ci: add golangci-lint GitHub Actions workflow#269
Conversation
Signed-off-by: ivan katliarchuk <[email protected]>
Signed-off-by: ivan katliarchuk <[email protected]>
There was a problem hiding this comment.
Pull request overview
Adds CI lint enforcement for Go code in GitHub Actions, and aligns the repository’s golangci-lint versioning so local/CI linting can share a single source of truth.
Changes:
- Added a new GitHub Actions workflow to run gofmt checks and golangci-lint on PRs targeting
main. - Centralized
GOLANGCI_LINT_VERSIONin theMakefileand wired the workflow to read from it. - Added targeted
//nolint:gosecsuppressions for intentional file operations flagged by gosec.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/lint.yaml |
New PR-time lint workflow (gofmt + golangci-lint) reading version from Makefile. |
Makefile |
Introduces GOLANGCI_LINT_VERSION and uses it for golangci-lint installation. |
pkg/review/header.go |
Suppresses gosec warning for reading GitHub event payload path from env var. |
pkg/header/fix.go |
Suppresses gosec warning for writing to files discovered by the tool. |
pkg/deps/golang_test.go |
Suppresses gosec warning for temp file writes in tests. |
commands/header_check.go |
Suppresses gosec warning for writing GitHub step summary file. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
Signed-off-by: ivan katliarchuk <[email protected]>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
.github/workflows/lint.yaml
Outdated
| exit 1 | ||
| fi | ||
|
|
||
| - name: Read golangci-lint version from Makefile |
There was a problem hiding this comment.
What do you think we just reuse the make lint here, so we don't need to all these setup because make lint already installs linter.
There was a problem hiding this comment.
Should work as well. Probably even better without github action
Signed-off-by: ivan katliarchuk <[email protected]>
Signed-off-by: ivan katliarchuk <[email protected]>
What:
Why: Automates lint enforcement in CI so formatting/lint issues are caught on every PR without manual runs.
Current status
All three suppressions are legitimate. The //nolint:gosec comments are the correct approach here — the alternative of calling filepath.Clean() would give false safety (it doesn't prevent traversal, it just normalizes separators) and wouldn't address gosec's taint analysis anyway.