ci(go): harden reusable go-ci gate (gofmt + vet + govulncheck)#3
Open
rafael5 wants to merge 1 commit into
Open
ci(go): harden reusable go-ci gate (gofmt + vet + govulncheck)#3rafael5 wants to merge 1 commit into
rafael5 wants to merge 1 commit into
Conversation
Align the shared go-ci.yml with the documented house Go gate (fmt + vet + golangci-lint + test-race + govulncheck). Previously CI ran only lint + race-cover + build-matrix, weaker than the local `make check` contract. Added to the lint-test job: - gofmt -l check (fails on any non-gofmt'd file) - explicit `go vet ./...` - govulncheck ./... (pinned analyzer v1.1.4, live vuln DB), gated behind a new `vuln-check` input (default true) as an escape hatch for un-patchable transitive vulns. Propagates to all 12 repos that consume go-ci.yml@main. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Aligns the shared
go-ci.ymlwith the documented house Go gate(fmt + vet + golangci-lint + test-race + govulncheck). Previously CI ran only
lint + race-cover + build-matrix — weaker than the local
make check.Added to the
lint-testjob:gofmt -lcheck (fails on any non-gofmt'd file)go vet ./...govulncheck ./...(pinned analyzer v1.1.4, live vuln DB) behind a newvuln-checkinput (defaulttrue) as an escape hatch for un-patchabletransitive vulns.
Propagates to all 12 repos that consume
go-ci.yml@main. Heads-up: aconsumer with a pre-existing known-vuln dependency will start failing the new
govulncheck step — that's the gate working; flip
vuln-check: falseif a vulnhas no fix yet.
🤖 Generated with Claude Code