1.7.4

[digitalghost-dev]

Summary by CodeRabbit

• Chores

  • Version bumped to v1.7.4
  • Go toolchain updated to 1.24.9

• Bug Fixes

  • Improved error reporting for version flag to properly display error messages

[coderabbitai]

Walkthrough

This PR bumps the application version from v1.7.3 to v1.7.4 across build and deployment configurations, updates Go toolchain from 1.24.6 to 1.24.9, adds Docker security hardening with user/group isolation, refactors version flag error handling to propagate errors instead of silently failing, and expands test coverage for argument validators and styling components.

Changes

Cohort / File(s)	Summary
Version bump to v1.7.4 .github/workflows/ci.yml, .goreleaser.yml, README.md, card_data/pipelines/poke_cli_dbt/dbt_project.yml, nfpm.yaml	Updated version references from v1.7.3 to v1.7.4 in CI configuration, release settings, documentation, dbt project metadata, and package manifest
Go toolchain and Dockerfile updates go.mod, Dockerfile	Bumped Go version from 1.24.6 to 1.24.9; updated Dockerfile base image to golang:1.24.9-alpine3.22
Docker security hardening Dockerfile	Added runtime isolation: created non-root poke_user and poke_group, modified /etc/passwd, set container to run as unprivileged user with restricted permissions on /app
Error handling refactor for version flag flags/version.go, flags/version_test.go, cli.go	Changed latestRelease() and LatestFlag() to return errors instead of silently failing; updated CLI to capture and propagate version flag errors with appropriate exit codes; enhanced test assertions to verify error behavior
Test coverage expansion cmd/utils/validateargs_test.go, styling/styling_test.go	Added new test suites for Berry, Item, Move, and Speed argument validators; added FormTheme configuration test
Golden file update testdata/main_latest_flag.golden	Updated expected output text from "Latest available version:" to "Latest available release on GitHub:" and bumped displayed version from v1.7.2 to v1.7.3

Sequence Diagram(s)

sequenceDiagram
    participant CLI as cli.go
    participant LatestFlag as LatestFlag()
    participant LatestRelease as latestRelease()
    participant HTTP as HTTP/GitHub API
    
    rect rgb(220, 240, 255)
    Note over CLI,LatestRelease: New Error Handling Flow
    CLI->>LatestFlag: Call with --latest flag
    LatestFlag->>LatestRelease: Fetch latest release
    
    alt Success Path
        LatestRelease->>HTTP: Request latest release
        HTTP-->>LatestRelease: JSON response
        LatestRelease->>LatestRelease: Parse & format output
        LatestRelease-->>LatestFlag: return (output, nil)
        LatestFlag-->>CLI: return (output, nil)
        CLI->>CLI: Exit code 0
    else Error Path
        LatestRelease->>HTTP: Request fails / Invalid URL / Parse error
        HTTP-->>LatestRelease: Error response
        LatestRelease->>LatestRelease: Wrap error with context
        LatestRelease-->>LatestFlag: return ("", error)
        LatestFlag-->>CLI: return (output, error)
        CLI->>CLI: Exit code 1
    end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Dockerfile security hardening: Verify user/group creation, permission changes, and image layer efficiency
• Error handling refactor in flags/version.go: Review all error wrapping paths, output messaging, and ensure error information is preserved and properly propagated
• Test coverage: Verify new test assertions correctly validate argument validation logic and FormTheme configuration

Possibly related issues

• Issue #198: Directly implements the error handling refactor for the version flag, making latestRelease() return errors and updating LatestFlag() and CLI exit behavior accordingly.

Possibly related PRs

• PR #196: Prior version bump PR that advanced from earlier state to v1.7.3; this PR continues the same pattern of version updates across identical config files (CI, goreleaser, Dockerfile, go.mod, README, dbt_project.yml, nfpm.yaml).

Poem

🐰 Bundled in burrows of v1.7.4,
With Alpine gophers and Go's latest roar,
User permissions standing guard at the gate,
Error messages singing their truths, never late!
Oh, what a version, a fortress so fair!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title '1.7.4' is too vague and generic; it only specifies a version number without describing what changed or the purpose of the changes.	Use a descriptive title like 'Release v1.7.4' or 'Bump version to v1.7.4 and update Go toolchain' to clearly convey the main changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 1.7.4

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 49267ac and 1994f14.

📒 Files selected for processing (13)

• .github/workflows/ci.yml (1 hunks)
• .goreleaser.yml (1 hunks)
• Dockerfile (2 hunks)
• README.md (2 hunks)
• card_data/pipelines/poke_cli_dbt/dbt_project.yml (1 hunks)
• cli.go (1 hunks)
• cmd/utils/validateargs_test.go (2 hunks)
• flags/version.go (3 hunks)
• flags/version_test.go (3 hunks)
• go.mod (1 hunks)
• nfpm.yaml (1 hunks)
• styling/styling_test.go (1 hunks)
• testdata/main_latest_flag.golden (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

cli.go (1)

flags/version.go (1)

• LatestFlag (17-26)

styling/styling_test.go (1)

styling/styling.go (1)

• FormTheme (114-158)

cmd/utils/validateargs_test.go (2)

cmd/utils/validateargs.go (4)

• ValidateBerryArgs (45-55)
• ValidateItemArgs (58-69)
• ValidateMoveArgs (72-83)
• ValidateSpeedArgs (180-190)

styling/styling.go (1)

• StripANSI (75-78)

flags/version_test.go (3)

cmd/utils/golden.go (1)

• LoadGolden (10-46)

flags/version.go (1)

• LatestFlag (17-26)

styling/styling.go (1)

• StripANSI (75-78)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Socket Security: Pull Request Alerts
• GitHub Check: tests

🔇 Additional comments (22)

cli.go (1)

133-137: LGTM! Proper error handling implementation.

The error handling for the --latest flag now correctly captures and propagates errors from LatestFlag(), returning exit code 1 on failure and 0 on success. This aligns well with the refactored error-returning contract in flags/version.go.

testdata/main_latest_flag.golden (1)

3-5: LGTM! Test fixture properly updated.

The golden file correctly reflects the updated display text and version reference, matching the changes in flags/version.go.

card_data/pipelines/poke_cli_dbt/dbt_project.yml (2)

2-2: LGTM! Version bump coordinated with PR.

The version update to 1.7.4 is consistent with the broader version bump across the project.

---

21-21: LGTM! Valid dbt model configuration.

The materialized: table configuration is a standard dbt setting that specifies how models should be materialized in the database.

styling/styling_test.go (1)

101-116: LGTM! Comprehensive test coverage for FormTheme.

The test thoroughly validates the FormTheme() function by checking:

• Non-nil theme and state components
• Proper configuration of Focused, Blurred, and Group states
• Consistency between related styles (e.g., FocusedButton equals Next, Group title/description matches Focused)

This is a well-structured test that provides good coverage for the theme configuration.

Dockerfile (3)

2-2: LGTM! Go toolchain update coordinated with go.mod.

The base image update from golang:1.24.6-alpine3.22 to golang:1.24.9-alpine3.22 aligns with the toolchain update in go.mod.

---

11-11: LGTM! Version bump coordinated with PR.

The ldflags version update to v1.7.4 is consistent with the broader version bump across the project.

---

17-29: Excellent security hardening with user isolation!

The Docker security improvements are well-implemented:

• Creates dedicated poke_user and poke_group for running the application
• Modifies root's /etc/passwd entry to disable shell access (/sbin/nologin)
• Cleans up the shadow package after user creation to reduce attack surface
• Sets proper ownership and runs the container as non-root user

These changes significantly improve the security posture by following the principle of least privilege and reducing the container's attack surface.

flags/version.go (2)

17-26: LGTM! Proper error propagation implemented.

The LatestFlag() function now correctly captures and returns errors from latestRelease(), making the error handling explicit and testable. This is a significant improvement over the previous implementation that silently failed.

---

28-90: Excellent refactoring of error handling!

The latestRelease() function has been substantially improved with comprehensive error propagation:

• All error paths now return wrapped errors with context (fmt.Errorf)
• Errors are still printed to output for user visibility
• Security validations (HTTPS check, host validation) return proper errors
• HTTP request, response reading, and JSON unmarshalling errors are all properly handled
• Returns nil on success to complete the error-returning contract

This refactoring makes the function more robust, testable, and maintainable. The error handling is thorough and follows Go best practices.

flags/version_test.go (2)

10-10: LGTM! Proper test library import.

The addition of testify/require is appropriate for the new error assertions.

---

26-59: LGTM! Tests properly updated for error-returning contract.

The test updates correctly handle the new error-returning signature of LatestFlag():

• Added expectedError field to test cases for flexibility
• Captures both output and error from LatestFlag()
• Uses require.Error/require.NoError appropriately for error assertions
• Maintains existing output validation via golden file comparison

The test structure now supports both success and error scenarios, improving test coverage and robustness.

go.mod (1)

3-3: Go 1.24.9 has been verified and is safe to use.

Go 1.24.9 was released on October 13, 2025 and includes fixes to the crypto/x509 package. The version is widely available across official channels and distributions. No critical security issues or breaking changes were identified for this release.

cmd/utils/validateargs_test.go (4)

185-222: LGTM! Comprehensive test coverage for berry argument validation.

The test function properly covers all scenarios: valid inputs (help flag and no arguments), invalid inputs (berry name provided), and too many arguments. The implementation follows the established testing pattern and correctly validates the berry command's argument constraints.

---

224-262: LGTM! Thorough test coverage for item argument validation.

The test function correctly validates the item command's requirements: allowing help flags and item names while properly rejecting missing item specifications and excess arguments. The test structure aligns well with the validator's logic.

---

264-302: LGTM! Solid test coverage for move argument validation.

The test function effectively validates the move command's argument handling, including proper support for differently cased move names. The test cases comprehensively cover valid usage, missing move specifications, and excess arguments.

---

385-422: LGTM! Complete test coverage for speed argument validation.

The test function properly validates the speed command's argument constraints, ensuring it accepts only help flags while rejecting numeric arguments and excess input. The implementation is consistent with the validator's behavior and follows established testing patterns.

.goreleaser.yml (1)

17-17: LGTM! Version bump properly applied.

The linker flag has been correctly updated to v1.7.4, ensuring the built binaries will report the new version. This aligns with the coordinated version bump across the repository.

nfpm.yaml (1)

4-4: LGTM! Package version correctly updated.

The nfpm packaging version has been properly bumped to v1.7.4, maintaining consistency with the version updates across all build and deployment configurations.

README.md (2)

5-5: LGTM! Docker badge reference updated.

The Docker image size badge now correctly references v1.7.4, ensuring the badge displays metrics for the latest version.

---

97-101: LGTM! Docker usage examples updated.

Both Docker run examples (single-command and interactive shell) now reference the v1.7.4 image tag, ensuring users pull and run the correct version.

.github/workflows/ci.yml (1)

33-33: LGTM! CI version variable properly updated.

The VERSION_NUMBER environment variable has been correctly bumped to v1.7.4, serving as the single source of truth for all build, packaging, and publishing steps throughout the CI pipeline. This ensures consistent versioning across all artifacts.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 23.07692% with 20 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
flags/version.go	21.73%	18 Missing ⚠️
cli.go	33.33%	1 Missing and 1 partial ⚠️

Files with missing lines	Coverage Δ
cli.go	83.63% <33.33%> (-1.55%)	⬇️
flags/version.go	50.00% <21.73%> (-5.82%)	⬇️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.