generated from bitcoin-sv/template
-
-
Notifications
You must be signed in to change notification settings - Fork 1
865 lines (807 loc) · 49.1 KB
/
fortress-setup-config.yml
File metadata and controls
865 lines (807 loc) · 49.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
# ------------------------------------------------------------------------------------
# Setup Configuration (Reusable Workflow) (GoFortress)
#
# Purpose: Set up the CI configuration, parse environment variables, and generate
# test matrices for the main workflow. This workflow handles all the initial
# configuration logic.
#
# Maintainer: @mrz1836
#
# ------------------------------------------------------------------------------------
name: GoFortress (Setup Configuration)
on:
workflow_call:
inputs:
env-json:
description: "JSON string of environment variables"
required: true
type: string
primary-runner:
description: "Primary runner OS"
required: true
type: string
env-file-count:
description: "Number of env files loaded"
required: false
type: string
default: "0"
var-count:
description: "Total number of variables loaded"
required: false
type: string
default: "0"
secrets:
github-token:
description: "GitHub token for API access"
required: true
outputs:
benchmarks-enabled:
description: "Whether benchmarks are enabled"
value: ${{ jobs.setup-config.outputs.benchmarks-enabled }}
benchmark-matrix:
description: "Benchmark matrix JSON"
value: ${{ jobs.setup-config.outputs.benchmark-matrix }}
code-coverage-enabled:
description: "Whether code coverage is enabled"
value: ${{ jobs.setup-config.outputs.code-coverage-enabled }}
coverage-provider:
description: "Coverage service provider (internal or codecov)"
value: ${{ jobs.setup-config.outputs.coverage-provider }}
cache-warming-enabled:
description: "Whether cache warming is enabled"
value: ${{ jobs.setup-config.outputs.cache-warming-enabled }}
fuzz-testing-enabled:
description: "Whether fuzz testing is enabled"
value: ${{ jobs.setup-config.outputs.fuzz-testing-enabled }}
go-tests-enabled:
description: "Whether Go tests are enabled"
value: ${{ jobs.setup-config.outputs.go-tests-enabled }}
go-primary-version:
description: "Primary Go version"
value: ${{ jobs.setup-config.outputs.go-primary-version }}
go-secondary-version:
description: "Secondary Go version"
value: ${{ jobs.setup-config.outputs.go-secondary-version }}
go-sum-file:
description: "Go sum file location for dependency verification"
value: ${{ jobs.setup-config.outputs.go-sum-file }}
go-versions:
description: "Unique Go versions array"
value: ${{ jobs.setup-config.outputs.go-versions }}
go-lint-enabled:
description: "Whether Go linting is enabled"
value: ${{ jobs.setup-config.outputs.go-lint-enabled }}
yaml-lint-enabled:
description: "Whether YAML linting is enabled"
value: ${{ jobs.setup-config.outputs.yaml-lint-enabled }}
magefile-exists:
description: "Whether .mage.yaml exists"
value: ${{ jobs.setup-config.outputs.magefile-exists }}
primary-runner:
description: "Primary runner OS"
value: ${{ jobs.setup-config.outputs.primary-runner }}
race-detection-enabled:
description: "Whether race detection is enabled"
value: ${{ jobs.setup-config.outputs.race-detection-enabled }}
secondary-runner:
description: "Secondary runner OS"
value: ${{ jobs.setup-config.outputs.secondary-runner }}
security-scans-enabled:
description: "Whether security scans are enabled"
value: ${{ jobs.setup-config.outputs.security-scans-enabled }}
nancy-enabled:
description: "Whether Nancy dependency checks are enabled"
value: ${{ jobs.setup-config.outputs.nancy-enabled }}
govulncheck-enabled:
description: "Whether govulncheck vulnerability scanning is enabled"
value: ${{ jobs.setup-config.outputs.govulncheck-enabled }}
gitleaks-enabled:
description: "Whether Gitleaks secret scanning is enabled"
value: ${{ jobs.setup-config.outputs.gitleaks-enabled }}
is-release-run:
description: "Whether this is a release-eligible run (tag starting with v)"
value: ${{ jobs.setup-config.outputs.is-release-run }}
start-epoch:
description: "Workflow start epoch time"
value: ${{ jobs.setup-config.outputs.start-epoch }}
start-time:
description: "Workflow start time"
value: ${{ jobs.setup-config.outputs.start-time }}
static-analysis-enabled:
description: "Whether static analysis is enabled"
value: ${{ jobs.setup-config.outputs.static-analysis-enabled }}
test-matrix:
description: "Test matrix JSON"
value: ${{ jobs.setup-config.outputs.test-matrix }}
warm-cache-matrix:
description: "Warm cache matrix JSON"
value: ${{ jobs.setup-config.outputs.warm-cache-matrix }}
pre-commit-enabled:
description: "Whether pre-commit checks are enabled"
value: ${{ jobs.setup-config.outputs.pre-commit-enabled }}
gofortress-version:
description: "GoFortress workflow system version"
value: ${{ jobs.setup-config.outputs.gofortress-version }}
gofortress-released:
description: "GoFortress release date"
value: ${{ jobs.setup-config.outputs.gofortress-released }}
redis-enabled:
description: "Whether Redis service is enabled"
value: ${{ jobs.setup-config.outputs.redis-enabled }}
redis-version:
description: "Redis Docker image version"
value: ${{ jobs.setup-config.outputs.redis-version }}
redis-host:
description: "Redis host for tests"
value: ${{ jobs.setup-config.outputs.redis-host }}
redis-port:
description: "Redis port for tests"
value: ${{ jobs.setup-config.outputs.redis-port }}
redis-health-retries:
description: "Redis health check retry count"
value: ${{ jobs.setup-config.outputs.redis-health-retries }}
redis-health-interval:
description: "Redis health check interval in seconds"
value: ${{ jobs.setup-config.outputs.redis-health-interval }}
redis-health-timeout:
description: "Redis health check timeout in seconds"
value: ${{ jobs.setup-config.outputs.redis-health-timeout }}
redis-cache-force-pull:
description: "Whether to force pull Redis images even when cached"
value: ${{ jobs.setup-config.outputs.redis-cache-force-pull }}
redis-trust-service-health:
description: "Trust GitHub Actions service container health checks (skip redis-cli verification)"
value: ${{ jobs.setup-config.outputs.redis-trust-service-health }}
redis-service-mode:
description: "Redis service mode (auto, always, never)"
value: ${{ jobs.setup-config.outputs.redis-service-mode }}
is-fork-pr:
description: "Whether this is a fork PR (true/false)"
value: ${{ jobs.setup-config.outputs.is-fork-pr }}
fork-security-mode:
description: "Security mode for fork PRs (safe/unsafe)"
value: ${{ jobs.setup-config.outputs.fork-security-mode }}
completion-report-enabled:
description: "Whether workflow completion report is enabled"
value: ${{ jobs.setup-config.outputs.completion-report-enabled }}
# Security: Restrict default permissions (jobs must explicitly request what they need)
permissions: {}
jobs:
# ----------------------------------------------------------------------------------
# Setup the configuration for the CI environment
# ----------------------------------------------------------------------------------
setup-config:
name: 🔧 Setup CI Config
runs-on: ${{ inputs.primary-runner }}
permissions:
contents: read
outputs:
benchmarks-enabled: ${{ steps.config.outputs.benchmarks-enabled }}
benchmark-matrix: ${{ steps.matrix.outputs.matrix }}
code-coverage-enabled: ${{ steps.config.outputs.code-coverage-enabled }}
coverage-provider: ${{ steps.config.outputs.coverage-provider }}
cache-warming-enabled: ${{ steps.config.outputs.cache-warming-enabled }}
fuzz-testing-enabled: ${{ steps.config.outputs.fuzz-testing-enabled }}
go-tests-enabled: ${{ steps.config.outputs.go-tests-enabled }}
go-primary-version: ${{ steps.config.outputs.go-primary-version }}
go-secondary-version: ${{ steps.config.outputs.go-secondary-version }}
go-sum-file: ${{ steps.config.outputs.go-sum-file }}
go-versions: ${{ steps.versions.outputs.versions }}
go-lint-enabled: ${{ steps.config.outputs.go-lint-enabled }}
yaml-lint-enabled: ${{ steps.config.outputs.yaml-lint-enabled }}
magefile-exists: ${{ steps.config.outputs.magefile-exists }}
primary-runner: ${{ steps.config.outputs.primary-runner }}
race-detection-enabled: ${{ steps.config.outputs.race-detection-enabled }}
secondary-runner: ${{ steps.config.outputs.secondary-runner }}
security-scans-enabled: ${{ steps.config.outputs.security-scans-enabled }}
nancy-enabled: ${{ steps.config.outputs.nancy-enabled }}
govulncheck-enabled: ${{ steps.config.outputs.govulncheck-enabled }}
gitleaks-enabled: ${{ steps.config.outputs.gitleaks-enabled }}
is-release-run: ${{ steps.config.outputs.is-release-run }}
start-epoch: ${{ steps.timer.outputs.start-epoch }}
start-time: ${{ steps.timer.outputs.start-time }}
static-analysis-enabled: ${{ steps.config.outputs.static-analysis-enabled }}
test-matrix: ${{ steps.matrix.outputs.matrix }}
warm-cache-matrix: ${{ steps.matrix.outputs.matrix }}
pre-commit-enabled: ${{ steps.config.outputs.pre-commit-enabled }}
gofortress-version: ${{ steps.extract-version.outputs.version }}
gofortress-released: ${{ steps.extract-version.outputs.released }}
redis-enabled: ${{ steps.redis-config.outputs.redis-enabled }}
redis-version: ${{ steps.redis-config.outputs.redis-version }}
redis-host: ${{ steps.redis-config.outputs.redis-host }}
redis-port: ${{ steps.redis-config.outputs.redis-port }}
redis-health-retries: ${{ steps.redis-config.outputs.redis-health-retries }}
redis-health-interval: ${{ steps.redis-config.outputs.redis-health-interval }}
redis-health-timeout: ${{ steps.redis-config.outputs.redis-health-timeout }}
redis-cache-force-pull: ${{ steps.redis-config.outputs.redis-cache-force-pull }}
redis-trust-service-health: ${{ steps.redis-config.outputs.redis-trust-service-health }}
redis-service-mode: ${{ steps.redis-config.outputs.redis-service-mode }}
is-fork-pr: ${{ steps.fork-detection.outputs.is-fork-pr }}
fork-security-mode: ${{ steps.fork-detection.outputs.fork-security-mode }}
completion-report-enabled: ${{ steps.config.outputs.completion-report-enabled }}
steps:
# --------------------------------------------------------------------
# Start timer to record workflow start time
# --------------------------------------------------------------------
- name: ⏱️ Record start time
id: timer
run: |
START_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
START_EPOCH=$(date +%s)
echo "start-time=$START_TIME" >> $GITHUB_OUTPUT
echo "start-epoch=$START_EPOCH" >> $GITHUB_OUTPUT
echo "🚀 Workflow started at: $START_TIME"
# --------------------------------------------------------------------
# Detect Fork PR Status
# --------------------------------------------------------------------
- name: 🔍 Detect Fork PR Status
id: fork-detection
env:
EVENT_NAME: ${{ github.event_name }}
PR_HEAD_REPO: ${{ github.event.pull_request.head.repo && github.event.pull_request.head.repo.full_name || '' }}
BASE_REPO: ${{ github.repository }}
run: |
echo "🔍 Detecting fork status..."
echo "════════════════════════════════════════════════════════════════"
echo "Event: $EVENT_NAME"
echo "PR Head Repo: $PR_HEAD_REPO"
echo "Base Repo: $BASE_REPO"
echo "════════════════════════════════════════════════════════════════"
# Check if this is a fork PR
if [[ "$EVENT_NAME" == "pull_request" && -n "$PR_HEAD_REPO" && "$PR_HEAD_REPO" != "$BASE_REPO" ]]; then
echo "🚨 FORK PR DETECTED"
echo "is-fork-pr=true" >> $GITHUB_OUTPUT
echo "fork-security-mode=safe" >> $GITHUB_OUTPUT
echo ""
echo "⚠️ Security Mode: SAFE (Fork PR)"
echo " - Security scans requiring secrets will be skipped"
echo " - Test suite with Codecov will be skipped"
echo " - Release job will be skipped (PRs can't trigger releases anyway)"
echo " - All other checks will run normally"
else
echo "✅ NOT A FORK PR (Same repository or not a PR event)"
echo "is-fork-pr=false" >> $GITHUB_OUTPUT
echo "fork-security-mode=full" >> $GITHUB_OUTPUT
echo ""
echo "✅ Security Mode: FULL"
echo " - All jobs will run with full access to secrets"
fi
echo "════════════════════════════════════════════════════════════════"
# --------------------------------------------------------------------
# Parse environment variables from JSON
# --------------------------------------------------------------------
- name: 🔧 Parse environment variables
id: parse-env
env:
ENV_JSON: ${{ inputs.env-json }}
run: |
echo "📋 Parsing environment variables..."
# Extract each variable from JSON and set as output
echo "$ENV_JSON" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' | while IFS='=' read -r key value; do
echo "$key=$value" >> $GITHUB_ENV
done
echo "✅ Environment variables parsed successfully"
# --------------------------------------------------------------------
# Checkout code (sparse checkout)
# --------------------------------------------------------------------
- name: 📥 Checkout (sparse)
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
sparse-checkout: |
.mage.yaml
go.mod
go.work
${{ env.GO_SUM_FILE }}
.github/workflows/fortress.yml
.github/actions/configure-redis
.github/actions/extract-module-dir
# --------------------------------------------------------------------
# Extract Go module directory from GO_SUM_FILE path
# --------------------------------------------------------------------
- name: 🔧 Extract Go module directory
id: extract-module-dir
uses: ./.github/actions/extract-module-dir
with:
go-sum-file: ${{ env.GO_SUM_FILE }}
# --------------------------------------------------------------------
# Detect go.work file for multi-module workspace
# --------------------------------------------------------------------
- name: 🔍 Detect Multi-Module Workspace
id: detect-gowork
run: |
if [ -f "go.work" ]; then
echo "gowork-exists=true" >> $GITHUB_OUTPUT
echo "✅ go.work file found - multi-module workspace detected"
else
echo "gowork-exists=false" >> $GITHUB_OUTPUT
echo "ℹ️ No go.work file found - single module repository"
fi
# --------------------------------------------------------------------
# Extract GoFortress version metadata from fortress.yml
# --------------------------------------------------------------------
- name: 📋 Extract GoFortress Version
id: extract-version
run: |
# Extract version metadata from the fortress.yml file
FORTRESS_FILE=".github/workflows/fortress.yml"
echo "🔍 Looking for GoFortress version in: $FORTRESS_FILE"
if [ -f "$FORTRESS_FILE" ]; then
echo "✅ Found fortress.yml file"
# Extract version information from the main header (format: # Version: X.Y.Z | Released: YYYY-MM-DD)
VERSION_LINE=$(grep "# Version:" "$FORTRESS_FILE" | head -1)
if [ -n "$VERSION_LINE" ]; then
FORTRESS_VERSION=$(echo "$VERSION_LINE" | sed 's/.*Version: //' | sed 's/ |.*//')
FORTRESS_RELEASED=$(echo "$VERSION_LINE" | sed 's/.*Released: //' | tr -d ' ')
echo "🏰 GoFortress Version: $FORTRESS_VERSION"
echo "📅 Released: $FORTRESS_RELEASED"
# Set outputs for use in other steps
echo "version=$FORTRESS_VERSION" >> $GITHUB_OUTPUT
echo "released=$FORTRESS_RELEASED" >> $GITHUB_OUTPUT
else
echo "⚠️ Version line not found in fortress.yml"
echo "version=unknown" >> $GITHUB_OUTPUT
echo "released=unknown" >> $GITHUB_OUTPUT
fi
else
echo "❌ fortress.yml not found at $FORTRESS_FILE"
echo "📂 Current directory contents:"
ls -la
echo "📂 .github/workflows/ contents:"
ls -la .github/workflows/ || echo "Directory not found"
echo "version=unknown" >> $GITHUB_OUTPUT
echo "released=unknown" >> $GITHUB_OUTPUT
fi
# --------------------------------------------------------------------
# Get Go versions and set up the matrix
# --------------------------------------------------------------------
- name: 🔍 Get Unique Go Versions
id: versions
run: |
# Create array of unique versions
VERSIONS=$(jq -n \
--arg v1 "${{ env.GO_PRIMARY_VERSION }}" \
--arg v2 "${{ env.GO_SECONDARY_VERSION }}" \
'[$v1, $v2] | unique | sort')
VERSIONS=$(echo "$VERSIONS" | jq -c .)
echo "versions=$VERSIONS" >> "$GITHUB_OUTPUT"
echo "✅ Unique Go versions: $VERSIONS"
# --------------------------------------------------------------------
# Generate the test matrix based on Go versions and runner OSes
# --------------------------------------------------------------------
- name: 🔧 Generate Optimized Matrix
id: matrix
shell: bash
run: |
echo "🎯 Generating test matrix..."
# ------------------------------------------------------------
# Prepare runner list (max 2)
# ------------------------------------------------------------
PRIMARY="${{ env.PRIMARY_RUNNER }}"
SECONDARY="${{ env.SECONDARY_RUNNER }}"
RUNNERS=("$PRIMARY")
if [[ "$SECONDARY" != "$PRIMARY" ]]; then
RUNNERS+=("$SECONDARY")
fi
# ------------------------------------------------------------
# Get Go versions from previous step
# ------------------------------------------------------------
VERSIONS='${{ steps.versions.outputs.versions }}'
VERSION_COUNT=$(echo "$VERSIONS" | jq 'length')
# Start with an empty matrix
MATRIX='{"include": []}'
# ------------------------------------------------------------
# Build the matrix
# ------------------------------------------------------------
for OS in "${RUNNERS[@]}"; do
if [[ "$OS" == *"ubuntu"* ]]; then
OS_SHORT="Linux"
else
OS_SHORT="macOS"
fi
for i in $(seq 0 $((VERSION_COUNT - 1))); do
GO_VERSION=$(echo "$VERSIONS" | jq -r ".[$i]")
IS_PRIMARY=$([[ "$GO_VERSION" == "${{ env.GO_PRIMARY_VERSION }}" ]] && echo "true" || echo "false")
# Determine name (simplified without fuzz setting)
if [[ "$OS_SHORT" == "Linux" && "$IS_PRIMARY" == "true" ]]; then
NAME="$OS_SHORT (Primary Go $GO_VERSION)"
else
if [[ "$VERSION_COUNT" -eq 1 ]]; then
NAME="$OS_SHORT"
else
NAME="$OS_SHORT Go $GO_VERSION"
fi
fi
# Append to matrix
MATRIX=$(echo "$MATRIX" | jq \
--arg os "$OS" \
--arg go "$GO_VERSION" \
--arg name "$NAME" \
'.include += [{
"os": $os,
"go-version": $go,
"name": $name
}]')
done
done
# ------------------------------------------------------------
# Output the matrix
# ------------------------------------------------------------
echo "matrix=$(echo "$MATRIX" | jq -c .)" >> "$GITHUB_OUTPUT"
echo "✅ Matrix generated successfully"
# --------------------------------------------------------------------
# Configure environment variables
# --------------------------------------------------------------------
- name: 🔧 Configure CI Environment Configuration
id: config
run: |
echo "🎯 Configuring environment variables for CI..."
# Validate and export Go versions
echo "go-primary-version=${{ env.GO_PRIMARY_VERSION }}" >> $GITHUB_OUTPUT
echo "go-secondary-version=${{ env.GO_SECONDARY_VERSION }}" >> $GITHUB_OUTPUT
echo "go-sum-file=${{ env.GO_SUM_FILE }}" >> $GITHUB_OUTPUT
# Export runners (for reference in steps, not job level)
echo "primary-runner=${{ env.PRIMARY_RUNNER }}" >> $GITHUB_OUTPUT
echo "secondary-runner=${{ env.SECONDARY_RUNNER }}" >> $GITHUB_OUTPUT
# Check if .mage.yaml exists
if [ -f ".mage.yaml" ]; then
echo "magefile-exists=true" >> $GITHUB_OUTPUT
echo "✅ .mage.yaml found"
else
echo "magefile-exists=false" >> $GITHUB_OUTPUT
echo "⚠️ No .mage.yaml found"
if [ "${{ env.MAGEFILE_REQUIRED }}" == "true" ]; then
echo "❌ .mage.yaml is required but not found!"
exit 1
fi
fi
# Feature flags
echo "benchmarks-enabled=${{ env.ENABLE_BENCHMARKS }}" >> $GITHUB_OUTPUT
echo "cache-warming-enabled=${{ env.ENABLE_CACHE_WARMING }}" >> $GITHUB_OUTPUT
echo "code-coverage-enabled=${{ env.ENABLE_CODE_COVERAGE }}" >> $GITHUB_OUTPUT
echo "coverage-provider=${{ env.GO_COVERAGE_PROVIDER }}" >> $GITHUB_OUTPUT
# Validate coverage provider configuration
if [ "${{ env.ENABLE_CODE_COVERAGE }}" == "true" ]; then
PROVIDER="${{ env.GO_COVERAGE_PROVIDER }}"
if [ "$PROVIDER" != "internal" ] && [ "$PROVIDER" != "codecov" ]; then
echo "❌ Invalid GO_COVERAGE_PROVIDER: $PROVIDER"
echo " Valid options are: internal, codecov"
exit 1
fi
# Check for codecov token requirement
if [ "$PROVIDER" == "codecov" ]; then
echo "✅ Coverage provider: Codecov"
else
echo "✅ Coverage provider: Internal (go-coverage with GitHub Pages)"
fi
fi
echo "go-lint-enabled=${{ env.ENABLE_GO_LINT }}" >> $GITHUB_OUTPUT
echo "yaml-lint-enabled=${{ env.ENABLE_YAML_LINT }}" >> $GITHUB_OUTPUT
echo "race-detection-enabled=${{ env.ENABLE_RACE_DETECTION }}" >> $GITHUB_OUTPUT
echo "benchmark-mode=${{ env.BENCHMARK_MODE }}" >> $GITHUB_OUTPUT
echo "benchmark-timeout=${{ env.BENCHMARK_TIMEOUT }}" >> $GITHUB_OUTPUT
# Security scans - enable if any individual tool is enabled
if [[ "${{ env.ENABLE_SECURITY_SCAN_NANCY }}" == "true" || "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" || "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ]]; then
echo "security-scans-enabled=true" >> $GITHUB_OUTPUT
else
echo "security-scans-enabled=false" >> $GITHUB_OUTPUT
fi
echo "nancy-enabled=${{ env.ENABLE_SECURITY_SCAN_NANCY }}" >> $GITHUB_OUTPUT
echo "govulncheck-enabled=${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" >> $GITHUB_OUTPUT
echo "gitleaks-enabled=${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" >> $GITHUB_OUTPUT
echo "static-analysis-enabled=${{ env.ENABLE_STATIC_ANALYSIS }}" >> $GITHUB_OUTPUT
echo "fuzz-testing-enabled=${{ env.ENABLE_FUZZ_TESTING }}" >> $GITHUB_OUTPUT
echo "go-tests-enabled=${{ env.ENABLE_GO_TESTS }}" >> $GITHUB_OUTPUT
echo "pre-commit-enabled=${{ env.ENABLE_GO_PRE_COMMIT }}" >> $GITHUB_OUTPUT
echo "completion-report-enabled=${{ env.ENABLE_COMPLETION_REPORT }}" >> $GITHUB_OUTPUT
# Detect if this is a release run
if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
echo "is-release-run=true" >> $GITHUB_OUTPUT
echo "🚀 Release detected: Tag ${{ github.ref_name }}"
else
echo "is-release-run=false" >> $GITHUB_OUTPUT
fi
# --------------------------------------------------------------------
# Configure Redis service settings using composite action
# --------------------------------------------------------------------
- name: 🗄️ Configure Redis Service
id: redis-config
uses: ./.github/actions/configure-redis
with:
env-json: ${{ inputs.env-json }}
# --------------------------------------------------------------------
# Build the configuration summary (Part 1: Compact Overview)
# --------------------------------------------------------------------
- name: 📋 Build Configuration Summary (Part 1)
id: config-summary-part1
env:
ENV_JSON: ${{ inputs.env-json }}
run: |
UNIQUE_GO_VERSIONS='${{ steps.versions.outputs.versions }}'
MATRIX_JSON='${{ steps.matrix.outputs.matrix }}'
# Count environment variables
ENV_COUNT=$(echo "$ENV_JSON" | jq 'keys | length')
ENABLED_FEATURES=$(echo "$ENV_JSON" | jq -r '[to_entries | .[] | select(.key | startswith("ENABLE_")) | select(.value == "true")] | length')
DISABLED_FEATURES=$(echo "$ENV_JSON" | jq -r '[to_entries | .[] | select(.key | startswith("ENABLE_")) | select(.value == "false")] | length')
MATRIX_COUNT=$(echo "$MATRIX_JSON" | jq '.include | length')
# =================================================================
# COMPACT SUMMARY (Always visible - the "5%")
# =================================================================
echo "# 🏰 GoFortress CI Configuration" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Property | Value |" >> $GITHUB_STEP_SUMMARY
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **Version** | \`${{ steps.extract-version.outputs.version }}\` (${{ steps.extract-version.outputs.released }}) |" >> $GITHUB_STEP_SUMMARY
echo "| **Trigger** | \`${{ github.event_name }}\` → \`${{ github.ref_name }}\` @ \`${GITHUB_SHA:0:7}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Features** | $ENABLED_FEATURES enabled · $DISABLED_FEATURES disabled |" >> $GITHUB_STEP_SUMMARY
echo "| **Test Matrix** | $MATRIX_COUNT combinations |" >> $GITHUB_STEP_SUMMARY
echo "| **Go Versions** | $(echo "$UNIQUE_GO_VERSIONS" | jq -r 'join(", ")') |" >> $GITHUB_STEP_SUMMARY
# Show private module status if GOPRIVATE is configured
GOPRIVATE_VAL=$(echo "$ENV_JSON" | jq -r '.GOPRIVATE // ""')
if [ -n "$GOPRIVATE_VAL" ]; then
echo "| **Private Modules** | \`$GOPRIVATE_VAL\` |" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
# Fork PR Warning (if applicable) - this stays visible
if [[ "${{ steps.fork-detection.outputs.is-fork-pr }}" == "true" ]]; then
echo "⚠️ **FORK PR DETECTED** — Security scans requiring secrets will be skipped." >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
# =================================================================
# INDIVIDUAL COLLAPSIBLE SECTIONS (Each one collapsed by default)
# =================================================================
# Workflow Trigger Information (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🎯 Workflow Trigger</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Trigger Details" >> $GITHUB_STEP_SUMMARY
echo "| Property | Value |" >> $GITHUB_STEP_SUMMARY
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **Trigger Type** | \`${{ github.event_name }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Reference** | \`${{ github.ref }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Branch/Tag** | \`${{ github.ref_name }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Commit SHA** | \`${{ github.sha }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Is Tag Push** | $([ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ] && echo "✅ Yes" || echo "❌ No") |" >> $GITHUB_STEP_SUMMARY
echo "| **Is Release Eligible** | $([ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ] && echo "🚀 Yes" || echo "❌ No") |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Fork PR Status (if applicable)
if [[ "${{ steps.fork-detection.outputs.is-fork-pr }}" == "true" ]]; then
echo "#### 🔐 Fork PR Security" >> $GITHUB_STEP_SUMMARY
echo "**Security Mode:** \`${{ steps.fork-detection.outputs.fork-security-mode }}\`" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Runs:** Setup, MAGE-X, Cache, Code Quality, Pre-Commit, Benchmarks" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Skipped:** Security Scans, Test Suite with Coverage, Release" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Configuration Statistics (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>📈 Configuration Overview</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Workflow Start Time**: ${{ steps.timer.outputs.start-time }}" >> $GITHUB_STEP_SUMMARY
# Configuration File Discovery
ENV_FILE_COUNT="${{ inputs.env-file-count }}"
VAR_COUNT="${{ inputs.var-count }}"
echo "- **Configuration Sources**: Modular env files ($ENV_FILE_COUNT files, $VAR_COUNT variables)" >> $GITHUB_STEP_SUMMARY
echo "- **Total Environment Variables**: $ENV_COUNT" >> $GITHUB_STEP_SUMMARY
echo "- **Enabled Features**: $ENABLED_FEATURES" >> $GITHUB_STEP_SUMMARY
echo "- **Disabled Features**: $DISABLED_FEATURES" >> $GITHUB_STEP_SUMMARY
echo "- **Test Matrix Combinations**: $MATRIX_COUNT" >> $GITHUB_STEP_SUMMARY
echo "- **Unique Go Versions**: $(echo "$UNIQUE_GO_VERSIONS" | jq 'length')" >> $GITHUB_STEP_SUMMARY
echo "- **Runner Operating Systems**: $([ "${{ env.PRIMARY_RUNNER }}" == "${{ env.SECONDARY_RUNNER }}" ] && echo "1" || echo "2")" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Core Configuration (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🛠 Core CI Configuration</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value | Description |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-------|-------------|" >> $GITHUB_STEP_SUMMARY
echo "| **Primary Runner** | \`${{ env.PRIMARY_RUNNER }}\` | Main OS for CI jobs |" >> $GITHUB_STEP_SUMMARY
echo "| **Secondary Runner** | \`${{ env.SECONDARY_RUNNER }}\` | Additional OS for compatibility testing |" >> $GITHUB_STEP_SUMMARY
echo "| **Primary Go Version** | \`${{ env.GO_PRIMARY_VERSION }}\` | Main Go version for builds |" >> $GITHUB_STEP_SUMMARY
echo "| **Secondary Go Version** | \`${{ env.GO_SECONDARY_VERSION }}\` | Additional Go version for testing |" >> $GITHUB_STEP_SUMMARY
echo "| **Unique Go Versions** | $UNIQUE_GO_VERSIONS | Deduplicated list of Go versions |" >> $GITHUB_STEP_SUMMARY
echo "| **Go Sum File** | \`${{ env.GO_SUM_FILE }}\` | Location of go.sum for dependency verification |" >> $GITHUB_STEP_SUMMARY
echo "| **Go Module Directory** | \`${{ env.GO_MODULE_DIR || '.' }}\` | Directory containing go.mod |" >> $GITHUB_STEP_SUMMARY
echo "| **Module Root Type** | $([ -n \"${{ env.GO_MODULE_DIR }}\" ] && echo \"📁 Subdirectory\" || echo \"📂 Repository Root\") | go.mod location |" >> $GITHUB_STEP_SUMMARY
echo "| **Multi-Module Testing** | $([ \"${{ env.ENABLE_MULTI_MODULE_TESTING }}\" == \"true\" ] && echo \"✅ Enabled\" || echo \"❌ Disabled\") | Auto module discovery |" >> $GITHUB_STEP_SUMMARY
echo "| **Multi-Module Workspace** | $([ \"${{ steps.detect-gowork.outputs.gowork-exists }}\" == \"true\" ] && echo \"✅ go.work found\" || echo \"⚪ No go.work\") | Workspace support |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# --------------------------------------------------------------------
# Build the configuration summary (Part 2: Test Matrix and Features)
# --------------------------------------------------------------------
- name: 📋 Build Configuration Summary (Part 2)
id: config-summary-part2
env:
ENV_JSON: ${{ inputs.env-json }}
run: |
MATRIX_JSON='${{ steps.matrix.outputs.matrix }}'
MATRIX_COUNT=$(echo "$MATRIX_JSON" | jq '.include | length')
# Test Matrix (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🧪 Generated Test Matrix ($MATRIX_COUNT configurations)</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| # | OS | Go Version | Configuration Name |" >> $GITHUB_STEP_SUMMARY
echo "|---|----|-----------|--------------------|" >> $GITHUB_STEP_SUMMARY
echo "$MATRIX_JSON" | jq -r '.include | to_entries | .[] | "| \(.key + 1) | \(.value.os) | \(.value["go-version"]) | \(.value.name) |"' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Feature Flags (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🚀 Feature Flags</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Feature | Status | Impact |" >> $GITHUB_STEP_SUMMARY
echo "|---------|--------|--------|" >> $GITHUB_STEP_SUMMARY
echo "| **Benchmarks** | $([ "${{ env.ENABLE_BENCHMARKS }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_BENCHMARKS }}" == "true" ] && echo "Mode: **${{ env.BENCHMARK_MODE }}**" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Cache Warming** | $([ "${{ env.ENABLE_CACHE_WARMING }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_CACHE_WARMING }}" == "true" ] && echo "Pre-warm module/build caches" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Code Coverage** | $([ "${{ env.ENABLE_CODE_COVERAGE }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_CODE_COVERAGE }}" == "true" ] && echo "Provider: $([ "${{ env.GO_COVERAGE_PROVIDER }}" == "codecov" ] && echo "Codecov" || echo "go-coverage") (${{ env.GO_COVERAGE_THRESHOLD }}%)" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Fuzz Testing** | $([ "${{ env.ENABLE_FUZZ_TESTING }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_FUZZ_TESTING }}" == "true" ] && echo "Parallel on Linux" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Go Tests** | $([ "${{ env.ENABLE_GO_TESTS }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_GO_TESTS }}" == "true" ] && echo "Matrix execution" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Gitleaks** | $([ "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ] && echo "Secret scanning" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Go Linting** | $([ "${{ env.ENABLE_GO_LINT }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_GO_LINT }}" == "true" ] && echo "golangci-lint" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Govulncheck** | $([ "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" ] && echo "Go vulnerability scan" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Nancy** | $([ "${{ env.ENABLE_SECURITY_SCAN_NANCY }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_SECURITY_SCAN_NANCY }}" == "true" ] && echo "Dependency checks" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Pre-Commit** | $([ "${{ env.ENABLE_GO_PRE_COMMIT }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_GO_PRE_COMMIT }}" == "true" ] && echo "17x faster hooks" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Race Detection** | $([ "${{ env.ENABLE_RACE_DETECTION }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_RACE_DETECTION }}" == "true" ] && echo "-race flag" || echo "No race detection") |" >> $GITHUB_STEP_SUMMARY
echo "| **Static Analysis** | $([ "${{ env.ENABLE_STATIC_ANALYSIS }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_STATIC_ANALYSIS }}" == "true" ] && echo "go vet" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **YAML Linting** | $([ "${{ env.ENABLE_YAML_LINT }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_YAML_LINT }}" == "true" ] && echo "yamlfmt" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "| **Redis Service** | $([ "${{ steps.redis-config.outputs.redis-enabled }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ steps.redis-config.outputs.redis-enabled }}" == "true" ] && echo "Redis ${{ env.REDIS_VERSION }}" || echo "Not available") |" >> $GITHUB_STEP_SUMMARY
echo "| **Go Docs** | $([ "${{ env.ENABLE_GODOCS_PUBLISHING }}" == "true" ] && echo "✅" || echo "❌") | $([ "${{ env.ENABLE_GODOCS_PUBLISHING }}" == "true" ] && echo "Publish to pkg.go.dev" || echo "Skipped") |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# --------------------------------------------------------------------
# Build the configuration summary (Part 3: Benchmark and Coverage Config)
# --------------------------------------------------------------------
- name: 📋 Build Configuration Summary (Part 3)
id: config-summary-part3
env:
ENV_JSON: ${{ inputs.env-json }}
run: |
# Benchmark Configuration (collapsed, only if enabled)
if [[ "${{ env.ENABLE_BENCHMARKS }}" == "true" ]]; then
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🏃 Benchmark Configuration</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **Mode** | \`${{ env.BENCHMARK_MODE }}\` ($(case "${{ env.BENCHMARK_MODE }}" in quick) echo "50ms" ;; full) echo "10s" ;; *) echo "100ms" ;; esac)) |" >> $GITHUB_STEP_SUMMARY
echo "| **Timeout** | ${{ env.BENCHMARK_TIMEOUT }} minutes |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
# Coverage Configuration (collapsed, only if enabled)
if [[ "${{ env.ENABLE_CODE_COVERAGE }}" == "true" ]]; then
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>📊 Coverage System</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
if [[ "${{ env.GO_COVERAGE_PROVIDER }}" == "codecov" ]]; then
echo "| **System** | Codecov |" >> $GITHUB_STEP_SUMMARY
echo "| **Threshold** | ${{ env.GO_COVERAGE_THRESHOLD }}% |" >> $GITHUB_STEP_SUMMARY
else
echo "| **System** | Internal go-coverage |" >> $GITHUB_STEP_SUMMARY
echo "| **Threshold** | ${{ env.GO_COVERAGE_THRESHOLD }}% |" >> $GITHUB_STEP_SUMMARY
echo "| **PR Comments** | $([ "${{ env.GO_COVERAGE_POST_COMMENTS }}" == "true" ] && echo "✅" || echo "❌") |" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
# Redis Service Configuration (collapsed, only if enabled)
if [[ "${{ steps.redis-config.outputs.redis-enabled }}" == "true" ]]; then
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🗄️ Redis Service</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **Version** | ${{ steps.redis-config.outputs.redis-version }} |" >> $GITHUB_STEP_SUMMARY
echo "| **Connection** | ${{ steps.redis-config.outputs.redis-host }}:${{ steps.redis-config.outputs.redis-port }} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
# --------------------------------------------------------------------
# Build the configuration summary (Part 4: Pre-commit and Security)
# --------------------------------------------------------------------
- name: 📋 Build Configuration Summary (Part 4)
id: config-summary-part4
env:
ENV_JSON: ${{ inputs.env-json }}
run: |
# Pre-Commit System Configuration (collapsed, only if enabled)
if [[ "${{ env.ENABLE_GO_PRE_COMMIT }}" == "true" ]]; then
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🪝 Pre-Commit System</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **System** | go-pre-commit (17x faster) |" >> $GITHUB_STEP_SUMMARY
echo "| **Timeout** | ${{ env.GO_PRE_COMMIT_TIMEOUT_SECONDS }}s |" >> $GITHUB_STEP_SUMMARY
echo "| **Workers** | ${{ env.GO_PRE_COMMIT_PARALLEL_WORKERS }} (0=auto) |" >> $GITHUB_STEP_SUMMARY
echo "| **Fail Fast** | $([ "${{ env.GO_PRE_COMMIT_FAIL_FAST }}" == "true" ] && echo "⚡ Yes" || echo "No") |" >> $GITHUB_STEP_SUMMARY
echo "| **Log Level** | \`${{ env.GO_PRE_COMMIT_LOG_LEVEL }}\` | Debug/info logging output level |" >> $GITHUB_STEP_SUMMARY
echo "| **Max File Size** | \`${{ env.GO_PRE_COMMIT_MAX_FILE_SIZE_MB }}\` MB | Maximum file size limit for processing |" >> $GITHUB_STEP_SUMMARY
echo "| **Max Open Files** | \`${{ env.GO_PRE_COMMIT_MAX_FILES_OPEN }}\` | Maximum concurrent file handles |" >> $GITHUB_STEP_SUMMARY
echo "| **Exclude Patterns** | \`${{ env.GO_PRE_COMMIT_EXCLUDE_PATTERNS }}\` | Patterns excluded from pre-commit checks |" >> $GITHUB_STEP_SUMMARY
echo "| **Tools** | golangci-lint \`${{ env.GO_PRE_COMMIT_GOLANGCI_LINT_VERSION }}\`, gofumpt \`${{ env.GO_PRE_COMMIT_FUMPT_VERSION }}\` |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
# Build Requirements (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🔨 Build Requirements</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Requirement | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-------------|--------|" >> $GITHUB_STEP_SUMMARY
echo "| **.mage.yaml** | $([ "${{ steps.config.outputs.magefile-exists }}" == "true" ] && echo "✅ Found" || echo "⚠️ Not Found") (Required: $([ "${{ env.MAGEFILE_REQUIRED }}" == "true" ] && echo "Yes" || echo "No")) |" >> $GITHUB_STEP_SUMMARY
echo "| **Verbose Output** | $([ "${{ env.ENABLE_VERBOSE_TEST_OUTPUT }}" == "true" ] && echo "✅" || echo "❌") |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Security Tools Configuration (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🔒 Security Tools</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Tool | Version |" >> $GITHUB_STEP_SUMMARY
echo "|------|---------|" >> $GITHUB_STEP_SUMMARY
echo "| **Gitleaks** | ${{ env.GITLEAKS_VERSION }} |" >> $GITHUB_STEP_SUMMARY
echo "| **Govulncheck** | ${{ env.GOVULNCHECK_VERSION }} |" >> $GITHUB_STEP_SUMMARY
echo "| **Nancy** | ${{ env.NANCY_VERSION }} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# --------------------------------------------------------------------
# Build the configuration summary (Part 5: Close details and footer)
# --------------------------------------------------------------------
- name: 📋 Build Configuration Summary (Part 5)
id: config-summary-part5
env:
ENV_JSON: ${{ inputs.env-json }}
run: |
ENV_COUNT=$(echo "$ENV_JSON" | jq 'keys | length')
# Authentication (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🔑 Authentication</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **Token** | $([ "${{ env.PREFERRED_GITHUB_TOKEN }}" == "GH_PAT_TOKEN" ] && echo "PAT (5000/hr)" || echo "GITHUB_TOKEN (1000/hr)") |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Custom Project Variables (collapsed, only if present)
PROJECT_VARS=$(echo "$ENV_JSON" | jq -r 'to_entries | map(select(.key | startswith("CUSTOM_"))) | length')
if [ "$PROJECT_VARS" -gt 0 ]; then
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🎨 Custom Variables ($PROJECT_VARS)</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Variable | Value |" >> $GITHUB_STEP_SUMMARY
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
echo "$ENV_JSON" | jq -r 'to_entries | map(select(.key | startswith("CUSTOM_"))) | sort_by(.key) | .[] | "| \(.key) | `\(.value)` |"' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
fi
# All Environment Variables (collapsed)
echo "<details>" >> $GITHUB_STEP_SUMMARY
echo "<summary>🔍 All $ENV_COUNT Environment Variables</summary>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Variable | Value |" >> $GITHUB_STEP_SUMMARY
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
echo "$ENV_JSON" | jq -r 'to_entries | sort_by(.key) | .[] | "| \(.key) | `\(.value)` |"' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "</details>" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Footer (always visible)
echo "---" >> $GITHUB_STEP_SUMMARY
echo "_🎯 Configuration complete at $(date -u +"%H:%M:%S UTC") — GoFortress CI/CD Pipeline_" >> $GITHUB_STEP_SUMMARY