Skip to content

[Sync] Update project files from source repository (2f986b0)#122

Merged
mrz1836 merged 6 commits intomasterfrom
chore/sync-files-mrz-tools-20260307-151830-2f986b0
Mar 7, 2026
Merged

[Sync] Update project files from source repository (2f986b0)#122
mrz1836 merged 6 commits intomasterfrom
chore/sync-files-mrz-tools-20260307-151830-2f986b0

Conversation

@mrz1836
Copy link
Owner

@mrz1836 mrz1836 commented Mar 7, 2026

What Changed

  • Refactored .github/actions/parse-env/action.yml to pass inputs.env-json as an environment variable (ENV_JSON) instead of assigning it directly in the bash script
  • Updated GOVULNCHECK_GO_VERSION from 1.26.0 to 1.26.1 in .github/env/00-core.env
  • Updated MAGE_X_GOLANGCI_LINT_VERSION from v2.10.1 to v2.11.1 in .github/env/10-mage-x.env
  • Updated GO_PRE_COMMIT_GOLANGCI_LINT_VERSION from v2.10.1 to v2.11.1 in .github/env/10-pre-commit.env

Why It Was Necessary

  • The parse-env action refactoring improves security by avoiding direct variable substitution in bash scripts, which can be vulnerable to injection attacks
  • Updating govulncheck to version 1.26.1 ensures the latest vulnerability scanning capabilities and bug fixes are available
  • Upgrading golangci-lint to v2.11.1 provides access to newer linting rules and improvements for code quality checks across both mage-x and pre-commit environments

Testing Performed

  • Verified that environment variable parsing in GitHub Actions workflows continues to function correctly with the new ENV_JSON environment variable approach
  • Confirmed that the updated tool versions are properly resolved and accessible in their respective workflow contexts
  • Validated that JSON validation logic remains intact and functional with the refactored environment variable handling

Impact / Risk

  • Low Risk: The parse-env action change is a refactoring that maintains the same functionality while improving security posture
  • Low Risk: Tool version updates are minor/patch releases that should be backwards compatible with existing configurations
  • No Breaking Changes: All changes are internal to CI/CD configuration and do not affect application code or public APIs

@mrz1836 mrz1836 self-assigned this Mar 7, 2026
@mrz1836 mrz1836 added automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps labels Mar 7, 2026
@github-actions github-actions bot added size/S Small change (11–50 lines) update General updates labels Mar 7, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 7, 2026
edited
Loading

Code Coverage Analysis

🟡 Overall Coverage: 85.0%
📊 Initial coverage report - no baseline available for comparison

Coverage Metrics

Metric Value Grade Trend
Percentage 85.0% ⭐ B+ 📊
Statements 3.3K/3.9K ⭐ B+ First report
Quality Score 85/100 ⭐ B+ 📈

Coverage Breakdown

████████████░░░ 85.0%

Resources

Generated via go-coverage2026-03-07 21:20:21 UTC

github-actions bot added a commit that referenced this pull request Mar 7, 2026
@github-actions
Deploy PR #122 coverage (commit d4d2d54)
b82ef83 
🏷️ Generated with GoFortress
mrz1836 added 5 commits March 7, 2026 16:14
@mrz1836
fix(checks): add nolint directives to suppress linter false positives
7ca9579 
Added directives to suppress gosec G703 false positive on intentional filename use and prealloc false positive on slice literal initialization.
@mrz1836
fix(integration): add nolint directive to suppress gosec false positive
af93ddc 
Add nolint directive to suppress gosec G704 false positive. The testServerURL is a controlled test server URL, not user input.
@mrz1836
fix(progress): add nolint directive to suppress gosec false positive
aadc76a 
Adds //nolint:gosec comment to suppress G118 false positive where cancel is properly invoked in the cleanup goroutine.
@mrz1836
test(tools): add defer cancel for proper context cleanup
e6cd581 
Add defer cancel() to TestRetryWithBackoff_ContextCancelled to ensure the context cancel function is properly invoked.
@mrz1836
fix(go-pre-commit): add nolint directive to suppress gosec g703
7dae9c9 
Suppress gosec G703 false positive for os.WriteFile since destination path is safely constructed via filepath.Join in controlled context.
github-actions bot added a commit that referenced this pull request Mar 7, 2026
@github-actions
Deploy PR #122 coverage (commit 66f36b8)
bae1500 
🏷️ Generated with GoFortress
@mrz1836 mrz1836 merged commit 909d7d7 into master Mar 7, 2026
43 checks passed
@github-actions github-actions bot deleted the chore/sync-files-mrz-tools-20260307-151830-2f986b0 branch March 7, 2026 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mrz1836 mrz1836

Labels

automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps size/S Small change (11–50 lines) update General updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrz1836