sync: update 7 files from source repository (#44)

Author: mrz1836

.github/.env.base

@@ -81,6 +81,7 @@ ENABLE_BENCHMARKS=true                 # Run benchmark tests
 ENABLE_CACHE_WARMING=true              # Warm Go module and build caches
 ENABLE_CODE_COVERAGE=true              # Generate coverage reports via go-coverage
 ENABLE_FUZZ_TESTING=true               # Run fuzz tests (Go 1.18+)
+ENABLE_GO_TESTS=true                   # Run Go test suite (unit, integration, matrix)
 ENABLE_RACE_DETECTION=true             # Enable Go race detector
 ENABLE_STATIC_ANALYSIS=true            # Run go vet analysis
 ENABLE_VERBOSE_TEST_OUTPUT=false       # Verbose test output (can slow CI)

.github/workflows/fortress-completion-finalize.yml

@@ -186,7 +186,7 @@ jobs:
             echo "| 🪝 Pre-commit Checks | ${{ env.INPUT_pre-commit-result }} | $([ "${{ env.INPUT_pre-commit-result }}" = "success" ] && echo "✅" || echo "❌") |"
             echo "| 🔒 Security Scans | ${{ env.INPUT_security-result }} | $([ "${{ env.INPUT_security-result }}" = "success" ] && echo "✅" || echo "❌") |"
             echo "| 📊 Code Quality | ${{ env.INPUT_code-quality-result }} | $([ "${{ env.INPUT_code-quality-result }}" = "success" ] && echo "✅" || echo "❌") |"
-            echo "| 🧪 Test Suite | ${{ env.INPUT_test-suite-result }} | $([ "${{ env.INPUT_test-suite-result }}" = "success" ] && echo "✅" || echo "❌") |"
+            echo "| 🧪 Test Suite | ${{ env.INPUT_test-suite-result }} | $([ "${{ env.INPUT_test-suite-result }}" = "success" ] && echo "✅" || ([ "${{ env.INPUT_test-suite-result }}" = "skipped" ] && echo "⏭️" || echo "❌")) |"
           } >> final-report.md
 
           # Only show benchmarks row if it was attempted

.github/workflows/fortress-completion-tests.yml

@@ -333,19 +333,25 @@ jobs:
               echo "failure-metrics={\"total_failures\":$TOTAL_FAILURES,\"has_error_output\":$HAS_ERROR_OUTPUT}" >> $GITHUB_OUTPUT
             fi
           else
-            # No test statistics available - likely fork PR with skipped test suite
+            # No test statistics available - check if tests were disabled or fork PR
             {
               echo ""
               echo ""
               echo "### 🧪 Test Results Summary"
               echo ""
               echo "| Status | Details |"
               echo "|--------|---------|"
-              echo "| **Test Suite** | ⚠️ Skipped - No test statistics available |"
-              echo "| **Reason** | Tests may have been skipped for fork PR security restrictions |"
-              echo "| **Note** | Repository maintainers can run full tests on merged code |"
-              echo ""
-              echo "_For security reasons, fork PRs do not have access to test execution secrets._"
+              if [[ "${{ env.ENABLE_GO_TESTS }}" == "false" ]]; then
+                echo "| **Test Suite** | ❌ Disabled - Set ENABLE_GO_TESTS=true to enable |"
+                echo "| **Reason** | Tests are disabled via configuration flag |"
+                echo "| **Note** | Enable ENABLE_GO_TESTS in .env.custom or .env.base to run tests |"
+              else
+                echo "| **Test Suite** | ⚠️ Skipped - No test statistics available |"
+                echo "| **Reason** | Tests may have been skipped for fork PR security restrictions |"
+                echo "| **Note** | Repository maintainers can run full tests on merged code |"
+                echo ""
+                echo "_For security reasons, fork PRs do not have access to test execution secrets._"
+              fi
             } >> tests-section.md
           fi
 

.github/workflows/fortress-setup-config.yml

@@ -68,6 +68,9 @@ on:
       fuzz-testing-enabled:
         description: "Whether fuzz testing is enabled"
         value: ${{ jobs.setup-config.outputs.fuzz-testing-enabled }}
+      go-tests-enabled:
+        description: "Whether Go tests are enabled"
+        value: ${{ jobs.setup-config.outputs.go-tests-enabled }}
       go-primary-version:
         description: "Primary Go version"
         value: ${{ jobs.setup-config.outputs.go-primary-version }}
@@ -190,6 +193,7 @@ jobs:
       coverage-provider: ${{ steps.config.outputs.coverage-provider }}
       cache-warming-enabled: ${{ steps.config.outputs.cache-warming-enabled }}
       fuzz-testing-enabled: ${{ steps.config.outputs.fuzz-testing-enabled }}
+      go-tests-enabled: ${{ steps.config.outputs.go-tests-enabled }}
       go-primary-version: ${{ steps.config.outputs.go-primary-version }}
       go-secondary-version: ${{ steps.config.outputs.go-secondary-version }}
       go-sum-file: ${{ steps.config.outputs.go-sum-file }}
@@ -510,6 +514,7 @@ jobs:
           echo "gitleaks-enabled=${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" >> $GITHUB_OUTPUT
           echo "static-analysis-enabled=${{ env.ENABLE_STATIC_ANALYSIS }}" >> $GITHUB_OUTPUT
           echo "fuzz-testing-enabled=${{ env.ENABLE_FUZZ_TESTING }}" >> $GITHUB_OUTPUT
+          echo "go-tests-enabled=${{ env.ENABLE_GO_TESTS }}" >> $GITHUB_OUTPUT
           echo "pre-commit-enabled=${{ env.ENABLE_GO_PRE_COMMIT }}" >> $GITHUB_OUTPUT
 
           # Detect if this is a release run
@@ -680,6 +685,7 @@ jobs:
           echo "| **Cache Warming** | $([ "${{ env.ENABLE_CACHE_WARMING }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Go module and build caches will $([ "${{ env.ENABLE_CACHE_WARMING }}" == "true" ] && echo "be pre-warmed for faster test execution" || echo "not be pre-warmed (saves memory)") |" >> $GITHUB_STEP_SUMMARY
           echo "| **Code Coverage** | $([ "${{ env.ENABLE_CODE_COVERAGE }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Coverage will $([ "${{ env.ENABLE_CODE_COVERAGE }}" == "true" ] && echo "use $([ "${{ env.GO_COVERAGE_PROVIDER }}" == "codecov" ] && echo "**Codecov**" || echo "**go-coverage**") (${{ env.GO_COVERAGE_THRESHOLD }}% threshold)" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
           echo "| **Fuzz Testing** | $([ "${{ env.ENABLE_FUZZ_TESTING }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Fuzz tests will $([ "${{ env.ENABLE_FUZZ_TESTING }}" == "true" ] && echo "run in parallel job on Linux with primary Go version" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Go Tests** | $([ "${{ env.ENABLE_GO_TESTS }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Test suite will $([ "${{ env.ENABLE_GO_TESTS }}" == "true" ] && echo "run across matrix configurations" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
           echo "| **Gitleaks (Secret Scan)** | $([ "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Gitleaks will $([ "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ] && echo "scan for leaked secrets" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
           echo "| **Go Linting** | $([ "${{ env.ENABLE_GO_LINT }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | golangci-lint via MAGE-X will $([ "${{ env.ENABLE_GO_LINT }}" == "true" ] && echo "analyze code quality" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
           echo "| **Govulncheck** | $([ "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | govulncheck via MAGE-X will $([ "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" ] && echo "scan for Go vulnerabilities" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY

.github/workflows/fortress-test-suite.yml

@@ -56,6 +56,10 @@ on:
         description: "Whether fuzz testing is enabled"
         required: true
         type: string
+      go-tests-enabled:
+        description: "Whether Go tests are enabled"
+        required: true
+        type: string
       redis-enabled:
         description: "Whether Redis service is enabled"
         required: false
@@ -119,6 +123,7 @@ jobs:
   # ----------------------------------------------------------------------------------
   execute-test-matrix:
     name: 🧪 Execute Test Matrix
+    if: inputs.go-tests-enabled == 'true'
     uses: ./.github/workflows/fortress-test-matrix.yml
     with:
       env-json: ${{ inputs.env-json }}
@@ -143,6 +148,7 @@ jobs:
   # ----------------------------------------------------------------------------------
   execute-fuzz-tests:
     name: 🎯 Execute Fuzz Tests
+    if: inputs.go-tests-enabled == 'true' && inputs.fuzz-testing-enabled == 'true'
     uses: ./.github/workflows/fortress-test-fuzz.yml
     with:
       env-json: ${{ inputs.env-json }}
@@ -158,7 +164,7 @@ jobs:
   validate-test-results:
     name: 🔍 Validate Test Results
     needs: [execute-test-matrix, execute-fuzz-tests]
-    if: always() # Always run to validate results even if tests failed
+    if: always() && inputs.go-tests-enabled == 'true' # Always run to validate results even if tests failed
     uses: ./.github/workflows/fortress-test-validation.yml
     with:
       env-json: ${{ inputs.env-json }}
@@ -171,7 +177,7 @@ jobs:
   process-coverage:
     name: 📊 Process Coverage
     needs: [execute-test-matrix, validate-test-results]
-    if: inputs.code-coverage-enabled == 'true' && !startsWith(github.ref, 'refs/tags/')
+    if: inputs.go-tests-enabled == 'true' && inputs.code-coverage-enabled == 'true' && !startsWith(github.ref, 'refs/tags/')
     permissions:
       contents: write # Write repository content and push to gh-pages branch for coverage processing
       pull-requests: write # Required: Coverage workflow needs to create PR comments

.github/workflows/fortress.yml

@@ -241,7 +241,8 @@ jobs:
       needs.setup.result == 'success' &&
       needs.test-magex.result == 'success' &&
       (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped') &&
-      needs.setup.outputs.is-fork-pr != 'true'
+      needs.setup.outputs.is-fork-pr != 'true' &&
+      needs.setup.outputs.go-tests-enabled == 'true'
     permissions:
       contents: write # Write repository content and push to gh-pages branch for test execution
       pull-requests: write # Required: Coverage workflow needs to create PR comments
@@ -255,6 +256,7 @@ jobs:
       coverage-provider: ${{ needs.setup.outputs.coverage-provider }}
       env-json: ${{ needs.load-env.outputs.env-json }}
       fuzz-testing-enabled: ${{ needs.setup.outputs.fuzz-testing-enabled }}
+      go-tests-enabled: ${{ needs.setup.outputs.go-tests-enabled }}
       go-primary-version: ${{ needs.setup.outputs.go-primary-version }}
       go-secondary-version: ${{ needs.setup.outputs.go-secondary-version }}
       primary-runner: ${{ needs.setup.outputs.primary-runner }}
@@ -332,7 +334,7 @@ jobs:
             echo "| 🔒 Security | ${{ needs.security.result }} | Required |"
             echo "| 📊 Code Quality | ${{ needs.code-quality.result }} | Required |"
             echo "| 🪝 Pre-commit | ${{ needs.pre-commit.result }} | ${{ needs.setup.outputs.pre-commit-enabled == 'true' && 'Required' || 'Skipped' }} |"
-            echo "| 🧪 Test Suite | ${{ needs.test-suite.result }} | Required |"
+            echo "| 🧪 Test Suite | ${{ needs.test-suite.result }} | ${{ needs.setup.outputs.go-tests-enabled == 'true' && 'Required' || 'Skipped' }} |"
             echo "| 🏃 Benchmarks | ${{ needs.benchmarks.result }} | Optional ⚠️ |"
             echo ""
             if [[ "${{ needs.benchmarks.result }}" == "failure" ]]; then
@@ -376,9 +378,12 @@ jobs:
             FAILED=true
           fi
 
-          if [[ "${{ needs.test-suite.result }}" == "failure" || "${{ needs.test-suite.result }}" == "cancelled" ]]; then
-            echo "❌ Test suite failed or was cancelled" >&2
-            FAILED=true
+          # Only check test-suite if it was enabled
+          if [[ "${{ needs.setup.outputs.go-tests-enabled }}" == "true" ]]; then
+            if [[ "${{ needs.test-suite.result }}" == "failure" || "${{ needs.test-suite.result }}" == "cancelled" ]]; then
+              echo "❌ Test suite failed or was cancelled" >&2
+              FAILED=true
+            fi
           fi
 
           # Check benchmarks (currently optional - just warn if they fail)