sync: update 42 files from source repository

Author: mrz1836

.github/.env.base

@@ -12,9 +12,13 @@
 #
 # Tools:
 #  - GoFortress
+#  - go-sanitize
 #  - go-coverage
 #  - go-pre-commit
-#  - GitHub Workflows
+#  - MAGE-X
+#  - Gitleaks, Nancy, Govulncheck
+#  - GitHub Workflows (Dependabot, Stale, Sync Labels, Auto-Merge, PR Management)
+#  - Redis Service (optional)
 #
 #  Maintainer: @mrz1836
 #
@@ -32,6 +36,15 @@ GO_PRIMARY_VERSION=1.24.x
 # Set to same as primary to test with single version only
 GO_SECONDARY_VERSION=1.24.x
 
+# ================================================================================================
+# 📦 GO MODULE CONFIGURATION
+# ================================================================================================
+
+# Go sum file location for dependency verification and caching
+# Default: go.sum (standard location in repository root)
+# Custom examples: lib/go.sum, backend/go.sum, services/api/go.sum
+GO_SUM_FILE=go.sum
+
 # ================================================================================================
 # 🖥️ RUNNER CONFIGURATION
 # ================================================================================================
@@ -80,25 +93,17 @@ ENABLE_SECURITY_SCAN_NANCY=true        # Dependency vulnerability checks
 ENABLE_GODOCS_PUBLISHING=true          # Publish to pkg.go.dev on tag/releases
 
 # ================================================================================================
-# ⚙️ TEST CONFIGURATION
+# 📦 ARTIFACT DOWNLOAD CONFIGURATION
 # ================================================================================================
 
-# Test Output Configuration
-TEST_OUTPUT_MODE=SMART                 # Options: FULL, FAILURES_ONLY, SMART
-TEST_OUTPUT_SMART_THRESHOLD=500        # Switch to failure-only mode above this test count
-TEST_FAILURE_DETAIL_COUNT=50           # How many failures to show with full details
-TEST_FAILURE_ANNOTATION_COUNT=10       # GitHub annotations (hard limit is 50)
-TEST_OUTPUT_COMPRESS_ARTIFACTS=true    # Gzip large outputs
-TEST_OUTPUT_ARTIFACT_RETENTION_DAYS=7  # Keep test artifacts for debugging
-
-# Test Execution Timeouts
-TEST_TIMEOUT=30m                       # Go test timeout for standard tests
-TEST_TIMEOUT_RACE_COVER=30m            # Timeout for tests with race+coverage (most intensive)
-TEST_TIMEOUT_UNIT=20m                  # Timeout for unit tests only
-TEST_TIMEOUT_FUZZ=5m                   # Timeout for fuzz tests
+# Artifact Download Resilience Settings
+ARTIFACT_DOWNLOAD_RETRIES=3                 # Number of retry attempts for failed downloads
+ARTIFACT_DOWNLOAD_RETRY_DELAY=10            # Initial retry delay in seconds (uses exponential backoff)
+ARTIFACT_DOWNLOAD_TIMEOUT=300               # Download timeout in seconds (5 minutes)
+ARTIFACT_DOWNLOAD_CONTINUE_ON_ERROR=false   # Continue workflow execution even if artifact download fails
 
 # ================================================================================================
-# 🏃 BENCHMARK CONFIGURATION
+# ⚙️ BENCHMARK & TEST CONFIGURATION
 # ================================================================================================
 
 # Benchmark execution timeout in minutes
@@ -107,15 +112,20 @@ BENCHMARK_TIMEOUT=20    # Minutes
 # Benchmark mode
 BENCHMARK_MODE=quick    # Options: quick, full, normal
 
+# Test Execution Timeouts
+TEST_TIMEOUT=30m                       # Go test timeout for standard tests
+TEST_TIMEOUT_RACE_COVER=30m            # Timeout for tests with race+coverage (most intensive)
+TEST_TIMEOUT_UNIT=20m                  # Timeout for unit tests only
+TEST_TIMEOUT_FUZZ=5m                   # Timeout for fuzz tests
+
 # ================================================================================================
-# 📦 ARTIFACT DOWNLOAD CONFIGURATION
+# 📡 GO-BROADCAST CONFIGURATION (go-sanitize)
 # ================================================================================================
 
-# Artifact Download Resilience Settings
-ARTIFACT_DOWNLOAD_RETRIES=3                 # Number of retry attempts for failed downloads
-ARTIFACT_DOWNLOAD_RETRY_DELAY=10            # Initial retry delay in seconds (uses exponential backoff)
-ARTIFACT_DOWNLOAD_TIMEOUT=300               # Download timeout in seconds (5 minutes)
-ARTIFACT_DOWNLOAD_CONTINUE_ON_ERROR=false   # Continue workflow execution even if artifact download fails
+# Automerge Labels Configuration
+# When using --automerge flag, these labels will be added to created PRs
+# Comma-separated list of labels to apply for automatic merging
+GO_BROADCAST_AUTOMERGE_LABELS=automerge
 
 # ================================================================================================
 # 📊 COVERAGE SYSTEM CONFIGURATION (go-coverage)
@@ -211,25 +221,16 @@ REDIS_HEALTH_CHECK_TIMEOUT=5           # Health check timeout in seconds
 # Redis Cache Configuration
 REDIS_CACHE_FORCE_PULL=false           # Force pull Redis images even when cached (true/false)
 
-# ================================================================================================
-# 🔧 TOOL VERSIONS
-# ================================================================================================
-
-# Security Tools
-GITLEAKS_VERSION=8.28.0                # https://github.com/gitleaks/gitleaks/releases
-GOVULNCHECK_VERSION=v1.1.4             # https://pkg.go.dev/golang.org/x/vuln
-NANCY_VERSION=v1.0.51                  # https://github.com/sonatype-nexus-community/nancy/releases
-
 # ================================================================================================
 # 🪄 MAGE-X CONFIGURATION
 # ================================================================================================
 
-MAGE_X_VERSION=v1.6.1                                         # https://github.com/mrz1836/mage-x/releases
+MAGE_X_VERSION=v1.7.0                                         # https://github.com/mrz1836/mage-x/releases
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true                          # Enable auto-discovery of build tags
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS_EXCLUDE=race,custom           # Comma-separated list of tags to exclude
 MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea    # Format exclusion paths (comma-separated directories to exclude from formatting)
 MAGE_X_GITLEAKS_VERSION=8.28.0                                # https://github.com/gitleaks/gitleaks/releases
-MAGE_X_GOFUMPT_VERSION=v0.8.0                                 # https://github.com/mvdan/gofumpt/releases
+MAGE_X_GOFUMPT_VERSION=v0.9.1                                 # https://github.com/mvdan/gofumpt/releases
 MAGE_X_GOLANGCI_LINT_VERSION=v2.4.0                           # https://github.com/golangci/golangci-lint/releases
 MAGE_X_GORELEASER_VERSION=v2.12.0                             # https://github.com/goreleaser/goreleaser/releases
 MAGE_X_GOVULNCHECK_VERSION=v1.1.4                             # https://pkg.go.dev/golang.org/x/vuln
@@ -246,7 +247,7 @@ MAGE_X_YAMLFMT_VERSION=v0.17.2                                # https://github.c
 # MAGE_X_GORELEASER_INSTALLED - Set to 'true' when goreleaser is available
 # MAGE_X_GORELEASER_CACHED_VERSION - Version of installed goreleaser
 
-# Optional Overrides (uncomment to override defaults)
+# Optional Overrides (use .env.custom to override these defaults)
 # MAGE_X_BINARY_NAME=magex
 # MAGE_X_BUILD_TAGS=mage
 # MAGE_X_DOWNLOAD_BACKOFF=2.0
@@ -261,7 +262,7 @@ MAGE_X_YAMLFMT_VERSION=v0.17.2                                # https://github.c
 # MAGE_X_VERBOSE=true
 
 # ================================================================================================
-# 🔒 SECURITY CONFIGURATION
+# 🔒 SECURITY CONFIGURATION & TOOLS
 # ================================================================================================
 
 # Gitleaks Configuration
@@ -273,12 +274,17 @@ GITLEAKS_CONFIG_FILE=
 # Nancy CVE Exclusions (known acceptable vulnerabilities)
 NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142
 
+# Security Tools
+GITLEAKS_VERSION=8.28.0                # https://github.com/gitleaks/gitleaks/releases
+GOVULNCHECK_VERSION=v1.1.4             # https://pkg.go.dev/golang.org/x/vuln
+NANCY_VERSION=v1.0.51                  # https://github.com/sonatype-nexus-community/nancy/releases
+
 # ================================================================================================
 # 🪝 PRE-COMMIT SYSTEM CONFIGURATION (go-pre-commit)
 # ================================================================================================
 
 # Pre-Commit System
-GO_PRE_COMMIT_VERSION=v1.2.0             # https://github.com/mrz1836/go-pre-commit
+GO_PRE_COMMIT_VERSION=v1.2.3             # https://github.com/mrz1836/go-pre-commit
 GO_PRE_COMMIT_USE_LOCAL=false            # Use local version for development
 
 # System Settings
@@ -298,7 +304,7 @@ GO_PRE_COMMIT_ALL_FILES=true
 
 # Tool Versions
 GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.4.0     # https://github.com/golangci/golangci-lint
-GO_PRE_COMMIT_FUMPT_VERSION=v0.8.0             # https://github.com/mvdan/gofumpt
+GO_PRE_COMMIT_FUMPT_VERSION=v0.9.1             # https://github.com/mvdan/gofumpt
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest         # https://github.com/golang/tools
 
 # Build Configuration
@@ -383,10 +389,10 @@ AUTO_MERGE_ALLOWED_MERGE_TYPES=squash
 AUTO_MERGE_DELETE_BRANCH=true
 AUTO_MERGE_SKIP_DRAFT=true
 AUTO_MERGE_SKIP_WIP=true
-AUTO_MERGE_WIP_LABELS=work-in-progress,wip,do-not-merge
+AUTO_MERGE_WIP_LABELS=work-in-progress,wip,do-not-merge,requires-manual-review,security
 AUTO_MERGE_COMMENT_ON_ENABLE=true
 AUTO_MERGE_COMMENT_ON_DISABLE=true
-AUTO_MERGE_LABELS_TO_ADD=auto-merge-enabled
+AUTO_MERGE_LABELS_TO_ADD=automerge-enabled
 AUTO_MERGE_SKIP_BOT_PRS=true
 
 # ================================================================================================
@@ -400,7 +406,7 @@ PR_MANAGEMENT_APPLY_SIZE_LABELS=true
 PR_MANAGEMENT_APPLY_TYPE_LABELS=true
 PR_MANAGEMENT_CLEAN_CACHE_ON_CLOSE=true
 PR_MANAGEMENT_DELETE_BRANCH_ON_MERGE=true
-PR_MANAGEMENT_PROTECTED_BRANCHES=master,main,development
+PR_MANAGEMENT_PROTECTED_BRANCHES=master,main,development,production
 
 # PR Size Thresholds
 PR_MANAGEMENT_SIZE_XS_THRESHOLD=10

.github/actions/cache-redis-image/action.yml

@@ -63,9 +63,9 @@ outputs:
 runs:
   using: "composite"
   steps:
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Initialize operation tracking
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: ⏱️ Initialize operation tracking
       id: operation-start
       shell: bash
@@ -80,9 +80,9 @@ runs:
         echo "   • Force Pull: ${{ inputs.force-pull }}"
         echo ""
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Configure cache settings and keys
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 🔧 Configure cache settings
       id: cache-config
       shell: bash
@@ -120,9 +120,9 @@ runs:
         echo "cache-path=$CACHE_PATH" >> $GITHUB_OUTPUT
         echo "normalized-version=$NORMALIZED_VERSION" >> $GITHUB_OUTPUT
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Restore Redis image from cache
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 💾 Restore Redis image from cache
       if: contains(inputs.cache-mode, 'restore')
       id: restore-redis-image
@@ -131,9 +131,9 @@ runs:
         path: ${{ steps.cache-config.outputs.cache-path }}
         key: ${{ steps.cache-config.outputs.cache-key }}
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Load cached Redis image into Docker
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 📦 Load cached Redis image
       if: contains(inputs.cache-mode, 'restore') && steps.restore-redis-image.outputs.cache-hit == 'true' && inputs.force-pull != 'true'
       id: load-cached-image
@@ -160,9 +160,9 @@ runs:
           exit 1
         fi
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Pull Redis image if not cached or force-pull enabled
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 📥 Pull Redis image from Docker Hub
       if: (contains(inputs.cache-mode, 'restore') && steps.restore-redis-image.outputs.cache-hit != 'true') || inputs.force-pull == 'true'
       id: pull-redis-image
@@ -183,9 +183,9 @@ runs:
           exit 1
         fi
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Save Redis image to cache
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 💾 Save Redis image to cache
       if: contains(inputs.cache-mode, 'save') && (steps.pull-redis-image.outputs.image-pulled == 'true' || inputs.force-pull == 'true')
       id: save-redis-image
@@ -217,19 +217,19 @@ runs:
           exit 1
         fi
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Save cache using actions/cache (only if cache wasn't already hit)
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 🗄️ Save Redis image cache
       if: contains(inputs.cache-mode, 'save') && steps.save-redis-image.outputs.image-saved == 'true' && steps.restore-redis-image.outputs.cache-hit != 'true'
       uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
       with:
         path: ${{ steps.cache-config.outputs.cache-path }}
         key: ${{ steps.cache-config.outputs.cache-key }}
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Verify Redis image availability
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 🔍 Verify Redis image availability
       id: image-verification
       shell: bash
@@ -247,9 +247,9 @@ runs:
           exit 1
         fi
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Gather image information and metrics
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 📊 Gather image information
       id: image-info
       shell: bash
@@ -276,9 +276,9 @@ runs:
         echo "image-id=$IMAGE_ID" >> $GITHUB_OUTPUT
         echo "image-created=$IMAGE_CREATED" >> $GITHUB_OUTPUT
 
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Operation summary and timing
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: ✅ Operation summary
       id: operation-summary
       shell: bash

.github/actions/collect-cache-stats/action.yml

@@ -90,9 +90,9 @@ outputs:
 runs:
   using: "composite"
   steps:
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Collect cache statistics with size calculation
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 📊 Collect cache statistics
       id: collect
       shell: bash

.github/actions/configure-redis/action.yml

@@ -70,9 +70,9 @@ outputs:
 runs:
   using: "composite"
   steps:
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     # Extract and configure Redis settings
-    # ————————————————————————————————————————————————————————————————
+    # --------------------------------------------------------------------
     - name: 🗄️ Configure Redis Settings
       id: redis-config
       shell: bash