feat: publish GitHub Action to marketplace (#242)

[ajitpratap0]

Closes #242

Adds marketplace metadata, branding, PR annotations, and usage docs for the GoSQLX lint GitHub Action.

Changes

• Renamed action to GoSQLX Lint Action with enhanced description
• Added marketplace badge to main README.md
• Action already includes: branding (icon + color), PR annotations (::error/::warning), SARIF output, config file support, and comprehensive ACTION_README.md

[claude]

Claude finished @ajitpratap0's task —— View job

---

PR Review Complete ✅

I've reviewed this pull request for publishing the GoSQLX GitHub Action to the marketplace. Here's my comprehensive feedback:

• Read and analyze changed files
• Review action.yml marketplace metadata
• Check README.md badge addition
• Assess code quality and best practices
• Check for security considerations
• Provide comprehensive feedback

Review Summary

Overall Assessment: ✅ Excellent - This is a well-prepared marketplace publication PR with professional metadata and proper branding.

Code Quality & Best Practices ✅

action.yml Changes:

• ✅ Good: Action name updated from "GoSQLX SQL Validator" to "GoSQLX Lint Action" - more descriptive and marketplace-friendly
• ✅ Excellent: Enhanced description provides clear value proposition mentioning "100x faster than SQLFluff" and key features (PR annotations, SARIF output, multi-dialect)
• ✅ Professional: Maintains consistent branding with proper icon ('check-circle') and color ('blue')

README.md Changes:

• ✅ Perfect: Added GitHub Marketplace badge with correct marketplace URL
• ✅ Good Placement: Badge positioned appropriately with other project badges
• ✅ Consistent Style: Matches existing badge styling (for-the-badge style)

Marketplace Compliance ✅

The action.yml file demonstrates excellent marketplace readiness:

• ✅ Comprehensive Inputs: 17 well-documented input parameters with clear descriptions and sensible defaults
• ✅ Useful Outputs: 4 structured outputs for integration with other workflow steps
• ✅ Professional Metadata: Author, branding, and descriptive fields properly configured
• ✅ Security-Conscious: Input validation and sanitization in supporting scripts (action/scripts/find-files.sh)

Security Assessment ✅

Positive Security Practices:

• ✅ Input Validation: File patterns are validated to prevent command injection in find-files.sh:24-27
• ✅ Path Validation: Working directory validation ensures operations stay within repo boundaries
• ✅ Pinned Dependencies: GitHub actions are pinned to specific commit SHAs (e.g., actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491)
• ✅ Safe Shell Practices: Scripts use set -euo pipefail for robust error handling
• ✅ No Secret Exposure: No hardcoded secrets or sensitive information

No Security Concerns Identified

Performance Considerations ✅

• ✅ Efficient: Action leverages Go binary installation with intelligent caching considerations
• ✅ Timeout Protection: Configurable timeout prevents hung processes
• ✅ Resource Conscious: Local repository building when testing to avoid network overhead

Test Coverage & Documentation ✅

The PR mentions comprehensive documentation:

• ✅ ACTION_README.md: Comprehensive usage guide with multiple workflow examples
• ✅ Feature Coverage: Documents all major features (validation, linting, SARIF, PR comments)
• ✅ Multi-dialect Examples: Shows PostgreSQL and MySQL specific configurations
• ✅ Performance Claims: Backed by documented benchmarks (1.38M+ ops/sec)

Minor Suggestions for Future Enhancement 💡

1. Version Strategy: Consider using semantic versioning tags (v1.7.0) alongside major version tags (v1) for better user control
2. Examples Repository: A dedicated examples repository could showcase advanced usage patterns
3. Telemetry: Consider adding optional anonymous usage telemetry for feature improvement insights

Marketplace URL Verification 🔍

The marketplace badge links to https://github.com/marketplace/actions/gosqlx-sql-validator - ensure this matches the actual marketplace listing URL when published.

Final Assessment

This is an exemplary marketplace publication PR that demonstrates:

• Professional metadata and branding
• Comprehensive feature set with sensible defaults
• Strong security practices
• Excellent documentation
• Performance-focused implementation

Recommendation: ✅ APPROVE - Ready for marketplace publication

The changes are minimal, focused, and professionally executed. The action appears production-ready with excellent documentation and security practices.

---