Skip to content

ci: consolidate CI/CD workflows into unified builder pipeline#24

Merged
flexiondotorg merged 2 commits intomainfrom
ci
Mar 19, 2026
Merged

ci: consolidate CI/CD workflows into unified builder pipeline#24
flexiondotorg merged 2 commits intomainfrom
ci

Conversation

@flexiondotorg
Copy link
Contributor

@flexiondotorg flexiondotorg commented Mar 19, 2026

  • Replace separate build and release workflows with builder.yml

  • Add lint-code job with golangci-lint, gocyclo, ineffassign checks

  • Add lint-actions job for workflow validation

  • Add coverage job with robherley/go-test-action

  • Add security job with dependency review and govulncheck

  • Add sentinel job to orchestrate and gate build on prior jobs

  • Build and release jobs depend on sentinel success

  • Add concurrency group and cancel-in-progress settings

  • Update dependabot.yml: change intervals, add groups, format cleanup

  • Fix .golangci.yml: change third_party regex from $ to /

  • I have performed a self-review of my code

  • I have tested my changes and confirmed there are no regressions

@flexiondotorg
ci: consolidate CI/CD workflows into unified builder pipeline
a280e16 
- Replace separate build and release workflows with builder.yml
- Add lint-code job with golangci-lint, gocyclo, ineffassign checks
- Add lint-actions job for workflow validation
- Add coverage job with robherley/go-test-action
- Add security job with dependency review and govulncheck
- Add sentinel job to orchestrate and gate build on prior jobs
- Build and release jobs depend on sentinel success
- Add concurrency group and cancel-in-progress settings
- Update dependabot.yml: change intervals, add groups, format cleanup
- Fix .golangci.yml: change third_party regex from $ to /

Signed-off-by: Martin Wimpress <code@wimpress.io>
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 19, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@flexiondotorg
ci(fix): add actionlint problem matcher for GitHub Actions
269ee9c 
Adds GitHub Actions problem matcher configuration to surface actionlint
errors and warnings in the workflow logs with proper file location and
severity metadata.

Signed-off-by: Martin Wimpress <code@wimpress.io>
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 19, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 5 files

Confidence score: 4/5

  • This PR looks safe to merge overall; the only concern is a security hardening recommendation rather than a functional regression.
  • The workflow in .github/workflows/builder.yml uses @master for govulncheck, which could allow upstream changes to alter your security checks unexpectedly.
  • Pay close attention to .github/workflows/builder.yml - pin the action to an immutable commit SHA for stability and supply-chain safety.
Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/builder.yml">

<violation number="1" location=".github/workflows/builder.yml:132">
P1: Avoid `@master` for the govulncheck action. Pin it to an immutable commit SHA so the security workflow cannot change underneath you.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 19, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 issues found across 1 file (changes from recent commits).

Requires human review: Auto-approval blocked by 1 unresolved issue from previous reviews.

@flexiondotorg flexiondotorg merged commit b347f3c into main Mar 19, 2026
18 checks passed
@flexiondotorg flexiondotorg deleted the ci branch March 19, 2026 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@flexiondotorg