From 2567feae0790acbecd8176091e4bf6867e62afd7 Mon Sep 17 00:00:00 2001 From: mrz1836 Date: Mon, 6 Apr 2026 20:31:24 -0400 Subject: [PATCH] sync: update tooling versions and cache comments --- .dockerignore | 1 + .../actions/setup-go-with-cache/action.yml | 4 +- .github/env/10-mage-x.env | 10 +-- .github/env/10-pre-commit.env | 6 +- .github/env/10-security.env | 2 +- .github/workflows/codeql-analysis.yml | 6 +- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/fortress-coverage.yml | 2 +- .github/workflows/fortress-pre-commit.yml | 82 +++++++++++++++++-- .github/workflows/scorecard.yml | 2 +- 10 files changed, 94 insertions(+), 23 deletions(-) diff --git a/.dockerignore b/.dockerignore index d53d723..3d6870a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -21,6 +21,7 @@ vendor/ # Binaries for programs and plugins dist/ +!dist/linux/ gin-bin *.exe *.exe~ diff --git a/.github/actions/setup-go-with-cache/action.yml b/.github/actions/setup-go-with-cache/action.yml index f64599e..8578ce5 100644 --- a/.github/actions/setup-go-with-cache/action.yml +++ b/.github/actions/setup-go-with-cache/action.yml @@ -211,6 +211,7 @@ runs: # -------------------------------------------------------------------- # Go module cache (shared across versions) + # Uses actions/cache which handles both restore and save # -------------------------------------------------------------------- - name: 💾 Go module cache id: restore-gomod @@ -284,6 +285,7 @@ runs: # -------------------------------------------------------------------- # Go build cache (per-version) + # Uses actions/cache which handles both restore and save # -------------------------------------------------------------------- - name: 💾 Go build cache id: restore-gobuild @@ -440,7 +442,7 @@ runs: # -------------------------------------------------------------------- - name: 🏗ī¸ Set up Go id: setup-go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ inputs.go-version }} cache: false # we handle caches ourselves diff --git a/.github/env/10-mage-x.env b/.github/env/10-mage-x.env index e1fb4d9..78033a6 100644 --- a/.github/env/10-mage-x.env +++ b/.github/env/10-mage-x.env @@ -36,7 +36,7 @@ # ================================================================================================ # MAGE-X version -MAGE_X_VERSION=v1.20.11 +MAGE_X_VERSION=v1.20.15 # For mage-x development, set to 'true' to use local version instead of downloading from releases MAGE_X_USE_LOCAL=false @@ -59,10 +59,10 @@ MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea # 🛠ī¸ TOOL VERSIONS # ================================================================================================ -MAGE_X_GITLEAKS_VERSION=8.30.0 +MAGE_X_GITLEAKS_VERSION=8.30.1 MAGE_X_GOFUMPT_VERSION=v0.9.2 -MAGE_X_GOLANGCI_LINT_VERSION=v2.11.3 -MAGE_X_GORELEASER_VERSION=v2.14.3 +MAGE_X_GOLANGCI_LINT_VERSION=v2.11.4 +MAGE_X_GORELEASER_VERSION=v2.15.2 MAGE_X_GOVULNCHECK_VERSION=v1.1.4 MAGE_X_GO_SECONDARY_VERSION=1.24.x MAGE_X_GO_VERSION=1.24.x @@ -72,7 +72,7 @@ MAGE_X_STATICCHECK_VERSION=2026.1 MAGE_X_SWAG_VERSION=v1.16.6 MAGE_X_YAMLFMT_VERSION=v0.21.0 MAGE_X_BENCHSTAT_VERSION=v0.0.0-20260312031701-16a31bc5fbd0 -MAGE_X_MAGE_VERSION=v1.16.0 +MAGE_X_MAGE_VERSION=v1.17.1 # ================================================================================================ # 📝 RUNTIME VARIABLES (set by setup-goreleaser action) diff --git a/.github/env/10-pre-commit.env b/.github/env/10-pre-commit.env index 1340232..450fb72 100644 --- a/.github/env/10-pre-commit.env +++ b/.github/env/10-pre-commit.env @@ -26,7 +26,7 @@ # đŸĒ PRE-COMMIT TOOL VERSION # ================================================================================================ -GO_PRE_COMMIT_VERSION=v1.8.0 +GO_PRE_COMMIT_VERSION=v1.8.1 GO_PRE_COMMIT_USE_LOCAL=false # ================================================================================================ @@ -52,10 +52,10 @@ GO_PRE_COMMIT_ALL_FILES=true # 🛠ī¸ TOOL VERSIONS # ================================================================================================ -GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.11.3 +GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.11.4 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.2 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest -GO_PRE_COMMIT_GITLEAKS_VERSION=v8.30.0 +GO_PRE_COMMIT_GITLEAKS_VERSION=v8.30.1 # Build tags for golangci-lint and other tools GO_PRE_COMMIT_BUILD_TAGS= diff --git a/.github/env/10-security.env b/.github/env/10-security.env index f5c6dcd..54a8886 100644 --- a/.github/env/10-security.env +++ b/.github/env/10-security.env @@ -60,6 +60,6 @@ MAGE_X_CVE_EXCLUDES=CVE-9999-12345,CVE-9999-43210 # 🛠ī¸ SECURITY TOOL VERSIONS # ================================================================================================ -GITLEAKS_VERSION=8.30.0 +GITLEAKS_VERSION=8.30.1 GOVULNCHECK_VERSION=v1.1.4 NANCY_VERSION=v1.2.0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad91267..9048575 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -46,7 +46,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 + uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # uses a compiled language - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index d14a5e9..7dffb31 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -163,7 +163,7 @@ jobs: # -------------------------------------------------------------------- - name: 📊 Fetch Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/fortress-coverage.yml b/.github/workflows/fortress-coverage.yml index 3a6ed38..f782a55 100644 --- a/.github/workflows/fortress-coverage.yml +++ b/.github/workflows/fortress-coverage.yml @@ -2488,7 +2488,7 @@ jobs: # This will trigger a "Node.js 20 actions are deprecated" warning until Codecov # releases a new version with Node.js 24 support. Expected and harmless for now. - name: 📈 Upload coverage to Codecov - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: #file: ./coverage.txt # This is the old format files: ./coverage-artifacts/coverage-data/coverage.txt diff --git a/.github/workflows/fortress-pre-commit.yml b/.github/workflows/fortress-pre-commit.yml index 1361c0d..0240621 100644 --- a/.github/workflows/fortress-pre-commit.yml +++ b/.github/workflows/fortress-pre-commit.yml @@ -291,6 +291,8 @@ jobs: - name: 🔨 Install go-pre-commit tool if: steps.go-pre-commit-cache.outputs.cache-hit != 'true' || env.GO_PRE_COMMIT_USE_LOCAL == 'true' id: install-pre-commit + env: + GH_TOKEN: ${{ secrets.github-token || github.token }} run: | # Check if we should use local development version if [[ "${{ env.GO_PRE_COMMIT_USE_LOCAL }}" == "true" ]]; then @@ -330,24 +332,90 @@ jobs: echo "install_success=true" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT else - # Use production version + # Use production version - download pre-built binary from GitHub releases VERSION="${{ env.GO_PRE_COMMIT_VERSION }}" - echo "âŦ‡ī¸ Cache miss – installing go-pre-commit version: $VERSION" + echo "âŦ‡ī¸ Cache miss – downloading go-pre-commit version: $VERSION" + + # Detect platform and architecture + OS=$(echo "${{ runner.os }}" | tr '[:upper:]' '[:lower:]') + ARCH=$(uname -m) + + # Map architecture names + case "$ARCH" in + x86_64|amd64) ARCH="amd64" ;; + aarch64|arm64) ARCH="arm64" ;; + *) echo "❌ Unsupported architecture: $ARCH" && exit 1 ;; + esac + + # Map OS names + case "$OS" in + linux) OS="linux" ;; + macos) OS="darwin" ;; + windows) OS="windows" ;; + *) echo "❌ Unsupported OS: $OS" && exit 1 ;; + esac + + echo "📋 Detected platform: ${OS}_${ARCH}" + + # Clean version (remove 'v' prefix if present) + CLEAN_VERSION="${VERSION#v}" + + # Build asset name and download using gh CLI + ASSET_NAME="go-pre-commit_${CLEAN_VERSION}_${OS}_${ARCH}.tar.gz" + echo "đŸ“Ĩ Downloading asset: $ASSET_NAME from mrz1836/go-pre-commit@$VERSION" + + # Download and extract + TEMP_DIR=$(mktemp -d) + cd "$TEMP_DIR" + + if gh release download "$VERSION" \ + --repo mrz1836/go-pre-commit \ + --pattern "$ASSET_NAME" \ + --dir .; then + echo "✅ Download successful" + else + echo "❌ Download failed for $ASSET_NAME from mrz1836/go-pre-commit@$VERSION" + exit 1 + fi + + # Extract the tarball + if tar -xzf "$ASSET_NAME"; then + echo "✅ Extraction successful" + else + echo "❌ Extraction failed" + exit 1 + fi - # Install using go install - go install github.com/mrz1836/go-pre-commit/cmd/go-pre-commit@$VERSION + # Find the go-pre-commit binary + PRE_COMMIT_BINARY=$(find . -name "go-pre-commit" -type f | head -1) + if [[ -z "$PRE_COMMIT_BINARY" ]]; then + echo "❌ Could not find go-pre-commit binary in extracted files" + ls -la + exit 1 + fi + + echo "✅ Found go-pre-commit binary at: $PRE_COMMIT_BINARY" - # Copy the freshly installed binary to cache directory + # Make it executable and copy to cache directory + chmod +x "$PRE_COMMIT_BINARY" mkdir -p ~/.cache/go-pre-commit-bin - cp "$(go env GOPATH)/bin/go-pre-commit" ~/.cache/go-pre-commit-bin/ + cp "$PRE_COMMIT_BINARY" ~/.cache/go-pre-commit-bin/go-pre-commit + + # Copy to GOPATH/bin for immediate use + mkdir -p "$(go env GOPATH)/bin" + cp ~/.cache/go-pre-commit-bin/go-pre-commit "$(go env GOPATH)/bin/go-pre-commit" # Store the validated binary path GO_BIN="$(go env GOPATH)/bin" GO_PRE_COMMIT_PATH="$GO_BIN/go-pre-commit" echo "GO_PRE_COMMIT_BINARY=$GO_PRE_COMMIT_PATH" >> $GITHUB_ENV + # Cleanup temp directory + cd / + rm -rf "$TEMP_DIR" + # Verify installation - echo "✅ go-pre-commit installed and stored in cache" + echo "✅ go-pre-commit downloaded and stored in cache" VERSION_OUTPUT=$("$GO_BIN/go-pre-commit" --version 2>&1 | head -1 || echo "$VERSION") echo "🏷ī¸ Version: $VERSION_OUTPUT" echo "install_success=true" >> $GITHUB_OUTPUT diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a379c3b..e6eae30 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -76,6 +76,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable the upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: results.sarif