
+mkdir -p ${INSTALL_DIR}
+readonly ENV_FILE=${IAM_ROOT}/scripts/install/environment.sh
+
+# MariaDB 配置信息
+readonly MARIADB_ADMIN_USERNAME=${MARIADB_ADMIN_USERNAME:-root} # MariaDB root 用户
+readonly MARIADB_ADMIN_PASSWORD=${MARIADB_ADMIN_PASSWORD:-${PASSWORD}} # MariaDB root 用户密码
+readonly MARIADB_HOST=${MARIADB_HOST:-127.0.0.1:3306} # MariaDB 主机地址
+readonly MARIADB_DATABASE=${MARIADB_DATABASE:-iam} # MariaDB iam 应用使用的数据库名
+readonly MARIADB_USERNAME=${MARIADB_USERNAME:-iam} # iam 数据库用户名
+readonly MARIADB_PASSWORD=${MARIADB_PASSWORD:-${PASSWORD}} # iam 数据库密码
+
+# Redis 配置信息
+readonly REDIS_HOST=${REDIS_HOST:-127.0.0.1} # Redis 主机地址
+readonly REDIS_PORT=${REDIS_PORT:-6379} # Redis 监听端口
+readonly REDIS_USERNAME=${REDIS_USERNAME:-''} # Redis 用户名
+readonly REDIS_PASSWORD=${REDIS_PASSWORD:-${PASSWORD}} # Redis 密码
+
+# MongoDB 配置
+readonly MONGO_ADMIN_USERNAME=${MONGO_ADMIN_USERNAME:-root} # MongoDB root 用户
+readonly MONGO_ADMIN_PASSWORD=${MONGO_ADMIN_PASSWORD:-${PASSWORD}} # MongoDB root 用户密码
+readonly MONGO_HOST=${MONGO_HOST:-127.0.0.1} # MongoDB 地址
+readonly MONGO_PORT=${MONGO_PORT:-27017} # MongoDB 端口
+readonly MONGO_USERNAME=${MONGO_USERNAME:-iam} # MongoDB 用户名
+readonly MONGO_PASSWORD=${MONGO_PASSWORD:-${PASSWORD}} # MongoDB 密码
+
+# iam 配置
+readonly IAM_DATA_DIR=${IAM_DATA_DIR:-/data/iam} # iam 各组件数据目录
+readonly IAM_INSTALL_DIR=${IAM_INSTALL_DIR:-/opt/iam} # iam 安装文件存放目录
+readonly IAM_CONFIG_DIR=${IAM_CONFIG_DIR:-/etc/iam} # iam 配置文件存放目录
+readonly IAM_LOG_DIR=${IAM_LOG_DIR:-/var/log/iam} # iam 日志文件存放目录
+readonly CA_FILE=${CA_FILE:-${IAM_CONFIG_DIR}/cert/ca.pem} # CA
+
+# iam-apiserver 配置
+readonly IAM_APISERVER_HOST=${IAM_APISERVER_HOST:-127.0.0.1} # iam-apiserver 部署机器 IP 地址
+readonly IAM_APISERVER_GRPC_BIND_ADDRESS=${IAM_APISERVER_GRPC_BIND_ADDRESS:-0.0.0.0}
+readonly IAM_APISERVER_GRPC_BIND_PORT=${IAM_APISERVER_GRPC_BIND_PORT:-8081}
+readonly IAM_APISERVER_INSECURE_BIND_ADDRESS=${IAM_APISERVER_INSECURE_BIND_ADDRESS:-127.0.0.1}
+readonly IAM_APISERVER_INSECURE_BIND_PORT=${IAM_APISERVER_INSECURE_BIND_PORT:-8080}
+readonly IAM_APISERVER_SECURE_BIND_ADDRESS=${IAM_APISERVER_SECURE_BIND_ADDRESS:-0.0.0.0}
+readonly IAM_APISERVER_SECURE_BIND_PORT=${IAM_APISERVER_SECURE_BIND_PORT:-8443}
+readonly IAM_APISERVER_SECURE_TLS_CERT_KEY_CERT_FILE=${IAM_APISERVER_SECURE_TLS_CERT_KEY_CERT_FILE:-${IAM_CONFIG_DIR}/cert/iam-apiserver.pem}
+readonly IAM_APISERVER_SECURE_TLS_CERT_KEY_PRIVATE_KEY_FILE=${IAM_APISERVER_SECURE_TLS_CERT_KEY_PRIVATE_KEY_FILE:-${IAM_CONFIG_DIR}/cert/iam-apiserver-key.pem}
+
+# iam-authz-server 配置
+readonly IAM_AUTHZ_SERVER_HOST=${IAM_AUTHZ_SERVER_HOST:-127.0.0.1} # iam-authz-server 部署机器 IP 地址
+readonly IAM_AUTHZ_SERVER_INSECURE_BIND_ADDRESS=${IAM_AUTHZ_SERVER_INSECURE_BIND_ADDRESS:-127.0.0.1}
+readonly IAM_AUTHZ_SERVER_INSECURE_BIND_PORT=${IAM_AUTHZ_SERVER_INSECURE_BIND_PORT:-9090}
+readonly IAM_AUTHZ_SERVER_SECURE_BIND_ADDRESS=${IAM_AUTHZ_SERVER_SECURE_BIND_ADDRESS:-0.0.0.0}
+readonly IAM_AUTHZ_SERVER_SECURE_BIND_PORT=${IAM_AUTHZ_SERVER_SECURE_BIND_PORT:-9443}
+readonly IAM_AUTHZ_SERVER_SECURE_TLS_CERT_KEY_CERT_FILE=${IAM_AUTHZ_SERVER_SECURE_TLS_CERT_KEY_CERT_FILE:-${IAM_CONFIG_DIR}/cert/iam-authz-server.pem}
+readonly IAM_AUTHZ_SERVER_SECURE_TLS_CERT_KEY_PRIVATE_KEY_FILE=${IAM_AUTHZ_SERVER_SECURE_TLS_CERT_KEY_PRIVATE_KEY_FILE:-${IAM_CONFIG_DIR}/cert/iam-authz-server-key.pem}
+readonly IAM_AUTHZ_SERVER_CLIENT_CA_FILE=${IAM_AUTHZ_SERVER_CLIENT_CA_FILE:-${CA_FILE}}
+readonly IAM_AUTHZ_SERVER_RPCSERVER=${IAM_AUTHZ_SERVER_RPCSERVER:-${IAM_APISERVER_HOST}:${IAM_APISERVER_GRPC_BIND_PORT}}
+
+# iam-pump 配置
+readonly IAM_PUMP_HOST=${IAM_PUMP_HOST:-127.0.0.1} # iam-pump 部署机器 IP 地址
+readonly IAM_PUMP_COLLECTION_NAME=${IAM_PUMP_COLLECTION_NAME:-iam_analytics}
+readonly IAM_PUMP_MONGO_URL=${IAM_PUMP_MONGO_URL:-mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/${IAM_PUMP_COLLECTION_NAME}?authSource=${IAM_PUMP_COLLECTION_NAME}}
+
+# iam-watcher配置
+readonly IAM_WATCHER_HOST=${IAM_WATCHER_HOST:-127.0.0.1} # iam-watcher 部署机器 IP 地址
+
+# iamctl 配置
+readonly CONFIG_USER_USERNAME=${CONFIG_USER_USERNAME:-admin}
+readonly CONFIG_USER_PASSWORD=${CONFIG_USER_PASSWORD:-Admin@2021}
+readonly CONFIG_USER_CLIENT_CERTIFICATE=${CONFIG_USER_CLIENT_CERTIFICATE:-${HOME}/.iam/cert/admin.pem}
+readonly CONFIG_USER_CLIENT_KEY=${CONFIG_USER_CLIENT_KEY:-${HOME}/.iam/cert/admin-key.pem}
+readonly CONFIG_SERVER_ADDRESS=${CONFIG_SERVER_ADDRESS:-${IAM_APISERVER_HOST}:${IAM_APISERVER_SECURE_BIND_PORT}}
+readonly CONFIG_SERVER_CERTIFICATE_AUTHORITY=${CONFIG_SERVER_CERTIFICATE_AUTHORITY:-${CA_FILE}}
diff --git a/scripts/install/iam-apiserver.sh b/scripts/install/iam-apiserver.sh
new file mode 100755
index 0000000..4fec60c
--- /dev/null
+++ b/scripts/install/iam-apiserver.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::apiserver::info() {
+cat << EOF
+iam-apserver insecure listen on: ${IAM_APISERVER_HOST}:${IAM_APISERVER_INSECURE_BIND_PORT}
+iam-apserver secure listen on: ${IAM_APISERVER_HOST}:${IAM_APISERVER_SECURE_BIND_PORT}
+EOF
+}
+
+# 安装
+function iam::apiserver::install()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 生成 CA 证书和私钥
+  ./scripts/gencerts.sh generate-iam-cert ${LOCAL_OUTPUT_ROOT}/cert
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/cert/ca* ${IAM_CONFIG_DIR}/cert"
+
+  ./scripts/gencerts.sh generate-iam-cert ${LOCAL_OUTPUT_ROOT}/cert iam-apiserver
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/cert/iam-apiserver*pem ${IAM_CONFIG_DIR}/cert"
+
+  # 2. 构建 iam-apiserver
+  make build BINS=iam-apiserver
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/platforms/linux/amd64/iam-apiserver ${IAM_INSTALL_DIR}/bin"
+
+  # 3.  生成并安装 iam-apiserver 的配置文件（iam-apiserver.yaml）
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} configs/iam-apiserver.yaml > ${IAM_CONFIG_DIR}/iam-apiserver.yaml"
+
+  # 4. 创建并安装 iam-apiserver systemd unit 文件
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} init/iam-apiserver.service > /etc/systemd/system/iam-apiserver.service"
+
+  # 5. 启动 iam-apiserver 服务
+  iam::common::sudo "systemctl daemon-reload"
+  iam::common::sudo "systemctl restart iam-apiserver"
+  iam::common::sudo "systemctl enable iam-apiserver"
+  iam::apiserver::status || return 1
+  iam::apiserver::info
+
+  iam::log::info "install iam-apiserver successfully"
+  popd
+}
+
+# 卸载
+function iam::apiserver::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop iam-apiserver"
+  iam::common::sudo "systemctl disable iam-apiserver"
+  iam::common::sudo "rm -f ${IAM_INSTALL_DIR}/bin/iam-apiserver"
+  iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/iam-apiserver.yaml"
+  iam::common::sudo "rm -f /etc/systemd/system/iam-apiserver.service"
+  iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/cert/iam-apiserver*pem"
+  set -o errexit
+  iam::log::info "uninstall iam-apiserver successfully"
+}
+
+# 状态检查
+function iam::apiserver::status()
+{
+  # 查看 apiserver 运行状态，如果输出中包含 active (running) 字样说明 apiserver 成功启动。
+  systemctl status iam-apiserver|grep -q 'active' || {
+    iam::log::error "iam-apiserver failed to start, maybe not installed properly"
+    return 1
+  }
+
+ if echo | telnet ${IAM_APISERVER_HOST} ${IAM_APISERVER_INSECURE_BIND_PORT} 2>&1|grep refused &>/dev/null;then
+   iam::log::error "cannot access insecure port, iam-apiserver maybe not startup"
+   return 1
+ fi
+}
+
+if [[ "$*" =~ iam::apiserver:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/iam-authz-server.sh b/scripts/install/iam-authz-server.sh
new file mode 100755
index 0000000..1935abc
--- /dev/null
+++ b/scripts/install/iam-authz-server.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::authzserver::info() {
+cat << EOF
+iam-authz-server insecure listen on: ${IAM_AUTHZ_SERVER_HOST}:${IAM_AUTHZ_SERVER_INSECURE_BIND_PORT}
+iam-authz-server secure listen on: ${IAM_AUTHZ_SERVER_HOST}:${IAM_AUTHZ_SERVER_SECURE_BIND_PORT}
+EOF
+}
+
+# 安装
+function iam::authzserver::install()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 生成 CA 证书和私钥
+  ./scripts/gencerts.sh generate-iam-cert ${LOCAL_OUTPUT_ROOT}/cert
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/cert/ca* ${IAM_CONFIG_DIR}/cert"
+
+  ./scripts/gencerts.sh generate-iam-cert ${LOCAL_OUTPUT_ROOT}/cert iam-authz-server
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/cert/iam-authz-server*pem ${IAM_CONFIG_DIR}/cert"
+
+  # 2. 构建 iam-authz-server
+  make build BINS=iam-authz-server
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/platforms/linux/amd64/iam-authz-server ${IAM_INSTALL_DIR}/bin"
+
+  # 3.  生成并安装 iam-authz-server 的配置文件（iam-authz-server.yaml）
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} configs/iam-authz-server.yaml > ${IAM_CONFIG_DIR}/iam-authz-server.yaml"
+
+  # 4. 创建并安装 iam-authz-server systemd unit 文件
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} init/iam-authz-server.service > /etc/systemd/system/iam-authz-server.service"
+
+  # 5. 启动 iam-authz-server 服务
+  iam::common::sudo "systemctl daemon-reload"
+  iam::common::sudo "systemctl restart iam-authz-server"
+  iam::common::sudo "systemctl enable iam-authz-server"
+  iam::authzserver::status || return 1
+  iam::authzserver::info
+
+  iam::log::info "install iam-authz-server successfully"
+  popd
+}
+
+# 卸载
+function iam::authzserver::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop iam-authz-server"
+  iam::common::sudo "systemctl disable iam-authz-server"
+  iam::common::sudo "rm -f ${IAM_INSTALL_DIR}/bin/iam-authz-server"
+  iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/iam-authz-server.yaml"
+  iam::common::sudo "rm -f /etc/systemd/system/iam-authz-server.service"
+  iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/cert/iam-authz-server*pem"
+  set -o errexit
+  iam::log::info "uninstall iam-authz-server successfully"
+}
+
+# 状态检查
+function iam::authzserver::status()
+{
+  # 查看 iam-authz-server 运行状态，如果输出中包含 active (running) 字样说明 iam-authz-server 成功启动。
+  systemctl status iam-authz-server|grep -q 'active' || {
+    iam::log::error "iam-authz-server failed to start, maybe not installed properly"
+    return 1
+  }
+
+ if echo | telnet ${IAM_AUTHZSERVER_HOST} ${IAM_AUTHZSERVER_INSECURE_BIND_PORT} 2>&1|grep refused &>/dev/null;then
+   iam::log::error "cannot access insecure port, iam-authz-server maybe not startup"
+   return 1
+ fi
+}
+
+if [[ "$*" =~ iam::authzserver:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/iam-pump.sh b/scripts/install/iam-pump.sh
new file mode 100755
index 0000000..bc279c4
--- /dev/null
+++ b/scripts/install/iam-pump.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::pump::info() {
+cat << EOF
+iam-pumpn listen on: ${IAM_PUMP_HOST}
+EOF
+}
+
+# 安装
+function iam::pump::install()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 构建 iam-pump
+  make build BINS=iam-pump
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/platforms/linux/amd64/iam-pump ${IAM_INSTALL_DIR}/bin"
+
+  # 2.  生成并安装 iam-pump 的配置文件（iam-pump.yaml）
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} configs/iam-pump.yaml > ${IAM_CONFIG_DIR}/iam-pump.yaml"
+
+  # 3. 创建并安装 iam-pump systemd unit 文件
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} init/iam-pump.service > /etc/systemd/system/iam-pump.service"
+
+  # 4. 启动 iam-pump 服务
+  iam::common::sudo "systemctl daemon-reload"
+  iam::common::sudo "systemctl restart iam-pump"
+  iam::common::sudo "systemctl enable iam-pump"
+  iam::pump::status || return 1
+  iam::pump::info
+
+  iam::log::info "install iam-pump successfully"
+  popd
+}
+
+# 卸载
+function iam::pump::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop iam-pump"
+  iam::common::sudo "systemctl disable iam-pump"
+  iam::common::sudo "rm -f ${IAM_INSTALL_DIR}/bin/iam-pump"
+  iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/iam-pump.yaml"
+  iam::common::sudo "rm -f /etc/systemd/system/iam-pump.service"
+  set -o errexit
+  iam::log::info "uninstall iam-pump successfully"
+}
+
+# 状态检查
+function iam::pump::status()
+{
+  # 查看 iam-pump 运行状态，如果输出中包含 active (running) 字样说明 iam-pump 成功启动。
+  systemctl status iam-pump|grep -q 'active' || {
+    iam::log::error "iam-pump failed to start, maybe not installed properly"
+    return 1
+  }
+
+  # 监听端口在配置文件中是 hardcode
+  if echo | telnet 127.0.0.1 7070 2>&1|grep refused &>/dev/null;then
+    iam::log::error "cannot access health check port, iam-pump maybe not startup"
+    return 1
+  fi
+}
+
+if [[ "$*" =~ iam::pump:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/iam-watcher.sh b/scripts/install/iam-watcher.sh
new file mode 100755
index 0000000..49b90ed
--- /dev/null
+++ b/scripts/install/iam-watcher.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::watcher::info() {
+cat << EOF
+iam-watcher listen on: ${IAM_WATCHER_HOST}
+EOF
+}
+
+# 安装
+function iam::watcher::install()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 构建 iam-watcher
+  make build BINS=iam-watcher
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/platforms/linux/amd64/iam-watcher ${IAM_INSTALL_DIR}/bin"
+
+  # 2.  生成并安装 iam-watcher 的配置文件（iam-watcher.yaml）
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} configs/iam-watcher.yaml > ${IAM_CONFIG_DIR}/iam-watcher.yaml"
+
+  # 3. 创建并安装 iam-watcher systemd unit 文件
+  echo ${LINUX_PASSWORD} | sudo -S bash -c \
+    "./scripts/genconfig.sh ${ENV_FILE} init/iam-watcher.service > /etc/systemd/system/iam-watcher.service"
+
+  # 4. 启动 iam-watcher 服务
+  iam::common::sudo "systemctl daemon-reload"
+  iam::common::sudo "systemctl restart iam-watcher"
+  iam::common::sudo "systemctl enable iam-watcher"
+  iam::watcher::status || return 1
+  iam::watcher::info
+
+  iam::log::info "install iam-watcher successfully"
+  popd
+}
+
+# 卸载
+function iam::watcher::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop iam-watcher"
+  iam::common::sudo "systemctl disable iam-watcher"
+  iam::common::sudo "rm -f ${IAM_INSTALL_DIR}/bin/iam-watcher"
+  iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/iam-watcher.yaml"
+  iam::common::sudo "rm -f /etc/systemd/system/iam-watcher.service"
+  set -o errexit
+  iam::log::info "uninstall iam-watcher successfully"
+}
+
+# 状态检查
+function iam::watcher::status()
+{
+  # 查看 iam-watcher 运行状态，如果输出中包含 active (running) 字样说明 iam-watcher 成功启动。
+  systemctl status iam-watcher|grep -q 'active' || {
+    iam::log::error "iam-watcher failed to start, maybe not installed properly"
+    return 1
+  }
+
+  # 监听端口在配置文件中是 hardcode
+  if echo | telnet 127.0.0.1 5050 2>&1|grep refused &>/dev/null;then
+    iam::log::error "cannot access health check port, iam-watcher maybe not startup"
+    return 1
+  fi
+}
+
+if [[ "$*" =~ iam::watcher:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/iamctl.sh b/scripts/install/iamctl.sh
new file mode 100755
index 0000000..ce80f20
--- /dev/null
+++ b/scripts/install/iamctl.sh
@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::iamctl::info() {
+cat << EOF
+iamctl test command: iamctl user list
+EOF
+}
+
+# 安装
+function iam::iamctl::install()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 生成并安装 CA 证书和私钥
+  ./scripts/gencerts.sh generate-iam-cert ${LOCAL_OUTPUT_ROOT}/cert
+  iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/cert/ca* ${IAM_CONFIG_DIR}/cert"
+
+  ./scripts/gencerts.sh generate-iam-cert ${LOCAL_OUTPUT_ROOT}/cert admin
+  #iam::common::sudo "cp ${LOCAL_OUTPUT_ROOT}/cert/admin*pem ${IAM_CONFIG_DIR}/cert"
+  cert_dir=$(dirname ${CONFIG_USER_CLIENT_CERTIFICATE})
+  key_dir=$(dirname ${CONFIG_USER_CLIENT_KEY})
+  mkdir -p ${cert_dir} ${key_dir}
+  cp ${LOCAL_OUTPUT_ROOT}/cert/admin.pem ${CONFIG_USER_CLIENT_CERTIFICATE}
+  cp ${LOCAL_OUTPUT_ROOT}/cert/admin-key.pem ${CONFIG_USER_CLIENT_KEY}
+
+  # 2. 构建 iamctl
+  make build BINS=iamctl
+  cp ${LOCAL_OUTPUT_ROOT}/platforms/linux/amd64/iamctl $HOME/bin/
+
+  # 3.  生成并安装 iamctl 的配置文件（iamctl.yaml）
+  mkdir -p $HOME/.iam
+  ./scripts/genconfig.sh ${ENV_FILE} configs/iamctl.yaml > $HOME/.iam/iamctl.yaml
+  iam::iamctl::status || return 1
+  iam::iamctl::info
+
+  iam::log::info "install iamctl successfully"
+  popd
+}
+
+# 卸载
+function iam::iamctl::uninstall()
+{
+  set +o errexit
+  rm -f $HOME/bin/iamctl
+  rm -f $HOME/.iam/iamctl.yaml
+  #iam::common::sudo "rm -f ${IAM_CONFIG_DIR}/cert/admin*pem"
+  rm -f ${CONFIG_USER_CLIENT_CERTIFICATE}
+  rm -f ${CONFIG_USER_CLIENT_KEY}
+  set -o errexit
+
+  iam::log::info "uninstall iamctl successfully"
+}
+
+# 状态检查
+function iam::iamctl::status()
+{
+  iamctl user list | grep -q admin || {
+   iam::log::error "cannot list user, iamctl maybe not installed properly"
+   return 1
+  }
+
+ if echo | telnet ${IAM_APISERVER_HOST} ${IAM_APISERVER_INSECURE_BIND_PORT} 2>&1|grep refused &>/dev/null;then
+   iam::log::error "cannot access insecure port, iamctl maybe not startup"
+   return 1
+ fi
+}
+
+if [[ "$*" =~ iam::iamctl:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/install.sh b/scripts/install/install.sh
new file mode 100755
index 0000000..a713b0e
--- /dev/null
+++ b/scripts/install/install.sh
@@ -0,0 +1,419 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+source "${IAM_ROOT}/scripts/install/common.sh"
+
+source ${IAM_ROOT}/scripts/install/mariadb.sh
+source ${IAM_ROOT}/scripts/install/redis.sh
+source ${IAM_ROOT}/scripts/install/mongodb.sh
+source ${IAM_ROOT}/scripts/install/iam-apiserver.sh
+source ${IAM_ROOT}/scripts/install/iam-authz-server.sh
+source ${IAM_ROOT}/scripts/install/iam-pump.sh
+source ${IAM_ROOT}/scripts/install/iam-watcher.sh
+source ${IAM_ROOT}/scripts/install/iamctl.sh
+source ${IAM_ROOT}/scripts/install/man.sh
+source ${IAM_ROOT}/scripts/install/test.sh
+
+# 申请服务器，登录 going 用户后，配置 $HOME/.bashrc 文件
+iam::install::prepare_linux()
+{
+  # 1. 替换 Yum 源为阿里的 Yum 源
+  iam::common::sudo "mv /etc/yum.repos.d /etc/yum.repos.d.$$.bak" # 先备份原有的 Yum 源
+  iam::common::sudo "mkdir /etc/yum.repos.d"
+  iam::common::sudo "wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo"
+  iam::common::sudo "yum clean all"
+  iam::common::sudo "yum makecache"
+
+
+  if [[ -f $HOME/.bashrc ]];then
+    cp $HOME/.bashrc $HOME/bashrc.iam.backup
+  fi
+
+  # 2. 配置 $HOME/.bashrc
+  cat << 'EOF' > $HOME/.bashrc
+# .bashrc
+
+# User specific aliases and functions
+
+alias rm='rm -i'
+alias cp='cp -i'
+alias mv='mv -i'
+
+# Source global definitions
+if [ -f /etc/bashrc ]; then
+    . /etc/bashrc
+fi
+
+if [ ! -d $HOME/workspace ]; then
+    mkdir -p $HOME/workspace
+fi
+
+# User specific environment
+# Basic envs
+export LANG="en_US.UTF-8" # 设置系统语言为 en_US.UTF-8，避免终端出现中文乱码
+export PS1='[\u@dev \W]\$ ' # 默认的 PS1 设置会展示全部的路径，为了防止过长，这里只展示："用户名@dev 最后的目录名"
+export WORKSPACE="$HOME/workspace" # 设置工作目录
+export PATH=$HOME/bin:$PATH # 将 $HOME/bin 目录加入到 PATH 变量中
+
+# Default entry folder
+cd $WORKSPACE # 登录系统，默认进入 workspace 目录
+
+# User specific aliases and functions
+EOF
+
+  # 3. 安装依赖包
+  iam::common::sudo "yum -y install make autoconf automake cmake perl-CPAN libcurl-devel libtool gcc gcc-c++ glibc-headers zlib-devel git-lfs telnet lrzsz jq expat-devel openssl-devel"
+
+  # 4. 安装 Git
+  rm -rf /tmp/git-2.36.1.tar.gz /tmp/git-2.36.1 # clean up
+  cd /tmp
+  wget --no-check-certificate https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.36.1.tar.gz
+  tar -xvzf git-2.36.1.tar.gz
+  cd git-2.36.1/
+  ./configure
+  make
+  iam::common::sudo "make install"
+
+  cat << 'EOF' >> $HOME/.bashrc
+# Configure for git
+export PATH=/usr/local/libexec/git-core:$PATH
+EOF
+
+  git --version | grep -q 'git version 2.36.1' || {
+    iam::log::error "git version is not '2.36.1', maynot install git properly"
+    return 1
+  }
+
+  # 5. 配置 Git
+  git config --global user.name "Lingfei Kong"    # 用户名改成自己的
+  git config --global user.email "colin404@foxmail.com"    # 邮箱改成自己的
+  git config --global credential.helper store    # 设置 Git，保存用户名和密码
+  git config --global core.longpaths true # 解决 Git 中 'Filename too long' 的错误
+  git config --global core.quotepath off
+  git lfs install --skip-repo
+
+  source $HOME/.bashrc
+  iam::log::info "prepare linux basic environment successfully"
+}
+
+# 初始化新申请的 Linux 服务器，使其成为一个友好的开发机
+function iam::install::init_into_go_env()
+{
+  # 1. Linux 服务器基本配置
+  iam::install::prepare_linux || return 1
+
+  # 2. Go 编译环境安装和配置
+  iam::install::go || return 1
+
+  # 3. Go 开发 IDE 安装和配置
+  iam::install::vim_ide || return 1
+
+  iam::log::info "initialize linux to go development machine  successfully"
+}
+
+# Go 编译环境安装和配置
+function iam::install::go_command()
+{
+  rm -rf /tmp/go1.18.3.linux-amd64.tar.gz $HOME/go/go1.18.3 # clean up
+
+  # 1. 下载 go1.18.3 版本的 Go 安装包
+  wget -P /tmp/ https://golang.google.cn/dl/go1.18.3.linux-amd64.tar.gz
+
+  # 2. 安装 Go
+  mkdir -p $HOME/go
+  tar -xvzf /tmp/go1.18.3.linux-amd64.tar.gz -C $HOME/go
+  mv $HOME/go/go $HOME/go/go1.18.3
+
+  # 3. 配置 Go 环境变量
+  cat << 'EOF' >> $HOME/.bashrc
+# Go envs
+export GOVERSION=go1.18.3 # Go 版本设置
+export GO_INSTALL_DIR=$HOME/go # Go 安装目录
+export GOROOT=$GO_INSTALL_DIR/$GOVERSION # GOROOT 设置
+export GOPATH=$WORKSPACE/golang # GOPATH 设置
+export PATH=$GOROOT/bin:$GOPATH/bin:$PATH # 将 Go 语言自带的和通过 go install 安装的二进制文件加入到 PATH 路径中
+export GO111MODULE="on" # 开启 Go moudles 特性
+export GOPROXY=https://goproxy.cn,direct # 安装 Go 模块时，代理服务器设置
+export GOPRIVATE=
+export GOSUMDB=off # 关闭校验 Go 依赖包的哈希值
+EOF
+  source $HOME/.bashrc
+
+  # 4. 初始化 Go 工作区
+  mkdir -p $GOPATH && cd $GOPATH
+  go work init
+
+  iam::log::info "install go compile tool successfully"
+}
+
+function iam::install::protobuf()
+{
+  # 检查 protoc、protoc-gen-go 是否安装
+  command -v protoc &>/dev/null && command -v protoc-gen-go &>/dev/null && return 0
+
+  rm -rf /tmp/protobuf # clean up
+
+  # 1. 安装 protobuf
+  cd /tmp/
+  git clone -b v3.21.1 --depth=1 https://github.com/protocolbuffers/protobuf
+  cd protobuf
+  libtoolize --automake --copy --debug --force
+  ./autogen.sh
+  ./configure
+  make
+  sudo make install
+  iam::common::sudo "make install"
+  protoc --version | grep -q 'libprotoc 3.21.1' || {
+    iam::log::error "protoc version is not '3.21.1', maynot install protobuf properly"
+    return 1
+  }
+
+  iam::log::info "install protoc tool successfully"
+
+
+  # 2. 安装 protoc-gen-go
+  go install github.com/golang/protobuf/protoc-gen-go@v1.5.2
+
+  iam::log::info "install protoc-gen-go plugin successfully"
+}
+
+function iam::install::go()
+{
+  iam::install::go_command || return 1
+  iam::install::protobuf || return 1
+
+  iam::log::info "install go develop environment successfully"
+}
+
+function iam::install::vim_ide()
+{
+  rm -rf $HOME/.vim $HOME/.vimrc /tmp/gotools-for-vim.tgz # clean up
+
+  # 1. 安装 vim-go
+  mkdir -p ~/.vim/pack/plugins/start
+  git clone --depth=1 https://github.com/fatih/vim-go.git $HOME/.vim/pack/plugins/start/vim-go
+  cp "${IAM_ROOT}/scripts/install/vimrc" $HOME/.vimrc
+
+  # 2. Go 工具安装
+  wget -P /tmp/ https://marmotedu-1254073058.cos.ap-beijing.myqcloud.com/tools/gotools-for-vim.tgz && {
+    mkdir -p $GOPATH/bin
+    tar -xvzf /tmp/gotools-for-vim.tgz -C $GOPATH/bin
+  }
+
+  source $HOME/.bashrc
+  iam::log::info "install vim ide successfully"
+}
+
+# 如果是通过脚本安装，需要先尝试获取安装脚本指定的 Tag，Tag 记录在 version 文件中
+function iam::install::obtain_branch_flag(){
+  if [ -f "${IAM_ROOT}"/version ];then
+    echo `cat "${IAM_ROOT}"/version`
+  fi
+}
+
+function iam::install::prepare_iam()
+{
+  rm -rf $WORKSPACE/golang/src/github.com/marmotedu/iam # clean up
+
+  # 1. 下载 iam 项目代码，先强制删除 iam 目录，确保 iam 源码都是最新的指定版本
+  mkdir -p $WORKSPACE/golang/src/github.com/marmotedu && cd $WORKSPACE/golang/src/github.com/marmotedu
+  git clone -b $(iam::install::obtain_branch_flag) --depth=1 https://github.com/marmotedu/iam
+  go work use ./iam
+
+  # NOTICE: 因为切换编译路径，所以这里要重新赋值 IAM_ROOT 和 LOCAL_OUTPUT_ROOT
+  IAM_ROOT=$WORKSPACE/golang/src/github.com/marmotedu/iam
+  LOCAL_OUTPUT_ROOT="${IAM_ROOT}/${OUT_DIR:-_output}"
+
+  pushd ${IAM_ROOT}
+
+  # 2. 配置 $HOME/.bashrc 添加一些便捷入口
+  if ! grep -q 'Alias for quick access' $HOME/.bashrc;then
+    cat << 'EOF' >> $HOME/.bashrc
+# Alias for quick access
+export GOSRC="$WORKSPACE/golang/src"
+export IAM_ROOT="$GOSRC/github.com/marmotedu/iam"
+alias mm="cd $GOSRC/github.com/marmotedu"
+alias i="cd $GOSRC/github.com/marmotedu/iam"
+EOF
+  fi
+
+  # 3. 初始化 MariaDB 数据库，创建 iam 数据库
+
+  # 3.1 登录数据库并创建 iam 用户
+  mysql -h127.0.0.1 -P3306 -u"${MARIADB_ADMIN_USERNAME}" -p"${MARIADB_ADMIN_PASSWORD}" << EOF
+grant all on iam.* TO ${MARIADB_USERNAME}@127.0.0.1 identified by "${MARIADB_PASSWORD}";
+flush privileges;
+EOF
+
+  # 3.2 用 iam 用户登录 mysql，执行 iam.sql 文件，创建 iam 数据库
+  mysql -h127.0.0.1 -P3306 -u${MARIADB_USERNAME} -p"${MARIADB_PASSWORD}" << EOF
+source configs/iam.sql;
+show databases;
+EOF
+
+  # 4. 创建必要的目录
+  echo ${LINUX_PASSWORD} | sudo -S mkdir -p ${IAM_DATA_DIR}/{iam-apiserver,iam-authz-server,iam-pump,iam-watcher}
+  iam::common::sudo "mkdir -p ${IAM_INSTALL_DIR}/bin"
+  iam::common::sudo "mkdir -p ${IAM_CONFIG_DIR}/cert"
+  iam::common::sudo "mkdir -p ${IAM_LOG_DIR}"
+
+  # 5. 安装 cfssl 工具集
+  ! command -v cfssl &>/dev/null || ! command -v cfssl-certinfo &>/dev/null || ! command -v cfssljson &>/dev/null && {
+    iam::install::install_cfssl || return 1
+  }
+
+  # 6. 配置 hosts
+  if ! egrep -q 'iam.*marmotedu.com' /etc/hosts;then
+    echo ${LINUX_PASSWORD} | sudo -S bash -c "cat << 'EOF' >> /etc/hosts
+    127.0.0.1 iam.api.marmotedu.com
+    127.0.0.1 iam.authz.marmotedu.com
+    EOF"
+  fi
+
+  iam::log::info "prepare for iam installation successfully"
+  popd
+}
+
+function iam::install::unprepare_iam()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 删除 iam 数据库和用户
+  mysql -h127.0.0.1 -P3306 -u"${MARIADB_ADMIN_USERNAME}" -p"${MARIADB_ADMIN_PASSWORD}" << EOF
+drop database iam;
+drop user ${MARIADB_USERNAME}@127.0.0.1
+EOF
+
+  # 2. 删除创建的目录
+  iam::common::sudo "rm -rf ${IAM_DATA_DIR}"
+  iam::common::sudo "rm -rf ${IAM_INSTALL_DIR}"
+  iam::common::sudo "rm -rf ${IAM_CONFIG_DIR}"
+  iam::common::sudo "rm -rf ${IAM_LOG_DIR}"
+
+  # 3. 删除配置 hosts
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/iam.api.marmotedu.com/d' /etc/hosts
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/iam.authz.marmotedu.com/d' /etc/hosts
+
+  iam::log::info "unprepare for iam installation successfully"
+  popd
+}
+
+function iam::install::install_cfssl()
+{
+  mkdir -p $HOME/bin/
+  wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 -O $HOME/bin/cfssl
+  wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 -O $HOME/bin/cfssljson
+  wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64 -O $HOME/bin/cfssl-certinfo
+  #wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O $HOME/bin/cfssl
+  #wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O $HOME/bin/cfssljson
+  #wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O $HOME/bin/cfssl-certinfo
+  chmod +x $HOME/bin/{cfssl,cfssljson,cfssl-certinfo}
+  iam::log::info "install cfssl tools successfully"
+}
+
+function iam::install::install_storage()
+{
+  iam::mariadb::install || return 1
+  iam::redis::install || return 1
+  iam::mongodb::install || return 1
+  iam::log::info "install storage successfully"
+}
+
+function iam::install::uninstall_storage()
+{
+  iam::mariadb::uninstall || return 1
+  iam::redis::uninstall || return 1
+  iam::mongodb::uninstall || return 1
+  iam::log::info "uninstall storage successfully"
+}
+
+# 安装 IAM 应用
+function iam::install::install_iam()
+{
+  # 1. 安装并初始化数据库
+  iam::install::install_storage || return 1
+
+  # 2. 先准备安装环境
+  iam::install::prepare_iam || return 1
+
+  # 3. 安装 iam-apiserver 服务
+  iam::apiserver::install || return 1
+
+  # 4. 安装 iamctl 客户端工具
+  iam::iamctl::install || return 1
+
+  # 5. 安装 iam-authz-server 服务
+  iam::authzserver::install || return 1
+
+  # 6. 安装 iam-pump 服务
+  iam::pump::install || return 1
+
+  # 7. 安装 iam-watcher 服务
+  iam::watcher::install || return 1
+
+  # 8. 安装 man page
+  iam::man::install || return 1
+
+  iam::log::info "install iam application successfully"
+}
+
+function iam::install::uninstall_iam()
+{
+  iam::man::uninstall || return 1
+  iam::iamctl::uninstall || return 1
+  iam::pump::uninstall || return 1
+  iam::watcher::uninstall || return 1
+  iam::authzserver::uninstall || return 1
+  iam::apiserver::uninstall || return 1
+
+  iam::install::unprepare_iam || return 1
+
+  iam::install::uninstall_storage|| return 1
+}
+
+function iam::install::init_into_vim_env(){
+  # 1. Linux 服务器基本配置
+  iam::install::prepare_linux || return 1
+
+  # 2. Go 开发 IDE 安装和配置
+  iam::install::vim_ide || return 1
+
+  iam::log::info "initialize linux with SpaceVim successfully"
+}
+
+function iam::install::install()
+{
+  # 1. 配置 Linux 使其成为一个友好的 Go 开发机
+  iam::install::init_into_go_env || return 1
+
+  # 2. 安装 IAM 应用
+  iam::install::install_iam || return 1
+
+  # 3. 测试安装后的 IAM 系统功能是否正常
+  iam::test::test || return 1
+
+  iam::log::info "$(echo -e '\033[32mcongratulations, install iam application successfully!\033[0m')"
+}
+
+# 卸载。卸载只卸载服务，不卸载环境，不会卸载列表如下：
+# - 配置的 $HOME/.bashrc
+# - 安装和配置的 Go 编译环境和工具：go、protoc、protoc-gen-go
+# - 安装的依赖包
+# - 安装的工具：cfssl 工具
+# - 下载的 iam 源码包及其目录
+# - 安装的 neovim 和 SpaceVim
+#
+# 也即只卸载 IAM 应用部分，卸载后，Linux 仍然是一个友好的 Go 开发机
+function iam::install::uninstall()
+{
+  iam::install::uninstall_iam || return 1
+  iam::log::info "uninstall iam application successfully"
+}
+
+eval $*
diff --git a/scripts/install/man.sh b/scripts/install/man.sh
new file mode 100755
index 0000000..e19d6c9
--- /dev/null
+++ b/scripts/install/man.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::man::info() {
+cat << EOF
+use: man iam-apiserver to see iam-apiserver help
+EOF
+}
+
+# 安装
+function iam::man::install()
+{
+  pushd ${IAM_ROOT}
+
+  # 1. 生成各个组件的 man1 文件
+  ${IAM_ROOT}/scripts/update-generated-docs.sh
+  iam::common::sudo "cp docs/man/man1/* /usr/share/man/man1/"
+  iam::man::status || return 1
+  iam::man::info
+
+  iam::log::info "install iam-apiserver successfully"
+  popd
+}
+
+# 卸载
+function iam::man::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "rm -f /usr/share/man/man1/iam-*"
+  set -o errexit
+  iam::log::info "uninstall iam man pages successfully"
+}
+
+# 状态检查
+function iam::man::status()
+{
+  ls /usr/share/man/man1/iam-* &>/dev/null || {
+    iam::log::error "iam man files not exist, maybe not installed properly"
+    return 1
+  }
+}
+
+if [[ "$*" =~ iam::man:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/mariadb.sh b/scripts/install/mariadb.sh
new file mode 100755
index 0000000..2851cb6
--- /dev/null
+++ b/scripts/install/mariadb.sh
@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::mariadb::info() {
+cat << EOF
+MariaDB Login: mysql -h127.0.0.1 -u${MARIADB_ADMIN_USERNAME} -p'${MARIADB_ADMIN_PASSWORD}'
+EOF
+}
+
+# 安装
+function iam::mariadb::install()
+{
+  # 1. 配置 MariaDB 10.5 Yum 源
+  echo ${LINUX_PASSWORD} | sudo -S bash -c "cat << 'EOF' > /etc/yum.repos.d/mariadb-10.5.repo
+# MariaDB 10.5 CentOS repository list - created 2020-10-23 01:54 UTC
+# http://downloads.mariadb.org/mariadb/repositories/
+[mariadb]
+name = MariaDB
+baseurl = https://mirrors.aliyun.com/mariadb/yum/10.5/centos8-amd64/
+module_hotfixes=1
+gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
+gpgcheck=0
+EOF"
+
+  # 2. 安装 MariaDB 和 MariaDB 客户端
+  iam::common::sudo "yum -y install MariaDB-server MariaDB-client"
+
+  # 3. 启动 MariaDB，并设置开机启动
+  iam::common::sudo "systemctl enable mariadb"
+  iam::common::sudo "systemctl start mariadb"
+
+  # 4. 设置 root 初始密码
+  iam::common::sudo "mysqladmin -u${MARIADB_ADMIN_USERNAME} password ${MARIADB_ADMIN_PASSWORD}"
+
+  iam::mariadb::status || return 1
+  iam::mariadb::info
+  iam::log::info "install MariaDB successfully"
+}
+
+# 卸载
+function iam::mariadb::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop mariadb"
+  iam::common::sudo "systemctl disable mariadb"
+  iam::common::sudo "yum -y remove MariaDB-server MariaDB-client"
+  iam::common::sudo "rm -rf /var/lib/mysql"
+  iam::common::sudo "rm -f /etc/yum.repos.d/mariadb-10.5.repo"
+  set -o errexit
+  iam::log::info "uninstall MariaDB successfully"
+}
+
+# 状态检查
+function iam::mariadb::status()
+{
+  # 查看 mariadb 运行状态，如果输出中包含 active (running) 字样说明 mariadb 成功启动。
+  systemctl status mariadb |grep -q 'active' || {
+    iam::log::error "mariadb failed to start, maybe not installed properly"
+    return 1
+  }
+
+  mysql -u${MARIADB_ADMIN_USERNAME} -p${MARIADB_ADMIN_PASSWORD} -e quit &>/dev/null || {
+    iam::log::error "can not login with root, mariadb maybe not initialized properly"
+    return 1
+  }
+}
+
+if [[ "$*" =~ iam::mariadb:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/mariadb_for_ubuntu.sh b/scripts/install/mariadb_for_ubuntu.sh
new file mode 100755
index 0000000..413bae7
--- /dev/null
+++ b/scripts/install/mariadb_for_ubuntu.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::mariadb::info() {
+cat << EOF
+MariaDB Login: mysql -h127.0.0.1 -u${MARIADB_ADMIN_USERNAME} -p'${MARIADB_ADMIN_PASSWORD}'
+EOF
+}
+
+# 安装
+function iam::mariadb::install()
+{
+  # 1. 配置 MariaDB 10.5 apt 源
+  iam::common::sudo "apt-get install software-properties-common dirmngr apt-transport-https"
+  echo ${LINUX_PASSWORD} | sudo -S apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
+  # add /etc/apt/sources.list
+  echo ${LINUX_PASSWORD} | sudo -S add-apt-repository 'deb [arch=amd64,arm64,ppc64el,s390x] https://mirrors.aliyun.com/mariadb/repo/10.5/ubuntu focal main'
+
+  # 2. 安装 MariaDB 和 MariaDB 客户端
+  iam::common::sudo "apt update"
+  iam::common::sudo "apt -y install mariadb-server"
+
+  # 3. 启动 MariaDB，并设置开机启动
+  iam::common::sudo "systemctl enable mariadb"
+  iam::common::sudo "systemctl start mariadb"
+
+  # 4. 设置 root 初始密码
+  iam::common::sudo "mysqladmin -u${MARIADB_ADMIN_USERNAME} password ${MARIADB_ADMIN_PASSWORD}"
+
+  iam::mariadb::status || return 1
+  iam::mariadb::info
+  iam::log::info "install MariaDB successfully"
+}
+
+# 卸载
+function iam::mariadb::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop mariadb"
+  iam::common::sudo "systemctl disable mariadb"
+  iam::common::sudo "apt-get -y remove mariadb-server"
+  iam::common::sudo "rm -rf /var/lib/mysql"
+  set -o errexit
+  iam::log::info "uninstall MariaDB successfully"
+}
+
+# 状态检查
+function iam::mariadb::status()
+{
+  # 查看 mariadb 运行状态，如果输出中包含 active (running) 字样说明 mariadb 成功启动。
+  systemctl status mariadb |grep -q 'active' || {
+    iam::log::error "mariadb failed to start, maybe not installed properly"
+    return 1
+  }
+
+  mysql -u${MARIADB_ADMIN_USERNAME} -p${MARIADB_ADMIN_PASSWORD} -e quit &>/dev/null || {
+    iam::log::error "can not login with root, mariadb maybe not initialized properly"
+    return 1
+  }
+  iam::log::info "MariaDB status active"
+}
+
+if [[ "$*" =~ iam::mariadb:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/mongodb.sh b/scripts/install/mongodb.sh
new file mode 100755
index 0000000..5690011
--- /dev/null
+++ b/scripts/install/mongodb.sh
@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::mongodb::info() {
+cat << EOF
+MongoDB Login: mongo mongodb://${MONGO_USERNAME}:'${MONGO_PASSWORD}'@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=iam_analytics
+EOF
+}
+
+# 安装
+function iam::mongodb::install()
+{
+  # 1. 配置 MongoDB Yum 源
+  echo ${LINUX_PASSWORD} | sudo -S bash -c "cat << 'EOF' > /etc/yum.repos.d/mongodb-org-5.0.repo
+[mongodb-org-5.0]
+name=MongoDB Repository
+baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/5.0/x86_64/
+gpgcheck=1
+enabled=1
+gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc
+EOF"
+
+  # 2. 安装 MongoDB 和 MongoDB 客户端
+  iam::common::sudo "yum install -y mongodb-org"
+
+	# 3. 禁用 SELinux
+	echo ${LINUX_PASSWORD} | sudo -S setenforce 0 || true
+	echo ${LINUX_PASSWORD} | sudo -S sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
+
+	# 4. 开启外网访问权限和登录验证
+	echo ${LINUX_PASSWORD} | sudo -S sed -i '/bindIp/{s/127.0.0.1/0.0.0.0/}' /etc/mongod.conf
+	echo ${LINUX_PASSWORD} | sudo -S sed -i '/^#security/a\security:\n  authorization: enabled' /etc/mongod.conf
+
+  # 5. 启动 MongoDB，并设置开机启动
+  iam::common::sudo "systemctl enable mongod"
+  iam::common::sudo "systemctl start mongod"
+
+  # 6. 创建管理员账号，设置管理员密码
+	mongosh --quiet "mongodb://${MONGO_HOST}:${MONGO_PORT}" << EOF
+use admin
+db.createUser({user:"${MONGO_ADMIN_USERNAME}",pwd:"${MONGO_ADMIN_PASSWORD}",roles:["root"]})
+db.auth("${MONGO_ADMIN_USERNAME}", "${MONGO_ADMIN_PASSWORD}")
+EOF
+
+	# 7. 创建 ${MONGO_USERNAME} 用户
+	mongosh --quiet mongodb://${MONGO_ADMIN_USERNAME}:${MONGO_ADMIN_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=admin << EOF
+use iam_analytics
+db.createUser({user:"${MONGO_USERNAME}",pwd:"${MONGO_PASSWORD}",roles:["dbOwner"]})
+db.auth("${MONGO_USERNAME}", "${MONGO_PASSWORD}")
+EOF
+
+  iam::mongodb::status || return 1
+  iam::mongodb::info
+  iam::log::info "install MongoDB successfully"
+}
+
+# 卸载
+function iam::mongodb::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop mongodb"
+  iam::common::sudo "systemctl disable mongodb"
+  iam::common::sudo "yum -y remove mongodb-org"
+  iam::common::sudo "rm -rf /var/lib/mongo"
+  iam::common::sudo "rm -f /etc/yum.repos.d/mongodb-10.5.repo"
+  iam::common::sudo "rm -f /etc/mongod.conf"
+  iam::common::sudo "rm -f /lib/systemd/system/mongod.service"
+  iam::common::sudo "rm -f /tmp/mongodb-*.sock"
+  set -o errexit
+  iam::log::info "uninstall MongoDB successfully"
+}
+
+# 状态检查
+function iam::mongodb::status()
+{
+  # 查看 mongodb 运行状态，如果输出中包含 active (running) 字样说明 mongodb 成功启动。
+  systemctl status mongod |grep -q 'active' || {
+    iam::log::error "mongodb failed to start, maybe not installed properly"
+    return 1
+  }
+
+	echo "show dbs" | mongosh --quiet "mongodb://${MONGO_HOST}:${MONGO_PORT}" &>/dev/null || {
+    iam::log::error "cannot connect to mongodb, mongo maybe not installed properly"
+    return 1
+  }
+
+	echo "show dbs" | \
+		mongosh --quiet mongodb://${MONGO_ADMIN_USERNAME}:${MONGO_ADMIN_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=admin &>/dev/null || {
+    iam::log::error "can not login with ${MONGO_ADMIN_USERNAME}, mongo maybe not initialized properly"
+    return 1
+  }
+
+	echo "show dbs" | \
+		mongosh --quiet mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=iam_analytics &>/dev/null|| {
+    iam::log::error "can not login with ${MONGO_USERNAME}, mongo maybe not initialized properly"
+    return 1
+  }
+}
+
+if [[ "$*" =~ iam::mongodb:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/mongodb_for_ubuntu.sh b/scripts/install/mongodb_for_ubuntu.sh
new file mode 100755
index 0000000..faebc58
--- /dev/null
+++ b/scripts/install/mongodb_for_ubuntu.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::mongodb::info() {
+cat << EOF
+MongoDB Login: mongo mongodb://${MONGO_USERNAME}:'${MONGO_PASSWORD}'@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=iam_analytics
+EOF
+}
+
+# 安装
+function iam::mongodb::install()
+{
+  # 1. 配置 MongoDB Apt 源
+  echo ${LINUX_PASSWORD} | sudo -S apt-get install gnupg
+  echo ${LINUX_PASSWORD} | sudo -S wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
+  echo ${LINUX_PASSWORD} | sudo -S echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+
+  # 2. 安装 MongoDB 和 MongoDB 客户端
+  iam::common::sudo "apt-get update"
+  iam::common::sudo "apt -y install mongodb-org"
+
+	# 3. 开启外网访问权限和登录验证
+	echo ${LINUX_PASSWORD} | sudo -S sed -i '/bindIp/{s/127.0.0.1/0.0.0.0/}' /etc/mongod.conf
+	echo ${LINUX_PASSWORD} | sudo -S sed -i '/^#security/a\security:\n  authorization: enabled' /etc/mongod.conf
+
+  # 4. 启动 MongoDB，并设置开机启动
+  iam::common::sudo "systemctl enable mongod"
+  iam::common::sudo "systemctl start mongod"
+
+  # 5. 创建管理员账号，设置管理员密码
+	echo ${LINUX_PASSWORD} | sudo -S mongo --quiet "mongodb://${MONGO_HOST}:${MONGO_PORT}" <<EOF
+use admin
+db.createUser({user:"${MONGO_ADMIN_USERNAME}",pwd:"${MONGO_ADMIN_PASSWORD}",roles:["root"]})
+db.auth("${MONGO_ADMIN_USERNAME}", "${MONGO_ADMIN_PASSWORD}")
+EOF
+
+	# 6. 创建 ${MONGO_USERNAME} 用户
+	echo ${LINUX_PASSWORD} | sudo -S mongo --quiet mongodb://${MONGO_ADMIN_USERNAME}:${MONGO_ADMIN_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=admin << EOF
+use iam_analytics
+db.createUser({user:"${MONGO_USERNAME}",pwd:"${MONGO_PASSWORD}",roles:["dbOwner"]})
+db.auth("${MONGO_USERNAME}", "${MONGO_PASSWORD}")
+EOF
+
+  iam::mongodb::status || return 1
+  iam::mongodb::info
+  iam::log::info "install MongoDB successfully"
+}
+
+# 卸载
+function iam::mongodb::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "systemctl stop mongodb"
+  iam::common::sudo "systemctl disable mongodb"
+  iam::common::sudo "apt-get -y remove mongodb-org"
+  iam::common::sudo "rm -rf /var/lib/mongo"
+  iam::common::sudo "rm -f /etc/apt/sources.list.d/mongodb-org-4.4.list"
+  iam::common::sudo "rm -f /etc/mongod.conf"
+  iam::common::sudo "rm -f /lib/systemd/system/mongod.service"
+  iam::common::sudo "rm -f /tmp/mongodb-*.sock"
+  set -o errexit
+  iam::log::info "uninstall MongoDB successfully"
+}
+
+# 状态检查
+function iam::mongodb::status()
+{
+  # 查看 mongodb 运行状态，如果输出中包含 active (running) 字样说明 mongodb 成功启动。
+  systemctl status mongod |grep -q 'active' || {
+    iam::log::error "mongodb failed to start, maybe not installed properly"
+    return 1
+  }
+
+	echo "show dbs" | mongo --quiet "mongodb://${MONGO_HOST}:${MONGO_PORT}" &>/dev/null || {
+    iam::log::error "cannot connect to mongodb, mongo maybe not installed properly"
+    return 1
+  }
+
+	echo "show dbs" | \
+		mongo --quiet mongodb://${MONGO_ADMIN_USERNAME}:${MONGO_ADMIN_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=admin &>/dev/null || {
+    iam::log::error "can not login with ${MONGO_ADMIN_USERNAME}, mongo maybe not initialized properly"
+    return 1
+  }
+
+	echo "show dbs" | \
+		mongo --quiet mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@${MONGO_HOST}:${MONGO_PORT}/iam_analytics?authSource=iam_analytics &>/dev/null|| {
+    iam::log::error "can not login with ${MONGO_USERNAME}, mongo maybe not initialized properly"
+    return 1
+  }
+}
+
+if [[ "$*" =~ iam::mongodb:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/redis.sh b/scripts/install/redis.sh
new file mode 100755
index 0000000..42817f4
--- /dev/null
+++ b/scripts/install/redis.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::redis::info() {
+cat << EOF
+Redis Login: redis-cli --no-auth-warning -h ${REDIS_HOST} -p ${REDIS_PORT} -a '${REDIS_PASSWORD}'
+EOF
+}
+
+# 安装
+function iam::redis::install()
+{
+  # 1. 安装 Redis
+  iam::common::sudo "yum -y install redis"
+
+  # 2. 配置 Redis
+  # 2.1 修改 `/etc/redis.conf` 文件，将 daemonize 由 no 改成 yes，表示允许 Redis 在后台启动
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/^daemonize/{s/no/yes/}' /etc/redis.conf
+
+  # 2.2 在 `bind 127.0.0.1` 前面添加 `#` 将其注释掉，默认情况下只允许本地连接，注释掉后外网可以连接 Redis
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/^# bind 127.0.0.1/{s/# //}' /etc/redis.conf
+
+  # 2.3 修改 requirepass 配置，设置 Redis 密码
+  echo ${LINUX_PASSWORD} | sudo -S sed -i 's/^# requirepass.*$/requirepass '"${REDIS_PASSWORD}"'/' /etc/redis.conf
+
+  # 2.4 因为我们上面配置了密码登录，需要将 protected-mode 设置为 no，关闭保护模式
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/^protected-mode/{s/yes/no/}' /etc/redis.conf
+
+  # 3. 为了能够远程连上 Redis，需要执行以下命令关闭防火墙，并禁止防火墙开机启动（如果不需要远程连接，可忽略此步骤）
+  iam::common::sudo "systemctl stop firewalld.service"
+  iam::common::sudo "systemctl disable firewalld.service"
+
+  # 4. 启动 Redis
+  iam::common::sudo "redis-server /etc/redis.conf"
+
+  iam::redis::status || return 1
+  iam::redis::info
+  iam::log::info "install Redis successfully"
+}
+
+# 卸载
+function iam::redis::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "killall redis-server"
+  iam::common::sudo "yum -y remove redis"
+  iam::common::sudo "rm -rf /var/lib/redis"
+  set -o errexit
+  iam::log::info "uninstall Redis successfully"
+}
+
+# 状态检查
+function iam::redis::status()
+{
+  if [[ -z "`pgrep redis-server`" ]];then
+    iam::log::error_exit "Redis not running, maybe not installed properly"
+    return 1
+  fi
+
+
+  redis-cli --no-auth-warning -h ${REDIS_HOST} -p ${REDIS_PORT} -a "${REDIS_PASSWORD}" --hotkeys || {
+    iam::log::error "can not login with ${REDIS_USERNAME}, redis maybe not initialized properly"
+    return 1
+  }
+}
+
+#eval $*
+if [[ "$*" =~ iam::redis:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/redis_for_ubuntu.sh b/scripts/install/redis_for_ubuntu.sh
new file mode 100755
index 0000000..30c9811
--- /dev/null
+++ b/scripts/install/redis_for_ubuntu.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+# 安装后打印必要的信息
+function iam::redis::info() {
+cat << EOF
+Redis Login: redis-cli --no-auth-warning -h ${REDIS_HOST} -p ${REDIS_PORT} -a '${REDIS_PASSWORD}'
+EOF
+}
+
+# 安装
+function iam::redis::install()
+{
+  # 1. 安装 Redis
+  iam::common::sudo "apt-get -y install redis-server"
+
+  # 2. 配置 Redis
+  # 2.1 修改 `/etc/redis/redis.conf` 文件，将 daemonize 由 no 改成 yes，表示允许 Redis 在后台启动
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/^daemonize/{s/no/yes/}' /etc/redis/redis.conf
+
+  # 2.2 在 `bind 127.0.0.1` 前面添加 `#` 将其注释掉，默认情况下只允许本地连接，注释掉后外网可以连接 Redis
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/^# bind 127.0.0.1/{s/# //}' /etc/redis/redis.conf
+
+  # 2.3 修改 requirepass 配置，设置 Redis 密码
+  echo ${LINUX_PASSWORD} | sudo -S sed -i 's/^# requirepass.*$/requirepass '"${REDIS_PASSWORD}"'/' /etc/redis/redis.conf
+
+  # 2.4 因为我们上面配置了密码登录，需要将 protected-mode 设置为 no，关闭保护模式
+  echo ${LINUX_PASSWORD} | sudo -S sed -i '/^protected-mode/{s/yes/no/}' /etc/redis/redis.conf
+
+  # 3. 为了能够远程连上 Redis，需要执行以下命令关闭防火墙，并禁止防火墙开机启动（如果不需要远程连接，可忽略此步骤）
+  iam::common::sudo "sudo ufw disable"
+  iam::common::sudo "sudo ufw status"
+
+  # 4. 启动 Redis
+  iam::common::sudo "redis-server /etc/redis/redis.conf"
+
+  iam::redis::status || return 1
+  iam::redis::info
+  iam::log::info "install Redis successfully"
+}
+
+# 卸载
+function iam::redis::uninstall()
+{
+  set +o errexit
+  iam::common::sudo "/etc/init.d/redis-server stop"
+  iam::common::sudo "apt-get -y remove redis-server"
+  iam::common::sudo "rm -rf /var/lib/redis"
+  set -o errexit
+  iam::log::info "uninstall Redis successfully"
+}
+
+# 状态检查
+function iam::redis::status()
+{
+  if [[ -z "`pgrep redis-server`" ]];then
+    iam::log::error_exit "Redis not running, maybe not installed properly"
+    return 1
+  fi
+
+
+  redis-cli --no-auth-warning -h ${REDIS_HOST} -p ${REDIS_PORT} -a "${REDIS_PASSWORD}" --hotkeys || {
+    iam::log::error "can not login with ${REDIS_USERNAME}, redis maybe not initialized properly"
+    return 1
+  }
+
+  iam::log::info "redis-server status active"
+}
+
+#eval $*
+if [[ "$*" =~ iam::redis:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/release.sh b/scripts/install/release.sh
new file mode 100755
index 0000000..01a8216
--- /dev/null
+++ b/scripts/install/release.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+# Build an IAM release.  This will build the binaries, create the Docker
+# images and other build artifacts.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+source "${IAM_ROOT}/scripts/common.sh"
+source "${IAM_ROOT}/scripts/lib/release.sh"
+
+IAM_RELEASE_RUN_TESTS=${IAM_RELEASE_RUN_TESTS-y}
+
+iam::golang::setup_env
+iam::build::verify_prereqs
+iam::release::verify_prereqs
+#iam::build::build_image
+iam::build::build_command
+iam::release::package_tarballs
+iam::release::updload_tarballs
+iam::release::github_release
+iam::release::generate_changelog
diff --git a/scripts/install/test.sh b/scripts/install/test.sh
new file mode 100755
index 0000000..987edae
--- /dev/null
+++ b/scripts/install/test.sh
@@ -0,0 +1,250 @@
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+
+# The root of the build/dist directory
+IAM_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
+[[ -z ${COMMON_SOURCED} ]] && source ${IAM_ROOT}/scripts/install/common.sh
+
+INSECURE_APISERVER=${IAM_APISERVER_HOST}:${IAM_APISERVER_INSECURE_BIND_PORT}
+INSECURE_AUTHZSERVER=${IAM_AUTHZ_SERVER_HOST}:${IAM_AUTHZ_SERVER_INSECURE_BIND_PORT}
+
+Header="-HContent-Type: application/json"
+CCURL="curl -f -s -XPOST" # Create
+UCURL="curl -f -s -XPUT" # Update
+RCURL="curl -f -s -XGET" # Retrieve
+DCURL="curl -f -s -XDELETE" # Delete
+
+iam::test::login()
+{
+  ${CCURL} "${Header}" http://${INSECURE_APISERVER}/login \
+    -d'{"username":"admin","password":"Admin@2021"}' | grep -Po 'token[" :]+\K[^"]+'
+}
+
+iam::test::user()
+{
+  token="-HAuthorization: Bearer $(iam::test::login)"
+
+  # 1. 如果有 colin、mark、john 用户先清空
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/users/colin; echo
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/users/mark; echo
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/users/john; echo
+
+  # 2. 创建 colin、mark、john 用户
+  ${CCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/users \
+    -d'{"password":"User@2021","metadata":{"name":"colin"},"nickname":"colin","email":"colin@foxmail.com","phone":"1812884xxxx"}'; echo
+
+  # 3. 列出所有用户
+  ${RCURL} "${token}" "http://${INSECURE_APISERVER}/v1/users?offset=0&limit=10"; echo
+
+  # 4. 获取 colin 用户的详细信息
+  ${RCURL} "${token}" http://${INSECURE_APISERVER}/v1/users/colin; echo
+
+  # 5. 修改 colin 用户
+  ${UCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/users/colin \
+    -d'{"nickname":"colin","email":"colin_modified@foxmail.com","phone":"1812884xxxx"}'; echo
+
+  # 6. 删除 colin 用户
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/users/colin; echo
+
+  # 7. 批量删除用户
+  ${DCURL} "${token}" "http://${INSECURE_APISERVER}/v1/users?name=mark&name=john"; echo
+  iam::log::info "$(echo -e '\033[32mcongratulations, /v1/user test passed!\033[0m')"
+}
+
+iam::test::secret()
+{
+  token="-HAuthorization: Bearer $(iam::test::login)"
+
+  # 1. 如果有 secret0 密钥先清空
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/secrets/secret0; echo
+
+  # 2. 创建 secret0 密钥
+  ${CCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/secrets \
+    -d'{"metadata":{"name":"secret0"},"expires":0,"description":"admin secret"}'; echo
+
+  # 3. 列出所有密钥
+  ${RCURL} "${token}" http://${INSECURE_APISERVER}/v1/secrets; echo
+
+  # 4. 获取 secret0 密钥的详细信息
+  ${RCURL} "${token}" http://${INSECURE_APISERVER}/v1/secrets/secret0; echo
+
+  # 5. 修改 secret0 密钥
+  ${UCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/secrets/secret0 \
+    -d'{"expires":0,"description":"admin secret(modified)"}'; echo
+
+  # 6. 删除 secret0 密钥
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/secrets/secret0; echo
+  iam::log::info "$(echo -e '\033[32mcongratulations, /v1/secret test passed!\033[0m')"
+}
+
+iam::test::policy()
+{
+  token="-HAuthorization: Bearer $(iam::test::login)"
+
+  # 1. 如果有 policy0 策略先清空
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/policies/policy0; echo
+
+  # 2. 创建 policy0 策略
+  ${CCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/policies \
+    -d'{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
+
+  # 3. 列出所有策略
+  ${RCURL} "${token}" http://${INSECURE_APISERVER}/v1/policies; echo
+
+  # 4. 获取 policy0 策略的详细信息
+  ${RCURL} "${token}" http://${INSECURE_APISERVER}/v1/policies/policy0; echo
+
+  # 5. 修改 policy0 策略
+  ${UCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/policies/policy0 \
+    -d'{"policy":{"description":"One policy to rule them all(modified).","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
+
+  # 6. 删除 policy0 策略
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/policies/policy0; echo
+  iam::log::info "$(echo -e '\033[32mcongratulations, /v1/policy test passed!\033[0m')"
+}
+
+iam::test::apiserver()
+{
+  iam::test::user
+  iam::test::secret
+  iam::test::policy
+  iam::log::info "$(echo -e '\033[32mcongratulations, iam-apiserver test passed!\033[0m')"
+}
+
+iam::test::authz()
+{
+  token="-HAuthorization: Bearer $(iam::test::login)"
+
+  # 1. 如果有 authzpolicy 策略先清空
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/policies/authzpolicy; echo
+
+  # 2. 创建 authzpolicy 策略
+  ${CCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/policies \
+    -d'{"metadata":{"name":"authzpolicy"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}'; echo
+
+  # 3. 如果有 authzsecret 密钥先清空
+  ${DCURL} "${token}" http://${INSECURE_APISERVER}/v1/secrets/authzsecret; echo
+
+  # 4. 创建 authzsecret 密钥
+  secret=$(${CCURL} "${Header}" "${token}" http://${INSECURE_APISERVER}/v1/secrets -d'{"metadata":{"name":"authzsecret"},"expires":0,"description":"admin secret"}')
+  secretID=$(echo ${secret} | grep -Po 'secretID[" :]+\K[^"]+')
+  secretKey=$(echo ${secret} | grep -Po 'secretKey[" :]+\K[^"]+')
+
+  # 5. 生成 token
+  token=$(iamctl jwt sign ${secretID} ${secretKey})
+
+  # 6. 调用 /v1/authz 完成资源授权。
+  # 注意这里要 sleep 3s 等待 iam-authz-server 将新建的密钥同步到其内存中
+  echo "wait 3s to allow iam-authz-server to sync information into its memory ..."
+  sleep 3
+  ret=`$CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_AUTHZSERVER}/v1/authz \
+    -d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' | grep -Po 'allowed[" :]+\K\w+'`
+
+  if [ "$ret" != "true" ];then
+    return 1
+  fi
+
+  iam::log::info "$(echo -e '\033[32mcongratulations, /v1/authz test passed!\033[0m')"
+}
+
+iam::test::authzserver()
+{
+  iam::test::authz
+  iam::log::info "$(echo -e '\033[32mcongratulations, iam-authz-server test passed!\033[0m')"
+}
+
+iam::test::pump()
+{
+  ${RCURL} http://${IAM_PUMP_HOST}:7070/healthz | egrep -q 'status.*ok' || {
+    iam::log::error "cannot access iam-pump healthz api, iam-pump maybe down"
+      return 1
+    }
+
+  iam::test::real_pump_test
+
+  iam::log::info "$(echo -e '\033[32mcongratulations, iam-pump test passed!\033[0m')"
+}
+
+# 使用真实的数据测试 iam-pump 是否正常工作
+iam::test::real_pump_test()
+{
+  # 1. 创建访问 iam-authz-server 需要用到的密钥对
+  iamctl secret create pumptest &>/dev/null
+
+  # 2. 使用步骤 1 创建的密钥对生成 JWT Token
+  authzAccessToken=`iamctl jwt sign njcho8gJQArsq7zr5v1YpG5NcvL0aeuZ38Ti if70HgRgp021iq5ex2l7pfy5XvgtZM3q` # iamctl jwt sign $secretID $secretKey
+
+  # 3. 创建授权策略
+  iamctl policy create pumptest '{"metadata":{"name":"policy0"},"policy":{"description":"One policy to rule them all.","subjects":["users:<peter|ken>","users:maria","groups:admins"],"actions":["delete","<create|update>"],"effect":"allow","resources":["resources:articles:<.*>","resources:printer"],"conditions":{"remoteIPAddress":{"type":"CIDRCondition","options":{"cidr":"192.168.0.1/16"}}}}}' &>/dev/null
+
+  # 注意这里要 sleep 3s 等待 iam-authz-server 将新建的密钥和授权策略同步到其内存中
+  echo "wait 3s to allow iam-authz-server to sync information into its memory ..."
+  sleep 3
+
+  # 4. 访问 /v1/authz 接口进行资源授权
+  $CCURL "${Header}" -H"Authorization: Bearer ${token}" http://${INSECURE_AUTHZSERVER}/v1/authz \
+    -d'{"subject":"users:maria","action":"delete","resource":"resources:articles:ladon-introduction","context":{"remoteIPAddress":"192.168.0.5"}}' &>/dev/null
+
+  # 这里要 sleep 5s，等待 iam-pump 将 Redis 中的日志，分析并转存到 MongoDB 中
+  echo "wait 10s to allow iam-pump analyze and dump authorization log into MongoDB ..."
+  sleep 10
+
+  # 5. 查看 MongoDB 中是否有经过解析后的授权日志。
+  echo "db.iam_analytics.find()" | mongosh --quiet "${IAM_PUMP_MONGO_URL}" | grep -q "allow access" || {
+    iam::log::error "cannot find analyzed authorization log in MongoDB"
+      return 1
+    }
+}
+
+iam::test::watcher()
+{
+  ${RCURL} http://${IAM_WATCHER_HOST}:5050/healthz | egrep -q 'status.*ok' || {
+    iam::log::error "cannot access iam-watcher healthz api, iam-watcher maybe down"
+      return 1
+    }
+  iam::log::info "$(echo -e '\033[32mcongratulations, iam-watcher test passed!\033[0m')"
+}
+
+iam::test::iamctl()
+{
+  iamctl user list | egrep -q admin || {
+    iam::log::error "iamctl cannot list users from iam-apiserver"
+      return 1
+    }
+  iam::log::info "$(echo -e '\033[32mcongratulations, iamctl test passed!\033[0m')"
+}
+
+iam::test::man()
+{
+  man iam-apiserver | grep -q 'IAM API Server' || {
+    iam::log::error "iam man page not installed or may not installed properly"
+      return 1
+    }
+  iam::log::info "$(echo -e '\033[32mcongratulations, man test passed!\033[0m')"
+}
+
+iam::test::smoke()
+{
+  iam::test::apiserver
+  iam::test::authzserver
+  iam::test::pump
+  iam::test::watcher
+  iam::test::iamctl
+  iam::log::info "$(echo -e '\033[32mcongratulations, smoke test passed!\033[0m')"
+}
+
+iam::test::test()
+{
+  iam::test::smoke
+  iam::test::man
+
+  iam::log::info "$(echo -e '\033[32mcongratulations, all test passed!\033[0m')"
+}
+
+if [[ "$*" =~ iam::test:: ]];then
+  eval $*
+fi
diff --git a/scripts/install/vimrc b/scripts/install/vimrc
new file mode 100644
index 0000000..5891d3d
--- /dev/null
+++ b/scripts/install/vimrc
@@ -0,0 +1,97 @@
+" common configure
+"set noswapfile
+set mouse=a " 激活鼠标使用
+set wrap " 自动换行
+set sw=4 " 设置软宽度
+set gdefault " 行内替换
+set showmatch " 高亮显示括号匹配    
+set expandtab " 使用空格来替换 Tab
+set tabstop=4 " 设置 Tab 长度为 4 空格    
+set shiftwidth=4 " 设置自动缩进长度为 4 空格    
+set autoindent " 继承前一行的缩进方式，适用于多行注释" 
+set autowrite " 自动保存
+set nocompatible " 关闭 vi 兼容模式
+set history=1000 " 设置历史记录步数
+set confirm " 在处理未保存或只读文件时，弹出确认
+
+" 搜索逐字符高亮
+set hlsearch
+set incsearch
+
+" 从不备份
+set nobackup
+set noswapfile
+
+let g:indentLine_enabled=0
+
+" golang configure ====> start
+let g:go_highlight_methods = 1                 
+let g:go_highlight_operators = 1    
+let g:go_highlight_build_constraints = 1    
+let g:go_fmt_autosave = 1
+let g:go_version_warning = 1    
+let g:go_autodetect_gopath = 1    
+let g:go_highlight_types = 1    
+let g:go_highlight_fields = 1    
+let g:go_highlight_functions = 1    
+let g:go_highlight_function_calls = 1                                             
+let g:go_highlight_extra_types = 1                                                               
+let g:go_highlight_generate_tags = 1    
+let g:go_def_mode = 'gopls'
+let g:go_gopls_enabled = 1
+let g:go_guru_enabled = 1
+let g:go_fmt_experimental = 1    
+let g:go_def_mapping_enabled = 1    
+let g:go_build_tags = '-v'    
+let g:go_fmt_command = "goimports"                       
+let g:go_list_type = "quickfix"    
+let g:go_def_mapping_enable = 1
+
+map <2-LeftMouse> :GoDef <CR>
+map <RightMouse> :GoDefPop <CR>
+map <C-N> :GoCallers <CR>
+map <C-M> :GoCallees <CR>
+map <ScrollWheelUp> <C-Y>
+map <ScrollWheelDown> <C-E>
+unmap <CR>
+map <CR> :GoDef <CR>
+map <C-I> :GoDefPop <CR>
+map <S-K> :GoDoc<cr>
+map <S-M> :GoInfo<cr>
+map <S-T> :GoDefType<cr>
+map <S-L> :GoAddTag<cr>
+map <S-P> :GoImplements<cr>
+map <S-R> :GoRename<cr>
+map <S-F> :GoFillStruct<cr>
+map <S-C> :GoCallers<cr>
+map <S-H> :GoSameIdsToggle<cr>
+
+augroup go
+  autocmd!
+
+  " Show by default 4 spaces for a tab
+  autocmd BufNewFile,BufRead *.go setlocal noexpandtab tabstop=4 shiftwidth=4
+
+  " :GoDef but opens in a vertical split
+  autocmd FileType go nmap <Leader>v <Plug>(go-def-vertical)
+  " :GoDef but opens in a horizontal split
+  autocmd FileType go nmap <Leader>s <Plug>(go-def-split)
+
+  " :GoAlternate  commands :A, :AV, :AS and :AT
+  autocmd Filetype go command! -bang A call go#alternate#Switch(<bang>0, 'edit')
+  autocmd Filetype go command! -bang AV call go#alternate#Switch(<bang>0, 'vsplit')
+  autocmd Filetype go command! -bang AS call go#alternate#Switch(<bang>0, 'split')
+  autocmd Filetype go command! -bang AT call go#alternate#Switch(<bang>0, 'tabe')
+augroup END
+
+" build_go_files is a custom function that builds or compiles the test file.
+" It calls :GoBuild if its a Go file, or :GoTestCompile if it's a test file
+function! s:build_go_files()
+  let l:file = expand('%')
+  if l:file =~# '^\f\+_test\.go$'
+    call go#test#Test(0, 1)
+  elseif l:file =~# '^\f\+\.go$'
+    call go#cmd#Build(0)
+  endif
+endfunction
+" golang configure ====> end
diff --git a/scripts/lib/color.sh b/scripts/lib/color.sh
new file mode 100755
index 0000000..e3d0bdf
--- /dev/null
+++ b/scripts/lib/color.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+#Define color variables
+#Feature
+COLOR_NORMAL='\033[0m';COLOR_BOLD='\033[1m';COLOR_DIM='\033[2m';COLOR_UNDER='\033[4m';
+COLOR_ITALIC='\033[3m';COLOR_NOITALIC='\033[23m';COLOR_BLINK='\033[5m';
+COLOR_REVERSE='\033[7m';COLOR_CONCEAL='\033[8m';COLOR_NOBOLD='\033[22m';
+COLOR_NOUNDER='\033[24m';COLOR_NOBLINK='\033[25m';
+
+#Front color
+COLOR_BLACK='\033[30m';COLOR_RED='\033[31m';COLOR_GREEN='\033[32m';COLOR_YELLOW='\033[33m';
+COLOR_BLUE='\033[34m';COLOR_MAGENTA='\033[35m';COLOR_CYAN='\033[36m';COLOR_WHITE='\033[37m';
+
+#background color
+COLOR_BBLACK='\033[40m';COLOR_BRED='\033[41m';
+COLOR_BGREEN='\033[42m';COLOR_BYELLOW='\033[43m';
+COLOR_BBLUE='\033[44m';COLOR_BMAGENTA='\033[45m';
+COLOR_BCYAN='\033[46m';COLOR_BWHITE='\033[47m';
+
+# Print colors you can use
+kubecub::color::print_color()
+{
+  echo
+  echo -e ${bmagenta}--back-color:${normal}
+  echo "bblack; bgreen; bblue; bcyan; bred; byellow; bmagenta; bwhite"
+  echo
+  echo -e ${red}--font-color:${normal}
+  echo "black; red; green; yellow; blue; magenta; cyan; white"
+  echo
+  echo -e ${bold}--font:${normal}
+  echo "normal; italic; reverse; nounder; bold; noitalic; conceal; noblink;
+  dim; blink; nobold; under"
+  echo
+}
diff --git a/scripts/lib/golang.sh b/scripts/lib/golang.sh
new file mode 100755
index 0000000..2de8bc6
--- /dev/null
+++ b/scripts/lib/golang.sh
@@ -0,0 +1,193 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+# shellcheck disable=SC2034 # Variables sourced in other scripts.
+
+# The server platform we are building on.
+readonly KUBECUB_SUPPORTED_SERVER_PLATFORMS=(
+  linux/amd64
+  linux/arm64
+)
+
+# If we update this we should also update the set of platforms whose standard
+# library is precompiled for in build/build-image/cross/Dockerfile
+readonly KUBECUB_SUPPORTED_CLIENT_PLATFORMS=(
+  linux/amd64
+  linux/arm64
+)
+
+# The set of server targets that we are only building for Linux
+# If you update this list, please also update build/BUILD.
+kubecub::golang::server_targets() {
+  local targets=(
+    kubecub-apiserver
+    kubecub-authz-server
+    kubecub-pump
+    kubecub-watcher
+  )
+  echo "${targets[@]}"
+}
+
+IFS=" " read -ra KUBECUB_SERVER_TARGETS <<< "$(kubecub::golang::server_targets)"
+readonly KUBECUB_SERVER_TARGETS
+readonly KUBECUB_SERVER_BINARIES=("${KUBECUB_SERVER_TARGETS[@]##*/}")
+
+# The set of server targets we build docker images for
+kubecub::golang::server_image_targets() {
+  # NOTE: this contains cmd targets for kubecub::build::get_docker_wrapped_binaries
+  local targets=(
+    cmd/kubecub-apiserver
+    cmd/kubecub-authz-server
+    cmd/kubecub-pump
+    cmd/kubecub-watcher
+  )
+  echo "${targets[@]}"
+}
+
+IFS=" " read -ra KUBECUB_SERVER_IMAGE_TARGETS <<< "$(kubecub::golang::server_image_targets)"
+readonly KUBECUB_SERVER_IMAGE_TARGETS
+readonly KUBECUB_SERVER_IMAGE_BINARIES=("${KUBECUB_SERVER_IMAGE_TARGETS[@]##*/}")
+
+# ------------
+# NOTE: All functions that return lists should use newlines.
+# bash functions can't return arrays, and spaces are tricky, so newline
+# separators are the preferred pattern.
+# To transform a string of newline-separated items to an array, use kubecub::util::read-array:
+# kubecub::util::read-array FOO < <(kubecub::golang::dups a b c a)
+#
+# ALWAYS remember to quote your subshells. Not doing so will break in
+# bash 4.3, and potentially cause other issues.
+# ------------
+
+# Returns a sorted newline-separated list containing only duplicated items.
+kubecub::golang::dups() {
+  # We use printf to insert newlines, which are required by sort.
+  printf "%s\n" "$@" | sort | uniq -d
+}
+
+# Returns a sorted newline-separated list with duplicated items removed.
+kubecub::golang::dedup() {
+  # We use printf to insert newlines, which are required by sort.
+  printf "%s\n" "$@" | sort -u
+}
+
+# Depends on values of user-facing KUBECUB_BUILD_PLATFORMS, KUBECUB_FASTBUILD,
+# and KUBECUB_BUILDER_OS.
+# Configures KUBECUB_SERVER_PLATFORMS and KUBECUB_CLIENT_PLATFORMS, then sets them
+# to readonly.
+# The configured vars will only contain platforms allowed by the
+# KUBECUB_SUPPORTED* vars at the top of this file.
+declare -a KUBECUB_SERVER_PLATFORMS
+declare -a KUBECUB_CLIENT_PLATFORMS
+kubecub::golang::setup_platforms() {
+  if [[ -n "${KUBECUB_BUILD_PLATFORMS:-}" ]]; then
+    # KUBECUB_BUILD_PLATFORMS needs to be read into an array before the next
+    # step, or quoting treats it all as one element.
+    local -a platforms
+    IFS=" " read -ra platforms <<< "${KUBECUB_BUILD_PLATFORMS}"
+
+    # Deduplicate to ensure the intersection trick with kubecub::golang::dups
+    # is not defeated by duplicates in user input.
+    kubecub::util::read-array platforms < <(kubecub::golang::dedup "${platforms[@]}")
+
+    # Use kubecub::golang::dups to restrict the builds to the platforms in
+    # KUBECUB_SUPPORTED_*_PLATFORMS. Items should only appear at most once in each
+    # set, so if they appear twice after the merge they are in the intersection.
+    kubecub::util::read-array KUBECUB_SERVER_PLATFORMS < <(kubecub::golang::dups \
+        "${platforms[@]}" \
+        "${KUBECUB_SUPPORTED_SERVER_PLATFORMS[@]}" \
+      )
+    readonly KUBECUB_SERVER_PLATFORMS
+
+    kubecub::util::read-array KUBECUB_CLIENT_PLATFORMS < <(kubecub::golang::dups \
+        "${platforms[@]}" \
+        "${KUBECUB_SUPPORTED_CLIENT_PLATFORMS[@]}" \
+      )
+    readonly KUBECUB_CLIENT_PLATFORMS
+
+  elif [[ "${KUBECUB_FASTBUILD:-}" == "true" ]]; then
+    KUBECUB_SERVER_PLATFORMS=(linux/amd64)
+    readonly KUBECUB_SERVER_PLATFORMS
+    KUBECUB_CLIENT_PLATFORMS=(linux/amd64)
+    readonly KUBECUB_CLIENT_PLATFORMS
+  else
+    KUBECUB_SERVER_PLATFORMS=("${KUBECUB_SUPPORTED_SERVER_PLATFORMS[@]}")
+    readonly KUBECUB_SERVER_PLATFORMS
+
+    KUBECUB_CLIENT_PLATFORMS=("${KUBECUB_SUPPORTED_CLIENT_PLATFORMS[@]}")
+    readonly KUBECUB_CLIENT_PLATFORMS
+  fi
+}
+
+kubecub::golang::setup_platforms
+
+# The set of client targets that we are building for all platforms
+# If you update this list, please also update build/BUILD.
+readonly KUBECUB_CLIENT_TARGETS=(
+  kubecubctl
+)
+readonly KUBECUB_CLIENT_BINARIES=("${KUBECUB_CLIENT_TARGETS[@]##*/}")
+
+readonly KUBECUB_ALL_TARGETS=(
+  "${KUBECUB_SERVER_TARGETS[@]}"
+  "${KUBECUB_CLIENT_TARGETS[@]}"
+)
+readonly KUBECUB_ALL_BINARIES=("${KUBECUB_ALL_TARGETS[@]##*/}")
+
+# Asks golang what it thinks the host platform is. The go tool chain does some
+# slightly different things when the target platform matches the host platform.
+kubecub::golang::host_platform() {
+  echo "$(go env GOHOSTOS)/$(go env GOHOSTARCH)"
+}
+
+# Ensure the go tool exists and is a viable version.
+kubecub::golang::verify_go_version() {
+  if [[ -z "$(command -v go)" ]]; then
+    kubecub::log::usage_from_stdin <<EOF
+Can't find 'go' in PATH, please fix and retry.
+See http://golang.org/doc/install for installation instructions.
+EOF
+    return 2
+  fi
+
+  local go_version
+  IFS=" " read -ra go_version <<< "$(go version)"
+  local minimum_go_version
+  minimum_go_version=go1.13.4
+  if [[ "${minimum_go_version}" != $(echo -e "${minimum_go_version}\n${go_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) && "${go_version[2]}" != "devel" ]]; then
+    kubecub::log::usage_from_stdin <<EOF
+Detected go version: ${go_version[*]}.
+kubecub requires ${minimum_go_version} or greater.
+Please install ${minimum_go_version} or later.
+EOF
+    return 2
+  fi
+}
+
+# kubecub::golang::setup_env will check that the `go` commands is available in
+# ${PATH}. It will also check that the Go version is good enough for the
+# kubecub build.
+#
+# Outputs:
+#   env-var GOBIN is unset (we want binaries in a predictable place)
+#   env-var GO15VENDOREXPERIMENT=1
+#   env-var GO111MODULE=on
+kubecub::golang::setup_env() {
+  kubecub::golang::verify_go_version
+
+  # Unset GOBIN in case it already exists in the current session.
+  unset GOBIN
+
+  # This seems to matter to some tools
+  export GO15VENDOREXPERIMENT=1
+
+  # Open go module feature
+  export GO111MODULE=on
+
+  # This is for sanity.  Without it, user umasks leak through into release
+  # artifacts.
+  umask 0022
+}
diff --git a/scripts/lib/init.sh b/scripts/lib/init.sh
new file mode 100755
index 0000000..d5ae69c
--- /dev/null
+++ b/scripts/lib/init.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+set -o errexit
+set +o nounset
+set -o pipefail
+
+# Unset CDPATH so that path interpolation can work correctly
+# https://github.com/kubecubrnetes/kubecubrnetes/issues/52255
+unset CDPATH
+
+# Default use go modules
+export GO111MODULE=on
+
+# The root of the build/dist directory
+KUBECUB_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)"
+
+source "${KUBECUB_ROOT}/scripts/lib/util.sh"
+source "${KUBECUB_ROOT}/scripts/lib/logging.sh"
+source "${KUBECUB_ROOT}/scripts/lib/color.sh"
+
+kubecub::log::install_errexit
+
+source "${KUBECUB_ROOT}/scripts/lib/version.sh"
+source "${KUBECUB_ROOT}/scripts/lib/golang.sh"
diff --git a/scripts/lib/logging.sh b/scripts/lib/logging.sh
new file mode 100755
index 0000000..8c325dc
--- /dev/null
+++ b/scripts/lib/logging.sh
@@ -0,0 +1,161 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+# Controls verbosity of the script output and logging.
+KUBECUB_VERBOSE="${KUBECUB_VERBOSE:-5}"
+
+# Handler for when we exit automatically on an error.
+# Borrowed from https://gist.github.com/ahendrix/7030300
+kubecub::log::errexit() {
+  local err="${PIPESTATUS[*]}"
+
+  # If the shell we are in doesn't have errexit set (common in subshells) then
+  # don't dump stacks.
+  set +o | grep -qe "-o errexit" || return
+
+  set +o xtrace
+  local code="${1:-1}"
+  # Print out the stack trace described by $function_stack
+  if [ ${#FUNCNAME[@]} -gt 2 ]
+  then
+    kubecub::log::error "Call tree:"
+    for ((i=1;i<${#FUNCNAME[@]}-1;i++))
+    do
+      kubecub::log::error " ${i}: ${BASH_SOURCE[${i}+1]}:${BASH_LINENO[${i}]} ${FUNCNAME[${i}]}(...)"
+    done
+  fi
+  kubecub::log::error_exit "Error in ${BASH_SOURCE[1]}:${BASH_LINENO[0]}. '${BASH_COMMAND}' exited with status ${err}" "${1:-1}" 1
+}
+
+kubecub::log::install_errexit() {
+  # trap ERR to provide an error handler whenever a command exits nonzero  this
+  # is a more verbose version of set -o errexit
+  trap 'kubecub::log::errexit' ERR
+
+  # setting errtrace allows our ERR trap handler to be propagated to functions,
+  # expansions and subshells
+  set -o errtrace
+}
+
+# Print out the stack trace
+#
+# Args:
+#   $1 The number of stack frames to skip when printing.
+kubecub::log::stack() {
+  local stack_skip=${1:-0}
+  stack_skip=$((stack_skip + 1))
+  if [[ ${#FUNCNAME[@]} -gt ${stack_skip} ]]; then
+    echo "Call stack:" >&2
+    local i
+    for ((i=1 ; i <= ${#FUNCNAME[@]} - stack_skip ; i++))
+    do
+      local frame_no=$((i - 1 + stack_skip))
+      local source_file=${BASH_SOURCE[${frame_no}]}
+      local source_lineno=${BASH_LINENO[$((frame_no - 1))]}
+      local funcname=${FUNCNAME[${frame_no}]}
+      echo "  ${i}: ${source_file}:${source_lineno} ${funcname}(...)" >&2
+    done
+  fi
+}
+
+# Log an error and exit.
+# Args:
+#   $1 Message to log with the error
+#   $2 The error code to return
+#   $3 The number of stack frames to skip when printing.
+kubecub::log::error_exit() {
+  local message="${1:-}"
+  local code="${2:-1}"
+  local stack_skip="${3:-0}"
+  stack_skip=$((stack_skip + 1))
+
+  if [[ ${KUBECUB_VERBOSE} -ge 4 ]]; then
+    local source_file=${BASH_SOURCE[${stack_skip}]}
+    local source_line=${BASH_LINENO[$((stack_skip - 1))]}
+    echo "!!! Error in ${source_file}:${source_line}" >&2
+    [[ -z ${1-} ]] || {
+      echo "  ${1}" >&2
+    }
+
+    kubecub::log::stack ${stack_skip}
+
+    echo "Exiting with status ${code}" >&2
+  fi
+
+  exit "${code}"
+}
+
+# Log an error but keep going.  Don't dump the stack or exit.
+kubecub::log::error() {
+  timestamp=$(date +"[%m%d %H:%M:%S]")
+  echo "!!! ${timestamp} ${1-}" >&2
+  shift
+  for message; do
+    echo "    ${message}" >&2
+  done
+}
+
+# Print an usage message to stderr.  The arguments are printed directly.
+kubecub::log::usage() {
+  echo >&2
+  local message
+  for message; do
+    echo "${message}" >&2
+  done
+  echo >&2
+}
+
+kubecub::log::usage_from_stdin() {
+  local messages=()
+  while read -r line; do
+    messages+=("${line}")
+  done
+
+  kubecub::log::usage "${messages[@]}"
+}
+
+# Print out some info that isn't a top level status line
+kubecub::log::info() {
+  local V="${V:-0}"
+  if [[ ${KUBECUB_VERBOSE} < ${V} ]]; then
+    return
+  fi
+
+  for message; do
+    echo "${message}"
+  done
+}
+
+# Just like kubecub::log::info, but no \n, so you can make a progress bar
+kubecub::log::progress() {
+  for message; do
+    echo -e -n "${message}"
+  done
+}
+
+kubecub::log::info_from_stdin() {
+  local messages=()
+  while read -r line; do
+    messages+=("${line}")
+  done
+
+  kubecub::log::info "${messages[@]}"
+}
+
+# Print a status line.  Formatted to show up in a stream of output.
+kubecub::log::status() {
+  local V="${V:-0}"
+  if [[ ${KUBECUB_VERBOSE} < ${V} ]]; then
+    return
+  fi
+
+  timestamp=$(date +"[%m%d %H:%M:%S]")
+  echo "+++ ${timestamp} ${1}"
+  shift
+  for message; do
+    echo "    ${message}"
+  done
+}
diff --git a/scripts/lib/release.sh b/scripts/lib/release.sh
new file mode 100755
index 0000000..4ff4317
--- /dev/null
+++ b/scripts/lib/release.sh
@@ -0,0 +1,596 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+# This file creates release artifacts (tar files, container images) that are
+# ready to distribute to install or distribute to end users.
+
+###############################################################################
+# Most of the ::release:: namespace functions have been moved to
+# github.com/kubecub/release.  Have a look in that repo and specifically in
+# lib/releaselib.sh for ::release::-related functionality.
+###############################################################################
+
+# Tencent cos configuration
+readonly BUCKET="marmotedu-1254073058"
+readonly REGION="ap-beijing"
+readonly COS_RELEASE_DIR="kubecub-release"
+readonly COSTOOL="coscmd"
+
+# This is where the final release artifacts are created locally
+readonly RELEASE_STAGE="${LOCAL_OUTPUT_ROOT}/release-stage"
+readonly RELEASE_TARS="${LOCAL_OUTPUT_ROOT}/release-tars"
+readonly RELEASE_IMAGES="${LOCAL_OUTPUT_ROOT}/release-images"
+
+# kubecub github account info
+readonly KUBECUB_GITHUB_ORG=marmotedu
+readonly KUBECUB_GITHUB_REPO=kubecub
+
+readonly ARTIFACT=kubecub.tar.gz
+readonly CHECKSUM=${ARTIFACT}.sha1sum
+
+KUBECUB_BUILD_CONFORMANCE=${KUBECUB_BUILD_CONFORMANCE:-y}
+KUBECUB_BUILD_PULL_LATEST_IMAGES=${KUBECUB_BUILD_PULL_LATEST_IMAGES:-y}
+
+# Validate a ci version
+#
+# Globals:
+#   None
+# Arguments:
+#   version
+# Returns:
+#   If version is a valid ci version
+# Sets:                    (e.g. for '1.2.3-alpha.4.56+abcdef12345678')
+#   VERSION_MAJOR          (e.g. '1')
+#   VERSION_MINOR          (e.g. '2')
+#   VERSION_PATCH          (e.g. '3')
+#   VERSION_PRERELEASE     (e.g. 'alpha')
+#   VERSION_PRERELEASE_REV (e.g. '4')
+#   VERSION_BUILD_INFO     (e.g. '.56+abcdef12345678')
+#   VERSION_COMMITS        (e.g. '56')
+function kubecub::release::parse_and_validate_ci_version() {
+  # Accept things like "v1.2.3-alpha.4.56+abcdef12345678" or "v1.2.3-beta.4"
+  local -r version_regex="^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)-([a-zA-Z0-9]+)\\.(0|[1-9][0-9]*)(\\.(0|[1-9][0-9]*)\\+[0-9a-f]{7,40})?$"
+  local -r version="${1-}"
+  [[ "${version}" =~ ${version_regex} ]] || {
+    kubecub::log::error "Invalid ci version: '${version}', must match regex ${version_regex}"
+    return 1
+  }
+
+  # The VERSION variables are used when this file is sourced, hence
+  # the shellcheck SC2034 'appears unused' warning is to be ignored.
+
+  # shellcheck disable=SC2034
+  VERSION_MAJOR="${BASH_REMATCH[1]}"
+  # shellcheck disable=SC2034
+  VERSION_MINOR="${BASH_REMATCH[2]}"
+  # shellcheck disable=SC2034
+  VERSION_PATCH="${BASH_REMATCH[3]}"
+  # shellcheck disable=SC2034
+  VERSION_PRERELEASE="${BASH_REMATCH[4]}"
+  # shellcheck disable=SC2034
+  VERSION_PRERELEASE_REV="${BASH_REMATCH[5]}"
+  # shellcheck disable=SC2034
+  VERSION_BUILD_INFO="${BASH_REMATCH[6]}"
+  # shellcheck disable=SC2034
+  VERSION_COMMITS="${BASH_REMATCH[7]}"
+}
+
+# ---------------------------------------------------------------------------
+# Build final release artifacts
+function kubecub::release::clean_cruft() {
+  # Clean out cruft
+  find "${RELEASE_STAGE}" -name '*~' -exec rm {} \;
+  find "${RELEASE_STAGE}" -name '#*#' -exec rm {} \;
+  find "${RELEASE_STAGE}" -name '.DS*' -exec rm {} \;
+}
+
+function kubecub::release::package_tarballs() {
+  # Clean out any old releases
+  rm -rf "${RELEASE_STAGE}" "${RELEASE_TARS}" "${RELEASE_IMAGES}"
+  mkdir -p "${RELEASE_TARS}"
+  kubecub::release::package_src_tarball &
+  kubecub::release::package_client_tarballs &
+  kubecub::release::package_KUBECUB_manifests_tarball &
+  kubecub::release::package_server_tarballs &
+  kubecub::util::wait-for-jobs || { kubecub::log::error "previous tarball phase failed"; return 1; }
+
+  kubecub::release::package_final_tarball & # _final depends on some of the previous phases
+  kubecub::util::wait-for-jobs || { kubecub::log::error "previous tarball phase failed"; return 1; }
+}
+
+function kubecub::release::updload_tarballs() {
+  kubecub::log::info "upload ${RELEASE_TARS}/* to cos bucket ${BUCKET}."
+  for file in $(ls ${RELEASE_TARS}/*)
+  do
+    if [ "${COSTOOL}" == "coscli" ];then
+      coscli cp "${file}" "cos://${BUCKET}/${COS_RELEASE_DIR}/${KUBECUB_GIT_VERSION}/${file##*/}"
+      coscli cp "${file}" "cos://${BUCKET}/${COS_RELEASE_DIR}/latest/${file##*/}"
+    else
+      coscmd upload  "${file}" "${COS_RELEASE_DIR}/${KUBECUB_GIT_VERSION}/"
+      coscmd upload  "${file}" "${COS_RELEASE_DIR}/latest/"
+    fi
+  done
+}
+
+# Package the source code we built, for compliance/licensing/audit/yadda.
+function kubecub::release::package_src_tarball() {
+  local -r src_tarball="${RELEASE_TARS}/kubecub-src.tar.gz"
+  kubecub::log::status "Building tarball: src"
+  if [[ "${KUBECUB_GIT_TREE_STATE-}" = 'clean' ]]; then
+    git archive -o "${src_tarball}" HEAD
+  else
+    find "${KUBECUB_ROOT}" -mindepth 1 -maxdepth 1 \
+      ! \( \
+      \( -path "${KUBECUB_ROOT}"/_\* -o \
+      -path "${KUBECUB_ROOT}"/.git\* -o \
+      -path "${KUBECUB_ROOT}"/.gitignore\* -o \
+      -path "${KUBECUB_ROOT}"/.gsemver.yaml\* -o \
+      -path "${KUBECUB_ROOT}"/.config\* -o \
+      -path "${KUBECUB_ROOT}"/.chglog\* -o \
+      -path "${KUBECUB_ROOT}"/.gitlint -o \
+      -path "${KUBECUB_ROOT}"/.golangci.yaml -o \
+      -path "${KUBECUB_ROOT}"/.goreleaser.yml -o \
+      -path "${KUBECUB_ROOT}"/.note.md -o \
+      -path "${KUBECUB_ROOT}"/.todo.md \
+      \) -prune \
+      \) -print0 \
+      | "${TAR}" czf "${src_tarball}" --transform "s|${KUBECUB_ROOT#/*}|kubecub|" --null -T -
+  fi
+}
+
+# Package up all of the server binaries
+function kubecub::release::package_server_tarballs() {
+  # Find all of the built client binaries
+  local long_platforms=("${LOCAL_OUTPUT_BINPATH}"/*/*)
+  if [[ -n ${KUBECUB_BUILD_PLATFORMS-} ]]; then
+    read -ra long_platforms <<< "${KUBECUB_BUILD_PLATFORMS}"
+  fi
+
+  for platform_long in "${long_platforms[@]}"; do
+    local platform
+    local platform_tag
+    platform=${platform_long##${LOCAL_OUTPUT_BINPATH}/} # Strip LOCAL_OUTPUT_BINPATH
+    platform_tag=${platform/\//-} # Replace a "/" for a "-"
+    kubecub::log::status "Starting tarball: server $platform_tag"
+
+    (
+    local release_stage="${RELEASE_STAGE}/server/${platform_tag}/kubecub"
+    rm -rf "${release_stage}"
+    mkdir -p "${release_stage}/server/bin"
+
+    local server_bins=("${KUBECUB_SERVER_BINARIES[@]}")
+
+      # This fancy expression will expand to prepend a path
+      # (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
+      # server_bins array.
+      cp "${server_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
+        "${release_stage}/server/bin/"
+
+      kubecub::release::clean_cruft
+
+      local package_name="${RELEASE_TARS}/kubecub-server-${platform_tag}.tar.gz"
+      kubecub::release::create_tarball "${package_name}" "${release_stage}/.."
+      ) &
+    done
+
+    kubecub::log::status "Waiting on tarballs"
+    kubecub::util::wait-for-jobs || { kubecub::log::error "server tarball creation failed"; exit 1; }
+  }
+
+# Package up all of the cross compiled clients. Over time this should grow into
+# a full SDK
+function kubecub::release::package_client_tarballs() {
+  # Find all of the built client binaries
+  local long_platforms=("${LOCAL_OUTPUT_BINPATH}"/*/*)
+  if [[ -n ${KUBECUB_BUILD_PLATFORMS-} ]]; then
+    read -ra long_platforms <<< "${KUBECUB_BUILD_PLATFORMS}"
+  fi
+
+  for platform_long in "${long_platforms[@]}"; do
+    local platform
+    local platform_tag
+    platform=${platform_long##${LOCAL_OUTPUT_BINPATH}/} # Strip LOCAL_OUTPUT_BINPATH
+    platform_tag=${platform/\//-} # Replace a "/" for a "-"
+    kubecub::log::status "Starting tarball: client $platform_tag"
+
+    (
+    local release_stage="${RELEASE_STAGE}/client/${platform_tag}/kubecub"
+    rm -rf "${release_stage}"
+    mkdir -p "${release_stage}/client/bin"
+
+    local client_bins=("${KUBECUB_CLIENT_BINARIES[@]}")
+
+      # This fancy expression will expand to prepend a path
+      # (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
+      # client_bins array.
+      cp "${client_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
+        "${release_stage}/client/bin/"
+
+      kubecub::release::clean_cruft
+
+      local package_name="${RELEASE_TARS}/kubecub-client-${platform_tag}.tar.gz"
+      kubecub::release::create_tarball "${package_name}" "${release_stage}/.."
+    ) &
+  done
+
+  kubecub::log::status "Waiting on tarballs"
+  kubecub::util::wait-for-jobs || { kubecub::log::error "client tarball creation failed"; exit 1; }
+}
+
+# Package up all of the server binaries in docker images
+function kubecub::release::build_server_images() {
+  # Clean out any old images
+  rm -rf "${RELEASE_IMAGES}"
+  local platform
+  for platform in "${KUBECUB_SERVER_PLATFORMS[@]}"; do
+    local platform_tag
+    local arch
+    platform_tag=${platform/\//-} # Replace a "/" for a "-"
+    arch=$(basename "${platform}")
+    kubecub::log::status "Building images: $platform_tag"
+
+    local release_stage
+    release_stage="${RELEASE_STAGE}/server/${platform_tag}/kubecub"
+    rm -rf "${release_stage}"
+    mkdir -p "${release_stage}/server/bin"
+
+    # This fancy expression will expand to prepend a path
+    # (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
+    # KUBECUB_SERVER_IMAGE_BINARIES array.
+    cp "${KUBECUB_SERVER_IMAGE_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
+      "${release_stage}/server/bin/"
+
+    kubecub::release::create_docker_images_for_server "${release_stage}/server/bin" "${arch}"
+  done
+}
+
+function kubecub::release::md5() {
+  if which md5 >/dev/null 2>&1; then
+    md5 -q "$1"
+  else
+    md5sum "$1" | awk '{ print $1 }'
+  fi
+}
+
+function kubecub::release::sha1() {
+  if which sha1sum >/dev/null 2>&1; then
+    sha1sum "$1" | awk '{ print $1 }'
+  else
+    shasum -a1 "$1" | awk '{ print $1 }'
+  fi
+}
+
+function kubecub::release::build_conformance_image() {
+  local -r arch="$1"
+  local -r registry="$2"
+  local -r version="$3"
+  local -r save_dir="${4-}"
+  kubecub::log::status "Building conformance image for arch: ${arch}"
+  ARCH="${arch}" REGISTRY="${registry}" VERSION="${version}" \
+    make -C cluster/images/conformance/ build >/dev/null
+
+  local conformance_tag
+  conformance_tag="${registry}/conformance-${arch}:${version}"
+  if [[ -n "${save_dir}" ]]; then
+    "${DOCKER[@]}" save "${conformance_tag}" > "${save_dir}/conformance-${arch}.tar"
+  fi
+  kubecub::log::status "Deleting conformance image ${conformance_tag}"
+  "${DOCKER[@]}" rmi "${conformance_tag}" &>/dev/null || true
+}
+
+# This builds all the release docker images (One docker image per binary)
+# Args:
+#  $1 - binary_dir, the directory to save the tared images to.
+#  $2 - arch, architecture for which we are building docker images.
+function kubecub::release::create_docker_images_for_server() {
+  # Create a sub-shell so that we don't pollute the outer environment
+  (
+    local binary_dir
+    local arch
+    local binaries
+    local images_dir
+    binary_dir="$1"
+    arch="$2"
+    binaries=$(kubecub::build::get_docker_wrapped_binaries "${arch}")
+    images_dir="${RELEASE_IMAGES}/${arch}"
+    mkdir -p "${images_dir}"
+
+    # k8s.gcr.io is the constant tag in the docker archives, this is also the default for config scripts in GKE.
+    # We can use KUBECUB_DOCKER_REGISTRY to include and extra registry in the docker archive.
+    # If we use KUBECUB_DOCKER_REGISTRY="k8s.gcr.io", then the extra tag (same) is ignored, see release_docker_image_tag below.
+    local -r docker_registry="k8s.gcr.io"
+    # Docker tags cannot contain '+'
+    local docker_tag="${KUBECUB_GIT_VERSION/+/_}"
+    if [[ -z "${docker_tag}" ]]; then
+      kubecub::log::error "git version information missing; cannot create Docker tag"
+      return 1
+    fi
+
+    # provide `--pull` argument to `docker build` if `KUBECUB_BUILD_PULL_LATEST_IMAGES`
+    # is set to y or Y; otherwise try to build the image without forcefully
+    # pulling the latest base image.
+    local docker_build_opts
+    docker_build_opts=
+    if [[ "${KUBECUB_BUILD_PULL_LATEST_IMAGES}" =~ [yY] ]]; then
+        docker_build_opts='--pull'
+    fi
+
+    for wrappable in $binaries; do
+
+      local binary_name=${wrappable%%,*}
+      local base_image=${wrappable##*,}
+      local binary_file_path="${binary_dir}/${binary_name}"
+      local docker_build_path="${binary_file_path}.dockerbuild"
+      local docker_file_path="${docker_build_path}/Dockerfile"
+      local docker_image_tag="${docker_registry}/${binary_name}-${arch}:${docker_tag}"
+
+      kubecub::log::status "Starting docker build for image: ${binary_name}-${arch}"
+      (
+        rm -rf "${docker_build_path}"
+        mkdir -p "${docker_build_path}"
+        ln "${binary_file_path}" "${docker_build_path}/${binary_name}"
+        ln "${KUBECUB_ROOT}/build/nsswitch.conf" "${docker_build_path}/nsswitch.conf"
+        chmod 0644 "${docker_build_path}/nsswitch.conf"
+        cat <<EOF > "${docker_file_path}"
+FROM ${base_image}
+COPY ${binary_name} /usr/local/bin/${binary_name}
+EOF
+        # ensure /etc/nsswitch.conf exists so go's resolver respects /etc/hosts
+        if [[ "${base_image}" =~ busybox ]]; then
+          echo "COPY nsswitch.conf /etc/" >> "${docker_file_path}"
+        fi
+
+        "${DOCKER[@]}" build ${docker_build_opts:+"${docker_build_opts}"} -q -t "${docker_image_tag}" "${docker_build_path}" >/dev/null
+        # If we are building an official/alpha/beta release we want to keep
+        # docker images and tag them appropriately.
+        local -r release_docker_image_tag="${KUBECUB_DOCKER_REGISTRY-$docker_registry}/${binary_name}-${arch}:${KUBECUB_DOCKER_IMAGE_TAG-$docker_tag}"
+        if [[ "${release_docker_image_tag}" != "${docker_image_tag}" ]]; then
+          kubecub::log::status "Tagging docker image ${docker_image_tag} as ${release_docker_image_tag}"
+          "${DOCKER[@]}" rmi "${release_docker_image_tag}" 2>/dev/null || true
+          "${DOCKER[@]}" tag "${docker_image_tag}" "${release_docker_image_tag}" 2>/dev/null
+        fi
+        "${DOCKER[@]}" save -o "${binary_file_path}.tar" "${docker_image_tag}" "${release_docker_image_tag}"
+        echo "${docker_tag}" > "${binary_file_path}.docker_tag"
+        rm -rf "${docker_build_path}"
+        ln "${binary_file_path}.tar" "${images_dir}/"
+
+        kubecub::log::status "Deleting docker image ${docker_image_tag}"
+        "${DOCKER[@]}" rmi "${docker_image_tag}" &>/dev/null || true
+      ) &
+    done
+
+    if [[ "${KUBECUB_BUILD_CONFORMANCE}" =~ [yY] ]]; then
+      kubecub::release::build_conformance_image "${arch}" "${docker_registry}" \
+        "${docker_tag}" "${images_dir}" &
+    fi
+
+    kubecub::util::wait-for-jobs || { kubecub::log::error "previous Docker build failed"; return 1; }
+    kubecub::log::status "Docker builds done"
+  )
+
+}
+
+# This will pack kubecub-system manifests files for distros such as COS.
+function kubecub::release::package_KUBECUB_manifests_tarball() {
+  kubecub::log::status "Building tarball: manifests"
+
+  local src_dir="${KUBECUB_ROOT}/deployments"
+
+  local release_stage="${RELEASE_STAGE}/manifests/kubecub"
+  rm -rf "${release_stage}"
+
+  local dst_dir="${release_stage}"
+  mkdir -p "${dst_dir}"
+  cp -r ${src_dir}/* "${dst_dir}"
+  #cp "${src_dir}/kubecub-apiserver.yaml" "${dst_dir}"
+  #cp "${src_dir}/kubecub-authz-server.yaml" "${dst_dir}"
+  #cp "${src_dir}/kubecub-pump.yaml" "${dst_dir}"
+  #cp "${src_dir}/kubecub-watcher.yaml" "${dst_dir}"
+  #cp "${KUBECUB_ROOT}/cluster/gce/gci/health-monitor.sh" "${dst_dir}/health-monitor.sh"
+
+  kubecub::release::clean_cruft
+
+  local package_name="${RELEASE_TARS}/kubecub-manifests.tar.gz"
+  kubecub::release::create_tarball "${package_name}" "${release_stage}/.."
+}
+
+# This is all the platform-independent stuff you need to run/install kubecub.
+# Arch-specific binaries will need to be downloaded separately (possibly by
+# using the bundled cluster/get-kubecub-binaries.sh script).
+# Included in this tarball:
+#   - Cluster spin up/down scripts and configs for various cloud providers
+#   - Tarballs for manifest configs that are ready to be uploaded
+#   - Examples (which may or may not still work)
+#   - The remnants of the docs/ directory
+function kubecub::release::package_final_tarball() {
+  kubecub::log::status "Building tarball: final"
+
+  # This isn't a "full" tarball anymore, but the release lib still expects
+  # artifacts under "full/kubecub/"
+  local release_stage="${RELEASE_STAGE}/full/kubecub"
+  rm -rf "${release_stage}"
+  mkdir -p "${release_stage}"
+
+  mkdir -p "${release_stage}/client"
+  cat <<EOF > "${release_stage}/client/README"
+Client binaries are no longer included in the kubecub final tarball.
+
+Run release/get-kubecub-binaries.sh to download client and server binaries.
+EOF
+
+  # We want everything in /scripts.
+  mkdir -p "${release_stage}/release"
+  cp -R "${KUBECUB_ROOT}/scripts/release" "${release_stage}/"
+  cat <<EOF > "${release_stage}/release/get-kubecub-binaries.sh"
+#!/usr/bin/env bash
+
+# Copyright 2020 Lingfei Kong <colin404@foxmail.com>. All rights reserved.
+# Use of this source code is governed by a MIT style
+# license that can be found in the LICENSE file.
+
+# This file download kubecub client and server binaries from tencent cos bucket.
+
+os=linux arch=amd64 version=${KUBECUB_GIT_VERSION} && wget https://${BUCKET}.cos.${REGION}.myqcloud.com/${COS_RELEASE_DIR}/\$version/{kubecub-client-\$os-\$arch.tar.gz,kubecub-server-\$os-\$arch.tar.gz}
+EOF
+  chmod +x ${release_stage}/release/get-kubecub-binaries.sh
+
+  mkdir -p "${release_stage}/server"
+  cp "${RELEASE_TARS}/kubecub-manifests.tar.gz" "${release_stage}/server/"
+  cat <<EOF > "${release_stage}/server/README"
+Server binary tarballs are no longer included in the kubecub final tarball.
+
+Run release/get-kubecub-binaries.sh to download client and server binaries.
+EOF
+
+  # Include hack/lib as a dependency for the cluster/ scripts
+  #mkdir -p "${release_stage}/hack"
+  #cp -R "${KUBECUB_ROOT}/hack/lib" "${release_stage}/hack/"
+
+  cp -R ${KUBECUB_ROOT}/{docs,configs,scripts,deployments,init,README.md,LICENSE} "${release_stage}/"
+
+  echo "${KUBECUB_GIT_VERSION}" > "${release_stage}/version"
+
+  kubecub::release::clean_cruft
+
+  local package_name="${RELEASE_TARS}/${ARTIFACT}"
+  kubecub::release::create_tarball "${package_name}" "${release_stage}/.."
+}
+
+# Build a release tarball.  $1 is the output tar name.  $2 is the base directory
+# of the files to be packaged.  This assumes that ${2}/kubecubis what is
+# being packaged.
+function kubecub::release::create_tarball() {
+  kubecub::build::ensure_tar
+
+  local tarfile=$1
+  local stagingdir=$2
+
+  "${TAR}" czf "${tarfile}" -C "${stagingdir}" kubecub --owner=0 --group=0
+}
+
+function kubecub::release::install_github_release(){
+  GO111MODULE=on go install github.com/github-release/github-release@latest
+}
+
+# Require the following tools:
+# - github-release
+# - gsemver
+# - git-chglog
+# - coscmd or coscli
+function kubecub::release::verify_prereqs(){
+  if [ -z "$(which github-release 2>/dev/null)" ]; then
+    kubecub::log::info "'github-release' tool not installed, try to install it."
+
+    if ! kubecub::release::install_github_release; then
+      kubecub::log::error "failed to install 'github-release'"
+      return 1
+    fi
+  fi
+
+  if [ -z "$(which git-chglog 2>/dev/null)" ]; then
+    kubecub::log::info "'git-chglog' tool not installed, try to install it."
+
+    if ! go install github.com/git-chglog/git-chglog/cmd/git-chglog@latest &>/dev/null; then
+      kubecub::log::error "failed to install 'git-chglog'"
+      return 1
+    fi
+  fi
+
+  if [ -z "$(which gsemver 2>/dev/null)" ]; then
+    kubecub::log::info "'gsemver' tool not installed, try to install it."
+
+    if ! go install github.com/arnaud-deprez/gsemver@latest &>/dev/null; then
+      kubecub::log::error "failed to install 'gsemver'"
+      return 1
+    fi
+  fi
+
+
+  if [ -z "$(which ${COSTOOL} 2>/dev/null)" ]; then
+    kubecub::log::info "${COSTOOL} tool not installed, try to install it."
+
+    if ! make -C "${KUBECUB_ROOT}" tools.install.${COSTOOL}; then
+      kubecub::log::error "failed to install ${COSTOOL}"
+      return 1
+    fi
+  fi
+
+  if [ -z "${TENCENT_SECRET_ID}" -o -z "${TENCENT_SECRET_KEY}" ];then
+      kubecub::log::error "can not find env: TENCENT_SECRET_ID and TENCENT_SECRET_KEY"
+      return 1
+  fi
+
+  if [ "${COSTOOL}" == "coscli" ];then
+    if [ ! -f "${HOME}/.cos.yaml" ];then
+      cat << EOF > "${HOME}/.cos.yaml"
+cos:
+  base:
+    secretid: ${TENCENT_SECRET_ID}
+    secretkey: ${TENCENT_SECRET_KEY}
+    sessiontoken: ""
+  buckets:
+  - name: ${BUCKET}
+    alias: ${BUCKET}
+    region: ${REGION}
+EOF
+    fi
+  else
+    if [ ! -f "${HOME}/.cos.conf" ];then
+      cat << EOF > "${HOME}/.cos.conf"
+[common]
+secret_id = ${TENCENT_SECRET_ID}
+secret_key = ${TENCENT_SECRET_KEY}
+bucket = ${BUCKET}
+region =${REGION}
+max_thread = 5
+part_size = 1
+schema = https
+EOF
+    fi
+  fi
+}
+
+# Create a github release with specified tarballs.
+# NOTICE: Must export 'GITHUB_TOKEN' env in the shell, details:
+# https://github.com/github-release/github-release
+function kubecub::release::github_release() {
+  # create a github release
+  kubecub::log::info "create a new github release with tag ${KUBECUB_GIT_VERSION}"
+  github-release release \
+    --user ${KUBECUB_GITHUB_ORG} \
+    --repo ${KUBECUB_GITHUB_REPO} \
+    --tag ${KUBECUB_GIT_VERSION} \
+    --description "" \
+    --pre-release
+
+  # update kubecub tarballs
+  kubecub::log::info "upload ${ARTIFACT} to release ${KUBECUB_GIT_VERSION}"
+  github-release upload \
+    --user ${KUBECUB_GITHUB_ORG} \
+    --repo ${KUBECUB_GITHUB_REPO} \
+    --tag ${KUBECUB_GIT_VERSION} \
+    --name ${ARTIFACT} \
+    --file ${RELEASE_TARS}/${ARTIFACT}
+
+  kubecub::log::info "upload kubecub-src.tar.gz to release ${KUBECUB_GIT_VERSION}"
+  github-release upload \
+    --user ${KUBECUB_GITHUB_ORG} \
+    --repo ${KUBECUB_GITHUB_REPO} \
+    --tag ${KUBECUB_GIT_VERSION} \
+    --name "kubecub-src.tar.gz" \
+    --file ${RELEASE_TARS}/kubecub-src.tar.gz
+}
+
+function kubecub::release::generate_changelog() {
+  kubecub::log::info "generate CHANGELOG-${KUBECUB_GIT_VERSION#v}.md and commit it"
+
+  git-chglog ${KUBECUB_GIT_VERSION} > ${KUBECUB_ROOT}/CHANGELOG/CHANGELOG-${KUBECUB_GIT_VERSION#v}.md
+
+  set +o errexit
+  git add ${KUBECUB_ROOT}/CHANGELOG/CHANGELOG-${KUBECUB_GIT_VERSION#v}.md
+  git commit -a -m "docs(changelog): add CHANGELOG-${KUBECUB_GIT_VERSION#v}.md"
+  git push -f origin master # 最后将 CHANGELOG 也 push 上去
+}
diff --git a/scripts/lib/util.sh b/scripts/lib/util.sh
new file mode 100755
index 0000000..82f9848
--- /dev/null
+++ b/scripts/lib/util.sh
@@ -0,0 +1,683 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+function kubecub::util::sourced_variable {
+  # Call this function to tell shellcheck that a variable is supposed to
+  # be used from other calling context. This helps quiet an "unused
+  # variable" warning from shellcheck and also document your code.
+  true
+}
+
+kubecub::util::sortable_date() {
+  date "+%Y%m%d-%H%M%S"
+}
+
+# arguments: target, item1, item2, item3, ...
+# returns 0 if target is in the given items, 1 otherwise.
+kubecub::util::array_contains() {
+  local search="$1"
+  local element
+  shift
+  for element; do
+    if [[ "${element}" == "${search}" ]]; then
+      return 0
+     fi
+  done
+  return 1
+}
+
+kubecub::util::wait_for_url() {
+  local url=$1
+  local prefix=${2:-}
+  local wait=${3:-1}
+  local times=${4:-30}
+  local maxtime=${5:-1}
+
+  command -v curl >/dev/null || {
+    kubecub::log::usage "curl must be installed"
+    exit 1
+  }
+
+  local i
+  for i in $(seq 1 "${times}"); do
+    local out
+    if out=$(curl --max-time "${maxtime}" -gkfs "${url}" 2>/dev/null); then
+      kubecub::log::status "On try ${i}, ${prefix}: ${out}"
+      return 0
+    fi
+    sleep "${wait}"
+  done
+  kubecub::log::error "Timed out waiting for ${prefix} to answer at ${url}; tried ${times} waiting ${wait} between each"
+  return 1
+}
+
+# Example:  kubecub::util::wait_for_success 120 5 "kubecubctl get nodes|grep localhost"
+# arguments: wait time, sleep time, shell command
+# returns 0 if the shell command get output, 1 otherwise.
+kubecub::util::wait_for_success(){
+  local wait_time="$1"
+  local sleep_time="$2"
+  local cmd="$3"
+  while [ "$wait_time" -gt 0 ]; do
+    if eval "$cmd"; then
+      return 0
+    else
+      sleep "$sleep_time"
+      wait_time=$((wait_time-sleep_time))
+    fi
+  done
+  return 1
+}
+
+# Example:  kubecub::util::trap_add 'echo "in trap DEBUG"' DEBUG
+# See: http://stackoverflow.com/questions/3338030/multiple-bash-traps-for-the-same-signal
+kubecub::util::trap_add() {
+  local trap_add_cmd
+  trap_add_cmd=$1
+  shift
+
+  for trap_add_name in "$@"; do
+    local existing_cmd
+    local new_cmd
+
+    # Grab the currently defined trap commands for this trap
+    existing_cmd=$(trap -p "${trap_add_name}" |  awk -F"'" '{print $2}')
+
+    if [[ -z "${existing_cmd}" ]]; then
+      new_cmd="${trap_add_cmd}"
+    else
+      new_cmd="${trap_add_cmd};${existing_cmd}"
+    fi
+
+    # Assign the test. Disable the shellcheck warning telling that trap
+    # commands should be single quoted to avoid evaluating them at this
+    # point instead evaluating them at run time. The logic of adding new
+    # commands to a single trap requires them to be evaluated right away.
+    # shellcheck disable=SC2064
+    trap "${new_cmd}" "${trap_add_name}"
+  done
+}
+
+# Opposite of kubecub::util::ensure-temp-dir()
+kubecub::util::cleanup-temp-dir() {
+  rm -rf "${KUBECUB_TEMP}"
+}
+
+# Create a temp dir that'll be deleted at the end of this bash session.
+#
+# Vars set:
+#   KUBECUB_TEMP
+kubecub::util::ensure-temp-dir() {
+  if [[ -z ${KUBECUB_TEMP-} ]]; then
+    KUBECUB_TEMP=$(mktemp -d 2>/dev/null || mktemp -d -t kubecubrnetes.XXXXXX)
+    kubecub::util::trap_add kubecub::util::cleanup-temp-dir EXIT
+  fi
+}
+
+kubecub::util::host_os() {
+  local host_os
+  case "$(uname -s)" in
+    Darwin)
+      host_os=darwin
+      ;;
+    Linux)
+      host_os=linux
+      ;;
+    *)
+      kubecub::log::error "Unsupported host OS.  Must be Linux or Mac OS X."
+      exit 1
+      ;;
+  esac
+  echo "${host_os}"
+}
+
+kubecub::util::host_arch() {
+  local host_arch
+  case "$(uname -m)" in
+    x86_64*)
+      host_arch=amd64
+      ;;
+    i?86_64*)
+      host_arch=amd64
+      ;;
+    amd64*)
+      host_arch=amd64
+      ;;
+    aarch64*)
+      host_arch=arm64
+      ;;
+    arm64*)
+      host_arch=arm64
+      ;;
+    arm*)
+      host_arch=arm
+      ;;
+    i?86*)
+      host_arch=x86
+      ;;
+    s390x*)
+      host_arch=s390x
+      ;;
+    ppc64le*)
+      host_arch=ppc64le
+      ;;
+    *)
+      kubecub::log::error "Unsupported host arch. Must be x86_64, 386, arm, arm64, s390x or ppc64le."
+      exit 1
+      ;;
+  esac
+  echo "${host_arch}"
+}
+
+# This figures out the host platform without relying on golang.  We need this as
+# we don't want a golang install to be a prerequisite to building yet we need
+# this info to figure out where the final binaries are placed.
+kubecub::util::host_platform() {
+  echo "$(kubecub::util::host_os)/$(kubecub::util::host_arch)"
+}
+
+# looks for $1 in well-known output locations for the platform ($2)
+# $KUBECUB_ROOT must be set
+kubecub::util::find-binary-for-platform() {
+  local -r lookfor="$1"
+  local -r platform="$2"
+  local locations=(
+    "${KUBECUB_ROOT}/_output/bin/${lookfor}"
+    "${KUBECUB_ROOT}/_output/${platform}/${lookfor}"
+    "${KUBECUB_ROOT}/_output/local/bin/${platform}/${lookfor}"
+    "${KUBECUB_ROOT}/_output/platforms/${platform}/${lookfor}"
+  )
+
+  # List most recently-updated location.
+  local -r bin=$( (ls -t "${locations[@]}" 2>/dev/null || true) | head -1 )
+  echo -n "${bin}"
+}
+
+# looks for $1 in well-known output locations for the host platform
+# $KUBECUB_ROOT must be set
+kubecub::util::find-binary() {
+  kubecub::util::find-binary-for-platform "$1" "$(kubecub::util::host_platform)"
+}
+
+# Run all known doc generators (today gendocs and genman for kubecubctl)
+# $1 is the directory to put those generated documents
+kubecub::util::gen-docs() {
+  local dest="$1"
+
+  # Find binary
+  gendocs=$(kubecub::util::find-binary "gendocs")
+  genkubecubdocs=$(kubecub::util::find-binary "genkubecubdocs")
+  genman=$(kubecub::util::find-binary "genman")
+  genyaml=$(kubecub::util::find-binary "genyaml")
+  genfeddocs=$(kubecub::util::find-binary "genfeddocs")
+
+  # TODO: If ${genfeddocs} is not used from anywhere (it isn't used at
+  # least from k/k tree), remove it completely.
+  kubecub::util::sourced_variable "${genfeddocs}"
+
+  mkdir -p "${dest}/docs/guide/en-US/cmd/kubecubctl/"
+  "${gendocs}" "${dest}/docs/guide/en-US/cmd/kubecubctl/"
+
+  mkdir -p "${dest}/docs/guide/en-US/cmd/"
+  "${genkubecubdocs}" "${dest}/docs/guide/en-US/cmd/" "kubecub-apiserver"
+  "${genkubecubdocs}" "${dest}/docs/guide/en-US/cmd/" "kubecub-authz-server"
+  "${genkubecubdocs}" "${dest}/docs/guide/en-US/cmd/" "kubecub-pump"
+  "${genkubecubdocs}" "${dest}/docs/guide/en-US/cmd/" "kubecub-watcher"
+  "${genkubecubdocs}" "${dest}/docs/guide/en-US/cmd/kubecubctl" "kubecubctl"
+
+  mkdir -p "${dest}/docs/man/man1/"
+  "${genman}" "${dest}/docs/man/man1/" "kubecub-apiserver"
+  "${genman}" "${dest}/docs/man/man1/" "kubecub-authz-server"
+  "${genman}" "${dest}/docs/man/man1/" "kubecub-pump"
+  "${genman}" "${dest}/docs/man/man1/" "kubecub-watcher"
+  "${genman}" "${dest}/docs/man/man1/" "kubecubctl"
+
+  mkdir -p "${dest}/docs/guide/en-US/yaml/kubecubctl/"
+  "${genyaml}" "${dest}/docs/guide/en-US/yaml/kubecubctl/"
+
+  # create the list of generated files
+  pushd "${dest}" > /dev/null || return 1
+  touch docs/.generated_docs
+  find . -type f | cut -sd / -f 2- | LC_ALL=C sort > docs/.generated_docs
+  popd > /dev/null || return 1
+}
+
+# Removes previously generated docs-- we don't want to check them in. $KUBECUB_ROOT
+# must be set.
+kubecub::util::remove-gen-docs() {
+  if [ -e "${KUBECUB_ROOT}/docs/.generated_docs" ]; then
+    # remove all of the old docs; we don't want to check them in.
+    while read -r file; do
+      rm "${KUBECUB_ROOT}/${file}" 2>/dev/null || true
+    done <"${KUBECUB_ROOT}/docs/.generated_docs"
+    # The docs/.generated_docs file lists itself, so we don't need to explicitly
+    # delete it.
+  fi
+}
+
+# Returns the name of the upstream remote repository name for the local git
+# repo, e.g. "upstream" or "origin".
+kubecub::util::git_upstream_remote_name() {
+  git remote -v | grep fetch |\
+    grep -E 'github.com[/:]marmotedu/kubecub|marmotedu.io/kubecub' |\
+    head -n 1 | awk '{print $1}'
+}
+
+# Exits script if working directory is dirty. If it's run interactively in the terminal
+# the user can commit changes in a second terminal. This script will wait.
+kubecub::util::ensure_clean_working_dir() {
+  while ! git diff HEAD --exit-code &>/dev/null; do
+    echo -e "\nUnexpected dirty working directory:\n"
+    if tty -s; then
+        git status -s
+    else
+        git diff -a # be more verbose in log files without tty
+        exit 1
+    fi | sed 's/^/  /'
+    echo -e "\nCommit your changes in another terminal and then continue here by pressing enter."
+    read -r
+  done 1>&2
+}
+
+# Find the base commit using:
+# $PULL_BASE_SHA if set (from Prow)
+# current ref from the remote upstream branch
+kubecub::util::base_ref() {
+  local -r git_branch=$1
+
+  if [[ -n ${PULL_BASE_SHA:-} ]]; then
+    echo "${PULL_BASE_SHA}"
+    return
+  fi
+
+  full_branch="$(kubecub::util::git_upstream_remote_name)/${git_branch}"
+
+  # make sure the branch is valid, otherwise the check will pass erroneously.
+  if ! git describe "${full_branch}" >/dev/null; then
+    # abort!
+    exit 1
+  fi
+
+  echo "${full_branch}"
+}
+
+# Checks whether there are any files matching pattern $2 changed between the
+# current branch and upstream branch named by $1.
+# Returns 1 (false) if there are no changes
+#         0 (true) if there are changes detected.
+kubecub::util::has_changes() {
+  local -r git_branch=$1
+  local -r pattern=$2
+  local -r not_pattern=${3:-totallyimpossiblepattern}
+
+  local base_ref
+  base_ref=$(kubecub::util::base_ref "${git_branch}")
+  echo "Checking for '${pattern}' changes against '${base_ref}'"
+
+  # notice this uses ... to find the first shared ancestor
+  if git diff --name-only "${base_ref}...HEAD" | grep -v -E "${not_pattern}" | grep "${pattern}" > /dev/null; then
+    return 0
+  fi
+  # also check for pending changes
+  if git status --porcelain | grep -v -E "${not_pattern}" | grep "${pattern}" > /dev/null; then
+    echo "Detected '${pattern}' uncommitted changes."
+    return 0
+  fi
+  echo "No '${pattern}' changes detected."
+  return 1
+}
+
+kubecub::util::download_file() {
+  local -r url=$1
+  local -r destination_file=$2
+
+  rm "${destination_file}" 2&> /dev/null || true
+
+  for i in $(seq 5)
+  do
+    if ! curl -fsSL --retry 3 --keepalive-time 2 "${url}" -o "${destination_file}"; then
+      echo "Downloading ${url} failed. $((5-i)) retries left."
+      sleep 1
+    else
+      echo "Downloading ${url} succeed"
+      return 0
+    fi
+  done
+  return 1
+}
+
+# Test whether openssl is installed.
+# Sets:
+#  OPENSSL_BIN: The path to the openssl binary to use
+function kubecub::util::test_openssl_installed {
+    if ! openssl version >& /dev/null; then
+      echo "Failed to run openssl. Please ensure openssl is installed"
+      exit 1
+    fi
+
+    OPENSSL_BIN=$(command -v openssl)
+}
+
+# creates a client CA, args are sudo, dest-dir, ca-id, purpose
+# purpose is dropped in after "key encipherment", you usually want
+# '"client auth"'
+# '"server auth"'
+# '"client auth","server auth"'
+function kubecub::util::create_signing_certkey {
+    local sudo=$1
+    local dest_dir=$2
+    local id=$3
+    local purpose=$4
+    # Create client ca
+    ${sudo} /usr/bin/env bash -e <<EOF
+    rm -f "${dest_dir}/${id}-ca.crt" "${dest_dir}/${id}-ca.key"
+    ${OPENSSL_BIN} req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout "${dest_dir}/${id}-ca.key" -out "${dest_dir}/${id}-ca.crt" -subj "/C=xx/ST=x/L=x/O=x/OU=x/CN=ca/emailAddress=x/"
+    echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment",${purpose}]}}}' > "${dest_dir}/${id}-ca-config.json"
+EOF
+}
+
+# signs a client certificate: args are sudo, dest-dir, CA, filename (roughly), username, groups...
+function kubecub::util::create_client_certkey {
+    local sudo=$1
+    local dest_dir=$2
+    local ca=$3
+    local id=$4
+    local cn=${5:-$4}
+    local groups=""
+    local SEP=""
+    shift 5
+    while [ -n "${1:-}" ]; do
+        groups+="${SEP}{\"O\":\"$1\"}"
+        SEP=","
+        shift 1
+    done
+    ${sudo} /usr/bin/env bash -e <<EOF
+    cd ${dest_dir}
+    echo '{"CN":"${cn}","names":[${groups}],"hosts":[""],"key":{"algo":"rsa","size":2048}}' | ${CFSSL_BIN} gencert -ca=${ca}.crt -ca-key=${ca}.key -config=${ca}-config.json - | ${CFSSLJSON_BIN} -bare client-${id}
+    mv "client-${id}-key.pem" "client-${id}.key"
+    mv "client-${id}.pem" "client-${id}.crt"
+    rm -f "client-${id}.csr"
+EOF
+}
+
+# signs a serving certificate: args are sudo, dest-dir, ca, filename (roughly), subject, hosts...
+function kubecub::util::create_serving_certkey {
+    local sudo=$1
+    local dest_dir=$2
+    local ca=$3
+    local id=$4
+    local cn=${5:-$4}
+    local hosts=""
+    local SEP=""
+    shift 5
+    while [ -n "${1:-}" ]; do
+        hosts+="${SEP}\"$1\""
+        SEP=","
+        shift 1
+    done
+    ${sudo} /usr/bin/env bash -e <<EOF
+    cd ${dest_dir}
+    echo '{"CN":"${cn}","hosts":[${hosts}],"key":{"algo":"rsa","size":2048}}' | ${CFSSL_BIN} gencert -ca=${ca}.crt -ca-key=${ca}.key -config=${ca}-config.json - | ${CFSSLJSON_BIN} -bare serving-${id}
+    mv "serving-${id}-key.pem" "serving-${id}.key"
+    mv "serving-${id}.pem" "serving-${id}.crt"
+    rm -f "serving-${id}.csr"
+EOF
+}
+
+# creates a self-contained kubecubconfig: args are sudo, dest-dir, ca file, host, port, client id, token(optional)
+function kubecub::util::write_client_kubecubconfig {
+    local sudo=$1
+    local dest_dir=$2
+    local ca_file=$3
+    local api_host=$4
+    local api_port=$5
+    local client_id=$6
+    local token=${7:-}
+    cat <<EOF | ${sudo} tee "${dest_dir}"/"${client_id}".kubecubconfig > /dev/null
+apiVersion: v1
+kind: Config
+clusters:
+  - cluster:
+      certificate-authority: ${ca_file}
+      server: https://${api_host}:${api_port}/
+    name: local-up-cluster
+users:
+  - user:
+      token: ${token}
+      client-certificate: ${dest_dir}/client-${client_id}.crt
+      client-key: ${dest_dir}/client-${client_id}.key
+    name: local-up-cluster
+contexts:
+  - context:
+      cluster: local-up-cluster
+      user: local-up-cluster
+    name: local-up-cluster
+current-context: local-up-cluster
+EOF
+
+    # flatten the kubecubconfig files to make them self contained
+    username=$(whoami)
+    ${sudo} /usr/bin/env bash -e <<EOF
+    $(kubecub::util::find-binary kubecubctl) --kubecubconfig="${dest_dir}/${client_id}.kubecubconfig" config view --minify --flatten > "/tmp/${client_id}.kubecubconfig"
+    mv -f "/tmp/${client_id}.kubecubconfig" "${dest_dir}/${client_id}.kubecubconfig"
+    chown ${username} "${dest_dir}/${client_id}.kubecubconfig"
+EOF
+}
+
+# Determines if docker can be run, failures may simply require that the user be added to the docker group.
+function kubecub::util::ensure_docker_daemon_connectivity {
+  IFS=" " read -ra DOCKER <<< "${DOCKER_OPTS}"
+  # Expand ${DOCKER[@]} only if it's not unset. This is to work around
+  # Bash 3 issue with unbound variable.
+  DOCKER=(docker ${DOCKER[@]:+"${DOCKER[@]}"})
+  if ! "${DOCKER[@]}" info > /dev/null 2>&1 ; then
+    cat <<'EOF' >&2
+Can't connect to 'docker' daemon.  please fix and retry.
+
+Possible causes:
+  - Docker Daemon not started
+    - Linux: confirm via your init system
+    - macOS w/ docker-machine: run `docker-machine ls` and `docker-machine start <name>`
+    - macOS w/ Docker for Mac: Check the menu bar and start the Docker application
+  - DOCKER_HOST hasn't been set or is set incorrectly
+    - Linux: domain socket is used, DOCKER_* should be unset. In Bash run `unset ${!DOCKER_*}`
+    - macOS w/ docker-machine: run `eval "$(docker-machine env <name>)"`
+    - macOS w/ Docker for Mac: domain socket is used, DOCKER_* should be unset. In Bash run `unset ${!DOCKER_*}`
+  - Other things to check:
+    - Linux: User isn't in 'docker' group.  Add and relogin.
+      - Something like 'sudo usermod -a -G docker ${USER}'
+      - RHEL7 bug and workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1119282#c8
+EOF
+    return 1
+  fi
+}
+
+# Wait for background jobs to finish. Return with
+# an error status if any of the jobs failed.
+kubecub::util::wait-for-jobs() {
+  local fail=0
+  local job
+  for job in $(jobs -p); do
+    wait "${job}" || fail=$((fail + 1))
+  done
+  return ${fail}
+}
+
+# kubecub::util::join <delim> <list...>
+# Concatenates the list elements with the delimiter passed as first parameter
+#
+# Ex: kubecub::util::join , a b c
+#  -> a,b,c
+function kubecub::util::join {
+  local IFS="$1"
+  shift
+  echo "$*"
+}
+
+# Downloads cfssl/cfssljson/cfssl-certinfo into $1 directory if they do not already exist in PATH
+#
+# Assumed vars:
+#   $1 (cfssl directory) (optional)
+#
+# Sets:
+#  CFSSL_BIN: The path of the installed cfssl binary
+#  CFSSLJSON_BIN: The path of the installed cfssljson binary
+#  CFSSLCERTINFO_BIN: The path of the installed cfssl-certinfo binary
+#
+function kubecub::util::ensure-cfssl {
+  if command -v cfssl &>/dev/null && command -v cfssljson &>/dev/null && command -v cfssl-certinfo &>/dev/null; then
+    CFSSL_BIN=$(command -v cfssl)
+    CFSSLJSON_BIN=$(command -v cfssljson)
+    CFSSLCERTINFO_BIN=$(command -v cfssl-certinfo)
+    return 0
+  fi
+
+  host_arch=$(kubecub::util::host_arch)
+
+  if [[ "${host_arch}" != "amd64" ]]; then
+    echo "Cannot download cfssl on non-amd64 hosts and cfssl does not appear to be installed."
+    echo "Please install cfssl, cfssljson and cfssl-certinfo and verify they are in \$PATH."
+    echo "Hint: export PATH=\$PATH:\$GOPATH/bin; go get -u github.com/cloudflare/cfssl/cmd/..."
+    exit 1
+  fi
+
+  # Create a temp dir for cfssl if no directory was given
+  local cfssldir=${1:-}
+  if [[ -z "${cfssldir}" ]]; then
+    cfssldir="$HOME/bin"
+  fi
+
+  mkdir -p "${cfssldir}"
+  pushd "${cfssldir}" > /dev/null || return 1
+
+  echo "Unable to successfully run 'cfssl' from ${PATH}; downloading instead..."
+  kernel=$(uname -s)
+  case "${kernel}" in
+    Linux)
+      curl --retry 10 -L -o cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
+      curl --retry 10 -L -o cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
+      curl --retry 10 -L -o cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
+      ;;
+    Darwin)
+      curl --retry 10 -L -o cfssl https://pkg.cfssl.org/R1.2/cfssl_darwin-amd64
+      curl --retry 10 -L -o cfssljson https://pkg.cfssl.org/R1.2/cfssljson_darwin-amd64
+      curl --retry 10 -L -o cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_darwin-amd64
+      ;;
+    *)
+      echo "Unknown, unsupported platform: ${kernel}." >&2
+      echo "Supported platforms: Linux, Darwin." >&2
+      exit 2
+  esac
+
+  chmod +x cfssl || true
+  chmod +x cfssljson || true
+  chmod +x cfssl-certinfo || true
+
+  CFSSL_BIN="${cfssldir}/cfssl"
+  CFSSLJSON_BIN="${cfssldir}/cfssljson"
+  CFSSLCERTINFO_BIN="${cfssldir}/cfssl-certinfo"
+  if [[ ! -x ${CFSSL_BIN} || ! -x ${CFSSLJSON_BIN} || ! -x ${CFSSLCERTINFO_BIN} ]]; then
+    echo "Failed to download 'cfssl'."
+    echo "Please install cfssl, cfssljson and cfssl-certinfo and verify they are in \$PATH."
+    echo "Hint: export PATH=\$PATH:\$GOPATH/bin; go get -u github.com/cloudflare/cfssl/cmd/..."
+    exit 1
+  fi
+  popd > /dev/null || return 1
+}
+
+# kubecub::util::ensure-gnu-sed
+# Determines which sed binary is gnu-sed on linux/darwin
+#
+# Sets:
+#  SED: The name of the gnu-sed binary
+#
+function kubecub::util::ensure-gnu-sed {
+  # NOTE: the echo below is a workaround to ensure sed is executed before the grep.
+  # see: https://github.com/kubecubrnetes/kubecubrnetes/issues/87251
+  sed_help="$(LANG=C sed --help 2>&1 || true)"
+  if echo "${sed_help}" | grep -q "GNU\|BusyBox"; then
+    SED="sed"
+  elif command -v gsed &>/dev/null; then
+    SED="gsed"
+  else
+    kubecub::log::error "Failed to find GNU sed as sed or gsed. If you are on Mac: brew install gnu-sed." >&2
+    return 1
+  fi
+  kubecub::util::sourced_variable "${SED}"
+}
+
+# kubecub::util::check-file-in-alphabetical-order <file>
+# Check that the file is in alphabetical order
+#
+function kubecub::util::check-file-in-alphabetical-order {
+  local failure_file="$1"
+  if ! diff -u "${failure_file}" <(LC_ALL=C sort "${failure_file}"); then
+    {
+      echo
+      echo "${failure_file} is not in alphabetical order. Please sort it:"
+      echo
+      echo "  LC_ALL=C sort -o ${failure_file} ${failure_file}"
+      echo
+    } >&2
+  false
+  fi
+}
+
+# kubecub::util::require-jq
+# Checks whether jq is installed.
+function kubecub::util::require-jq {
+  if ! command -v jq &>/dev/null; then
+    echo "jq not found. Please install." 1>&2
+    return 1
+  fi
+}
+
+# outputs md5 hash of $1, works on macOS and Linux
+function kubecub::util::md5() {
+  if which md5 >/dev/null 2>&1; then
+    md5 -q "$1"
+  else
+    md5sum "$1" | awk '{ print $1 }'
+  fi
+}
+
+# kubecub::util::read-array
+# Reads in stdin and adds it line by line to the array provided. This can be
+# used instead of "mapfile -t", and is bash 3 compatible.
+#
+# Assumed vars:
+#   $1 (name of array to create/modify)
+#
+# Example usage:
+# kubecub::util::read-array files < <(ls -1)
+#
+function kubecub::util::read-array {
+  local i=0
+  unset -v "$1"
+  while IFS= read -r "$1[i++]"; do :; done
+  eval "[[ \${$1[--i]} ]]" || unset "$1[i]" # ensures last element isn't empty
+}
+
+# Some useful colors.
+if [[ -z "${color_start-}" ]]; then
+  declare -r color_start="\033["
+  declare -r color_red="${color_start}0;31m"
+  declare -r color_yellow="${color_start}0;33m"
+  declare -r color_green="${color_start}0;32m"
+  declare -r color_blue="${color_start}1;34m"
+  declare -r color_cyan="${color_start}1;36m"
+  declare -r color_norm="${color_start}0m"
+
+  kubecub::util::sourced_variable "${color_start}"
+  kubecub::util::sourced_variable "${color_red}"
+  kubecub::util::sourced_variable "${color_yellow}"
+  kubecub::util::sourced_variable "${color_green}"
+  kubecub::util::sourced_variable "${color_blue}"
+  kubecub::util::sourced_variable "${color_cyan}"
+  kubecub::util::sourced_variable "${color_norm}"
+fi
+
+# ex: ts=2 sw=2 et filetype=sh
diff --git a/scripts/lib/version.sh b/scripts/lib/version.sh
new file mode 100755
index 0000000..29c4213
--- /dev/null
+++ b/scripts/lib/version.sh
@@ -0,0 +1,137 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+# -----------------------------------------------------------------------------
+# Version management helpers.  These functions help to set, save and load the
+# following variables:
+#
+#    KUBECUB_GIT_COMMIT - The git commit id corresponding to this
+#          source code.
+#    KUBECUB_GIT_TREE_STATE - "clean" indicates no changes since the git commit id
+#        "dirty" indicates source code changes after the git commit id
+#        "archive" indicates the tree was produced by 'git archive'
+#    KUBECUB_GIT_VERSION - "vX.Y" used to indicate the last release version.
+#    KUBECUB_GIT_MAJOR - The major part of the version
+#    KUBECUB_GIT_MINOR - The minor component of the version
+
+# Grovels through git to set a set of env variables.
+#
+# If KUBECUB_GIT_VERSION_FILE, this function will load from that file instead of
+# querying git.
+kubecub::version::get_version_vars() {
+  if [[ -n ${KUBECUB_GIT_VERSION_FILE-} ]]; then
+    kubecub::version::load_version_vars "${KUBECUB_GIT_VERSION_FILE}"
+    return
+  fi
+
+  # If the kubecubrnetes source was exported through git archive, then
+  # we likely don't have a git tree, but these magic values may be filled in.
+  # shellcheck disable=SC2016,SC2050
+  # Disabled as we're not expanding these at runtime, but rather expecting
+  # that another tool may have expanded these and rewritten the source (!)
+  if [[ '$Format:%%$' == "%" ]]; then
+    KUBECUB_GIT_COMMIT='$Format:%H$'
+    KUBECUB_GIT_TREE_STATE="archive"
+    # When a 'git archive' is exported, the '$Format:%D$' below will look
+    # something like 'HEAD -> release-1.8, tag: v1.8.3' where then 'tag: '
+    # can be extracted from it.
+    if [[ '$Format:%D$' =~ tag:\ (v[^ ,]+) ]]; then
+     KUBECUB_GIT_VERSION="${BASH_REMATCH[1]}"
+    fi
+  fi
+
+  local git=(git --work-tree "${KUBECUB_ROOT}")
+
+  if [[ -n ${KUBECUB_GIT_COMMIT-} ]] || KUBECUB_GIT_COMMIT=$("${git[@]}" rev-parse "HEAD^{commit}" 2>/dev/null); then
+    if [[ -z ${KUBECUB_GIT_TREE_STATE-} ]]; then
+      # Check if the tree is dirty.  default to dirty
+      if git_status=$("${git[@]}" status --porcelain 2>/dev/null) && [[ -z ${git_status} ]]; then
+        KUBECUB_GIT_TREE_STATE="clean"
+      else
+        KUBECUB_GIT_TREE_STATE="dirty"
+      fi
+    fi
+
+    # Use git describe to find the version based on tags.
+    if [[ -n ${KUBECUB_GIT_VERSION-} ]] || KUBECUB_GIT_VERSION=$("${git[@]}" describe --tags --always --match='v*' 2>/dev/null); then
+      # This translates the "git describe" to an actual semver.org
+      # compatible semantic version that looks something like this:
+      #   v1.1.0-alpha.0.6+84c76d1142ea4d
+      #
+      # TODO: We continue calling this "git version" because so many
+      # downstream consumers are expecting it there.
+      #
+      # These regexes are painful enough in sed...
+      # We don't want to do them in pure shell, so disable SC2001
+      # shellcheck disable=SC2001
+      DASHES_IN_VERSION=$(echo "${KUBECUB_GIT_VERSION}" | sed "s/[^-]//g")
+      if [[ "${DASHES_IN_VERSION}" == "---" ]] ; then
+        # shellcheck disable=SC2001
+        # We have distance to subversion (v1.1.0-subversion-1-gCommitHash)
+        KUBECUB_GIT_VERSION=$(echo "${KUBECUB_GIT_VERSION}" | sed "s/-\([0-9]\{1,\}\)-g\([0-9a-f]\{14\}\)$/.\1\+\2/")
+      elif [[ "${DASHES_IN_VERSION}" == "--" ]] ; then
+        # shellcheck disable=SC2001
+        # We have distance to base tag (v1.1.0-1-gCommitHash)
+        KUBECUB_GIT_VERSION=$(echo "${KUBECUB_GIT_VERSION}" | sed "s/-g\([0-9a-f]\{14\}\)$/+\1/")
+      fi
+      if [[ "${KUBECUB_GIT_TREE_STATE}" == "dirty" ]]; then
+        # git describe --dirty only considers changes to existing files, but
+        # that is problematic since new untracked .go files affect the build,
+        # so use our idea of "dirty" from git status instead.
+        # TODO?
+        #KUBECUB_GIT_VERSION+="-dirty"
+        :
+      fi
+
+
+      # Try to match the "git describe" output to a regex to try to extract
+      # the "major" and "minor" versions and whether this is the exact tagged
+      # version or whether the tree is between two tagged versions.
+      if [[ "${KUBECUB_GIT_VERSION}" =~ ^v([0-9]+)\.([0-9]+)(\.[0-9]+)?([-].*)?([+].*)?$ ]]; then
+        KUBECUB_GIT_MAJOR=${BASH_REMATCH[1]}
+        KUBECUB_GIT_MINOR=${BASH_REMATCH[2]}
+        if [[ -n "${BASH_REMATCH[4]}" ]]; then
+          KUBECUB_GIT_MINOR+="+"
+        fi
+      fi
+
+      # If KUBECUB_GIT_VERSION is not a valid Semantic Version, then refuse to build.
+      if ! [[ "${KUBECUB_GIT_VERSION}" =~ ^v([0-9]+)\.([0-9]+)(\.[0-9]+)?(-[0-9A-Za-z.-]+)?(\+[0-9A-Za-z.-]+)?$ ]]; then
+          echo "KUBECUB_GIT_VERSION should be a valid Semantic Version. Current value: ${KUBECUB_GIT_VERSION}"
+          echo "Please see more details here: https://semver.org"
+          exit 1
+      fi
+    fi
+  fi
+}
+
+# Saves the environment flags to $1
+kubecub::version::save_version_vars() {
+  local version_file=${1-}
+  [[ -n ${version_file} ]] || {
+    echo "!!! Internal error.  No file specified in kubecub::version::save_version_vars"
+    return 1
+  }
+
+  cat <<EOF >"${version_file}"
+KUBECUB_GIT_COMMIT='${KUBECUB_GIT_COMMIT-}'
+KUBECUB_GIT_TREE_STATE='${KUBECUB_GIT_TREE_STATE-}'
+KUBECUB_GIT_VERSION='${KUBECUB_GIT_VERSION-}'
+KUBECUB_GIT_MAJOR='${KUBECUB_GIT_MAJOR-}'
+KUBECUB_GIT_MINOR='${KUBECUB_GIT_MINOR-}'
+EOF
+}
+
+# Loads up the version variables from file $1
+kubecub::version::load_version_vars() {
+  local version_file=${1-}
+  [[ -n ${version_file} ]] || {
+    echo "!!! Internal error.  No file specified in kubecub::version::load_version_vars"
+    return 1
+  }
+
+  source "${version_file}"
+}
diff --git a/scripts/release.sh b/scripts/release.sh
new file mode 100755
index 0000000..5f4fdaa
--- /dev/null
+++ b/scripts/release.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+# Copyright © 2023 KubeCub open source community. All rights reserved.
+# Licensed under the MIT License (the "License");
+# you may not use this file except in compliance with the License.
+
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+KUBECUB_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+source "${KUBECUB_ROOT}/scripts/common.sh"
+source "${KUBECUB_ROOT}/scripts/lib/release.sh"
+
+KUBECUB_RELEASE_RUN_TESTS=${KUBECUB_RELEASE_RUN_TESTS-y}
+
+kubecub::golang::setup_env
+kubecub::build::verify_prereqs
+kubecub::release::verify_prereqs
+#kubecub::build::build_image
+kubecub::build::build_command
+kubecub::release::package_tarballs
+kubecub::release::updload_tarballs
+git push origin ${VERSION}
+#kubecub::release::github_release
+#kubecub::release::generate_changelog
diff --git a/scripts/templates/project_README.md b/scripts/templates/project_README.md
new file mode 100644
index 0000000..96575e6
--- /dev/null
+++ b/scripts/templates/project_README.md
@@ -0,0 +1,41 @@
+# Project myproject
+
+<!-- Write one paragraph of this project description here -->
+
+## Features
+
+<!-- Tell others the features of this project -->
+
+## Getting Started
+
+### Prerequisites
+
+<!-- Describe packages, tools and everything we needed here -->
+
+### Building
+
+<!-- Describe how to build this project -->
+
+### Running
+
+<!-- Describe how to run this project -->
+
+## Using
+
+<!-- Place user documents here -->
+
+## Contributing
+
+<!-- Tell others how to contribute this project -->
+
+## Community(optional)
+
+<!-- Tell something about the community if needed -->
+
+## Authors
+
+<!-- Put authors here -->
+
+## License
+
+<!-- A link to license file -->

From 95da5c40d3c315102f5dd55aea1135b35b544587 Mon Sep 17 00:00:00 2001
From: "Xinwei Xiong (cubxxw)" <3293172751nss@gmail.com>
Date: Sat, 16 Mar 2024 17:04:57 +0800
Subject: [PATCH 3/3] fix: fix cicd build project

---
 .github/workflows/create-release-branch.yml |  2 -
 .goreleaser.yaml                            | 85 +++++++--------------
 CHANGELOG.md                                |  2 +-
 Dockerfile                                  | 20 +++--
 action.yml                                  | 17 +++++
 deploy/OWNERS                               |  4 +
 deploy/README.md                            | 11 +++
 deploy/cld/Dockerfile.cld                   | 13 ++++
 8 files changed, 87 insertions(+), 67 deletions(-)
 create mode 100644 deploy/OWNERS
 create mode 100644 deploy/README.md
 create mode 100644 deploy/cld/Dockerfile.cld

diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml
index d77a505..34b41d7 100644
--- a/.github/workflows/create-release-branch.yml
+++ b/.github/workflows/create-release-branch.yml
@@ -30,11 +30,9 @@ jobs:
             MINOR_VERSION=${BASH_REMATCH[2]}
             PATCH_VERSION=${BASH_REMATCH[3]}
             
-            # 检查是否满足创建分支的条件
             if [[ ${PATCH_VERSION} -eq 0 && ! ${TAG_NAME} =~ [A-Za-z-] ]]; then
               RELEASE_BRANCH_NAME="release-v${MAJOR_VERSION}.0"
               
-              # 创建分支
               git branch "${RELEASE_BRANCH_NAME}" "${TAG_NAME}"
               git push origin "${RELEASE_BRANCH_NAME}"
               
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index b262ea0..6947a96 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -28,25 +28,9 @@ report_sizes: true
 dist: _output/dist
 
 builds:
-  - binary: syncer
-    id: syncer
-    main: ./cmd/syncer/main.go
-    goos:
-      - windows
-      - darwin
-      - linux
-      - freebsd
-    goarch:
-      - amd64
-      - 386
-      - arm
-      - arm64
-    goarm:
-      - 6
-      - 7
-  - binary: exporter
-    id: exporter
-    main: ./cmd/exporter/main.go
+  - binary: cld
+    id: cld
+    main: ./cmd/cld/main.go
     goos:
       - windows
       - darwin
@@ -192,26 +176,13 @@ changelog:
 
 
 kos:
-  - repository: ghcr.io/kubecub/syncer
-    id: syncer
-    tags:
-    - '{{.Version}}'
-    - latest
-    bare: true
-    main: ./cmd/syncer/main.go
-    preserve_import_paths: false
-    base_image: alpine
-    platforms:
-    - linux/amd64
-    - linux/arm64
-
-  - repository: ghcr.io/kubecub/exporter
-    id: exporter
+  - repository: ghcr.io/kubecub/cld
+    id: cld
     tags:
     - '{{.Version}}'
     - latest
     bare: true
-    main: ./cmd/exporter/main.go
+    main: ./cmd/cld/main.go
     base_image: alpine
     preserve_import_paths: false
     platforms:
@@ -293,53 +264,53 @@ checksum:
 
 #   - use: buildx
 #     ids:
-#       - exporter
+#       - cld
 #     goos: linux
 #     goarch: amd64
 #     image_templates:
-#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-amd64
-#     dockerfile: deploy/exporter/Dockerfile.exporter
+#       - ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}-amd64
+#     dockerfile: deploy/cld/Dockerfile.cld
 #     build_flag_templates:
 #       - --pull
 #       - --platform=linux/amd64
-#       - --label=io.exporter.image.created={{.Date}}
-#       - --label=io.exporter.image.title=exporter
-#       - --label=io.exporter.image.revision={{.ShortCommit}}
-#       - --label=io.exporter.image.version={{.Tag }}
-#       - --label=io.exporter.image.auth={{ .Env.USERNAME }}
+#       - --label=io.cld.image.created={{.Date}}
+#       - --label=io.cld.image.title=cld
+#       - --label=io.cld.image.revision={{.ShortCommit}}
+#       - --label=io.cld.image.version={{.Tag }}
+#       - --label=io.cld.image.auth={{ .Env.USERNAME }}
 
 #   - use: buildx
 #     ids:
-#       - exporter
+#       - cld
 #     goos: linux
 #     goarch: arm64
 #     image_templates:
-#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-arm64
-#     dockerfile: docker/exporter/Dockerfile.exporter
+#       - ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}-arm64
+#     dockerfile: docker/cld/Dockerfile.cld
 #     build_flag_templates:
 #       - --pull
 #       - --platform=linux/arm64
-#       - --label=io.exporter.image.created={{.Date}}
-#       - --label=io.exporter.image.title=exporter
-#       - --label=io.exporter.image.revision={{.ShortCommit}}
-#       - --label=io.exporter.image.version={{.Tag }}
-#       - --label=io.exporter.image.auth={{ .Env.USERNAME }}
+#       - --label=io.cld.image.created={{.Date}}
+#       - --label=io.cld.image.title=cld
+#       - --label=io.cld.image.revision={{.ShortCommit}}
+#       - --label=io.cld.image.version={{.Tag }}
+#       - --label=io.cld.image.auth={{ .Env.USERNAME }}
 
 
 # docker_manifests:
-#   - name_template: ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}
+#   - name_template: ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}
 #     image_templates:
-#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-amd64
-#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-arm64
+#       - ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}-amd64
+#       - ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}-arm64
 #   - name_template: ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}
 #     image_templates:
 #       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-amd64
 #       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-arm64
 
-#   - name_template: ghcr.io/{{ .Env.USERNAME }}/exporter:latest
+#   - name_template: ghcr.io/{{ .Env.USERNAME }}/cld:latest
 #     image_templates:
-#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-amd64
-#       - ghcr.io/{{ .Env.USERNAME }}/exporter:{{ .Tag }}-arm64
+#       - ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}-amd64
+#       - ghcr.io/{{ .Env.USERNAME }}/cld:{{ .Tag }}-arm64
 #   - name_template: ghcr.io/{{ .Env.USERNAME }}/syncer:latest
 #     image_templates:
 #       - ghcr.io/{{ .Env.USERNAME }}/syncer:{{ .Tag }}-amd64
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a89535..660bde7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -73,7 +73,7 @@
 - delete issue template
 
 ### Feat
-- complete base exporter
+- complete base cld
 - add labels standard
 - synchronous tag
 - partial optimization
diff --git a/Dockerfile b/Dockerfile
index a9445a2..e7c90ea 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,16 +2,22 @@
 # Licensed under the MIT License (the "License");
 # you may not use this file except in compliance with the License.
 
-FROM golang AS build
+FROM golang:1.20 as builder
+
+WORKDIR /build
+
 ENV GOPROXY=https://goproxy.cn
 
-WORKDIR /go/src/app
 
-COPY . /go/src/app
+COPY . .
 
-# RUN go build -o /go/bin/app cmd/exporter/main.go
 RUN make build
 
-FROM alpine
-COPY --from=build /go/bin/app/_output /
-CMD ["/app"]
+FROM alpine:latest
+
+WORKDIR /app
+
+COPY --from=builder /build/_output/bin/platforms/linux/amd64/cld .
+COPY --from=builder /build/config.yaml .
+
+ENTRYPOINT ["./cld", "-config", "config.yaml"]
diff --git a/action.yml b/action.yml
index 067e5d2..5c390a7 100644
--- a/action.yml
+++ b/action.yml
@@ -2,3 +2,20 @@
 # Licensed under the MIT License (the "License");
 # you may not use this file except in compliance with the License.
 
+name: 'Code Language Detector'
+description: 'Detects specified languages in comments within code files.'
+inputs:
+  config-path:
+    description: 'Path to the configuration file.'
+    required: true
+    default: '.github/code-language-detector.yml'
+
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.config-path }}
+
+branding:
+  icon: tool
+  color: blue
\ No newline at end of file
diff --git a/deploy/OWNERS b/deploy/OWNERS
new file mode 100644
index 0000000..a9521f7
--- /dev/null
+++ b/deploy/OWNERS
@@ -0,0 +1,4 @@
+reviewers:
+  - cubxxw
+approvers:
+  - cubxxw
\ No newline at end of file
diff --git a/deploy/README.md b/deploy/README.md
new file mode 100644
index 0000000..00bfce3
--- /dev/null
+++ b/deploy/README.md
@@ -0,0 +1,11 @@
+# `/build`
+
+Packaging and Continuous Integration.
+
+Put your cloud (AMI), container (Docker), OS (deb, rpm, pkg) package configurations and scripts in the `/build/package` directory.
+
+Put your CI (travis, circle, drone) configurations and scripts in the `/build/ci` directory. Note that some of the CI tools (e.g., Travis CI) are very picky about the location of their config files. Try putting the config files in the `/build/ci` directory linking them to the location where the CI tools expect them when possible (don't worry if it's not and if keeping those files in the root directory makes your life easier :-)).
+
+Examples:
+
+* https://github.com/cockroachdb/cockroach/tree/master/build
\ No newline at end of file
diff --git a/deploy/cld/Dockerfile.cld b/deploy/cld/Dockerfile.cld
new file mode 100644
index 0000000..bbe96c3
--- /dev/null
+++ b/deploy/cld/Dockerfile.cld
@@ -0,0 +1,13 @@
+FROM golang AS builder
+
+WORKDIR /app
+
+ENV GOPROXY=https://goproxy.cn
+
+COPY . /app/
+
+RUN cd /app; go build -o _output/bin/cld cmd/cld/main.go
+
+FROM scratch
+COPY --from=builder /app/_output/bin/cld /app
+ENTRYPOINT ["/app/cld --help"]
\ No newline at end of file