-
Notifications
You must be signed in to change notification settings - Fork 0
Comparing changes
Open a pull request
base repository: peczenyj/structalign
base: v0.6.1
head repository: peczenyj/structalign
compare: v0.7.0
- 17 commits
- 42 files changed
- 3 contributors
Commits on May 27, 2026
-
Configuration menu - View commit details
-
Copy full SHA for 0a92666 - Browse repository at this point
Copy the full SHA 0a92666View commit details -
fix(ci): pin codeql action to its commit SHA, not the tag object (#63)
github/codeql-action v4.36.0 is an annotated tag, so f52b05f was the tag object SHA — not a commit. That can't be used as a uses: ref and the OpenSSF Scorecard webapp rejected it as an "imposter commit", failing the analysis step's publish. Pin to the dereferenced commit 7211b7c (still v4.36.0). Closes #62 Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for 5d3d63f - Browse repository at this point
Copy the full SHA 5d3d63fView commit details -
docs: refresh diff screenshot and drop redundant tag badge (#64)
* docs: regenerate diff screenshot for the v0.6.1 header The diff header now reports absolute bytes saved ("saving 16 bytes"), so the README screenshot was stale. Regenerated via `task screenshot` against -type=Record; the default termenv palette renders identically. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs: drop redundant tag badge (duplicates Latest release) The `tag` (github/tag) and `Latest release` (github/release) badges both render the same version string, since every tag maps 1:1 to a GitHub release. Keep `Latest release` (links to /releases/latest) and the distinct Release Date badge; remove the duplicate tag badge. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs: move Latest release to the first badge Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>Configuration menu - View commit details
-
Copy full SHA for 297c521 - Browse repository at this point
Copy the full SHA 297c521View commit details
Commits on May 28, 2026
-
Pre-v0.7.0 Cleanup: Sorting, Efficiency, and Bug Fixes (#68)
* refactor: modernize sorting and improve efficiency This PR addresses several pre-v0.7.0 improvements: - Modernize sorting using Go 1.25 slices package (closes #67) - Improve stripEggFlags efficiency by pre-allocating slice (closes #66) - Support -skip-cache-padded for anonymous structs (closes #65) - Polish README.md and refine indent helper * test: increase coverage for refactored code and edge cases
Configuration menu - View commit details
-
Copy full SHA for 7b197a1 - Browse repository at this point
Copy the full SHA 7b197a1View commit details -
Feat: Layered Configuration (Env Vars + .structalignrc) (#69)
* feat: implement layered configuration (env vars + .structalignrc) This PR adds support for persistent defaults via environment variables and configuration files. - New internal/config package for RC file parsing and env derivation. - Support for STRUCTALIGN_<FLAG> environment variables. - Support for .structalignrc files in Home and CWD (CWD > Home). - New -no-rc flag to disable RC loading. - Precedence: CLI > Env > CWD RC > Home RC > Default. Documentation updated in README.md and AGENTS.md. * docs: add configuration reference table to README and AGENTS
Configuration menu - View commit details
-
Copy full SHA for 7d7556c - Browse repository at this point
Copy the full SHA 7d7556cView commit details -
Feat: JSON Output Support (-format=json) (#71)
* feat: implement JSON output support (-format=json) This PR adds structured JSON output for both diff and inspect modes. - New -format enum flag (text|json). - Structured JSON document includes tool version, mode, findings/layouts, and summary. - Populated Package field in Finding and Layout DTOs. - Golden file tests for JSON output in internal/ui. - Integration tests in internal/app. - Documentation updated in README.md and AGENTS.md. * fix(json): honor -tags flag in inspect mode Make -tags a single global "include tags in output" toggle: previously inspect JSON always emitted the per-field `tag`, regardless of -tags (text inspect already gated it). Plumb keepTags into RenderJSON and clear the field when off; STRUCTALIGN_TAGS=true and `tags = true` in .structalignrc work via the existing config layer. Closes #73. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for ddd3c49 - Browse repository at this point
Copy the full SHA ddd3c49View commit details -
fix(usage): list -no-rc in -h and document the theme eggs (#74)
The -no-rc flag was registered only inside scanEarlyFlags, so it never appeared in -h and the only mention lived in README. It is a normal config flag (no different from -threshold or -tags), not an easter egg, so register it with the FlagSet and keep an early peek just to honor it before RC loading runs. Adds a tiny "Easter eggs" README section documenting -cga / -green / -amber as shortcuts for STRUCTALIGN_THEME, and folds the dangling -version / -no-rc lines into the indented flag block. Closes #72.
Configuration menu - View commit details
-
Copy full SHA for db28141 - Browse repository at this point
Copy the full SHA db28141View commit details
Commits on May 29, 2026
-
test: implement Go native fuzz tests for match and ui packages (#85)
Add native Go fuzz testing suites to protect parsers, alignment padding, and matching logic: - internal/match/fuzz_test.go: Add 'FuzzMatchAny' and 'FuzzSplitCSV' tests to fuzz the pattern matching and CSV parser - internal/ui/printer_fuzz_test.go: Add 'FuzzTruncPad' test to fuzz visual column truncation and padding logic against arbitrary strings and widths
Configuration menu - View commit details
-
Copy full SHA for 44f5f10 - Browse repository at this point
Copy the full SHA 44f5f10View commit details -
ci: configure Cosign release signing in GoReleaser (#84)
Configure keyless cryptographic release signing for all built release archives: - .goreleaser.yaml: Add 'signs' block using cosign to sign the checksums file and generate a '.sigstore.json' Sigstore bundle - release.yml: Add 'Install Cosign' workflow step (sigstore/cosign-installer) so the binary is available during release builds
Configuration menu - View commit details
-
Copy full SHA for 127d763 - Browse repository at this point
Copy the full SHA 127d763View commit details -
ci: harden workflows, apply least privilege, and add scorecard annota…
…tion (#83) Harden the GitHub workflow files to comply with OpenSSF Scorecard least privilege and pinning rules: - release.yml: Restrict top-level permissions to 'read-all' and declare contents/id-token/attestations write access at the job level (closes alert #4) - ci.yml: Pin gotestsum and go-consistent installations to exact versions (v1.13.0 and v0.6.2) instead of mutable '@latest' (closes alerts #2, #3) - scorecard.yml: Create a scorecard annotation file to document solo-maintainer Code-Review exclusion - docs/TODO.md: Add a TODO document outlining manual repository settings (branch protection, OpenSSF badge, OSS-Fuzz) for maintainers
Configuration menu - View commit details
-
Copy full SHA for dde67b8 - Browse repository at this point
Copy the full SHA dde67b8View commit details -
fix: address major bugs, unhandled AST aliases, and config issues on …
…devel (#82) Address 7 high-priority issues identified during deep pre-release review of the 'devel' branch: - go.mod: Downgrade Go version directive to 1.24.0 (closes #75) - .golangci.yml: Rewrite to valid golangci-lint v2 schema, and configure exclude rules for fmt/revive (closes #81) - app.go: Prepend standard 'structalign: ' prefix to empty findings messages - printer: Inject stderr into Printer, and update RenderJSON signature to accept explicit inspect boolean to fix mode misidentification on empty results (closes #76) - app.go: Initialize noRC from STRUCTALIGN_NO_RC environment variable in scanEarlyFlags (closes #77) - layout: Unwrap types.Alias and traverse types.Interface in collectTypeParams to find nested type params (closes #78) - structfilter/align: Use types.Unalias to support CacheLinePad and typeParamNames checks on aliased types (closes #79) - relpath_test.go: Fix TestRelPath flakiness by dynamically constructing absolute paths outside CWD (closes #80) - app.go/nolint_block_test: Rename shadowed min variable and unused test parameter to fix revive linter errors
Configuration menu - View commit details
-
Copy full SHA for 619de91 - Browse repository at this point
Copy the full SHA 619de91View commit details -
fix: graceful RC keys, JSON encode-error stream, and docs (#87)
* fix: graceful RC keys, JSON encode-error stream, and docs Follow-ups from the v0.7.0 batch code review: - app: skip .structalignrc keys that don't map to a flag (the documented theme exclusion and typos) instead of warning "no such flag"; a real flag given a bad value still warns. - ui: RenderJSON returns its encode error instead of writing to the real os.Stderr; app.Run reports it on App.Stderr and exits 2. - docs: document that the JSON diff document always carries the summary block and that -format=json ignores the text presentation flags. - test(align): replace the unfinished readSource bounds comment with a deliberate note on why the remaining guards are uncovered. Closes #86 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * chore: add OpenSSF .bestpractices.json configuration file Add .bestpractices.json to the repository root containing all self-assertions and justifications for the project's security, quality, reporting, and licensing criteria. This allows the OpenSSF Best Practices portal to automatically parse and pre-populate the project's questionnaire, bypassing the need for manual form submission. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for b4040c5 - Browse repository at this point
Copy the full SHA b4040c5View commit details -
fix(align): strip field comments from both diff sides (#89)
* fix(align): strip field comments from both diff sides Upstream fieldalignment clears each field's Doc/Comment when building the suggested-fix text (golang/go#20744), so the proposed side of the diff never carried comments while the original side — read from raw source — did. A pure reordering therefore looked like it also deleted the field comments. Normalize both sides through a shared reprint helper that drops comments (by parsing without ParseComments) and keeps tags only when -tags is set, so the side-by-side diff shows only the reordering. Closes #88 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * docs: use Markdown image tag for the diff screenshot Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for 4d12d6a - Browse repository at this point
Copy the full SHA 4d12d6aView commit details -
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for 08fc9e8 - Browse repository at this point
Copy the full SHA 08fc9e8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 242a4c9 - Browse repository at this point
Copy the full SHA 242a4c9View commit details -
fix(ci): correct cosign-installer pinned commit SHA
The v3.5.0 pin pointed at 59acb623... which does not exist in sigstore/cosign-installer, so the release workflow failed at job setup (first triggered for v0.7.0, since the Cosign step was added after v0.6.1 in #84). Repin to the real v3.5.0 commit 59acb6260d9c. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for 656d243 - Browse repository at this point
Copy the full SHA 656d243View commit details -
fix(ci): bump cosign-installer to v4.1.2 (cosign v3.0.6)
cosign-installer v3.5.0 installs cosign v2.2.x, which cannot read the newer Sigstore bundle format goreleaser-action uses to verify its own binary download (v2.16.0), failing with "bundle does not contain cert for verification". v4.1.2 ships cosign v3.0.6, which understands it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Configuration menu - View commit details
-
Copy full SHA for 25f13cb - Browse repository at this point
Copy the full SHA 25f13cbView commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.6.1...v0.7.0