[Sync] Update project files from source repository (442e9c8)

.github/.env.base

@@ -39,7 +39,7 @@ GO_SECONDARY_VERSION=1.24.x
 # Govulncheck-specific Go version for vulnerability scanning
 # Uses newer Go version for accurate standard library vulnerability detection
 # Override this in .env.custom if needed for compatibility
-GOVULNCHECK_GO_VERSION=1.25.x
+GOVULNCHECK_GO_VERSION=1.25.5
 
 # ================================================================================================
 # 📦 GO MODULE CONFIGURATION
@@ -108,6 +108,9 @@ ENABLE_SECURITY_SCAN_NANCY=true        # Dependency vulnerability checks
 # Documentation & Publishing
 ENABLE_GODOCS_PUBLISHING=true          # Publish to pkg.go.dev on tag/releases
 
+# Workflow Reporting
+ENABLE_COMPLETION_REPORT=true          # Generate workflow completion report (adds 2-4 min)
+
 # ================================================================================================
 # 📦 ARTIFACT DOWNLOAD CONFIGURATION
 # ================================================================================================
@@ -241,15 +244,15 @@ REDIS_CACHE_FORCE_PULL=false           # Force pull Redis images even when cache
 # 🪄 MAGE-X CONFIGURATION
 # ================================================================================================
 
-MAGE_X_VERSION=v1.8.7                                         # https://github.com/mrz1836/mage-x/releases
+MAGE_X_VERSION=v1.8.9                                         # https://github.com/mrz1836/mage-x/releases
 MAGE_X_USE_LOCAL=false                                        # Use local version for development
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true                          # Enable auto-discovery of build tags
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS_EXCLUDE=race,custom           # Comma-separated list of tags to exclude
 MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea    # Format exclusion paths (comma-separated directories to exclude from formatting)
-MAGE_X_GITLEAKS_VERSION=8.29.1                                # https://github.com/gitleaks/gitleaks/releases
+MAGE_X_GITLEAKS_VERSION=8.30.0                                # https://github.com/gitleaks/gitleaks/releases
 MAGE_X_GOFUMPT_VERSION=v0.9.2                                 # https://github.com/mvdan/gofumpt/releases
 MAGE_X_GOLANGCI_LINT_VERSION=v2.6.2                           # https://github.com/golangci/golangci-lint/releases
-MAGE_X_GORELEASER_VERSION=v2.12.7                             # https://github.com/goreleaser/goreleaser/releases
+MAGE_X_GORELEASER_VERSION=v2.13.0                             # https://github.com/goreleaser/goreleaser/releases
 MAGE_X_GOVULNCHECK_VERSION=v1.1.4                             # https://go.googlesource.com/vuln/+refs
 MAGE_X_GO_SECONDARY_VERSION=1.24.x                            # Secondary Go version for MAGE-X (also our secondary)
 MAGE_X_GO_VERSION=1.24.x                                      # Primary Go version for MAGE-X (also our primary)
@@ -281,7 +284,7 @@ MAGE_X_YAMLFMT_VERSION=v0.20.0                                # https://github.c
 # MAGE_X_DOWNLOAD_TIMEOUT=5000
 # MAGE_X_DOWNLOAD_USER_AGENT=MAGE-X-Agent
 # MAGE_X_PARALLEL=3
-# MAGE_X_TEST_EXCLUDE_MODULES=magefiles               # Comma-separated module names to exclude from tests/coverage (default: magefiles)
+# MAGE_X_TEST_EXCLUDE_MODULES=module1,module2               
 # MAGE_X_TEST_RACE=false
 # MAGE_X_VERBOSE=true
 
@@ -304,7 +307,7 @@ NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142
 # Github Secret(s): OSSI_USERNAME and OSSI_TOKEN
 
 # Security Tools
-GITLEAKS_VERSION=8.29.1                # https://github.com/gitleaks/gitleaks/releases
+GITLEAKS_VERSION=8.30.0                # https://github.com/gitleaks/gitleaks/releases
 GOVULNCHECK_VERSION=v1.1.4             # https://pkg.go.dev/golang.org/x/vuln
 NANCY_VERSION=v1.0.52                  # https://github.com/sonatype-nexus-community/nancy/releases
 
@@ -336,7 +339,7 @@ GO_PRE_COMMIT_ALL_FILES=true
 GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.6.2     # https://github.com/golangci/golangci-lint/releases
 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.2             # https://github.com/mvdan/gofumpt/releases
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest         # https://github.com/golang/tools
-GO_PRE_COMMIT_GITLEAKS_VERSION=v8.29.1         # https://github.com/gitleaks/gitleaks/releases
+GO_PRE_COMMIT_GITLEAKS_VERSION=v8.30.0         # https://github.com/gitleaks/gitleaks/releases
 
 # Build tags for golangci-lint and other tools
 GO_PRE_COMMIT_BUILD_TAGS=

.github/workflows/auto-merge-on-approval.yml

@@ -65,7 +65,7 @@ jobs:
       # Check out code to access env file
       # --------------------------------------------------------------------
       - name: 📥 Checkout code (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/.env.base

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/dependabot-auto-merge.yml

@@ -62,7 +62,7 @@ jobs:
       # Check out code to access env file
       # --------------------------------------------------------------------
       - name: 📥 Checkout code (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/.env.base

.github/workflows/fortress-benchmarks.yml

@@ -128,7 +128,7 @@ jobs:
       # Checkout code and set up Go environment
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Setup Go with caching and version management

.github/workflows/fortress-code-quality.yml

@@ -70,7 +70,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables
@@ -217,7 +217,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables
@@ -437,7 +437,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-completion-finalize.yml

@@ -60,7 +60,7 @@ jobs:
       # Checkout repository for local actions
       # --------------------------------------------------------------------
       - name: 📥 Checkout Repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse inputs and setup

.github/workflows/fortress-completion-report.yml

@@ -116,7 +116,7 @@ jobs:
       # Checkout repository for local actions
       # --------------------------------------------------------------------
       - name: 📥 Checkout Repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-completion-statistics.yml

@@ -64,7 +64,7 @@ jobs:
       # Checkout repository for local actions
       # --------------------------------------------------------------------
       - name: 📥 Checkout Repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-completion-tests.yml

@@ -60,7 +60,7 @@ jobs:
       # Checkout repository for local actions
       # --------------------------------------------------------------------
       - name: 📥 Checkout Repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-coverage.yml

@@ -158,7 +158,7 @@ jobs:
           echo "✅ Branch helper functions created"
 
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0 # Fetch all history including tags for version display
 
@@ -2356,7 +2356,7 @@ jobs:
           done
 
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 2 # Need history for codecov to detect changes
 

.github/workflows/fortress-pre-commit.yml

@@ -61,7 +61,7 @@ jobs:
       # Checkout code (full checkout to ensure local actions are available)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0 # Fetch full history to enable file change detection for all commit ranges
 

.github/workflows/fortress-release.yml

@@ -62,7 +62,7 @@ jobs:
       # Checkout code and set up Go environment
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0 # Required for changelog generation
           token: ${{ secrets.github-token }}

.github/workflows/fortress-security-scans.yml

@@ -75,7 +75,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables
@@ -197,7 +197,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables
@@ -355,7 +355,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0 # Fetch all history so Gitleaks can scan commits
 

.github/workflows/fortress-setup-config.yml

@@ -176,6 +176,9 @@ on:
       fork-security-mode:
         description: "Security mode for fork PRs (safe/unsafe)"
         value: ${{ jobs.setup-config.outputs.fork-security-mode }}
+      completion-report-enabled:
+        description: "Whether workflow completion report is enabled"
+        value: ${{ jobs.setup-config.outputs.completion-report-enabled }}
 # Security: Restrictive default permissions with job-level overrides for least privilege access
 permissions:
   contents: read
@@ -229,6 +232,7 @@ jobs:
       redis-service-mode: ${{ steps.redis-config.outputs.redis-service-mode }}
       is-fork-pr: ${{ steps.fork-detection.outputs.is-fork-pr }}
       fork-security-mode: ${{ steps.fork-detection.outputs.fork-security-mode }}
+      completion-report-enabled: ${{ steps.config.outputs.completion-report-enabled }}
     steps:
       # --------------------------------------------------------------------
       # Start timer to record workflow start time
@@ -301,7 +305,7 @@ jobs:
       # Checkout code (sparse checkout)
       # --------------------------------------------------------------------
       - name: 📥 Checkout (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .mage.yaml
@@ -530,6 +534,7 @@ jobs:
           echo "fuzz-testing-enabled=${{ env.ENABLE_FUZZ_TESTING }}" >> $GITHUB_OUTPUT
           echo "go-tests-enabled=${{ env.ENABLE_GO_TESTS }}" >> $GITHUB_OUTPUT
           echo "pre-commit-enabled=${{ env.ENABLE_GO_PRE_COMMIT }}" >> $GITHUB_OUTPUT
+          echo "completion-report-enabled=${{ env.ENABLE_COMPLETION_REPORT }}" >> $GITHUB_OUTPUT
 
           # Detect if this is a release run
           if [[ "${{ github.ref }}" == refs/tags/v* ]]; then

.github/workflows/fortress-test-fuzz.yml

@@ -66,7 +66,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-test-magex.yml

@@ -52,14 +52,14 @@ jobs:
       # Full checkout when using local build (needs cmd/magex directory)
       - name: 📥 Checkout (full - local build)
         if: env.MAGE_X_USE_LOCAL == 'true'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
       # Sparse checkout when using remote build (optimization)
       - name: 📥 Checkout (sparse - remote build)
         if: env.MAGE_X_USE_LOCAL == 'false'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0 # Required for sparse checkout
           sparse-checkout: |

.github/workflows/fortress-test-matrix.yml

@@ -125,7 +125,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-test-validation.yml

@@ -55,7 +55,7 @@ jobs:
       # Checkout code (required for local actions)
       # --------------------------------------------------------------------
       - name: 📥 Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # --------------------------------------------------------------------
       # Parse environment variables

.github/workflows/fortress-warm-cache.yml

@@ -106,13 +106,13 @@ jobs:
       # --------------------------------------------------------------------
       - name: 📥 Checkout code (full - multi-module)
         if: steps.extract.outputs.enable_multi_module == 'true'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
       - name: 📥 Checkout code (sparse - single module)
         if: steps.extract.outputs.enable_multi_module != 'true'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           sparse-checkout: |

.github/workflows/fortress.yml

@@ -92,7 +92,7 @@ jobs:
       # Check out code to access env file
       # --------------------------------------------------------------------
       - name: 📥 Checkout code (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/.env.base
@@ -439,7 +439,11 @@ jobs:
   # ----------------------------------------------------------------------------------
   completion-report:
     name: 📊 Workflow Completion Report
-    if: always() && !contains(fromJSON('["failure", "cancelled"]'), needs.setup.result) && !contains(fromJSON('["failure", "cancelled"]'), needs.test-magex.result)
+    if: |
+      always() &&
+      needs.setup.outputs.completion-report-enabled == 'true' &&
+      !contains(fromJSON('["failure", "cancelled"]'), needs.setup.result) &&
+      !contains(fromJSON('["failure", "cancelled"]'), needs.test-magex.result)
     needs: [load-env, setup, test-magex, pre-commit, security, code-quality, test-suite, benchmarks, release, status-check]
     permissions:
       contents: read # Read repository content for completion report

.github/workflows/pull-request-management-fork.yml

@@ -141,7 +141,7 @@ jobs:
       # codeql:ignore GH001
       # checkov:skip=CKV_GHA_3:Base branch checkout is intentional and safe
       - name: 📥 Checkout base repo (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
           # 🔒 CRITICAL SECURITY CONTROL: Base Branch Checkout Only

.github/workflows/pull-request-management.yml

@@ -68,7 +68,7 @@ jobs:
       # Check out code to access env file
       # --------------------------------------------------------------------
       - name: 📥 Checkout code (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/.env.base

.github/workflows/scorecard.yml

@@ -39,7 +39,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 

.github/workflows/stale-check.yml

@@ -52,7 +52,7 @@ jobs:
       # Check out code to access env file
       # --------------------------------------------------------------------
       - name: 📥 Checkout code (sparse)
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/.env.base