fortress.yml

# ------------------------------------------------------------------------------------
#  🏰 GoFortress - Enterprise-grade CI/CD fortress for Go applications
#
#  Version: 1.7.1 | Released: 2026-02-13
#
#  Built Strong. Tested Harder.
#
#  GoFortress transforms your Go development pipeline into an impenetrable fortress
#  of quality. Like a medieval fortress with multiple layers of defense, GoFortress
#  employs multi-stage verification to ensure your code is battle-tested before deployment.
#
#  Your Code's Defense System:
#  🏰 Fortress of Go: Multi-stage CI/CD pipeline for Go applications
#  🛡️ Security Ramparts: Nancy, Govulncheck, Gitleaks guard against threats
#  🏗️ Quality Battlements: Static analysis and comprehensive linting
#  ⚔️ Testing Garrison: Multi-OS, multi-version matrices with race detection
#  🎯 Performance Watchtowers: Real-time metrics and cache optimization
#  🚀 Release Citadel: Automated deployments with GoReleaser and GoDocs
#
#  Maintainer: @mrz1836
#  Repository: https://github.com/mrz1836/go-broadcast
#
#  Copyright 2025 @mrz1836
#  SPDX-License-Identifier: MIT
#
#  This file is licensed under the MIT License.
#  Attribution is requested if reused: Created by @mrz1836
#
#  FORK PR HANDLING:
#  This workflow intelligently handles fork PRs by detecting fork status during setup
#  and conditionally skipping jobs that require repository secrets. Jobs are categorized:
#
#  FORK-SAFE (Always run - no secrets required):
#    ✅ setup, test-magex, warm-cache, code-quality, pre-commit, benchmarks, status-check
#
#  FORK-UNSAFE (Skipped on fork PRs - require secrets):
#    ⛔ security (OSSI_TOKEN, OSSI_USERNAME, GITLEAKS_LICENSE)
#    ⛔ test-suite (CODECOV_TOKEN for coverage uploads)
#    ⛔ release (already tag-only, but extra safety for forks)
#
#  Fork contributors see clear messaging in setup summary explaining which jobs run.
#  This provides security without workflow duplication or maintenance overhead.
#
# ------------------------------------------------------------------------------------

name: GoFortress

# --------------------------------------------------------------------
# Trigger Configuration
# --------------------------------------------------------------------
on:
  push:
    branches:
      - master # (Default) Main branch for production
      - main # (Secondary) Main branch for production
    tags:
      - "v*" # Tags starting with 'v' (e.g., v1.0.0) trigger the workflow
  pull_request:
    branches:
      - "**" # All branches for PRs

# Security: Restrict default permissions (jobs must explicitly request what they need)
permissions: {}

# --------------------------------------------------------------------
# Concurrency Control
# --------------------------------------------------------------------
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/') }}

jobs:
  # ----------------------------------------------------------------------------------
  # Load Environment Variables and Setup Configuration
  # ----------------------------------------------------------------------------------
  load-env:
    name: 🌍 Load Environment Variables
    runs-on: ubuntu-24.04
    permissions:
      contents: read # Read repository content for environment config
    outputs:
      env-json: ${{ steps.load-env.outputs.env-json }}
      primary-runner: ${{ steps.load-env.outputs.primary-runner }}
      env-file-count: ${{ steps.load-env.outputs.env-file-count }}
      var-count: ${{ steps.load-env.outputs.var-count }}
    steps:
      # --------------------------------------------------------------------
      # Check out code to access env file
      # --------------------------------------------------------------------
      - name: 📥 Checkout code (sparse)
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          sparse-checkout: |
            .github/env
            .github/actions/load-env

      # --------------------------------------------------------------------
      # Load and parse environment file
      # --------------------------------------------------------------------
      - name: 🌍 Load environment variables
        uses: ./.github/actions/load-env
        id: load-env

  # ----------------------------------------------------------------------------------
  # Setup Configuration Workflow
  # ----------------------------------------------------------------------------------
  setup:
    name: 🔧 Setup Configuration
    needs: [load-env]
    permissions:
      contents: read # Read repository content for setup configuration
    uses: ./.github/workflows/fortress-setup-config.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      primary-runner: ${{ needs.load-env.outputs.primary-runner }}
      env-file-count: ${{ needs.load-env.outputs.env-file-count }}
      var-count: ${{ needs.load-env.outputs.var-count }}
    secrets:
      github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
  # ----------------------------------------------------------------------------------
  # Test MAGE-X
  # ----------------------------------------------------------------------------------
  test-magex:
    name: 🪄 Verify & Test MAGE-X
    needs: [load-env, setup]
    permissions:
      contents: read # Read repository content for magex testing
    uses: ./.github/workflows/fortress-test-magex.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
  # ----------------------------------------------------------------------------------
  # Warm Go Caches (FORK-SAFE: No secrets required)
  # ----------------------------------------------------------------------------------
  warm-cache:
    name: 💾 Warm Cache
    needs: [load-env, setup, test-magex]
    if: needs.setup.outputs.cache-warming-enabled == 'true'
    permissions:
      contents: read # Read repository content for cache warming
    uses: ./.github/workflows/fortress-warm-cache.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      warm-cache-matrix: ${{ needs.setup.outputs.warm-cache-matrix }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      go-secondary-version: ${{ needs.setup.outputs.go-secondary-version }}
      redis-enabled: ${{ needs.setup.outputs.redis-enabled }}
      redis-version: ${{ needs.setup.outputs.redis-version }}
      redis-cache-force-pull: ${{ needs.setup.outputs.redis-cache-force-pull }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
  # ----------------------------------------------------------------------------------
  # Security Scans (FORK-UNSAFE: Requires secrets - skipped on fork PRs)
  # ----------------------------------------------------------------------------------
  security:
    name: 🔒 Security Scans
    needs: [load-env, setup, test-magex, warm-cache]
    if: |
      !cancelled() &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped') &&
      needs.setup.outputs.security-scans-enabled == 'true' &&
      needs.setup.outputs.is-fork-pr != 'true'
    permissions:
      contents: read # Read repository content for security scanning
    uses: ./.github/workflows/fortress-security-scans.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      enable-nancy: ${{ needs.setup.outputs.nancy-enabled == 'true' }}
      enable-govulncheck: ${{ needs.setup.outputs.govulncheck-enabled == 'true' }}
      enable-gitleaks: ${{ needs.setup.outputs.gitleaks-enabled == 'true' }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
    secrets:
      github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
      gitleaks-license: ${{ secrets.GITLEAKS_LICENSE }}
      ossi-token: ${{ secrets.OSSI_TOKEN }}
      ossi-username: ${{ secrets.OSSI_USERNAME }}
  # ----------------------------------------------------------------------------------
  # Pre-commit Checks (FORK-SAFE: No secrets required)
  # ----------------------------------------------------------------------------------
  pre-commit:
    name: 🪝 Pre-commit Checks
    needs: [load-env, setup, test-magex, warm-cache]
    if: |
      !cancelled() &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped') &&
      needs.setup.outputs.pre-commit-enabled == 'true'
    permissions:
      contents: read # Read repository content for pre-commit checks
    uses: ./.github/workflows/fortress-pre-commit.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      pre-commit-enabled: ${{ needs.setup.outputs.pre-commit-enabled }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
  # ----------------------------------------------------------------------------------
  # Code Quality Checks (FORK-SAFE: No secrets required)
  # ----------------------------------------------------------------------------------
  code-quality:
    name: 📊 Code Quality
    needs: [load-env, setup, test-magex, warm-cache]
    if: |
      !cancelled() &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped')
    permissions:
      contents: read # Read repository content for code quality checks
    uses: ./.github/workflows/fortress-code-quality.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      go-lint-enabled: ${{ needs.setup.outputs.go-lint-enabled }}
      yaml-lint-enabled: ${{ needs.setup.outputs.yaml-lint-enabled }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      static-analysis-enabled: ${{ needs.setup.outputs.static-analysis-enabled }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
    secrets:
      github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
  # ----------------------------------------------------------------------------------
  # Test Suite (FORK-UNSAFE: Requires CODECOV_TOKEN for coverage - skipped on fork PRs)
  # ----------------------------------------------------------------------------------
  test-suite:
    name: 🧪 Test Suite
    needs: [load-env, setup, test-magex, warm-cache]
    if: |
      !cancelled() &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped') &&
      needs.setup.outputs.is-fork-pr != 'true' &&
      needs.setup.outputs.go-tests-enabled == 'true'
    permissions:
      contents: write # Write repository content and push to gh-pages branch for test execution
      pull-requests: write # Required: Coverage workflow needs to create PR comments
      pages: write # Required: Coverage workflow needs to deploy to GitHub Pages
      id-token: write # Required: Coverage workflow needs GitHub Pages authentication
      statuses: write # Required: Coverage workflow needs to create commit status checks
      actions: read # Required: Coverage workflow needs to access artifacts from workflow runs
    uses: ./.github/workflows/fortress-test-suite.yml
    with:
      code-coverage-enabled: ${{ needs.setup.outputs.code-coverage-enabled }}
      coverage-provider: ${{ needs.setup.outputs.coverage-provider }}
      env-json: ${{ needs.load-env.outputs.env-json }}
      fuzz-testing-enabled: ${{ needs.setup.outputs.fuzz-testing-enabled }}
      go-tests-enabled: ${{ needs.setup.outputs.go-tests-enabled }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      go-secondary-version: ${{ needs.setup.outputs.go-secondary-version }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      race-detection-enabled: ${{ needs.setup.outputs.race-detection-enabled }}
      test-matrix: ${{ needs.setup.outputs.test-matrix }}
      redis-enabled: ${{ needs.setup.outputs.redis-enabled }}
      redis-version: ${{ needs.setup.outputs.redis-version }}
      redis-host: ${{ needs.setup.outputs.redis-host }}
      redis-port: ${{ needs.setup.outputs.redis-port }}
      redis-health-retries: ${{ needs.setup.outputs.redis-health-retries }}
      redis-health-interval: ${{ needs.setup.outputs.redis-health-interval }}
      redis-health-timeout: ${{ needs.setup.outputs.redis-health-timeout }}
      redis-trust-service-health: ${{ needs.setup.outputs.redis-trust-service-health }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
    secrets:
      github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
  # ----------------------------------------------------------------------------------
  # Benchmark Suite (FORK-SAFE: No secrets required)
  # ----------------------------------------------------------------------------------
  benchmarks:
    name: 🏃 Benchmarks
    needs: [load-env, setup, test-magex, warm-cache]
    if: |
      !cancelled() &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped') &&
      needs.setup.outputs.benchmarks-enabled == 'true'
    permissions:
      contents: read # Read repository content for benchmarking
    uses: ./.github/workflows/fortress-benchmarks.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      benchmark-matrix: ${{ needs.setup.outputs.benchmark-matrix }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      go-secondary-version: ${{ needs.setup.outputs.go-secondary-version }}
      benchmark-timeout: 30
      redis-enabled: ${{ needs.setup.outputs.redis-enabled }}
      redis-version: ${{ needs.setup.outputs.redis-version }}
      redis-host: ${{ needs.setup.outputs.redis-host }}
      redis-port: ${{ needs.setup.outputs.redis-port }}
      redis-health-retries: ${{ needs.setup.outputs.redis-health-retries }}
      redis-health-interval: ${{ needs.setup.outputs.redis-health-interval }}
      redis-health-timeout: ${{ needs.setup.outputs.redis-health-timeout }}
      redis-trust-service-health: ${{ needs.setup.outputs.redis-trust-service-health }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
    secrets:
      github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
  # ----------------------------------------------------------------------------------
  # Final Status Check
  # ----------------------------------------------------------------------------------
  status-check:
    name: 🎯 All Tests Passed
    if: ${{ always() }}
    needs: [setup, test-magex, warm-cache, security, code-quality, pre-commit, test-suite, benchmarks]
    permissions:
      contents: read # Read repository content for status checking
    runs-on: ${{ needs.setup.outputs.primary-runner }}
    steps:
      # --------------------------------------------------------------------
      # Build results summary showing job statuses
      # --------------------------------------------------------------------
      - name: 📊 Build results summary
        env:
          SETUP_RESULT: ${{ needs.setup.result }}
          MAGEX_RESULT: ${{ needs.test-magex.result }}
          CACHE_RESULT: ${{ needs.warm-cache.result }}
          SECURITY_RESULT: ${{ needs.security.result }}
          QUALITY_RESULT: ${{ needs.code-quality.result }}
          PRECOMMIT_RESULT: ${{ needs.pre-commit.result }}
          TESTS_RESULT: ${{ needs.test-suite.result }}
          BENCH_RESULT: ${{ needs.benchmarks.result }}
          CACHE_ENABLED: ${{ needs.setup.outputs.cache-warming-enabled }}
          PRECOMMIT_ENABLED: ${{ needs.setup.outputs.pre-commit-enabled }}
          TESTS_ENABLED: ${{ needs.setup.outputs.go-tests-enabled }}
        run: |
          {
            echo "## 🚦 Workflow Results"
            echo ""
            echo "| Component | Result | Status |"
            echo "|-----------|--------|--------|"

            # Helper function to determine result display
            get_result_display() {
              local result="$1"

              if [[ "$result" == "failure" ]]; then
                echo "❌ **FAILED**"
              elif [[ "$result" == "cancelled" ]]; then
                echo "⏹️ cancelled"
              elif [[ "$result" == "skipped" ]]; then
                echo "⏭️ skipped"
              elif [[ "$result" == "success" ]]; then
                echo "✅ success"
              else
                echo "$result"
              fi
            }

            # Setup
            SETUP_DISPLAY=$(get_result_display "$SETUP_RESULT")
            echo "| 🎯 Setup | $SETUP_DISPLAY | Required |"

            # MAGE-X
            MAGEX_DISPLAY=$(get_result_display "$MAGEX_RESULT")
            echo "| 🪄 MAGE-X | $MAGEX_DISPLAY | Required |"

            # Warm Cache
            CACHE_REQ="Disabled"
            [[ "$CACHE_ENABLED" == "true" ]] && CACHE_REQ="Required"
            CACHE_DISPLAY=$(get_result_display "$CACHE_RESULT")
            echo "| 💾 Warm Cache | $CACHE_DISPLAY | $CACHE_REQ |"

            # Security
            SECURITY_DISPLAY=$(get_result_display "$SECURITY_RESULT")
            echo "| 🔒 Security | $SECURITY_DISPLAY | Required |"

            # Code Quality
            QUALITY_DISPLAY=$(get_result_display "$QUALITY_RESULT")
            echo "| 📊 Code Quality | $QUALITY_DISPLAY | Required |"

            # Pre-commit
            PRECOMMIT_REQ="Skipped"
            [[ "$PRECOMMIT_ENABLED" == "true" ]] && PRECOMMIT_REQ="Required"
            PRECOMMIT_DISPLAY=$(get_result_display "$PRECOMMIT_RESULT")
            echo "| 🪝 Pre-commit | $PRECOMMIT_DISPLAY | $PRECOMMIT_REQ |"

            # Test Suite
            TESTS_REQ="Skipped"
            [[ "$TESTS_ENABLED" == "true" ]] && TESTS_REQ="Required"
            TESTS_DISPLAY=$(get_result_display "$TESTS_RESULT")
            echo "| 🧪 Test Suite | $TESTS_DISPLAY | $TESTS_REQ |"

            # Benchmarks (always optional)
            BENCH_DISPLAY=$(get_result_display "$BENCH_RESULT")
            echo "| 🏃 Benchmarks | $BENCH_DISPLAY | Optional ⚠️ |"

            echo ""

            # Add explanatory note if benchmarks failed
            if [[ "$BENCH_RESULT" == "failure" ]]; then
              echo "⚠️ **Note**: Benchmarks failed but are currently non-blocking."
            fi
          } >> "$GITHUB_STEP_SUMMARY"

      # --------------------------------------------------------------------
      # Fail the workflow *only* when a dependency actually failed/canceled
      # - 'skipped' is OK (e.g. feature flag off)
      # - Benchmarks are currently optional (can fail without blocking)
      # --------------------------------------------------------------------
      - name: ❌ Fail if any required job errored
        if: ${{ always() }}
        run: |
          FAILED=false

          # Check required jobs (these must pass)
          if [[ "${{ needs.setup.result }}" == "failure" || "${{ needs.setup.result }}" == "cancelled" ]]; then
            echo "❌ Setup failed or was cancelled" >&2
            FAILED=true
          fi

          if [[ "${{ needs.test-magex.result }}" == "failure" || "${{ needs.test-magex.result }}" == "cancelled" ]]; then
            echo "❌ Test MAGE-X failed or was cancelled" >&2
            FAILED=true
          fi

          # Only check warm-cache if it was enabled
          if [[ "${{ needs.setup.outputs.cache-warming-enabled }}" == "true" ]]; then
            if [[ "${{ needs.warm-cache.result }}" == "failure" || "${{ needs.warm-cache.result }}" == "cancelled" ]]; then
              echo "❌ Warm cache failed or was cancelled" >&2
              FAILED=true
            fi
          fi

          if [[ "${{ needs.security.result }}" == "failure" || "${{ needs.security.result }}" == "cancelled" ]]; then
            echo "❌ Security scans failed or were cancelled" >&2
            FAILED=true
          fi

          if [[ "${{ needs.code-quality.result }}" == "failure" || "${{ needs.code-quality.result }}" == "cancelled" ]]; then
            echo "❌ Code quality checks failed or were cancelled" >&2
            FAILED=true
          fi

          if [[ "${{ needs.pre-commit.result }}" == "failure" || "${{ needs.pre-commit.result }}" == "cancelled" ]]; then
            echo "❌ Pre-commit checks failed or were cancelled" >&2
            FAILED=true
          fi

          # Only check test-suite if it was enabled
          if [[ "${{ needs.setup.outputs.go-tests-enabled }}" == "true" ]]; then
            if [[ "${{ needs.test-suite.result }}" == "failure" || "${{ needs.test-suite.result }}" == "cancelled" ]]; then
              echo "❌ Test suite failed or was cancelled" >&2
              FAILED=true
            fi
          fi

          # Check benchmarks (currently optional - just warn if they fail)
          if [[ "${{ needs.benchmarks.result }}" == "failure" ]]; then
            echo "⚠️  Benchmarks failed (non-blocking)" >&2
          fi

          if [[ "$FAILED" == "true" ]]; then
            echo "❌ One or more required jobs failed – see details above." >&2
            exit 1
          fi

      # --------------------------------------------------------------------
      # Succeed if all required jobs passed or were skipped
      # --------------------------------------------------------------------
      - name: ✅ Mark workflow success
        if: ${{ !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
        run: |
          echo "🎉 All required checks passed (skipped jobs are considered OK)."

  # ----------------------------------------------------------------------------------
  # Release Version (FORK-UNSAFE: PRs never trigger this, but extra fork safety included)
  # ----------------------------------------------------------------------------------
  release:
    name: 🚀 Release Version
    needs: [load-env, setup, test-magex, test-suite, security, code-quality, pre-commit]
    # Only run on successful tag pushes from same repository (not forks)
    # Allow release even if test-suite was skipped (when ENABLE_GO_TESTS=false)
    if: |
      !cancelled() &&
      startsWith(github.ref, 'refs/tags/v') &&
      needs.setup.outputs.is-fork-pr != 'true' &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      (needs.test-suite.result == 'success' || needs.test-suite.result == 'skipped') &&
      needs.security.result == 'success' &&
      needs.code-quality.result == 'success' &&
      needs.pre-commit.result == 'success'
    uses: ./.github/workflows/fortress-release.yml
    with:
      env-json: ${{ needs.load-env.outputs.env-json }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
      golangci-lint-version: ${{ needs.code-quality.outputs.golangci-lint-version }}
      go-sum-file: ${{ needs.setup.outputs.go-sum-file }}
    secrets:
      github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
      slack-webhook: ${{ secrets.SLACK_WEBHOOK || '' }}
    permissions:
      contents: write # Required: goreleaser needs to create GitHub releases
  # ----------------------------------------------------------------------------------
  # Workflow Completion Report
  # ----------------------------------------------------------------------------------
  completion-report:
    name: 📊 Workflow Completion Report
    if: |
      always() &&
      needs.load-env.result == 'success' &&
      needs.setup.result == 'success' &&
      needs.test-magex.result == 'success' &&
      needs.setup.outputs.completion-report-enabled == 'true'
    needs: [load-env, setup, test-magex, pre-commit, security, code-quality, test-suite, benchmarks, release, status-check]
    permissions:
      contents: read # Read repository content for completion report
      actions: read # Required for artifact downloads
    uses: ./.github/workflows/fortress-completion-report.yml
    with:
      benchmarks-result: ${{ needs.benchmarks.result }}
      code-quality-result: ${{ needs.code-quality.result }}
      pre-commit-result: ${{ needs.pre-commit.result }}
      env-json: ${{ needs.load-env.outputs.env-json }}
      primary-runner: ${{ needs.setup.outputs.primary-runner }}
      release-result: ${{ needs.release.result }}
      security-result: ${{ needs.security.result }}
      setup-result: ${{ needs.setup.result }}
      start-epoch: ${{ needs.setup.outputs.start-epoch }}
      start-time: ${{ needs.setup.outputs.start-time }}
      status-check-result: ${{ needs.status-check.result }}
      test-magex-result: ${{ needs.test-magex.result }}
      test-matrix: ${{ needs.setup.outputs.test-matrix }}
      test-suite-result: ${{ needs.test-suite.result }}
      gofortress-version: ${{ needs.setup.outputs.gofortress-version }}
      gofortress-released: ${{ needs.setup.outputs.gofortress-released }}
      is-fork-pr: ${{ needs.setup.outputs.is-fork-pr }}
      fork-security-mode: ${{ needs.setup.outputs.fork-security-mode }}