[Sync] Update project files from source repository (eec0e19)

.dockerignore

@@ -21,6 +21,7 @@ vendor/
 
 # Binaries for programs and plugins
 dist/
+!dist/linux/
 gin-bin
 *.exe
 *.exe~

.github/actions/setup-go-with-cache/action.yml

@@ -211,6 +211,7 @@ runs:
 
     # --------------------------------------------------------------------
     # Go module cache (shared across versions)
+    # Uses actions/cache which handles both restore and save
     # --------------------------------------------------------------------
     - name: 💾 Go module cache
       id: restore-gomod
@@ -284,6 +285,7 @@ runs:
 
     # --------------------------------------------------------------------
     # Go build cache (per-version)
+    # Uses actions/cache which handles both restore and save
     # --------------------------------------------------------------------
     - name: 💾 Go build cache
       id: restore-gobuild
@@ -440,7 +442,7 @@ runs:
     # --------------------------------------------------------------------
     - name: 🏗️ Set up Go
       id: setup-go
-      uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
+      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
       with:
         go-version: ${{ inputs.go-version }}
         cache: false # we handle caches ourselves

.github/env/10-mage-x.env

@@ -36,7 +36,7 @@
 # ================================================================================================
 
 # MAGE-X version
-MAGE_X_VERSION=v1.20.11
+MAGE_X_VERSION=v1.20.15
 
 # For mage-x development, set to 'true' to use local version instead of downloading from releases
 MAGE_X_USE_LOCAL=false
@@ -59,10 +59,10 @@ MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea
 # 🛠️ TOOL VERSIONS
 # ================================================================================================
 
-MAGE_X_GITLEAKS_VERSION=8.30.0
+MAGE_X_GITLEAKS_VERSION=8.30.1
 MAGE_X_GOFUMPT_VERSION=v0.9.2
-MAGE_X_GOLANGCI_LINT_VERSION=v2.11.3
-MAGE_X_GORELEASER_VERSION=v2.14.3
+MAGE_X_GOLANGCI_LINT_VERSION=v2.11.4
+MAGE_X_GORELEASER_VERSION=v2.15.2
 MAGE_X_GOVULNCHECK_VERSION=v1.1.4
 MAGE_X_GO_SECONDARY_VERSION=1.24.x
 MAGE_X_GO_VERSION=1.24.x
@@ -72,7 +72,7 @@ MAGE_X_STATICCHECK_VERSION=2026.1
 MAGE_X_SWAG_VERSION=v1.16.6
 MAGE_X_YAMLFMT_VERSION=v0.21.0
 MAGE_X_BENCHSTAT_VERSION=v0.0.0-20260312031701-16a31bc5fbd0
-MAGE_X_MAGE_VERSION=v1.16.0
+MAGE_X_MAGE_VERSION=v1.17.1
 
 # ================================================================================================
 # 📝 RUNTIME VARIABLES (set by setup-goreleaser action)

.github/env/10-pre-commit.env

@@ -26,7 +26,7 @@
 # 🪝 PRE-COMMIT TOOL VERSION
 # ================================================================================================
 
-GO_PRE_COMMIT_VERSION=v1.8.0
+GO_PRE_COMMIT_VERSION=v1.8.1
 GO_PRE_COMMIT_USE_LOCAL=false
 
 # ================================================================================================
@@ -52,10 +52,10 @@ GO_PRE_COMMIT_ALL_FILES=true
 # 🛠️ TOOL VERSIONS
 # ================================================================================================
 
-GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.11.3
+GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.11.4
 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.2
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest
-GO_PRE_COMMIT_GITLEAKS_VERSION=v8.30.0
+GO_PRE_COMMIT_GITLEAKS_VERSION=v8.30.1
 
 # Build tags for golangci-lint and other tools
 GO_PRE_COMMIT_BUILD_TAGS=

.github/env/10-security.env

@@ -60,6 +60,6 @@ MAGE_X_CVE_EXCLUDES=CVE-9999-12345,CVE-9999-43210
 # 🛠️ SECURITY TOOL VERSIONS
 # ================================================================================================
 
-GITLEAKS_VERSION=8.30.0
+GITLEAKS_VERSION=8.30.1
 GOVULNCHECK_VERSION=v1.1.4
 NANCY_VERSION=v1.2.0

.github/workflows/codeql-analysis.yml

@@ -46,7 +46,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
+        uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
       #    uses a compiled language
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1

.github/workflows/dependabot-auto-merge.yml

@@ -163,7 +163,7 @@ jobs:
       # --------------------------------------------------------------------
       - name: 📊 Fetch Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
+        uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/fortress-coverage.yml

@@ -2488,7 +2488,7 @@ jobs:
       # This will trigger a "Node.js 20 actions are deprecated" warning until Codecov
       # releases a new version with Node.js 24 support. Expected and harmless for now.
       - name: 📈 Upload coverage to Codecov
-        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
         with:
           #file: ./coverage.txt # This is the old format
           files: ./coverage-artifacts/coverage-data/coverage.txt

.github/workflows/fortress-pre-commit.yml

@@ -291,6 +291,8 @@ jobs:
       - name: 🔨 Install go-pre-commit tool
         if: steps.go-pre-commit-cache.outputs.cache-hit != 'true' || env.GO_PRE_COMMIT_USE_LOCAL == 'true'
         id: install-pre-commit
+        env:
+          GH_TOKEN: ${{ secrets.github-token || github.token }}
         run: |
           # Check if we should use local development version
           if [[ "${{ env.GO_PRE_COMMIT_USE_LOCAL }}" == "true" ]]; then
@@ -330,24 +332,90 @@ jobs:
             echo "install_success=true" >> $GITHUB_OUTPUT
             echo "version=$VERSION" >> $GITHUB_OUTPUT
           else
-            # Use production version
+            # Use production version - download pre-built binary from GitHub releases
             VERSION="${{ env.GO_PRE_COMMIT_VERSION }}"
-            echo "⬇️ Cache miss – installing go-pre-commit version: $VERSION"
+            echo "⬇️ Cache miss – downloading go-pre-commit version: $VERSION"
+
+            # Detect platform and architecture
+            OS=$(echo "${{ runner.os }}" | tr '[:upper:]' '[:lower:]')
+            ARCH=$(uname -m)
+
+            # Map architecture names
+            case "$ARCH" in
+              x86_64|amd64) ARCH="amd64" ;;
+              aarch64|arm64) ARCH="arm64" ;;
+              *) echo "❌ Unsupported architecture: $ARCH" && exit 1 ;;
+            esac
+
+            # Map OS names
+            case "$OS" in
+              linux) OS="linux" ;;
+              macos) OS="darwin" ;;
+              windows) OS="windows" ;;
+              *) echo "❌ Unsupported OS: $OS" && exit 1 ;;
+            esac
+
+            echo "📋 Detected platform: ${OS}_${ARCH}"
+
+            # Clean version (remove 'v' prefix if present)
+            CLEAN_VERSION="${VERSION#v}"
+
+            # Build asset name and download using gh CLI
+            ASSET_NAME="go-pre-commit_${CLEAN_VERSION}_${OS}_${ARCH}.tar.gz"
+            echo "📥 Downloading asset: $ASSET_NAME from mrz1836/go-pre-commit@$VERSION"
+
+            # Download and extract
+            TEMP_DIR=$(mktemp -d)
+            cd "$TEMP_DIR"
+
+            if gh release download "$VERSION" \
+                --repo mrz1836/go-pre-commit \
+                --pattern "$ASSET_NAME" \
+                --dir .; then
+              echo "✅ Download successful"
+            else
+              echo "❌ Download failed for $ASSET_NAME from mrz1836/go-pre-commit@$VERSION"
+              exit 1
+            fi
+
+            # Extract the tarball
+            if tar -xzf "$ASSET_NAME"; then
+              echo "✅ Extraction successful"
+            else
+              echo "❌ Extraction failed"
+              exit 1
+            fi
 
-            # Install using go install
-            go install github.com/mrz1836/go-pre-commit/cmd/go-pre-commit@$VERSION
+            # Find the go-pre-commit binary
+            PRE_COMMIT_BINARY=$(find . -name "go-pre-commit" -type f | head -1)
+            if [[ -z "$PRE_COMMIT_BINARY" ]]; then
+              echo "❌ Could not find go-pre-commit binary in extracted files"
+              ls -la
+              exit 1
+            fi
+
+            echo "✅ Found go-pre-commit binary at: $PRE_COMMIT_BINARY"
 
-            # Copy the freshly installed binary to cache directory
+            # Make it executable and copy to cache directory
+            chmod +x "$PRE_COMMIT_BINARY"
             mkdir -p ~/.cache/go-pre-commit-bin
-            cp "$(go env GOPATH)/bin/go-pre-commit" ~/.cache/go-pre-commit-bin/
+            cp "$PRE_COMMIT_BINARY" ~/.cache/go-pre-commit-bin/go-pre-commit
+
+            # Copy to GOPATH/bin for immediate use
+            mkdir -p "$(go env GOPATH)/bin"
+            cp ~/.cache/go-pre-commit-bin/go-pre-commit "$(go env GOPATH)/bin/go-pre-commit"
 
             # Store the validated binary path
             GO_BIN="$(go env GOPATH)/bin"
             GO_PRE_COMMIT_PATH="$GO_BIN/go-pre-commit"
             echo "GO_PRE_COMMIT_BINARY=$GO_PRE_COMMIT_PATH" >> $GITHUB_ENV
 
+            # Cleanup temp directory
+            cd /
+            rm -rf "$TEMP_DIR"
+
             # Verify installation
-            echo "✅ go-pre-commit installed and stored in cache"
+            echo "✅ go-pre-commit downloaded and stored in cache"
             VERSION_OUTPUT=$("$GO_BIN/go-pre-commit" --version 2>&1 | head -1 || echo "$VERSION")
             echo "🏷️ Version: $VERSION_OUTPUT"
             echo "install_success=true" >> $GITHUB_OUTPUT

.github/workflows/scorecard.yml

@@ -76,6 +76,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable the upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: results.sarif