diff --git a/.github/actions/cache-redis-image/action.yml b/.github/actions/cache-redis-image/action.yml index f633711..5995dba 100644 --- a/.github/actions/cache-redis-image/action.yml +++ b/.github/actions/cache-redis-image/action.yml @@ -126,7 +126,7 @@ runs: - name: 💾 Restore Redis image from cache if: contains(inputs.cache-mode, 'restore') id: restore-redis-image - uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ steps.cache-config.outputs.cache-path }} key: ${{ steps.cache-config.outputs.cache-key }} @@ -222,7 +222,7 @@ runs: # -------------------------------------------------------------------- - name: 🗄ī¸ Save Redis image cache if: contains(inputs.cache-mode, 'save') && steps.save-redis-image.outputs.image-saved == 'true' && steps.restore-redis-image.outputs.cache-hit != 'true' - uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ steps.cache-config.outputs.cache-path }} key: ${{ steps.cache-config.outputs.cache-key }} diff --git a/.github/actions/setup-benchstat/action.yml b/.github/actions/setup-benchstat/action.yml index 4fc719b..822ae7b 100644 --- a/.github/actions/setup-benchstat/action.yml +++ b/.github/actions/setup-benchstat/action.yml @@ -33,7 +33,7 @@ inputs: description: "Runner OS for cache key (e.g., ubuntu-latest, mac-latest)" required: true go-version: - description: "Go version being used (e.g., 1.24.x, 1.22). Benchstat requires Go 1.23+" + description: "Go version being used (e.g., 1.25.x, 1.24). Benchstat requires Go 1.25+" required: true outputs: @@ -44,14 +44,14 @@ outputs: description: "How benchstat was obtained: cached, fresh, or skipped" value: ${{ steps.installation-summary.outputs.method }} skipped: - description: "Whether benchstat installation was skipped due to Go version < 1.23" + description: "Whether benchstat installation was skipped due to Go version < 1.25" value: ${{ steps.version-check.outputs.skip }} runs: using: "composite" steps: # -------------------------------------------------------------------- - # Check Go version compatibility (benchstat requires Go 1.23+) + # Check Go version compatibility (benchstat requires Go 1.25+) # -------------------------------------------------------------------- - name: 🔍 Check Go version compatibility id: version-check @@ -67,17 +67,17 @@ runs: MINOR=$(echo "$GO_VERSION" | sed -E 's/^[0-9]+\.([0-9]+).*/\1/') if [ -z "$MAJOR" ] || [ -z "$MINOR" ] || ! [[ "$MAJOR" =~ ^[0-9]+$ ]] || ! [[ "$MINOR" =~ ^[0-9]+$ ]]; then - echo "❌ Could not parse Go version '$GO_VERSION'. Please provide a valid Go version (e.g., '1.23', '1.24.x')." >&2 + echo "❌ Could not parse Go version '$GO_VERSION'. Please provide a valid Go version (e.g., '1.25', '1.26.x')." >&2 exit 1 elif [ "$MAJOR" -gt 1 ]; then - # Any Go major version > 1 is considered compatible with the 1.23+ requirement - echo "✅ Go $GO_VERSION >= 1.23: proceeding with benchstat installation" + # Any Go major version > 1 is considered compatible with the 1.25+ requirement + echo "✅ Go $GO_VERSION >= 1.25: proceeding with benchstat installation" echo "skip=false" >> $GITHUB_OUTPUT - elif [ "$MAJOR" -eq 1 ] && [ "$MINOR" -lt 23 ]; then - echo "⚠ī¸ Go $GO_VERSION < 1.23: skipping benchstat installation (requires Go 1.23+)" + elif [ "$MAJOR" -eq 1 ] && [ "$MINOR" -lt 25 ]; then + echo "⚠ī¸ Go $GO_VERSION < 1.25: skipping benchstat installation (requires Go 1.25+)" echo "skip=true" >> $GITHUB_OUTPUT else - echo "✅ Go $GO_VERSION >= 1.23: proceeding with benchstat installation" + echo "✅ Go $GO_VERSION >= 1.25: proceeding with benchstat installation" echo "skip=false" >> $GITHUB_OUTPUT fi @@ -87,7 +87,7 @@ runs: - name: 💾 Restore benchstat binary cache if: steps.version-check.outputs.skip != 'true' id: benchstat-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/benchstat-bin key: ${{ inputs.runner-os }}-benchstat-${{ inputs.benchstat-version }} @@ -140,7 +140,7 @@ runs: run: | # Check if installation was skipped due to Go version if [[ "${{ steps.version-check.outputs.skip }}" == "true" ]]; then - echo "⏭ī¸ Benchstat installation skipped (Go version < 1.23)" + echo "⏭ī¸ Benchstat installation skipped (Go version < 1.25)" echo "method=skipped" >> $GITHUB_OUTPUT echo "📋 Installation method: Skipped" exit 0 diff --git a/.github/actions/setup-go-with-cache/action.yml b/.github/actions/setup-go-with-cache/action.yml index 44fe6fc..f64599e 100644 --- a/.github/actions/setup-go-with-cache/action.yml +++ b/.github/actions/setup-go-with-cache/action.yml @@ -211,11 +211,10 @@ runs: # -------------------------------------------------------------------- # Go module cache (shared across versions) - # Uses actions/cache@v4 which handles both restore and save # -------------------------------------------------------------------- - name: 💾 Go module cache id: restore-gomod - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/go/pkg/mod key: ${{ steps.cache-keys.outputs.module-key }} @@ -285,11 +284,10 @@ runs: # -------------------------------------------------------------------- # Go build cache (per-version) - # Uses actions/cache@v4 which handles both restore and save # -------------------------------------------------------------------- - name: 💾 Go build cache id: restore-gobuild - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/go-build @@ -442,7 +440,7 @@ runs: # -------------------------------------------------------------------- - name: 🏗ī¸ Set up Go id: setup-go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: ${{ inputs.go-version }} cache: false # we handle caches ourselves diff --git a/.github/actions/setup-goreleaser/action.yml b/.github/actions/setup-goreleaser/action.yml index b8bf9ee..6601227 100644 --- a/.github/actions/setup-goreleaser/action.yml +++ b/.github/actions/setup-goreleaser/action.yml @@ -72,7 +72,7 @@ runs: - name: 💾 Restore goreleaser binary cache id: goreleaser-cache if: steps.check-existing.outputs.exists != 'true' - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/goreleaser-bin @@ -105,7 +105,7 @@ runs: # -------------------------------------------------------------------- - name: ✅ Install GoReleaser (cache miss) if: steps.check-existing.outputs.exists != 'true' && steps.goreleaser-cache.outputs.cache-hit != 'true' - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 with: distribution: goreleaser version: ${{ inputs.goreleaser-version }} diff --git a/.github/actions/setup-mage/action.yml b/.github/actions/setup-mage/action.yml index 966feb8..95c1029 100644 --- a/.github/actions/setup-mage/action.yml +++ b/.github/actions/setup-mage/action.yml @@ -47,7 +47,7 @@ runs: # -------------------------------------------------------------------- - name: 💾 Restore mage binary cache id: mage-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/mage-bin key: ${{ inputs.runner-os }}-mage-${{ inputs.mage-version }} diff --git a/.github/actions/setup-magex/action.yml b/.github/actions/setup-magex/action.yml index 2143109..ac654ac 100644 --- a/.github/actions/setup-magex/action.yml +++ b/.github/actions/setup-magex/action.yml @@ -53,7 +53,7 @@ runs: - name: 💾 Restore magex binary cache id: magex-cache if: inputs.use-local != 'true' - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/magex-bin @@ -82,7 +82,7 @@ runs: - name: 💾 Restore magex binary cache (local) id: magex-local-cache if: inputs.use-local == 'true' - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/magex-local diff --git a/.github/actions/upload-artifact-resilient/action.yml b/.github/actions/upload-artifact-resilient/action.yml index d1f1d4a..101c723 100644 --- a/.github/actions/upload-artifact-resilient/action.yml +++ b/.github/actions/upload-artifact-resilient/action.yml @@ -52,7 +52,7 @@ runs: - name: "📤 Upload ${{ inputs.artifact-name }} (attempt 1)" id: attempt1 continue-on-error: true - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.artifact-path }} @@ -80,7 +80,7 @@ runs: id: attempt2 if: steps.attempt1.outcome == 'failure' continue-on-error: true - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.artifact-path }} @@ -108,7 +108,7 @@ runs: id: attempt3 if: steps.attempt1.outcome == 'failure' && steps.attempt2.outcome == 'failure' continue-on-error: ${{ inputs.continue-on-error == 'true' }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.artifact-path }} diff --git a/.github/actions/upload-statistics/action.yml b/.github/actions/upload-statistics/action.yml index 145f1ad..7a79a3f 100644 --- a/.github/actions/upload-statistics/action.yml +++ b/.github/actions/upload-statistics/action.yml @@ -59,7 +59,7 @@ runs: - name: 📤 Upload ${{ inputs.artifact-name }} if: always() # Always run to capture data even on job failure continue-on-error: ${{ inputs.continue-on-error == 'true' }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.artifact-path }} diff --git a/.github/actions/warm-cache/action.yml b/.github/actions/warm-cache/action.yml index 3441e38..2692581 100644 --- a/.github/actions/warm-cache/action.yml +++ b/.github/actions/warm-cache/action.yml @@ -267,7 +267,7 @@ runs: # ──────────────────────────────────────────────────────────────────────────── - name: đŸ“Ĩ Full checkout for module download (module cache miss) if: steps.setup-go.outputs.module-cache-hit != 'true' - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -306,7 +306,7 @@ runs: # ──────────────────────────────────────────────────────────────────────────── - name: đŸ“Ĩ Full checkout for build warming (module hit, build miss) if: steps.setup-go.outputs.module-cache-hit == 'true' && steps.setup-go.outputs.build-cache-hit != 'true' - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -319,6 +319,15 @@ runs: run: | set -euo pipefail GO_MODULE_DIR="${{ env.GO_MODULE_DIR }}" + BUILD_STRATEGY="${MAGE_X_BUILD_STRATEGY:-smart}" + + # Allow skipping pre-build entirely (useful when packages OOM on standard runners) + if [ "$BUILD_STRATEGY" == "skip" ]; then + echo "⏭ī¸ Build pre-compilation skipped (MAGE_X_BUILD_STRATEGY=skip)" + echo "ℹī¸ Module cache is still warmed — build cache will populate on first real build" + exit 0 + fi + echo "🔧 Build cache miss - pre-building packages..." echo "============================================================" @@ -333,21 +342,21 @@ runs: echo "🔧 Multi-module mode - running build commands from repository root" echo "đŸ“Ļ magex will discover all Go modules and pre-build packages" # Use configured parallelism to avoid OOM on GitHub Actions runners - magex build:prebuild p="$PARALLEL_JOBS" strategy="${MAGE_X_BUILD_STRATEGY:-smart}" batch_size="${MAGE_X_BUILD_BATCH_SIZE:-20}" batch_delay="${MAGE_X_BUILD_BATCH_DELAY_MS:-0}" exclude="${MAGE_X_BUILD_EXCLUDE_PATTERN:-}" + magex build:prebuild p="$PARALLEL_JOBS" strategy="${BUILD_STRATEGY}" batch_size="${MAGE_X_BUILD_BATCH_SIZE:-20}" batch_delay="${MAGE_X_BUILD_BATCH_DELAY_MS:-0}" exclude="${MAGE_X_BUILD_EXCLUDE_PATTERN:-}" echo "🏗ī¸ Building stdlib for host platform..." magex install:stdlib elif [ -n "$GO_MODULE_DIR" ]; then echo "🔧 Running build commands from directory: $GO_MODULE_DIR" # Use configured parallelism to avoid OOM on GitHub Actions runners - (cd "$GO_MODULE_DIR" && magex build:prebuild p="$PARALLEL_JOBS" strategy="${MAGE_X_BUILD_STRATEGY:-smart}" batch_size="${MAGE_X_BUILD_BATCH_SIZE:-20}" batch_delay="${MAGE_X_BUILD_BATCH_DELAY_MS:-0}" exclude="${MAGE_X_BUILD_EXCLUDE_PATTERN:-}") + (cd "$GO_MODULE_DIR" && magex build:prebuild p="$PARALLEL_JOBS" strategy="${BUILD_STRATEGY}" batch_size="${MAGE_X_BUILD_BATCH_SIZE:-20}" batch_delay="${MAGE_X_BUILD_BATCH_DELAY_MS:-0}" exclude="${MAGE_X_BUILD_EXCLUDE_PATTERN:-}") echo "🏗ī¸ Building stdlib for host platform..." (cd "$GO_MODULE_DIR" && magex install:stdlib) else echo "🔧 Running build commands from repository root" # Use configured parallelism to avoid OOM on GitHub Actions runners - magex build:prebuild p="$PARALLEL_JOBS" strategy="${MAGE_X_BUILD_STRATEGY:-smart}" batch_size="${MAGE_X_BUILD_BATCH_SIZE:-20}" batch_delay="${MAGE_X_BUILD_BATCH_DELAY_MS:-0}" exclude="${MAGE_X_BUILD_EXCLUDE_PATTERN:-}" + magex build:prebuild p="$PARALLEL_JOBS" strategy="${BUILD_STRATEGY}" batch_size="${MAGE_X_BUILD_BATCH_SIZE:-20}" batch_delay="${MAGE_X_BUILD_BATCH_DELAY_MS:-0}" exclude="${MAGE_X_BUILD_EXCLUDE_PATTERN:-}" echo "🏗ī¸ Building stdlib for host platform..." magex install:stdlib @@ -360,7 +369,7 @@ runs: # ──────────────────────────────────────────────────────────────────────────── - name: 💾 Save Go build cache if: steps.setup-go.outputs.build-cache-hit != 'true' - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.0.2 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/go-build @@ -372,7 +381,7 @@ runs: # ──────────────────────────────────────────────────────────────────────────── - name: 💾 Save Go module cache if: steps.setup-go.outputs.module-cache-hit != 'true' - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.0.2 + uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/go/pkg/mod key: ${{ steps.cache-keys.outputs.module-key }} @@ -437,7 +446,7 @@ runs: # -------------------------------------------------------------------- - name: 📤 Upload cache statistics if: always() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: cache-stats-${{ inputs.matrix-os }}-${{ inputs.go-version }} path: cache-stats-*.json diff --git a/.github/env/10-mage-x.env b/.github/env/10-mage-x.env index 52dffd3..e1fb4d9 100644 --- a/.github/env/10-mage-x.env +++ b/.github/env/10-mage-x.env @@ -36,7 +36,7 @@ # ================================================================================================ # MAGE-X version -MAGE_X_VERSION=v1.20.8 +MAGE_X_VERSION=v1.20.11 # For mage-x development, set to 'true' to use local version instead of downloading from releases MAGE_X_USE_LOCAL=false @@ -61,8 +61,8 @@ MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea MAGE_X_GITLEAKS_VERSION=8.30.0 MAGE_X_GOFUMPT_VERSION=v0.9.2 -MAGE_X_GOLANGCI_LINT_VERSION=v2.11.2 -MAGE_X_GORELEASER_VERSION=v2.14.2 +MAGE_X_GOLANGCI_LINT_VERSION=v2.11.3 +MAGE_X_GORELEASER_VERSION=v2.14.3 MAGE_X_GOVULNCHECK_VERSION=v1.1.4 MAGE_X_GO_SECONDARY_VERSION=1.24.x MAGE_X_GO_VERSION=1.24.x @@ -71,7 +71,7 @@ MAGE_X_NANCY_VERSION=v1.2.0 MAGE_X_STATICCHECK_VERSION=2026.1 MAGE_X_SWAG_VERSION=v1.16.6 MAGE_X_YAMLFMT_VERSION=v0.21.0 -MAGE_X_BENCHSTAT_VERSION=v0.0.0-20260211190930-8161c38c6cdc +MAGE_X_BENCHSTAT_VERSION=v0.0.0-20260312031701-16a31bc5fbd0 MAGE_X_MAGE_VERSION=v1.16.0 # ================================================================================================ diff --git a/.github/env/10-pre-commit.env b/.github/env/10-pre-commit.env index 700698b..1340232 100644 --- a/.github/env/10-pre-commit.env +++ b/.github/env/10-pre-commit.env @@ -52,7 +52,7 @@ GO_PRE_COMMIT_ALL_FILES=true # 🛠ī¸ TOOL VERSIONS # ================================================================================================ -GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.11.2 +GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.11.3 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.2 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest GO_PRE_COMMIT_GITLEAKS_VERSION=v8.30.0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2c2b8b2..ad91267 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -46,7 +46,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 + uses: github/codeql-action/init@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 + uses: github/codeql-action/autobuild@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # uses a compiled language - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 + uses: github/codeql-action/analyze@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 diff --git a/.github/workflows/fortress-code-quality.yml b/.github/workflows/fortress-code-quality.yml index 3c76388..df777d9 100644 --- a/.github/workflows/fortress-code-quality.yml +++ b/.github/workflows/fortress-code-quality.yml @@ -350,7 +350,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Restore golangci-lint binary cache id: cache-golangci-lint-binary - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/golangci-lint-bin key: ${{ inputs.primary-runner }}-golangci-lint-binary-${{ env.MAGE_X_GOLANGCI_LINT_VERSION }} @@ -379,7 +379,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Cache golangci-lint build cache id: cache-golangci-lint-build - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/go-build key: ${{ inputs.primary-runner }}-go-build-golangci-${{ env.MAGE_X_GOLANGCI_LINT_VERSION }}-${{ hashFiles('**/*.go') }} @@ -391,7 +391,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Cache golangci-lint analysis id: cache-golangci-lint - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ env.GOLANGCI_LINT_CACHE }} key: ${{ inputs.primary-runner }}-golangci-lint-analysis-${{ hashFiles('.golangci.json', env.GO_SUM_FILE) }}-${{ steps.golangci-lint-version.outputs.version }} diff --git a/.github/workflows/fortress-coverage.yml b/.github/workflows/fortress-coverage.yml index 08d2947..3a6ed38 100644 --- a/.github/workflows/fortress-coverage.yml +++ b/.github/workflows/fortress-coverage.yml @@ -193,7 +193,7 @@ jobs: - name: 💾 Restore go-coverage binary cache (production) id: go-coverage-cache if: env.GO_COVERAGE_USE_LOCAL != 'true' - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/go-coverage-bin @@ -204,7 +204,7 @@ jobs: - name: 💾 Restore go-coverage binary cache (local) id: go-coverage-local-cache if: env.GO_COVERAGE_USE_LOCAL == 'true' - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/go-coverage-local @@ -2484,8 +2484,11 @@ jobs: # -------------------------------------------------------------------- # Upload to Codecov # -------------------------------------------------------------------- + # NOTE: codecov/codecov-action@v5.5.3 is the latest release and still uses Node.js 20. + # This will trigger a "Node.js 20 actions are deprecated" warning until Codecov + # releases a new version with Node.js 24 support. Expected and harmless for now. - name: 📈 Upload coverage to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 with: #file: ./coverage.txt # This is the old format files: ./coverage-artifacts/coverage-data/coverage.txt diff --git a/.github/workflows/fortress-pre-commit.yml b/.github/workflows/fortress-pre-commit.yml index f739f07..1361c0d 100644 --- a/.github/workflows/fortress-pre-commit.yml +++ b/.github/workflows/fortress-pre-commit.yml @@ -115,7 +115,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Restore golangci-lint analysis cache id: cache-golangci-lint-analysis - uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ env.GOLANGCI_LINT_CACHE }} key: ${{ inputs.primary-runner }}-golangci-lint-analysis-${{ hashFiles('.golangci.json', env.GO_SUM_FILE) }}-${{ env.GO_PRE_COMMIT_GOLANGCI_LINT_VERSION }} @@ -130,7 +130,7 @@ jobs: - name: 💾 Restore go-pre-commit binary cache id: go-pre-commit-cache if: env.GO_PRE_COMMIT_USE_LOCAL != 'true' - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/go-pre-commit-bin @@ -144,7 +144,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Restore go-pre-commit tools cache id: go-pre-commit-tools-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/go-pre-commit-tools diff --git a/.github/workflows/fortress-release.yml b/.github/workflows/fortress-release.yml index 97eacde..0a0f9ee 100644 --- a/.github/workflows/fortress-release.yml +++ b/.github/workflows/fortress-release.yml @@ -174,7 +174,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Cache golangci-lint analysis id: cache-golangci-lint - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ env.GOLANGCI_LINT_CACHE }} key: ${{ inputs.primary-runner }}-golangci-lint-analysis-${{ hashFiles('.golangci.json', env.GO_SUM_FILE) }}-${{ inputs.golangci-lint-version }} diff --git a/.github/workflows/fortress-security-scans.yml b/.github/workflows/fortress-security-scans.yml index fe7dbe8..e1d04d8 100644 --- a/.github/workflows/fortress-security-scans.yml +++ b/.github/workflows/fortress-security-scans.yml @@ -324,7 +324,7 @@ jobs: # -------------------------------------------------------------------- - name: 💾 Restore govulncheck binary cache id: govuln-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: | ~/.cache/govulncheck-bin @@ -562,6 +562,9 @@ jobs: id: run-gitleaks if: steps.repo-check.outputs.is_same_repo == 'true' continue-on-error: true + # NOTE: gitleaks/gitleaks-action@v2.3.9 is the latest release and still uses Node.js 20. + # This will trigger a "Node.js 20 actions are deprecated" warning until the gitleaks + # maintainers release a new version with Node.js 24 support. Expected and harmless for now. uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9 env: GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/fortress-test-matrix.yml b/.github/workflows/fortress-test-matrix.yml index a7cb04f..820e99c 100644 --- a/.github/workflows/fortress-test-matrix.yml +++ b/.github/workflows/fortress-test-matrix.yml @@ -177,7 +177,7 @@ jobs: # -------------------------------------------------------------------- # Setup benchstat (required for benchmark comparison tests) - # Note: benchstat requires Go 1.23+, action will skip for older versions + # Note: benchstat requires Go 1.25+, action will skip for older versions # -------------------------------------------------------------------- - name: 📊 Setup benchstat uses: ./.github/actions/setup-benchstat diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index be20d01..a379c3b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -76,6 +76,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable the upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 + uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0 with: sarif_file: results.sarif