Problem
Only gate has a .golangci.yml config. Only ensemble-tap runs gosec, govulncheck, and staticcheck in CI. The other 12 services have zero code quality enforcement beyond go test ./....
This means across the majority of the codebase:
- Unused variables and imports aren't caught
- Silent error drops (
_ = err) go undetected
- Race conditions aren't tested (
-race flag missing from most CI)
- No SAST security scanning
Proposal
1. Shared golangci-lint config
Create a canonical .golangci.yml in service-runtime (or a shared config repo) that all services reference. Starting point from gate's config:
linters:
enable:
- errcheck
- govet
- ineffassign
- staticcheck
- unused
- gosec
- gocritic
- errorlint # catches non-wrapping error comparisons
- bodyclose # catches unclosed HTTP response bodies2. Shared CI action for Go quality
Create a reusable GitHub Action in service-runtime that runs:
golangci-lint rungo test -race ./...govulncheck ./...
3. Rollout
Add the shared action to each service's CI workflow. Services to update:
Impact
- Catches bugs before they reach production
- Detects known vulnerabilities in dependencies automatically
- Race condition detection via
-race
- Consistent code quality bar across the org
Problem
Only gate has a
.golangci.ymlconfig. Only ensemble-tap runsgosec,govulncheck, andstaticcheckin CI. The other 12 services have zero code quality enforcement beyondgo test ./....This means across the majority of the codebase:
_ = err) go undetected-raceflag missing from most CI)Proposal
1. Shared golangci-lint config
Create a canonical
.golangci.ymlin service-runtime (or a shared config repo) that all services reference. Starting point from gate's config:2. Shared CI action for Go quality
Create a reusable GitHub Action in service-runtime that runs:
golangci-lint rungo test -race ./...govulncheck ./...3. Rollout
Add the shared action to each service's CI workflow. Services to update:
Impact
-race