chore: add missing CI validation checks (fmt, mod, gosec, govulncheck)

- Add go fmt validation to enforce consistent code formatting - Add go mod tidy and verify checks for module hygiene - Add gosec security analysis for static security scanning - Add govulncheck for dependency vulnerability detection - Reorganize regex variables with clarifying comments - Follows documented validation sequence from copilot-instructions.md
2026-03-21 14:04:35 +00:00
parent 3c60be8587
commit 7cb7b050db
2 changed files with 30 additions and 5 deletions
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -35,6 +35,27 @@ jobs:
          cache: true
          cache-dependency-path: go.sum

+      - name: Validate formatting
+        run: test -z "$(gofmt -l .)"
+
+      - name: Module hygiene
+        run: |
+          set -euo pipefail
+          go mod tidy
+          go mod verify
+
+      - name: Run gosec security analysis
+        uses: securego/gosec@v2
+        with:
+          args: ./...
+
+      - name: Run govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-package: ./...
+          cache: true
+          cache-dependency-path: go.sum
+
      - name: Run full unit test suite with coverage
        run: |
          set -euo pipefail