bsv-blockchain · mrz1836 · Nov 6, 2025 · Nov 6, 2025
@@ -147,7 +147,7 @@ GO_COVERAGE_PROVIDER=internal
 CODECOV_TOKEN_REQUIRED=false
 
 # Go Coverage Tool Version
-GO_COVERAGE_VERSION=v1.1.12           # https://github.com/mrz1836/go-coverage
+GO_COVERAGE_VERSION=v1.1.13           # https://github.com/mrz1836/go-coverage/releases
 GO_COVERAGE_USE_LOCAL=false           # Use local version for development
 
 # Core Coverage Settings
@@ -232,12 +232,12 @@ REDIS_CACHE_FORCE_PULL=false           # Force pull Redis images even when cache
 # 🪄 MAGE-X CONFIGURATION
 # ================================================================================================
 
-MAGE_X_VERSION=v1.7.12                                        # https://github.com/mrz1836/mage-x/releases
+MAGE_X_VERSION=v1.7.13                                        # https://github.com/mrz1836/mage-x/releases
 MAGE_X_USE_LOCAL=false                                        # Use local version for development
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true                          # Enable auto-discovery of build tags
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS_EXCLUDE=race,custom           # Comma-separated list of tags to exclude
 MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea    # Format exclusion paths (comma-separated directories to exclude from formatting)
-MAGE_X_GITLEAKS_VERSION=8.28.0                                # https://github.com/gitleaks/gitleaks/releases
+MAGE_X_GITLEAKS_VERSION=8.29.0                                # https://github.com/gitleaks/gitleaks/releases
 MAGE_X_GOFUMPT_VERSION=v0.9.2                                 # https://github.com/mvdan/gofumpt/releases
 MAGE_X_GOLANGCI_LINT_VERSION=v2.6.1                           # https://github.com/golangci/golangci-lint/releases
 MAGE_X_GORELEASER_VERSION=v2.12.7                             # https://github.com/goreleaser/goreleaser/releases
@@ -291,7 +291,7 @@ NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142
 # Github Secret(s): OSSI_USERNAME and OSSI_TOKEN
 
 # Security Tools
-GITLEAKS_VERSION=8.28.0                # https://github.com/gitleaks/gitleaks/releases
+GITLEAKS_VERSION=8.29.0                # https://github.com/gitleaks/gitleaks/releases
 GOVULNCHECK_VERSION=v1.1.4             # https://pkg.go.dev/golang.org/x/vuln
 NANCY_VERSION=v1.0.51                  # https://github.com/sonatype-nexus-community/nancy/releases
 
@@ -300,7 +300,7 @@ NANCY_VERSION=v1.0.51                  # https://github.com/sonatype-nexus-commu
 # ================================================================================================
 
 # Pre-Commit System
-GO_PRE_COMMIT_VERSION=v1.3.5             # https://github.com/mrz1836/go-pre-commit
+GO_PRE_COMMIT_VERSION=v1.4.1             # https://github.com/mrz1836/go-pre-commit/releases
 GO_PRE_COMMIT_USE_LOCAL=false            # Use local version for development
 
 # System Settings
@@ -322,6 +322,7 @@ GO_PRE_COMMIT_ALL_FILES=true
 GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.6.1     # https://github.com/golangci/golangci-lint/releases
 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.2             # https://github.com/mvdan/gofumpt/releases
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest         # https://github.com/golang/tools
+GO_PRE_COMMIT_GITLEAKS_VERSION=v8.29.0         # https://github.com/gitleaks/gitleaks/releases
 
 # Build tags for golangci-lint and other tools
 GO_PRE_COMMIT_BUILD_TAGS=
@@ -335,6 +336,8 @@ GO_PRE_COMMIT_ENABLE_MOD_TIDY=true
 GO_PRE_COMMIT_ENABLE_WHITESPACE=true
 GO_PRE_COMMIT_ENABLE_EOF=true
 GO_PRE_COMMIT_ENABLE_AI_DETECTION=true
+GO_PRE_COMMIT_ENABLE_GITLEAKS=true
+GO_PRE_COMMIT_GITLEAKS_ALL_FILES=false
 
 # Auto-staging Settings
 GO_PRE_COMMIT_FMT_AUTO_STAGE=true
@@ -353,6 +356,7 @@ GO_PRE_COMMIT_MOD_TIDY_TIMEOUT=60
 GO_PRE_COMMIT_WHITESPACE_TIMEOUT=30
 GO_PRE_COMMIT_EOF_TIMEOUT=30
 GO_PRE_COMMIT_AI_DETECTION_TIMEOUT=30
+GO_PRE_COMMIT_GITLEAKS_TIMEOUT=60
 
 # Path Configuration
 GO_PRE_COMMIT_HOOKS_PATH=.git/hooks

@@ -139,7 +139,7 @@ jobs:
         with:
           path: |
             ~/.cache/go-pre-commit-tools
-          key: ${{ inputs.primary-runner }}-go-pre-commit-tools-golangci-${{ env.GO_PRE_COMMIT_GOLANGCI_LINT_VERSION }}-fumpt-${{ env.GO_PRE_COMMIT_FUMPT_VERSION }}
+          key: ${{ inputs.primary-runner }}-go-pre-commit-tools-golangci-${{ env.GO_PRE_COMMIT_GOLANGCI_LINT_VERSION }}-fumpt-${{ env.GO_PRE_COMMIT_FUMPT_VERSION }}-gitleaks-${{ env.GO_PRE_COMMIT_GITLEAKS_VERSION }}-goimports-${{ env.GO_PRE_COMMIT_GOIMPORTS_VERSION }}
 
       - name: 🛠️ Make cached go-pre-commit and tools usable
         if: env.GO_PRE_COMMIT_USE_LOCAL != 'true'
@@ -256,20 +256,22 @@ jobs:
           echo ""
           echo "🔧 Tool Versions:"
           echo "  • Max File Size: ${{ env.GO_PRE_COMMIT_MAX_FILE_SIZE_MB }} MB"
-          echo "  • golangci-lint: ${{ env.GO_PRE_COMMIT_GOLANGCI_LINT_VERSION }}"
+          echo "  • gitleaks: ${{ env.GO_PRE_COMMIT_GITLEAKS_VERSION }}"
           echo "  • gofumpt: ${{ env.GO_PRE_COMMIT_FUMPT_VERSION }}"
           echo "  • goimports: ${{ env.GO_PRE_COMMIT_GOIMPORTS_VERSION }}"
+          echo "  • golangci-lint: ${{ env.GO_PRE_COMMIT_GOLANGCI_LINT_VERSION }}"
           echo ""
           echo "📁 Configuration:"
           echo "  • Exclude Patterns: ${{ env.GO_PRE_COMMIT_EXCLUDE_PATTERNS }}"
           echo "  • Color Output: ${{ env.GO_PRE_COMMIT_COLOR_OUTPUT }}"
           echo ""
           echo "🔧 Individual Checks:"
+          echo "  • eof: ${{ env.GO_PRE_COMMIT_ENABLE_EOF }}"
           echo "  • fumpt: ${{ env.GO_PRE_COMMIT_ENABLE_FUMPT }}"
+          echo "  • gitleaks: ${{ env.GO_PRE_COMMIT_ENABLE_GITLEAKS }}"
           echo "  • lint: ${{ env.GO_PRE_COMMIT_ENABLE_LINT }}"
           echo "  • mod-tidy: ${{ env.GO_PRE_COMMIT_ENABLE_MOD_TIDY }}"
           echo "  • whitespace: ${{ env.GO_PRE_COMMIT_ENABLE_WHITESPACE }}"
-          echo "  • eof: ${{ env.GO_PRE_COMMIT_ENABLE_EOF }}"
           echo ""
           echo "=================================================="
 
@@ -622,20 +624,16 @@ jobs:
           fi
 
           # Clean and filter output (colors should be disabled but handle any remaining codes)
-          # Remove any remaining ANSI codes and filter redundant summary lines
+          # Remove any remaining ANSI codes but preserve all check results
           echo "$CHECKS_OUTPUT" | \
             sed -E 's/\x1b\[[0-9;]*[mGKH]//g' | \
             sed 's/\xc2\x9b\[[0-9;]*[mGKH]//g' | \
             sed 's/�\[[0-9;]*[mGKH]//g' | \
             sed 's/�//g' | \
-            tr -d '\033' | \
-            grep -v '^✓.*check passed$' | \
-            grep -v '^✓.*completed successfully$' | \
-            grep -v '^✓.*passed on.*file' | \
-            grep -v '^✓ All checks passed!'
+            tr -d '\033'
 
           # Extract executed checks from output (if format allows)
-          EXECUTED_CHECKS=$(echo "$CHECKS_OUTPUT" | grep -E "Running:|Executing:|✓" | sed 's/.*Running: //;s/.*Executing: //;s/.*✓ //' | tr '\n' ',' | sed 's/,$//' || echo "fumpt,lint,mod-tidy,whitespace,eof")
+          EXECUTED_CHECKS=$(echo "$CHECKS_OUTPUT" | grep -E "Running:|Executing:|✓" | sed 's/.*Running: //;s/.*Executing: //;s/.*✓ //' | tr '\n' ',' | sed 's/,$//' || echo "fumpt,lint,mod-tidy,whitespace,eof,gitleaks")
           echo "executed=$EXECUTED_CHECKS" >> $GITHUB_OUTPUT
 
           if [ "${CHECKS_EXIT:-0}" -ne 0 ]; then
@@ -722,7 +720,7 @@ jobs:
             fi
 
             echo "### 🔍 Checks Executed" >> $GITHUB_STEP_SUMMARY
-            CHECKS="${{ steps.run-checks.outputs.executed || 'fumpt,lint,mod-tidy,whitespace,eof' }}"
+            CHECKS="${{ steps.run-checks.outputs.executed || 'fumpt,lint,mod-tidy,whitespace,eof,gitleaks' }}"
             echo "$CHECKS" | tr ',' '\n' | while read check; do
               if [ -n "$check" ]; then
                 echo "- ✅ $check" >> $GITHUB_STEP_SUMMARY

@@ -391,7 +391,7 @@ jobs:
 
       - name: 🔍 Run gitleaks scan
         if: steps.repo-check.outputs.is_same_repo == 'true'
-        uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v8.27.2
+        uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9
         env:
           GITHUB_TOKEN: ${{ secrets.github-token }}
           GITLEAKS_LICENSE: ${{ secrets.gitleaks-license }}