feat(reporter): add GitHub Actions workflow command reporter (#459)

[mvanhorn]

Summary

Adds a --reporter=github option that emits validation errors as GitHub Actions workflow commands so they appear as inline PR annotations, without requiring the separate Boeing/validate-configs-action wrapper.

Closes #459

Why this matters

Issue #459 noted that the existing validate-configs-action already provides PR annotations, but it requires using the GitHub Action wrapper. Many users invoke the validator CLI directly inside their workflow steps and would benefit from getting annotations "for free" the same way golangci-lint, eslint, and shellcheck integrate with GitHub Actions.

The output format follows the GitHub Actions workflow command spec:

::error file=config/bad.json,line=3,col=12::syntax: unexpected token
::error file=deploy/broken.yaml,line=15,col=4::syntax: mapping values are not allowed here

Valid files produce no output (workflow commands are errors/warnings only, per the spec).

Changes

• New pkg/reporter/github_reporter.go — GitHubReporter plus the formatGitHubAnnotation / escapeGitHubMessage / escapeGitHubProperty helpers. Mirrors the existing reporter shapes (outputDest, Print(reports []Report) error, outputBytesToFile for file output).
• New pkg/reporter/github_reporter_test.go — 9 table-driven tests:
  • empty / all-valid input emits nothing
  • error formatting with line+col, omits zero values
  • falls back to ValidationErrors[0] then a generic message
  • escapes %, CR, LF in messages
  • escapes : and , in property values (file paths with special chars)
  • multiple reports emit one line each, valid ones skipped
  • quiet mode suppresses stdout (mirrors existing reporters' contract)
• Modified cmd/validator/validator.go — registered github in acceptedReportTypes, added a case to getReporter, and updated both the --help block and the flag description.

Quiet-mode behavior

The reporter mirrors the existing StdoutReporter quiet-mode contract: when the first report has IsQuiet set, stdout is suppressed even though buildGitHubReport still produces content. File output via --reporter=github:path.txt is unaffected by quiet mode (matching how the other reporters behave when explicit output destinations are set).

Escaping

The GitHub workflow command spec requires escaping special characters:

• Message values: % -> %25, CR -> %0D, LF -> %0A
• Property values (file=, line=, col=): same as MESSAGE plus : -> %3A and , -> %2C (since those are field separators)

Both escapers are covered by dedicated tests.

Testing

$ go build ./...
ok

$ go test ./pkg/reporter/... -run TestGitHubReporter -v
=== RUN   TestGitHubReporter_ValidFilesEmitNothing            --- PASS
=== RUN   TestGitHubReporter_FormatsErrorWithLineAndCol       --- PASS
=== RUN   TestGitHubReporter_OmitsZeroLineAndCol              --- PASS
=== RUN   TestGitHubReporter_FallsBackToValidationErrorsSlice --- PASS
=== RUN   TestGitHubReporter_FallsBackToGenericMessage        --- PASS
=== RUN   TestGitHubReporter_EscapesMessageSpecialChars       --- PASS
=== RUN   TestGitHubReporter_EscapesPropertySpecialChars      --- PASS
=== RUN   TestGitHubReporter_MultipleReportsOneLineEach       --- PASS
=== RUN   TestGitHubReporter_QuietModeSuppressesStdout        --- PASS

$ go test ./...
ok    github.com/Boeing/config-file-validator/v2
ok    github.com/Boeing/config-file-validator/v2/cmd/validator
ok    github.com/Boeing/config-file-validator/v2/pkg/cli
ok    github.com/Boeing/config-file-validator/v2/pkg/configfile
ok    github.com/Boeing/config-file-validator/v2/pkg/filetype
ok    github.com/Boeing/config-file-validator/v2/pkg/finder
ok    github.com/Boeing/config-file-validator/v2/pkg/reporter
ok    github.com/Boeing/config-file-validator/v2/pkg/schemastore
ok    github.com/Boeing/config-file-validator/v2/pkg/tools
ok    github.com/Boeing/config-file-validator/v2/pkg/validator

gofmt -l is clean on all touched files.

This contribution was developed with AI assistance (Codex).

[kehoecj]

A couple linting issues and need a changelog