sync: update 8 files from source repository (#61)

Author: mrz1836

.github/.env.base

@@ -232,12 +232,12 @@ REDIS_CACHE_FORCE_PULL=false           # Force pull Redis images even when cache
 # 🪄 MAGE-X CONFIGURATION
 # ================================================================================================
 
-MAGE_X_VERSION=v1.7.15                                        # https://github.com/mrz1836/mage-x/releases
+MAGE_X_VERSION=v1.7.16                                        # https://github.com/mrz1836/mage-x/releases
 MAGE_X_USE_LOCAL=false                                        # Use local version for development
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true                          # Enable auto-discovery of build tags
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS_EXCLUDE=race,custom           # Comma-separated list of tags to exclude
 MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea    # Format exclusion paths (comma-separated directories to exclude from formatting)
-MAGE_X_GITLEAKS_VERSION=8.29.0                                # https://github.com/gitleaks/gitleaks/releases
+MAGE_X_GITLEAKS_VERSION=8.29.1                                # https://github.com/gitleaks/gitleaks/releases
 MAGE_X_GOFUMPT_VERSION=v0.9.2                                 # https://github.com/mvdan/gofumpt/releases
 MAGE_X_GOLANGCI_LINT_VERSION=v2.6.2                           # https://github.com/golangci/golangci-lint/releases
 MAGE_X_GORELEASER_VERSION=v2.12.7                             # https://github.com/goreleaser/goreleaser/releases
@@ -291,7 +291,7 @@ NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142
 # Github Secret(s): OSSI_USERNAME and OSSI_TOKEN
 
 # Security Tools
-GITLEAKS_VERSION=8.29.0                # https://github.com/gitleaks/gitleaks/releases
+GITLEAKS_VERSION=8.29.1                # https://github.com/gitleaks/gitleaks/releases
 GOVULNCHECK_VERSION=v1.1.4             # https://pkg.go.dev/golang.org/x/vuln
 NANCY_VERSION=v1.0.51                  # https://github.com/sonatype-nexus-community/nancy/releases
 
@@ -300,7 +300,7 @@ NANCY_VERSION=v1.0.51                  # https://github.com/sonatype-nexus-commu
 # ================================================================================================
 
 # Pre-Commit System
-GO_PRE_COMMIT_VERSION=v1.4.2             # https://github.com/mrz1836/go-pre-commit/releases
+GO_PRE_COMMIT_VERSION=v1.4.3             # https://github.com/mrz1836/go-pre-commit/releases
 GO_PRE_COMMIT_USE_LOCAL=false            # Use local version for development
 
 # System Settings
@@ -312,6 +312,7 @@ GO_PRE_COMMIT_PARALLEL_WORKERS=2
 GO_PRE_COMMIT_LOG_LEVEL=debug
 GO_PRE_COMMIT_MAX_FILE_SIZE_MB=10
 GO_PRE_COMMIT_MAX_FILES_OPEN=100
+GO_PRE_COMMIT_DEBUG=false                # Enable verbose debug output for tool caching and locations
 
 # File Detection Strategy for CI
 # true = Check all repository files (comprehensive but slower)
@@ -322,7 +323,7 @@ GO_PRE_COMMIT_ALL_FILES=true
 GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.6.2     # https://github.com/golangci/golangci-lint/releases
 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.2             # https://github.com/mvdan/gofumpt/releases
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest         # https://github.com/golang/tools
-GO_PRE_COMMIT_GITLEAKS_VERSION=v8.29.0         # https://github.com/gitleaks/gitleaks/releases
+GO_PRE_COMMIT_GITLEAKS_VERSION=v8.29.1         # https://github.com/gitleaks/gitleaks/releases
 
 # Build tags for golangci-lint and other tools
 GO_PRE_COMMIT_BUILD_TAGS=
@@ -393,6 +394,8 @@ DEPENDABOT_MAINTAINER_USERNAME=mrz1836
 DEPENDABOT_AUTO_MERGE_PATCH=true
 DEPENDABOT_AUTO_MERGE_MINOR_DEV=true
 DEPENDABOT_AUTO_MERGE_MINOR_PROD=true
+DEPENDABOT_AUTO_MERGE_PATCH_INDIRECT=true
+DEPENDABOT_AUTO_MERGE_MINOR_INDIRECT=true
 DEPENDABOT_AUTO_MERGE_SECURITY_NON_MAJOR=true
 DEPENDABOT_ALERT_ON_MAJOR=true
 DEPENDABOT_ALERT_ON_MINOR_PROD=true
@@ -418,6 +421,8 @@ AUTO_MERGE_SKIP_FORK_PRS=true
 # Note: Fork PRs receive welcome comments from pull-request-management-fork.yml instead
 # This setting only affects same-repo PRs (fork PRs use read-only GITHUB_TOKEN)
 AUTO_MERGE_COMMENT_ON_FORK_SKIP=true
+AUTO_MERGE_REQUIRE_LABEL=true
+AUTO_MERGE_LABEL=automerge
 
 # ================================================================================================
 # 📝 PULL REQUEST MANAGEMENT CONFIGURATION

.github/workflows/auto-merge-on-approval.yml

@@ -88,6 +88,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write # Required: Update PR status and enable auto-merge
+      issues: write # Required: Add labels and create comments
     outputs:
       action-taken: ${{ steps.process.outputs.action }}
       pr-number: ${{ github.event.pull_request.number }}
@@ -117,6 +118,8 @@ jobs:
           SKIP_BOT_PRS=$(echo "$ENV_JSON" | jq -r '.AUTO_MERGE_SKIP_BOT_PRS')
           SKIP_FORK_PRS=$(echo "$ENV_JSON" | jq -r '.AUTO_MERGE_SKIP_FORK_PRS')
           COMMENT_ON_FORK_SKIP=$(echo "$ENV_JSON" | jq -r '.AUTO_MERGE_COMMENT_ON_FORK_SKIP')
+          AUTO_MERGE_REQUIRE_LABEL=$(echo "$ENV_JSON" | jq -r '.AUTO_MERGE_REQUIRE_LABEL')
+          AUTO_MERGE_LABEL=$(echo "$ENV_JSON" | jq -r '.AUTO_MERGE_LABEL')
           PREFERRED_TOKEN=$(echo "$ENV_JSON" | jq -r '.PREFERRED_GITHUB_TOKEN')
 
           # Validate required configuration
@@ -138,6 +141,8 @@ jobs:
           echo "SKIP_BOT_PRS=$SKIP_BOT_PRS" >> $GITHUB_ENV
           echo "SKIP_FORK_PRS=$SKIP_FORK_PRS" >> $GITHUB_ENV
           echo "COMMENT_ON_FORK_SKIP=$COMMENT_ON_FORK_SKIP" >> $GITHUB_ENV
+          echo "AUTO_MERGE_REQUIRE_LABEL=$AUTO_MERGE_REQUIRE_LABEL" >> $GITHUB_ENV
+          echo "AUTO_MERGE_LABEL=$AUTO_MERGE_LABEL" >> $GITHUB_ENV
 
           # Determine default merge type
           DEFAULT_MERGE_TYPE=$(echo "$MERGE_TYPES" | cut -d',' -f1)
@@ -161,6 +166,8 @@ jobs:
           echo "  🤖 Skip bot PRs: $SKIP_BOT_PRS"
           echo "  🍴 Skip fork PRs: $SKIP_FORK_PRS"
           echo "  💬 Comment on fork skip: $COMMENT_ON_FORK_SKIP"
+          echo "  🏷️ Require automerge label: $AUTO_MERGE_REQUIRE_LABEL"
+          echo "  🏷️ Automerge label name: $AUTO_MERGE_LABEL"
           echo "  🔑 Token: Selected via github-script action"
 
       # --------------------------------------------------------------------
@@ -261,6 +268,21 @@ jobs:
               }
             }
 
+            // ————————————————————————————————————————————————————————————————
+            // Check for automerge label requirement
+            // ————————————————————————————————————————————————————————————————
+            if (process.env.AUTO_MERGE_REQUIRE_LABEL === 'true') {
+              const automergeLabel = process.env.AUTO_MERGE_LABEL || 'automerge';
+              const hasAutomergeLabel = labels.includes(automergeLabel);
+
+              if (!hasAutomergeLabel) {
+                console.log(`🏷️  Missing required label "${automergeLabel}" - skipping auto-merge`);
+                core.setOutput('action', 'skip-missing-automerge-label');
+                return;
+              }
+              console.log(`✅ Has required automerge label: "${automergeLabel}"`);
+            }
+
             // ————————————————————————————————————————————————————————————————
             // Check review conditions
             // ————————————————————————————————————————————————————————————————
@@ -517,6 +539,9 @@ jobs:
             "skip-wip")
               ACTION_DESC="🚧 Skipped (work in progress)"
               ;;
+            "skip-missing-automerge-label")
+              ACTION_DESC="🏷️ Skipped (missing automerge label)"
+              ;;
             "conditions-not-met")
               ACTION_DESC="⏳ Conditions not met"
               ;;
@@ -580,6 +605,9 @@ jobs:
             skip-fork)
               echo "🍴 Action: Skipped - Fork PR (security policy)"
               ;;
+            skip-missing-automerge-label)
+              echo "🏷️ Action: Skipped - Missing automerge label"
+              ;;
             skip-*)
               echo "⏭️ Action: Skipped - $ACTION"
               ;;

.github/workflows/codeql-analysis.yml

@@ -47,7 +47,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
+        uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
+        uses: github/codeql-action/autobuild@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
       #    uses a compiled language
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
+        uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4