bsv-blockchain · mrz1836 · Feb 5, 2026 · Feb 5, 2026
@@ -39,7 +39,7 @@ GO_SECONDARY_VERSION=1.24.x
 # Govulncheck-specific Go version for vulnerability scanning
 # Uses newer Go version for accurate standard library vulnerability detection
 # Override this in .env.custom if needed for compatibility
-GOVULNCHECK_GO_VERSION=1.25.6
+GOVULNCHECK_GO_VERSION=1.25.7
 
 # ================================================================================================
 # 📦 GO MODULE CONFIGURATION
@@ -150,7 +150,7 @@ GO_COVERAGE_PROVIDER=internal
 CODECOV_TOKEN_REQUIRED=false
 
 # Go Coverage Tool Version
-GO_COVERAGE_VERSION=v1.1.17           # https://github.com/mrz1836/go-coverage/releases
+GO_COVERAGE_VERSION=v1.2.0           # https://github.com/mrz1836/go-coverage/releases
 GO_COVERAGE_USE_LOCAL=false           # Use local version for development
 
 # Core Coverage Settings
@@ -235,7 +235,7 @@ REDIS_CACHE_FORCE_PULL=false           # Force pull Redis images even when cache
 # 🪄 MAGE-X CONFIGURATION
 # ================================================================================================
 
-MAGE_X_VERSION=v1.18.7                                        # https://github.com/mrz1836/mage-x/releases
+MAGE_X_VERSION=v1.19.2                                        # https://github.com/mrz1836/mage-x/releases
 MAGE_X_USE_LOCAL=false                                        # Use local version for development
 MAGE_X_CI_SKIP_STEP_SUMMARY=true                              # Skip duplicate test results in step summary (already in test validation summary)
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true                          # Enable auto-discovery of build tags

@@ -696,6 +696,11 @@ jobs:
             --input "$COVERAGE_FILE" \
             --output "$OUTPUT_DIR"; then
             echo "✅ Main coverage processing completed successfully"
+
+            # Copy raw coverage file for main download
+            echo "📥 Copying coverage.out for main download..."
+            cp "$COVERAGE_FILE" "$OUTPUT_DIR/coverage.out"
+            echo "✅ coverage.out copied to main directory"
           else
             echo "❌ Main coverage processing failed"
             exit 1
@@ -791,6 +796,11 @@ jobs:
             --input "$COVERAGE_FILE" \
             --output "$BRANCH_OUTPUT_DIR"; then
             echo "✅ Branch-specific coverage processing completed successfully"
+
+            # Copy raw coverage file for branch download
+            echo "📥 Copying coverage.out for branch download..."
+            cp "$COVERAGE_FILE" "$BRANCH_OUTPUT_DIR/coverage.out"
+            echo "✅ coverage.out copied to branch directory"
           else
             echo "❌ Branch-specific coverage processing failed"
             exit 1
@@ -870,6 +880,78 @@ jobs:
 
           echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 
+      # --------------------------------------------------------------------
+      # Enforce Coverage Threshold
+      # Fails the build if coverage drops below GO_COVERAGE_THRESHOLD
+      # Exclusions are already applied during coverage generation
+      # --------------------------------------------------------------------
+      - name: 🎯 Enforce Coverage Threshold
+        if: env.GO_COVERAGE_THRESHOLD != '' && env.GO_COVERAGE_THRESHOLD != '0' && env.GO_COVERAGE_THRESHOLD != '0.0'
+        run: |
+          echo "🎯 Enforcing coverage threshold..."
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+          THRESHOLD="${{ env.GO_COVERAGE_THRESHOLD }}"
+          echo "📊 Coverage threshold: ${THRESHOLD}%"
+
+          # Find coverage file
+          REPO_ROOT="$(pwd)"
+          COVERAGE_FILE=""
+          COVERAGE_LOCATIONS=(
+            "$REPO_ROOT/coverage-artifacts/coverage-data/${{ inputs.coverage-file }}"
+            "$REPO_ROOT/coverage-artifacts/${{ inputs.coverage-file }}"
+            "$REPO_ROOT/${{ inputs.coverage-file }}"
+          )
+
+          for location in "${COVERAGE_LOCATIONS[@]}"; do
+            if [[ -f "$location" ]]; then
+              COVERAGE_FILE="$location"
+              break
+            fi
+          done
+
+          if [[ -z "$COVERAGE_FILE" ]]; then
+            echo "⚠️ Coverage file not found for threshold check"
+            echo "🔍 Searched in:"
+            for location in "${COVERAGE_LOCATIONS[@]}"; do
+              echo "  - $location"
+            done
+            echo "❌ Cannot enforce threshold without coverage data"
+            exit 1
+          fi
+
+          echo "📄 Coverage file: $COVERAGE_FILE"
+          echo ""
+
+          # Use go-coverage parse to check threshold
+          # This command returns non-zero exit code if coverage is below threshold
+          echo "🔍 Checking coverage against threshold..."
+          if "$GO_COVERAGE_BINARY" parse \
+            --file "$COVERAGE_FILE" \
+            --threshold "$THRESHOLD"; then
+            echo ""
+            echo "✅ Coverage threshold check PASSED"
+          else
+            EXIT_CODE=$?
+            echo ""
+            echo "❌ Coverage threshold check FAILED"
+            echo ""
+            echo "🚨 BUILD FAILURE: Coverage is below the required threshold of ${THRESHOLD}%"
+            echo ""
+            echo "📝 To fix this:"
+            echo "  1. Add more tests to increase coverage"
+            echo "  2. Or adjust GO_COVERAGE_THRESHOLD in .env.base/.env.custom"
+            echo ""
+            echo "📊 Coverage exclusions (applied during test generation):"
+            echo "  - GO_COVERAGE_EXCLUDE_PATHS: ${{ env.GO_COVERAGE_EXCLUDE_PATHS }}"
+            echo "  - GO_COVERAGE_EXCLUDE_FILES: ${{ env.GO_COVERAGE_EXCLUDE_FILES }}"
+            echo "  - GO_COVERAGE_EXCLUDE_TESTS: ${{ env.GO_COVERAGE_EXCLUDE_TESTS }}"
+            echo "  - GO_COVERAGE_EXCLUDE_GENERATED: ${{ env.GO_COVERAGE_EXCLUDE_GENERATED }}"
+            exit $EXIT_CODE
+          fi
+
+          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
       - name: 📈 Record coverage history
         # Record history for all branches to enable trend tracking
         if: github.event_name == 'push'
@@ -1143,6 +1225,7 @@ jobs:
             "coverage-flat.svg"
             "coverage-flat-square.svg"
             "coverage-for-the-badge.svg"
+            "coverage.out"
           )
 
           # Selectively copy coverage files to avoid nested directory structures
@@ -1198,6 +1281,7 @@ jobs:
               "coverage-flat-square.svg"
               "coverage-for-the-badge.svg"
               "coverage.html"
+              "coverage.out"
               "index.html"
               "dashboard.html"
               "coverage-data.json"
@@ -1666,7 +1750,7 @@ jobs:
             echo "📋 Updating root coverage files for main branch (with filtering)..."
 
             # Define allowed root files explicitly
-            ALLOWED_ROOT_FILES=("index.html" "coverage.html" "coverage.svg" "coverage-flat.svg" "coverage-flat-square.svg" "coverage-for-the-badge.svg" ".nojekyll" "data" "assets")
+            ALLOWED_ROOT_FILES=("index.html" "coverage.html" "coverage.svg" "coverage-flat.svg" "coverage-flat-square.svg" "coverage-for-the-badge.svg" "coverage.out" ".nojekyll" "data" "assets")
 
             # Copy only allowed root files
             for file in "${ALLOWED_ROOT_FILES[@]}"; do
@@ -1731,7 +1815,7 @@ jobs:
           rm -rf "$TEMP_STAGING"/*
 
           # Define allowed branch files
-          ALLOWED_BRANCH_FILES=("index.html" "coverage.html" "coverage.svg" "coverage-flat.svg" "coverage-flat-square.svg" "coverage-for-the-badge.svg" "data" "assets")
+          ALLOWED_BRANCH_FILES=("index.html" "coverage.html" "coverage.svg" "coverage-flat.svg" "coverage-flat-square.svg" "coverage-for-the-badge.svg" "coverage.out" "data" "assets")
 
           # Copy branch-specific files from deployment directory to staging first
           if [[ -d "$DEPLOY_DIR/coverage/branch/$BRANCH_NAME" ]]; then

@@ -18,7 +18,7 @@
 #  🚀 Release Citadel: Automated deployments with GoReleaser and GoDocs
 #
 #  Maintainer: @mrz1836
-#  Repository: https://github.com/bsv-blockchain/go-wire
+#  Repository: https://github.com/mrz1836/go-fortress
 #
 #  Copyright 2025 @mrz1836
 #  SPDX-License-Identifier: MIT