feat: bump versions and fix when no respones are received from VF

[xavidop]

1. Fix when voiceflow does not reply with any message in the tests commands
2. Bump versions

Summary by CodeRabbit

• New Features

  • Added exact_match validation for test assertions.

• Bug Fixes

  • Better handling of validations when responses lack a message.
  • More descriptive error text for failed response parsing.

• Chores

  • Updated CI workflows and tooling (checkout action and SBOM step) and refreshed Go dependency versions.
  • Added a new .gitignore rule and adjusted local launch port configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Multiple CI workflows update the checkout action to actions/checkout@v6; Go module requirements are bumped (direct and indirect). Test runner validation handling expanded (including exact_match and no-message cases) and JSON unmarshal errors now include response body; minor config changes to .gitignore and VSCode launch port.

Changes

Cohort / File(s)	Summary
CI workflows (checkout version bump) .github/workflows/build.yml, .github/workflows/codeql.yml, .github/workflows/depsreview.yaml, .github/workflows/grype.yml, .github/workflows/lint.yaml, .github/workflows/master.yml, .github/workflows/publish-docs.yaml	Replaced actions/checkout@v5 with actions/checkout@v6. No other behavioral changes.
Release build workflow .github/workflows/release_build.yml	Upgraded actions/checkout@v5 → @v6; anchore/sbom-action/download-syft bumped v0.20.6 → v0.20.10; nested checkout updated with fetch-depth: 0 and persist-credentials: false.
Project config .gitignore, .vscode/launch.json	Added top-level voiceflow-cli ignore rule; changed VSCode server launch port from 8080 → 8081.
Go module updates go.mod	Bumped Go directive and multiple dependencies: github.com/spf13/cobra v1.10.1→v1.10.2, github.com/swaggo/swag v1.16.4→v1.16.6, indirects (quic-go, golang.org/x/*) updated, and added go.yaml.in/yaml/v3 v3.0.4.
Validation & error handling pkg/test/runner.go, pkg/voiceflow/interact.go	runner.go: treat exact_match as equals; add handling for validations when response message is absent (variable and traceType checks and failure reporting). interact.go: more descriptive JSON unmarshal error including response body.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

• Review hotspots:
  • pkg/test/runner.go — verify correctness of no-message validation branches and test coverage for exact_match.
  • go.mod — scan for dependency compatibility issues, especially golang.org/x/* updates.
  • .github/workflows/release_build.yml — confirm SBOM step and nested checkout options behave as intended.
  • .vscode/launch.json — ensure port change aligns with local/dev expectations.

🐰 I hopped through commits, sniffed each line with care,
Checkout steps leapt to six, dependencies in the air,
Exact matches now counted true or nay,
Error bodies speak when JSON goes astray,
A little rabbit dance — updates done with flair! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the two main changes: dependency/workflow version bumps and a fix for handling missing responses from VF.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f88886 and e9cb5fd.

📒 Files selected for processing (1)

• pkg/test/runner.go (2 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

pkg/voiceflow/interact.go (1)

79-83: Improved error detail is helpful; consider small refinements

Including the raw response body in the unmarshal error is useful for diagnosing bad/malformed responses. A couple of optional tweaks you might consider:

• Avoid the extra []byte(string(body)) conversion and unmarshal directly from body:

  err = json.Unmarshal(body, &interactions)

• Optionally add HTTP status to the error to quickly spot non‑2xx responses:

  return nil, fmt.Errorf("error unmarshalling response (status %d): %w; body: %s", res.StatusCode, err, string(body))

• If the API can return very large payloads, you may want to truncate body in the error message to keep logs readable.

These are non-blocking and can be deferred.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ec5dda and 4f88886.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (13)

• .github/workflows/build.yml (1 hunks)
• .github/workflows/codeql.yml (1 hunks)
• .github/workflows/depsreview.yaml (1 hunks)
• .github/workflows/grype.yml (1 hunks)
• .github/workflows/lint.yaml (1 hunks)
• .github/workflows/master.yml (1 hunks)
• .github/workflows/publish-docs.yaml (1 hunks)
• .github/workflows/release_build.yml (2 hunks)
• .gitignore (1 hunks)
• .vscode/launch.json (1 hunks)
• go.mod (3 hunks)
• pkg/test/runner.go (2 hunks)
• pkg/voiceflow/interact.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

pkg/test/runner.go (1)

internal/types/tests/testTypes.go (1)

• VariableConfig (56-59)

pkg/voiceflow/interact.go (1)

internal/types/voiceflow/interact/interactResponseTypes.go (1)

• InteractionResponse (3-6)

🪛 GitHub Actions: golangci-lint

pkg/test/runner.go

[error] 170-170: QF1003: could use tagged switch on validation.Type (staticcheck)

🪛 GitHub Check: lint

pkg/test/runner.go

[failure] 170-170:
QF1003: could use tagged switch on validation.Type (staticcheck)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Summary

🔇 Additional comments (11)

.gitignore (1)

50-51: The voiceflow-cli ignore pattern does not hide project source files.

This is the xavidop/voiceflow-cli repository, where the root itself is the project. The ignore pattern voiceflow-cli targets a directory at the repository root level, which would not match the actual source code located in ./internal/, ./pkg/, .github/, etc. The pattern aligns with other build artifact entries like dist/, completions/, and manpages/, suggesting it ignores generated or build output. The existing entry voiceflow-cli/choco further suggests a build artifact directory structure (possibly Chocolatey packaging). No action required.

.vscode/launch.json (1)

131-131: Confirm server port alignment across tooling

Changing the debug launch port to 8081 is fine, but please confirm your local server actually listens on 8081 and that any docs/scripts (README, Makefile, etc.) are updated accordingly so dev workflows stay consistent.

.github/workflows/master.yml (1)

15-15: Checkout v6 upgrade looks consistent

Using actions/checkout@v6 here is consistent with the rest of the workflows and should be fine; just ensure this version matches what you expect for your GitHub-hosted or self-hosted runners.

.github/workflows/grype.yml (1)

20-20: Grype workflow checkout bump is fine

The switch to actions/checkout@v6 under the scan-source job aligns with other workflows and keeps the YAML structure valid.

.github/workflows/build.yml (1)

18-18: Build workflow checkout upgrade looks good

The upgrade to actions/checkout@v6 in the build workflow matches the other workflows and should not change behavior beyond using the newer action version.

.github/workflows/lint.yaml (1)

23-23: Lint workflow now aligned on checkout v6

Using actions/checkout@v6 here keeps this workflow in sync with the others; no issues spotted with the step ordering or permissions.

.github/workflows/codeql.yml (1)

18-18: CodeQL workflow checkout bump is safe

The switch to actions/checkout@v6 in the CodeQL workflow is consistent with the rest of the CI config and should be a drop‑in replacement.

pkg/test/runner.go (1)

117-117: LGTM: Added exact_match validation type.

The exact_match validation type is now supported and treated identically to equals. Both perform string equality checks.

go.mod (1)

3-3: Go 1.24.0 was released on February 11, 2025 and is available for download. This explicit version specification is valid and poses no issues.

.github/workflows/publish-docs.yaml (1)

15-15: Verify actions/checkout@v6 breaking changes are not impacting this workflow.

actions/checkout@v6 is available and stable, but introduces breaking changes from v5. Credentials are now persisted in a separate file under $RUNNER_TEMP instead of git config. Verify that:

• This workflow does not spawn sub-processes or use Docker container actions that rely on the token in git config
• Self-hosted runners (if used) meet the minimum version requirement (Actions Runner >= v2.329.0)
• Any scripts in the workflow that access git credentials have been updated accordingly

.github/workflows/release_build.yml (1)

33-33: Version v0.20.10 is valid and safe to use.

The anchore/sbom-action/download-syft update from v0.20.6 to v0.20.10 is a standard patch-level bump released in November 2025. The version exists and updates Syft from v1.33.0 to v1.38.0, which includes dependency improvements and maintenance updates. No breaking changes are indicated.