Upgrade golangci-lint in CI runner and Makefile#4861
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| set -euo pipefail | ||
|
|
||
| GOLANGCI_LINT_VERSION="v2.11.4" | ||
| LINT_ARGS="--disable errcheck,staticcheck --enable bodyclose,copyloopvar,misspell --timeout 10m" |
There was a problem hiding this comment.
Disabling default linters errcheck and staticcheck reduces coverage
Medium Severity
The new LINT_ARGS adds --disable errcheck,staticcheck, which was not present in the old configuration. Previously, both CI and Makefile only used --enable flags on top of defaults, meaning errcheck (unchecked error returns) and staticcheck (comprehensive static analysis, now including gosimple and stylecheck in v2) were actively running. The codebase even has existing nolint:errcheck and nolint:staticcheck comments proving these linters were in use. Silently disabling two core default linters significantly weakens lint coverage for a PR described only as an "upgrade."
There was a problem hiding this comment.
Haven't decided on this yet
There was a problem hiding this comment.
Maybe we can leave a TODO comment and address this in a follow up PR.
…25 toolchain fetch while restricting make lint command to same version as CI
…curity/trufflehog into amaan/upgrade-golangci-lint-v2
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
1 participant
Description:
Upgrades golangci-lint from
v1tov2, pinned atv2.11.4. CI usesgolangci-lint-action@v7with a prebuilt binary (no Go 1.25 toolchain fetch). Local make lint now callsscripts/lint.sh, which auto-installs the exact pinned version via curl, eliminating system-installed version mismatches.The deprecated
--out-formatflag is removed (colored output is default in v2).errcheckandstaticcheckare temporarily disabled as v2's stricter defaults surface ~100 pre-existing issues, to be addressed in a follow-up.Checklist:
make test-community)?make lintthis requires golangci-lint)?Note
Medium Risk
Changes CI/local lint execution and pins a new major
golangci-lintversion, which can affect developer/CI behavior. Lint coverage is temporarily reduced by disablingerrcheckandstaticcheck, potentially allowing issues to slip through.Overview
Upgrades the CI lint workflow to
golangci/golangci-lint-action@v7and pinsgolangci-linttov2.11.4, updating lint args and temporarily disablingerrcheckandstaticcheck.Switches
make lintto run a newscripts/lint.shthat auto-installs (or reuses) the pinnedgolangci-lintversion before running the same lint configuration locally.Written by Cursor Bugbot for commit 96c2de8. This will update automatically on new commits. Configure here.