Skip to content

feat: update Makefile and README for linting support; add SECURITY.md for vulnerability reporting#2

Merged
trevorphillipscoding merged 6 commits intomainfrom
refactor
Mar 9, 2026
Merged

feat: update Makefile and README for linting support; add SECURITY.md for vulnerability reporting#2
trevorphillipscoding merged 6 commits intomainfrom
refactor

Conversation

@trevorphillipscoding
Copy link
Owner

@trevorphillipscoding trevorphillipscoding commented Mar 5, 2026

Description

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • New plugin/runtime support

Related Issues

Testing

  • Tested on macOS
  • Tested on Linux
  • Added/updated tests
  • All existing tests pass (make test)

Checklist

  • My code follows the project's style guidelines
  • I have commented my code, particularly in hard-to-understand areas
  • I have updated the documentation (README, etc.) if needed
  • My changes generate no new warnings or errors
  • I have run make lint and addressed any issues

Copilot AI review requested due to automatic review settings March 5, 2026 05:37
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds repository/CI hygiene (linting + dependency automation) and security documentation, while refactoring some CLI parsing and checksum resolution into shared helpers.

Changes:

  • Add golangci-lint support via make lint and a dedicated CI lint job.
  • Introduce SECURITY.md, expand README docs (including contributing/security sections), and add Dependabot + EditorConfig.
  • Refactor checksum resolution into internal/fetch and extract parseToolVersion into cmd/parse.go with new tests.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
internal/state/state_test.go Formatting-only adjustment in shim unregister test.
internal/fetch/checksum.go New shared checksum resolution + SHASUMS-style parsing helper.
internal/fetch/checksum_test.go Unit tests for checksum resolution/parsing behaviors.
cmd/parse.go New shared arg parser for <tool> <version> vs <tool>@<version>.
cmd/parse_test.go Unit tests for parseToolVersion.
cmd/install.go Switch install flow to use fetch.ResolveChecksum helper.
SECURITY.md Add vulnerability reporting + security model documentation.
README.md Add CI badge, expand usage/docs, link to security policy and contributing.
Makefile Add lint target and keep coverage helpers documented.
.github/workflows/ci.yml Add lint job to CI workflow.
.github/dependabot.yml Enable Dependabot for Go modules and GitHub Actions.
.editorconfig Add consistent editor defaults (Go tabs, YAML/MD spacing, etc.).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@trevorphillipscoding
chore: update Go setup action to version 6 in CI workflow
130a8f8
@trevorphillipscoding
chore: update checkout action to version 6 in CI workflow
53c8ad1
@trevorphillipscoding
Refactor fetch and version handling
ae4c989 
- Rename FetchBytes to Bytes for consistency in naming.
- Update error handling in Download and Bytes functions to use deferred closure for closing response bodies.
- Introduce verutil package for version string utilities, replacing the deprecated version package.
- Implement resolveToInstalled function to map partial version strings to installed versions.
- Update plugins (Go, Node, Python) to utilize verutil for version normalization and comparison.
- Modify tests to reflect changes in function names and error handling.
- Remove unused ResolvedVersion field from DownloadSpec.
- Improve error messages and ensure proper handling of HTTP responses in tests.
@trevorphillipscoding
Refactor version resolution to use semantic versioning
b6e51d2 
- Removed verutil package and replaced its functionality with semver package for version handling.
- Updated ResolveVersion function to utilize semver for resolving installed versions.
- Modified plugin interfaces to replace LatestVersion with AvailableVersions for better semantic version management.
- Adjusted tests to reflect changes in version resolution logic and ensure compatibility with new semver implementation.
- Enhanced error handling for version fetching in plugins.
@trevorphillipscoding trevorphillipscoding merged commit 86be4a3 into main Mar 9, 2026
6 checks passed
@trevorphillipscoding trevorphillipscoding deleted the refactor branch March 9, 2026 06:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@trevorphillipscoding