ci: modernize GitHub Actions workflows and enhance linting configuration

Author: M0Rf30

.github/dependabot.yml

@@ -1,15 +1,90 @@
-# Basic set up for three package managers
+# Dependabot configuration for YAP
+# Documentation: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically
 
 version: 2
+
 updates:
-  # Maintain dependencies for GitHub Actions
+  # GitHub Actions dependencies
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "M0Rf30"
+    assignees:
+      - "M0Rf30"
+    labels:
+      - "dependencies"
+      - "github-actions"
+      - "automated"
+    commit-message:
+      prefix: "chore(deps)"
+      prefix-development: "chore(dev-deps)"
+      include: "scope"
 
-  # Maintain dependencies for gradle
+  # Go module dependencies
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "monday"
+      time: "10:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "M0Rf30"
+    assignees:
+      - "M0Rf30"
+    labels:
+      - "dependencies"
+      - "go"
+      - "automated"
+    commit-message:
+      prefix: "chore(deps)"
+      prefix-development: "chore(dev-deps)"
+      include: "scope"
+    groups:
+      # Group patch updates for better management
+      patch-updates:
+        applies-to: version-updates
+        update-types:
+          - "patch"
+      # Group minor updates
+      minor-updates:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+    ignore:
+      # Ignore specific packages that may cause issues
+      - dependency-name: "golang.org/x/sys"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "golang.org/x/net"
+        update-types: ["version-update:semver-major"]
+      # Example: Ignore major version updates for specific critical dependencies
+      # - dependency-name: "github.com/spf13/cobra"
+      #   update-types: ["version-update:semver-major"]
+
+  # Docker dependencies (if Dockerfiles contain FROM instructions)
+  - package-ecosystem: "docker"
+    directory: "/build/deploy"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "09:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 3
+    reviewers:
+      - "M0Rf30"
+    assignees:
+      - "M0Rf30"
+    labels:
+      - "dependencies"
+      - "docker"
+      - "automated"
+    commit-message:
+      prefix: "chore(docker)"
+      include: "scope"

.github/workflows/ci.yml

@@ -0,0 +1,300 @@
+name: 🔄 Continuous Integration
+
+on:
+  push:
+    branches: ["main", "codebase-improvements"]
+    paths-ignore:
+      - "docs/**"
+      - "*.md"
+      - ".gitignore"
+  pull_request:
+    branches: ["main", "codebase-improvements"]
+    paths-ignore:
+      - "docs/**"
+      - "*.md"
+      - ".gitignore"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  GO_VERSION: "1.24"
+
+jobs:
+  # ===================================
+  # Code Quality & Linting
+  # ===================================
+  quality:
+    name: 🔍 Code Quality
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: 📂 Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🐹 Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: 📥 Download dependencies
+        run: go mod download
+
+      - name: 🧹 Run gofmt
+        run: |
+          if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
+            echo "❌ Code is not formatted:"
+            gofmt -s -l .
+            exit 1
+          fi
+          echo "✅ Code is properly formatted"
+
+      - name: 🔍 Run go vet
+        run: go vet ./...
+
+      - name: 📊 Run golangci-lint
+        uses: golangci/golangci-lint-action@v8
+        with:
+          version: latest
+
+  # ===================================
+  # Security Scanning
+  # ===================================
+  security:
+    name: 🔒 Security Scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: 📂 Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🐹 Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: 🔒 Install Gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+      - name: 🔒 Run Gosec Security Scanner
+        run: |
+          gosec -fmt sarif -out gosec.sarif ./...
+
+      - name: 📋 Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: gosec.sarif
+
+  # ===================================
+  # Build & Test Matrix
+  # ===================================
+  test:
+    name: 🧪 Test
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 15
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        go-version: ["1.23", "1.24"]
+
+    steps:
+      - name: 📂 Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🐹 Set up Go ${{ matrix.go-version }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+          cache: true
+
+      - name: 📥 Download dependencies
+        run: go mod download
+
+      - name: ✅ Verify dependencies
+        run: go mod verify
+
+      - name: 🔨 Build project
+        run: go build -v ./...
+
+      - name: 🧪 Run tests
+        run: go test -v -race -coverprofile=coverage.out ./...
+
+      - name: 📊 Upload coverage to Codecov
+        if: matrix.os == 'ubuntu-latest' && matrix.go-version == '1.24'
+        uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.out
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+
+  # ===================================
+  # Build Validation
+  # ===================================
+  build:
+    name: 🔨 Build Validation
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    needs: [quality, security]
+
+    steps:
+      - name: 📂 Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🐹 Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: 📥 Download dependencies
+        run: go mod download
+
+      - name: 🔨 Build for multiple architectures
+        run: |
+          # Linux
+          GOOS=linux GOARCH=amd64 go build -o dist/yap-linux-amd64 ./cmd/yap
+          GOOS=linux GOARCH=arm64 go build -o dist/yap-linux-arm64 ./cmd/yap
+
+          # macOS
+          GOOS=darwin GOARCH=amd64 go build -o dist/yap-darwin-amd64 ./cmd/yap
+          GOOS=darwin GOARCH=arm64 go build -o dist/yap-darwin-arm64 ./cmd/yap
+
+          # Windows
+          GOOS=windows GOARCH=amd64 go build -o dist/yap-windows-amd64.exe ./cmd/yap
+
+          echo "✅ Multi-architecture build successful"
+
+      - name: 🧪 Test built binaries
+        run: |
+          ./dist/yap-linux-amd64 version
+          echo "✅ Binary execution test passed"
+
+      - name: 📦 Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-artifacts
+          path: dist/
+          retention-days: 7
+
+  # ===================================
+  # Integration Tests
+  # ===================================
+  integration:
+    name: 🔗 Integration Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    needs: [build]
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
+
+    services:
+      docker:
+        image: docker:dind
+        options: --privileged
+
+    steps:
+      - name: 📂 Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🐹 Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: 🐳 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 📥 Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-artifacts
+          path: dist/
+
+      - name: 🔧 Make binaries executable
+        run: chmod +x dist/*
+
+      - name: 🧪 Run integration tests
+        run: |
+          # Test example PKGBUILD if available
+          if [ -f examples/yap/PKGBUILD ]; then
+            echo "🧪 Testing example build..."
+            cd examples/yap
+            timeout 300 ../../dist/yap-linux-amd64 build . || echo "⚠️ Integration test completed with warnings"
+            cd ../..
+          fi
+
+  # ===================================
+  # Documentation Generation
+  # ===================================
+  docs:
+    name: 📚 Documentation
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: 📂 Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🐹 Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: 📚 Generate documentation
+        run: |
+          make doc-deps
+          make doc-generate
+
+      - name: 📤 Upload documentation artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: documentation
+          path: docs/api/
+          retention-days: 30
+
+  # ===================================
+  # Summary Job
+  # ===================================
+  ci-success:
+    name: ✅ CI Success
+    runs-on: ubuntu-latest
+    needs: [quality, security, test, build, integration, docs]
+    if: always()
+
+    steps:
+      - name: 🎉 All jobs completed
+        run: |
+          if [[ "${{ needs.quality.result }}" == "success" && \
+                "${{ needs.security.result }}" == "success" && \
+                "${{ needs.test.result }}" == "success" && \
+                "${{ needs.build.result }}" == "success" && \
+                ("${{ needs.integration.result }}" == "success" || "${{ needs.integration.result }}" == "skipped") && \
+                ("${{ needs.docs.result }}" == "success" || "${{ needs.docs.result }}" == "skipped") ]]; then
+            echo "🎉 All CI jobs completed successfully!"
+            exit 0
+          else
+            echo "❌ Some CI jobs failed"
+            exit 1
+          fi