diff --git a/.github/actions/cancel-workflow-on-failure/action.yml b/.github/actions/cancel-workflow-on-failure/action.yml index 18162de..24a6c81 100644 --- a/.github/actions/cancel-workflow-on-failure/action.yml +++ b/.github/actions/cancel-workflow-on-failure/action.yml @@ -1,6 +1,13 @@ # ------------------------------------------------------------------------------------ # Cancel Workflow On Failure (Composite Action) (GoFortress) # +# NOTE: This action is currently NOT IN USE. It was disabled because GitHub's +# cancel API overwrites the "failed" status with "cancelled" on the job that +# triggered it, making it impossible to identify which job actually failed. +# +# The action is kept for potential future use in scenarios where the trade-off +# (faster cancellation vs clear failure visibility) is acceptable. +# # Purpose: Provide a reusable action that cancels the entire workflow run when # a critical job fails. This prevents wasting CI resources on parallel jobs # that will ultimately be invalidated by an earlier failure. diff --git a/.github/workflows/fortress-code-quality.yml b/.github/workflows/fortress-code-quality.yml index 8a8e206..8b0db88 100644 --- a/.github/workflows/fortress-code-quality.yml +++ b/.github/workflows/fortress-code-quality.yml @@ -66,7 +66,6 @@ jobs: runs-on: ${{ inputs.primary-runner }} permissions: contents: read - actions: write # Required for workflow cancellation on failure steps: # -------------------------------------------------------------------- # Checkout code (required for local actions) @@ -270,19 +269,6 @@ jobs: echo "โŒ Go vet detected static analysis issues" exit 1 - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Go vet static analysis failed" - failed-job: "Go Vet Static Analysis" - failed-step: "๐Ÿ” Go vet (sequential)" - failure-tool: "go vet" - failure-summary: "Static analysis issues detected" - # ---------------------------------------------------------------------------------- # Lint (Code Linting) # ---------------------------------------------------------------------------------- @@ -293,7 +279,6 @@ jobs: runs-on: ${{ inputs.primary-runner }} permissions: contents: read - actions: write # Required for workflow cancellation on failure outputs: golangci-lint-version: ${{ steps.golangci-lint-version.outputs.version }} steps: @@ -572,19 +557,6 @@ jobs: echo "โŒ Lint detected code quality issues" exit 1 - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Code linting (golangci-lint) failed" - failed-job: "Lint Code" - failed-step: "โœจ Run golangci-lint" - failure-tool: "golangci-lint" - failure-summary: "Linting issues detected" - # ---------------------------------------------------------------------------------- # YAML/JSON Format Validation (MAGE-X) # ---------------------------------------------------------------------------------- @@ -594,7 +566,6 @@ jobs: runs-on: ${{ inputs.primary-runner }} permissions: contents: read - actions: write # Required for workflow cancellation on failure outputs: yamlfmt-version: ${{ steps.yamlfmt-version.outputs.version }} steps: @@ -809,16 +780,3 @@ jobs: run: | echo "โŒ Format check detected YAML/JSON formatting issues" exit 1 - - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "YAML/JSON format validation failed" - failed-job: "YAML/JSON Format Validation" - failed-step: "๐Ÿ” Check YAML/JSON formatting with MAGE-X" - failure-tool: "yamlfmt" - failure-summary: "Formatting issues detected" diff --git a/.github/workflows/fortress-pre-commit.yml b/.github/workflows/fortress-pre-commit.yml index fc1f0bc..d264d29 100644 --- a/.github/workflows/fortress-pre-commit.yml +++ b/.github/workflows/fortress-pre-commit.yml @@ -54,7 +54,6 @@ jobs: runs-on: ${{ inputs.primary-runner }} permissions: contents: read - actions: write # Required for workflow cancellation on failure outputs: pre-commit-version: ${{ steps.pre-commit-version.outputs.version }} checks-executed: ${{ steps.run-checks.outputs.executed }} @@ -885,16 +884,3 @@ jobs: artifact-name: cache-stats-pre-commit artifact-path: cache-stats-pre-commit.json retention-days: 1 - - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Pre-commit checks failed" - failed-job: "Pre-commit Checks" - failed-step: "๐Ÿš€ Run pre-commit checks" - failure-tool: "go-pre-commit" - failure-summary: "Pre-commit validation failed" diff --git a/.github/workflows/fortress-security-scans.yml b/.github/workflows/fortress-security-scans.yml index d6f5c38..1abdc2b 100644 --- a/.github/workflows/fortress-security-scans.yml +++ b/.github/workflows/fortress-security-scans.yml @@ -71,7 +71,6 @@ jobs: if: ${{ inputs.enable-nancy }} permissions: contents: read - actions: write # Required for workflow cancellation on failure steps: # -------------------------------------------------------------------- # Checkout code (required for local actions) @@ -259,19 +258,6 @@ jobs: echo "โŒ Nancy detected vulnerabilities in dependencies" exit 1 - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Nancy dependency security check failed" - failed-job: "Ask Nancy (Dependency Checks)" - failed-step: "๐Ÿ” Ask Nancy" - failure-tool: "nancy" - failure-summary: "Vulnerabilities detected in dependencies" - # ---------------------------------------------------------------------------------- # Govulncheck (Vulnerability Checks) # ---------------------------------------------------------------------------------- @@ -281,7 +267,6 @@ jobs: if: ${{ inputs.enable-govulncheck }} permissions: contents: read - actions: write # Required for workflow cancellation on failure steps: # -------------------------------------------------------------------- # Checkout code (required for local actions) @@ -512,19 +497,6 @@ jobs: echo "โŒ Govulncheck detected vulnerabilities in dependencies" exit 1 - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Govulncheck vulnerability scan failed" - failed-job: "Run govulncheck (Vulnerability Scan)" - failed-step: "๐Ÿ” Run govulncheck" - failure-tool: "govulncheck" - failure-summary: "Go vulnerabilities detected" - # ---------------------------------------------------------------------------------- # Gitleaks (Secret Scanning) # ---------------------------------------------------------------------------------- @@ -534,7 +506,6 @@ jobs: if: ${{ inputs.enable-gitleaks }} permissions: contents: read - actions: write # Required for workflow cancellation on failure steps: # -------------------------------------------------------------------- # Checkout code (required for local actions) @@ -657,16 +628,3 @@ jobs: run: | echo "โŒ Gitleaks detected secrets in the repository" exit 1 - - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Gitleaks secret scan failed" - failed-job: "Run Gitleaks (Secret Scan)" - failed-step: "๐Ÿ” Run gitleaks scan" - failure-tool: "gitleaks" - failure-summary: "Secrets detected in repository" diff --git a/.github/workflows/fortress-test-fuzz.yml b/.github/workflows/fortress-test-fuzz.yml index f013438..5188d68 100644 --- a/.github/workflows/fortress-test-fuzz.yml +++ b/.github/workflows/fortress-test-fuzz.yml @@ -58,7 +58,6 @@ jobs: timeout-minutes: 15 # Fuzz tests have shorter timeout permissions: contents: read # Read repository content for testing - actions: write # Required for workflow cancellation on failure runs-on: ${{ inputs.primary-runner }} steps: @@ -260,16 +259,3 @@ jobs: fuzz-output.log retention-days: 1 if-no-files-found: ignore - - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Fuzz tests failed" - failed-job: "Fuzz Tests" - failed-step: "๐Ÿงช Run fuzz tests" - failure-tool: "go test -fuzz" - failure-summary: "Fuzz testing detected issues" diff --git a/.github/workflows/fortress-test-matrix.yml b/.github/workflows/fortress-test-matrix.yml index abc7390..01f9d13 100644 --- a/.github/workflows/fortress-test-matrix.yml +++ b/.github/workflows/fortress-test-matrix.yml @@ -110,7 +110,6 @@ jobs: timeout-minutes: 30 # Prevent hung tests permissions: contents: read # Read repository content for testing - actions: write # Required for workflow cancellation on failure strategy: fail-fast: true matrix: ${{ fromJSON(inputs.test-matrix) }} @@ -443,16 +442,3 @@ jobs: name: coverage-data path: coverage.txt retention-days: 1 - - # -------------------------------------------------------------------- - # Cancel workflow on failure (save CI resources) - # -------------------------------------------------------------------- - - name: ๐Ÿšจ Cancel workflow on failure - if: failure() - uses: ./.github/actions/cancel-workflow-on-failure - with: - reason: "Test matrix failed (${{ matrix.name }})" - failed-job: "Test (${{ matrix.name }})" - failed-step: "๐Ÿงช Run tests" - failure-tool: "go test" - failure-summary: "Test failures detected on ${{ matrix.os }} Go ${{ matrix.go-version }}" diff --git a/.github/workflows/fortress-test-suite.yml b/.github/workflows/fortress-test-suite.yml index e9e9ccd..dc89029 100644 --- a/.github/workflows/fortress-test-suite.yml +++ b/.github/workflows/fortress-test-suite.yml @@ -127,7 +127,6 @@ jobs: if: inputs.go-tests-enabled == 'true' permissions: contents: read - actions: write # Required for workflow cancellation on failure uses: ./.github/workflows/fortress-test-matrix.yml with: env-json: ${{ inputs.env-json }} @@ -155,7 +154,6 @@ jobs: if: inputs.go-tests-enabled == 'true' && inputs.fuzz-testing-enabled == 'true' permissions: contents: read - actions: write # Required for workflow cancellation on failure uses: ./.github/workflows/fortress-test-fuzz.yml with: env-json: ${{ inputs.env-json }} diff --git a/.github/workflows/fortress.yml b/.github/workflows/fortress.yml index fe606b0..92cd193 100644 --- a/.github/workflows/fortress.yml +++ b/.github/workflows/fortress.yml @@ -170,7 +170,6 @@ jobs: needs.setup.outputs.is-fork-pr != 'true' permissions: contents: read # Read repository content for security scanning - actions: write # Required for workflow cancellation on failure uses: ./.github/workflows/fortress-security-scans.yml with: env-json: ${{ needs.load-env.outputs.env-json }} @@ -199,7 +198,6 @@ jobs: needs.setup.outputs.pre-commit-enabled == 'true' permissions: contents: read # Read repository content for pre-commit checks - actions: write # Required for workflow cancellation on failure uses: ./.github/workflows/fortress-pre-commit.yml with: env-json: ${{ needs.load-env.outputs.env-json }} @@ -220,7 +218,6 @@ jobs: (needs.warm-cache.result == 'success' || needs.warm-cache.result == 'skipped') permissions: contents: read # Read repository content for code quality checks - actions: write # Required for workflow cancellation on failure uses: ./.github/workflows/fortress-code-quality.yml with: env-json: ${{ needs.load-env.outputs.env-json }} @@ -251,7 +248,7 @@ jobs: pages: write # Required: Coverage workflow needs to deploy to GitHub Pages id-token: write # Required: Coverage workflow needs GitHub Pages authentication statuses: write # Required: Coverage workflow needs to create commit status checks - actions: write # Required: Manage/cancel child test workflows (test matrix & fuzz tests); artifact access only needs actions: read + actions: read # Required: Coverage workflow needs to access artifacts from workflow runs uses: ./.github/workflows/fortress-test-suite.yml with: code-coverage-enabled: ${{ needs.setup.outputs.code-coverage-enabled }} @@ -321,25 +318,87 @@ jobs: runs-on: ${{ needs.setup.outputs.primary-runner }} steps: # -------------------------------------------------------------------- - # Build a summary table for the UI (always runs) + # Build results summary showing job statuses # -------------------------------------------------------------------- - name: ๐Ÿ“Š Build results summary + env: + SETUP_RESULT: ${{ needs.setup.result }} + MAGEX_RESULT: ${{ needs.test-magex.result }} + CACHE_RESULT: ${{ needs.warm-cache.result }} + SECURITY_RESULT: ${{ needs.security.result }} + QUALITY_RESULT: ${{ needs.code-quality.result }} + PRECOMMIT_RESULT: ${{ needs.pre-commit.result }} + TESTS_RESULT: ${{ needs.test-suite.result }} + BENCH_RESULT: ${{ needs.benchmarks.result }} + CACHE_ENABLED: ${{ needs.setup.outputs.cache-warming-enabled }} + PRECOMMIT_ENABLED: ${{ needs.setup.outputs.pre-commit-enabled }} + TESTS_ENABLED: ${{ needs.setup.outputs.go-tests-enabled }} run: | { echo "## ๐Ÿšฆ Workflow Results" echo "" echo "| Component | Result | Status |" echo "|-----------|--------|--------|" - echo "| ๐ŸŽฏ Setup | ${{ needs.setup.result }} | Required |" - echo "| ๐Ÿช„ MAGE-X | ${{ needs.test-magex.result }} | Required |" - echo "| ๐Ÿ’พ Warm Cache | ${{ needs.warm-cache.result }} | ${{ needs.setup.outputs.cache-warming-enabled == 'true' && 'Required' || 'Disabled' }} |" - echo "| ๐Ÿ”’ Security | ${{ needs.security.result }} | Required |" - echo "| ๐Ÿ“Š Code Quality | ${{ needs.code-quality.result }} | Required |" - echo "| ๐Ÿช Pre-commit | ${{ needs.pre-commit.result }} | ${{ needs.setup.outputs.pre-commit-enabled == 'true' && 'Required' || 'Skipped' }} |" - echo "| ๐Ÿงช Test Suite | ${{ needs.test-suite.result }} | ${{ needs.setup.outputs.go-tests-enabled == 'true' && 'Required' || 'Skipped' }} |" - echo "| ๐Ÿƒ Benchmarks | ${{ needs.benchmarks.result }} | Optional โš ๏ธ |" + + # Helper function to determine result display + get_result_display() { + local result="$1" + + if [[ "$result" == "failure" ]]; then + echo "โŒ **FAILED**" + elif [[ "$result" == "cancelled" ]]; then + echo "โน๏ธ cancelled" + elif [[ "$result" == "skipped" ]]; then + echo "โญ๏ธ skipped" + elif [[ "$result" == "success" ]]; then + echo "โœ… success" + else + echo "$result" + fi + } + + # Setup + SETUP_DISPLAY=$(get_result_display "$SETUP_RESULT") + echo "| ๐ŸŽฏ Setup | $SETUP_DISPLAY | Required |" + + # MAGE-X + MAGEX_DISPLAY=$(get_result_display "$MAGEX_RESULT") + echo "| ๐Ÿช„ MAGE-X | $MAGEX_DISPLAY | Required |" + + # Warm Cache + CACHE_REQ="Disabled" + [[ "$CACHE_ENABLED" == "true" ]] && CACHE_REQ="Required" + CACHE_DISPLAY=$(get_result_display "$CACHE_RESULT") + echo "| ๐Ÿ’พ Warm Cache | $CACHE_DISPLAY | $CACHE_REQ |" + + # Security + SECURITY_DISPLAY=$(get_result_display "$SECURITY_RESULT") + echo "| ๐Ÿ”’ Security | $SECURITY_DISPLAY | Required |" + + # Code Quality + QUALITY_DISPLAY=$(get_result_display "$QUALITY_RESULT") + echo "| ๐Ÿ“Š Code Quality | $QUALITY_DISPLAY | Required |" + + # Pre-commit + PRECOMMIT_REQ="Skipped" + [[ "$PRECOMMIT_ENABLED" == "true" ]] && PRECOMMIT_REQ="Required" + PRECOMMIT_DISPLAY=$(get_result_display "$PRECOMMIT_RESULT") + echo "| ๐Ÿช Pre-commit | $PRECOMMIT_DISPLAY | $PRECOMMIT_REQ |" + + # Test Suite + TESTS_REQ="Skipped" + [[ "$TESTS_ENABLED" == "true" ]] && TESTS_REQ="Required" + TESTS_DISPLAY=$(get_result_display "$TESTS_RESULT") + echo "| ๐Ÿงช Test Suite | $TESTS_DISPLAY | $TESTS_REQ |" + + # Benchmarks (always optional) + BENCH_DISPLAY=$(get_result_display "$BENCH_RESULT") + echo "| ๐Ÿƒ Benchmarks | $BENCH_DISPLAY | Optional โš ๏ธ |" + echo "" - if [[ "${{ needs.benchmarks.result }}" == "failure" ]]; then + + # Add explanatory note if benchmarks failed + if [[ "$BENCH_RESULT" == "failure" ]]; then echo "โš ๏ธ **Note**: Benchmarks failed but are currently non-blocking." fi } >> "$GITHUB_STEP_SUMMARY"