Upgrade tooling

.custom-hooks/pre-commit

@@ -1,18 +1,34 @@
 #!/usr/bin/env sh
 
 PROJECT_BASE_PATH=$(git rev-parse --show-toplevel)
-cd "$PROJECT_BASE_PATH" || exit 0
+cd $PROJECT_BASE_PATH
 
-GO_FILES_STAGED=$(git diff --name-only --cached | grep -c .go)
+NPX_BIN=$(which bunx npx | grep -v 'not found' | head -n 1 || echo "")
+GOLINT_BIN=$(which golangci-lint | grep -v 'not found' | head -n 1 || echo "")
 
-if [ -n "$GO_FILES_STAGED" ] && [ "$GO_FILES_STAGED" != "0" ]; then
-    GOLINT_BIN=$(which golangci-lint)
+GIT_STAGED_FILES=$(git diff --name-only --staged)
+GO_STAGED_FILES_COUNT=$(printf "$GIT_STAGED_FILES" | grep -E '\.go$' | wc -l | grep -E '[1-9][0-9]*$' || echo "0")
+MARKDOWN_STAGED_FILES=$(printf "$GIT_STAGED_FILES" | grep -E '\.md$' | tr '\n' ' ')
+PRETTIER_STAGED_FILES=$(printf "$GIT_STAGED_FILES" | grep -E '\.(json|yaml|yml)$' | tr '\n' ' ')
 
-    if [ -n "$GOLINT_BIN" ]; then
-        LAST_COMMIT=$(git rev-parse HEAD)
+runCommand() {
+    CMD=$1
+    shift 1
+    echo "[pre-commit] $CMD $@"
+    $CMD $@
+}
 
-        echo "[pre-commit] $GOLINT_BIN run -c ./.golangci.yaml --new-from-rev $LAST_COMMIT"
+if [ "$GO_STAGED_FILES_COUNT" != "0" ] && [ "$GOLINT_BIN" != "" ]; then
+    LAST_COMMIT=$(git rev-parse HEAD)
+    runCommand "$GOLINT_BIN" run -c ./.golangci.yaml --new-from-rev $LAST_COMMIT .
+fi
+
+if [ "$MARKDOWN_STAGED_FILES" != "" ] && [ "$NPX_BIN" != "" ]; then
+    runCommand "$NPX_BIN" markdownlint-cli --fix $MARKDOWN_STAGED_FILES
+    git add $MARKDOWN_STAGED_FILES
+fi
 
-        $GOLINT_BIN run -c ./.golangci.yaml --new-from-rev "$LAST_COMMIT"
-    fi
+if [ "$PRETTIER_STAGED_FILES" != "" ] && [ "$NPX_BIN" != "" ]; then
+    runCommand "$NPX_BIN" prettier --write $PRETTIER_STAGED_FILES
+    git add $PRETTIER_STAGED_FILES
 fi

.github/codecov.yml

@@ -0,0 +1,38 @@
+codecov:
+  require_ci_to_pass: true
+
+coverage:
+  status:
+    project:
+      default:
+        informational: true
+        target: auto
+        threshold: 30%
+    patch:
+      default:
+        informational: true
+  precision: 2
+  round: nearest
+  range: "70...100"
+
+parsers:
+  javascript:
+    enable_partials: yes
+  gcov:
+    branch_detection:
+      conditional: yes
+      loop: yes
+      method: no
+      macro: no
+
+comment:
+  layout: "reach,diff,flags,files,footer"
+  behavior: default
+  require_changes: true
+
+ignore:
+  - "build/"
+  - "dist/"
+  - "coverage/"
+  - "tools/"
+  - "main.go"

.github/codeql.yml

@@ -0,0 +1,10 @@
+name: "CodeQL"
+
+disable-default-queries: false
+
+paths:
+  - app
+  - lib
+
+paths-ignore:
+  - tools

.github/workflows/build-and-test.yml

@@ -10,7 +10,7 @@ on:
     types: [opened, edited]
 
 env:
-  GO_VERSION: "~1.20"
+  GO_VERSION: "~1.23"
   GO111MODULE: "on"
 
 jobs:

.github/workflows/codeql.yml

@@ -0,0 +1,51 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "27 22 * * 5"
+
+jobs:
+  analyze:
+    name: Analyze Go
+    runs-on: "ubuntu-latest"
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: go
+          build-mode: autobuild
+          config-file: ./.github/codeql.yml
+          queries: security-and-quality
+          # packs: codeql/go-all
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:go"

.github/workflows/dependabot-auto-merge.yml

@@ -10,16 +10,22 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
-
       - name: Dependabot metadata
         id: metadata
         uses: dependabot/fetch-metadata@v2.2.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Auto-merge Dependabot PRs
+      - name: Dependabot auto-merge minor & patch updates
         if: ${{steps.metadata.outputs.update-type != 'version-update:semver-major'}}
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Dependabot auto-merge actions major updates (if compat >= 90%)
+        if: ${{steps.metadata.outputs.package-ecosystem == 'github_actions' && steps.metadata.outputs.update-type == 'version-update:semver-major' && steps.metadata.outputs.compatibility-score >= 90}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/run-goreleaser.yml

@@ -8,26 +8,23 @@ on:
 
 permissions:
   contents: write
-  id-token: write
-  packages: write
 
 jobs:
-
-  build-and-release:
-    runs-on: ubuntu-latest
+  artifact-build:
+    runs-on: ${{ matrix.os }}
 
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-latest]
-      fail-fast: false
 
     steps:
       - name: Install Task
         uses: arduino/setup-task@v2
 
       - uses: actions/setup-go@v5
         with:
-          go-version: '>=1.20.0'
+          go-version: ">=1.23.0"
 
       - name: Checkout
         uses: actions/checkout@v4
@@ -36,11 +33,21 @@ jobs:
 
       - run: git fetch --force --tags
 
+      # validate the configuration file
+      - uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser-pro
+          version: latest
+          args: check
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+
       - uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser-pro
           version: latest
-          args: release --clean --skip-docker
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}

.golangci.yaml

@@ -1,37 +1,10 @@
-# Options for analysis running.
 run:
-  # Timeout for analysis, e.g. 30s, 5m. Default: 1m
   timeout: 15s
   modules-download-mode: readonly
 
   # Include test files or not. Default: true
   tests: true
 
-  # Which dirs to skip: issues from them won't be reported.
-  # Can use regexp here: `generated.*`, regexp is applied on full path.
-  # Default value is empty list,
-  # but default dirs are skipped independently of this option's value (see skip-dirs-use-default).
-  # "/" will be replaced by current OS file path separator to properly work on Windows.
-  skip-dirs:
-    - .custom-hooks
-    - .github
-    - .task
-    - .trunk
-    - .vscode
-    - assets
-    - build
-    - dist
-    - templates
-    - tools
-
-  # Which files to skip: they will be analyzed, but issues from them won't be reported.
-  # Default value is empty list,
-  # but there is no need to include all autogenerated files,
-  # we confidently recognize autogenerated files.
-  # If it's not please let us know.
-  # "/" will be replaced by current OS file path separator to properly work on Windows.
-
-  # Allow multiple parallel golangci-lint instances running; If false (default) - golangci-lint acquires file lock on start.
   allow-parallel-runners: true
   concurrency: 8
 
@@ -45,27 +18,14 @@ linters:
     - misspell
     - unused
     - unparam
-    #- errcheck
-    #- funlen
-    #- gocritic
-    #- gocyclo
-    #- goimports
-    #- gosec
-    #- gosimple
-    #- ineffassign
-    #- nestif
-    #- revive
-    #- staticcheck
-    #- typecheck
-    #- unused
 
 severity:
   default-severity: warning
   case-sensitive: false
 
 linters-settings:
   gocyclo:
-    min-complexity: 20
+    min-complexity: 30
 
   funlen:
     lines: 100
@@ -89,5 +49,4 @@ linters-settings:
     locale: US
 
   nestif:
-    max-nesting: 3
-    min-complexity: 4  # Minimal complexity of if statements to report. - Default: 5
+    min-complexity: 4 # Minimal complexity of if statements to report. - Default: 5

.goreleaser.yaml

@@ -1,25 +1,27 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+
+version: 2
+
 env:
   - GO111MODULE=on
   - CGO_ENABLED=0
 
-dist: build
-
 before:
   hooks:
-    - task mod
+    - go mod tidy
     - task update-version-file
 
+dist: build
+
 archives:
-  - format: tar.gz
-    format_overrides:
+  - format_overrides:
       - goos: windows
         format: zip
 
 builds:
-  - id: stackup
-    main: ./app
-    binary: stackup
-    mod_timestamp: '{{ .CommitTimestamp }}'
+  - main: "./main.go"
+    binary: "stackup"
+    mod_timestamp: "{{ .CommitTimestamp }}"
     flags:
       - -trimpath
     ldflags:
@@ -28,32 +30,18 @@ builds:
       - linux_amd64
       - darwin_arm64
       - darwin_amd64
-
-  - id: stackup-windows
-    main: ./app/main-windows.go
-    binary: stackup
-    mod_timestamp: '{{ .CommitTimestamp }}'
-    flags:
-      - -trimpath
-      - -tags=WINDOWS
-    ldflags:
-      - -s -w -X main.build={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}
-    targets:
       - windows_amd64
 
-# brews:
-#   -
-#     name: stackup
-#     homepage: 'https://github.com/permafrost-dev/homebrew-stackup'
-#     description: 'a single application to manage your entire dev stack'
-#     download_strategy: GitHubPrivateRepositoryReleaseDownloadStrategy
-#     custom_require: "lib/custom_download_strategy"
-#     license: MIT
-#     repository:
-#       owner: permafrost-dev
-#       name: homebrew-stackup
-#       branch: main
-
 checksum:
-  name_template: checksums.txt
+  name_template: "checksums.txt"
   algorithm: sha256
+
+snapshot:
+  version_template: "{{ incpatch .Version }}-next"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"