chore: update pre-commit hooks and linting configurations

Author: mrz1836

.github/.env.shared

@@ -40,22 +40,25 @@ SECONDARY_RUNNER=ubuntu-24.04          # Set identical to PRIMARY_RUNNER if you
 # ───────────────────────────────────────────────────────────────────────────────
 ENABLE_CODE_COVERAGE=true              # Enable code coverage reporting (upload to Codecov)
 ENABLE_FUZZ_TESTING=true               # Enable fuzz running tests (requires Go 1.18+)
-ENABLE_LINT=true                       # Enable linting steps (golangci-lint)
+ENABLE_GO_LINT=true                    # Enable Go code linting steps (golangci-lint)
 ENABLE_RACE_DETECTION=true             # Enable Go's race detector in tests (-race flag)
 ENABLE_SECURITY_SCANS=true             # Enable tools like gitleaks, govulncheck, nancy
 ENABLE_STATIC_ANALYSIS=true            # Enable static analysis jobs (go vet)
-ENABLE_VERBOSE_TEST_OUTPUT=true        # Enable verbose output for test runs (can slow down CI)
+ENABLE_VERBOSE_TEST_OUTPUT=false       # Enable verbose output for test runs (can slow down CI)
+ENABLE_YAML_LINT=true                  # Enable YAML format validation (prettier with editorconfig)
 MAKEFILE_REQUIRED=true                 # Enforce the presence of Makefile for builds (future feature)
 
 # ───────────────────────────────────────────────────────────────────────────────
 # ENV: Tool Versions & Config
 # ───────────────────────────────────────────────────────────────────────────────
 GITLEAKS_NOTIFY_USER_LIST=@mrz1836                # User(s) to notify when gitleaks secrets are found (user,user2)
-GITLEAKS_VERSION=8.27.2                           # Version of gitleaks to install and use (X.Y.Z)
-GORELEASER_VERSION=v2.10.2                        # Version of goreleaser to install and use (vX.Y.Z)
-GOVULNCHECK_VERSION=v1.1.4                        # Version of govulncheck to use for Go vuln scanning (vX.Y.Z)
+GITLEAKS_VERSION=8.27.2                           # Version of gitleaks to install and use (X.Y.Z) (https://github.com/gitleaks/gitleaks)
+GORELEASER_VERSION=v2.11.0                        # Version of goreleaser to install and use (vX.Y.Z) (https://github.com/goreleaser/goreleaser)
+GOVULNCHECK_VERSION=v1.1.4                        # Version of govulncheck to use for Go vuln scanning (vX.Y.Z) (https://pkg.go.dev/golang.org/x/vuln)
 NANCY_EXCLUDES=CVE-2024-38513,CVE-2022-21698,CVE-2023-45142  # Known acceptable CVEs (cve,cve2,...)
-NANCY_VERSION=v1.0.51                             # Version of nancy to install and use (vX.Y.Z)
+NANCY_VERSION=v1.0.51                             # Version of nancy to install and use (vX.Y.Z) (https://github.com/sonatype-nexus-community/nancy)
+NODE_VERSION=20                                   # Node.js version for prettier and other tools (major version)
+PRETTIER_VERSION=3.6.2                            # Version of prettier to use for YAML validation (X.Y.Z) (https://www.npmjs.com/package/prettier)
 
 # ───────────────────────────────────────────────────────────────────────────────
 # ENV: Stale Workflow Configuration

.github/actions/load-env/action.yml

@@ -15,15 +15,15 @@
 #
 # ------------------------------------------------------------------------------------
 
-name: 'Load Environment Variables'
-description: 'Loads environment variables from .github/.env.shared and outputs as JSON'
+name: "Load Environment Variables"
+description: "Loads environment variables from .github/.env.shared and outputs as JSON"
 
 outputs:
   env-json:
-    description: 'JSON object containing all environment variables'
+    description: "JSON object containing all environment variables"
     value: ${{ steps.load-env.outputs.env-json }}
   primary-runner:
-    description: 'Primary runner OS extracted from environment variables'
+    description: "Primary runner OS extracted from environment variables"
     value: ${{ steps.load-env.outputs.primary-runner }}
 
 runs:

.github/actions/warm-cache/action.yml

@@ -8,32 +8,32 @@
 #
 # ------------------------------------------------------------------------------------
 
-name: 'Warm Go Caches'
-description: 'Warm Go module and build caches for the specified Go version and OS'
+name: "Warm Go Caches"
+description: "Warm Go module and build caches for the specified Go version and OS"
 
 inputs:
   go-version:
-    description: 'Go version to use'
+    description: "Go version to use"
     required: true
   matrix-os:
-    description: 'Operating system for the runner'
+    description: "Operating system for the runner"
     required: true
   matrix-name:
-    description: 'Display name for the matrix configuration'
+    description: "Display name for the matrix configuration"
     required: true
   enable-verbose:
-    description: 'Enable verbose output'
+    description: "Enable verbose output"
     required: false
-    default: 'false'
+    default: "false"
   go-primary-version:
-    description: 'Primary Go version for comparison'
+    description: "Primary Go version for comparison"
     required: true
   go-secondary-version:
-    description: 'Secondary Go version for comparison'
+    description: "Secondary Go version for comparison"
     required: true
 
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
     # ————————————————————————————————————————————————————————————————
     # Checkout code, set up Go, and cache dependencies
@@ -59,7 +59,7 @@ runs:
     # ────────────────────────────────────────────────────────────────────────────
     - name: 💾 Restore Go module cache (shared)
       id: gomod-cache
-      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684     # v4.2.3
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: |
           ~/go/pkg/mod
@@ -133,7 +133,7 @@ runs:
     # ────────────────────────────────────────────────────────────────────────────
     - name: 💾 Restore Go build cache (per-version)
       id: gobuild-cache
-      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684     # v4.2.3
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: |
           ~/.cache/go-build

.github/dependabot.yml

@@ -47,10 +47,10 @@ updates:
           - "*auth*"
           - "*jwt*"
           - "*oauth*"
-        update-types: [ "minor", "patch" ]
+        update-types: ["minor", "patch"]
     open-pull-requests-limit: 10
-    assignees: [ "galt-tr","mrz1836" ]
-    labels: [ "chore", "dependencies", "gomod" ]
+    assignees: ["galt-tr", "mrz1836"]
+    labels: ["chore", "dependencies", "gomod"]
     commit-message:
       prefix: "chore"
       include: "scope"
@@ -70,10 +70,10 @@ updates:
       - dependency-type: "direct"
     groups:
       ghactions-all:
-        patterns: [ "*" ]
+        patterns: ["*"]
     open-pull-requests-limit: 10
-    assignees: [ "galt-tr","mrz1836" ]
-    labels: [ "chore", "dependencies", "github-actions" ]
+    assignees: ["galt-tr", "mrz1836"]
+    labels: ["chore", "dependencies", "github-actions"]
     commit-message:
       prefix: "chore"
       include: "scope"
@@ -93,10 +93,10 @@ updates:
       - dependency-type: "direct"
     groups:
       devcontainer-all:
-        patterns: [ "*" ]
+        patterns: ["*"]
     open-pull-requests-limit: 5
-    assignees: [ "galt-tr","mrz1836" ]
-    labels: [ "chore", "dependencies", "devcontainer" ]
+    assignees: ["galt-tr", "mrz1836"]
+    labels: ["chore", "dependencies", "devcontainer"]
     commit-message:
       prefix: "chore"
       include: "scope"

.github/sweep.yaml

@@ -1,6 +1,6 @@
 gha_enabled: true
 branch: master
-blocked_dirs: [ ]
+blocked_dirs: []
 draft: false
 description: |
   Sweep AI must follow the repository guidelines in .github/AGENTS.md.

.pre-commit-config.yaml

@@ -12,12 +12,12 @@
 #      extended with the prefixes listed in AGENTS.md
 # ----------------------------------------------------------------------
 
-minimum_pre_commit_version: "3.7.0"  # requires Python‑based hooks v2.0+
+minimum_pre_commit_version: "3.7.0" # requires Python‑based hooks v2.0+
 
 repos:
   # ---------------------- Core hygiene hooks --------------------------
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b  # frozen: v5.0.0
+    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # frozen: v5.0.0
     hooks:
       - id: check-added-large-files
       - id: end-of-file-fixer
@@ -26,7 +26,7 @@ repos:
 
   # ------------------------- Go toolchain -----------------------------
   - repo: https://github.com/TekWizely/pre-commit-golang
-    rev: 302c7fd28cdbb62d5fd1e3965fe36e33a5f77803  # frozen: v1.0.0-rc.1
+    rev: 302c7fd28cdbb62d5fd1e3965fe36e33a5f77803 # frozen: v1.0.0-rc.1
     hooks:
       - id: go-fmt
       - id: go-vet
@@ -37,10 +37,10 @@ repos:
 
   # ------------------------ Security scans ---------------------------
   - repo: https://github.com/zricethezav/gitleaks
-    rev: 47218a628da59ef6b24197d15f4b0248ca87f4f0  # frozen: v8.27.2
+    rev: 47218a628da59ef6b24197d15f4b0248ca87f4f0 # frozen: v8.27.2
     hooks:
       - id: gitleaks
-        stages: [ pre-commit, pre-push ]
+        stages: [pre-commit, pre-push]
 
   # ------------------- Commenting rule enforcement -------------------
   - repo: local
@@ -50,25 +50,25 @@ repos:
         language: system
         entry: |
           bash -c 'revive -config .revive.toml ./...'
-        types: [ go ]
+        types: [go]
         fail_fast: true
 
       - id: comment-conventions
         name: "custom comment linter (AGENTS.md)"
         language: python
         entry: scripts/comment_lint.py
-        types: [ go, markdown ]
+        types: [go, markdown]
         pass_filenames: true
         additional_dependencies:
           - regex==2025.6
           - ruamel.yaml==0.18
 
   # --------------------- Commit‑msg validation -----------------------
   - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
-    rev: 879f5400493f84c8b683bdeb3366a8439ca17858  # frozen: v9.22.0
+    rev: 879f5400493f84c8b683bdeb3366a8439ca17858 # frozen: v9.22.0
     hooks:
       - id: commitlint
-        stages: [ commit-msg ]
-        additional_dependencies: [ '@commitlint/config-conventional' ]
+        stages: [commit-msg]
+        additional_dependencies: ["@commitlint/config-conventional"]
 
-default_stages: [ pre-commit, pre-push ]
+default_stages: [pre-commit, pre-push]