Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b5f7cc9e9be45fade8eafac09badc60bbf270dc6
breakpilot-compliance/ai-compliance-sdk/.golangci.yml
T
Benjamin Admin b5f7cc9e9b
CI / detect-changes (pull_request) Successful in 19s
Details
CI / branch-name (pull_request) Successful in 1s
Details
CI / guardrail-integrity (pull_request) Successful in 5s
Details
CI / secret-scan (pull_request) Successful in 14s
Details
CI / dep-audit (pull_request) Failing after 1m2s
Details
CI / sbom-scan (pull_request) Failing after 1m8s
Details
CI / build-sha-integrity (pull_request) Successful in 12s
Details
CI / validate-canonical-controls (pull_request) Successful in 13s
Details
CI / loc-budget (pull_request) Successful in 30s
Details
CI / go-lint (pull_request) Successful in 1m7s
Details
CI / python-lint (pull_request) Failing after 23s
Details
CI / nodejs-lint (pull_request) Failing after 1m7s
Details
CI / nodejs-build (pull_request) Successful in 3m8s
Details
CI / test-go (pull_request) Successful in 1m8s
Details
CI / iace-gt-coverage (pull_request) Successful in 24s
Details
CI / test-python-backend (pull_request) Successful in 34s
Details
CI / test-python-document-crawler (pull_request) Successful in 20s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 19s
Details
ci(go-lint): golangci-lint v1.64.8 (go1.24) + new-from-merge-base 
go-lint failed on every PR: golangci-lint v1.62-alpine is built with go1.23 and
refuses to load a go1.24.0 module's config ("language version go1.23 lower than
targeted 1.24.0"), so it never actually linted.

- container v1.62-alpine -> v1.64.8-alpine (built with go1.24.1)
- revive `exported` used the old map-argument form, which v1.64 rejects
  ("expecting a string, got map") -> string form (disableStutteringCheck)
- running golangci for the first time surfaces ~15 pre-existing findings in
  unrelated packages (academy/whistleblower/iace/training + a few tests);
  switch issues.new:false -> new-from-merge-base:main so only newly changed
  lines fail (the config already anticipated this)
- new-from-merge-base needs the merge base -> go-lint checkout now does a full
  clone (local `main` ref) instead of a shallow single-branch clone

Verified locally with v1.64.8: a clean branch over main lints to 0 issues
(pre-existing debt ignored), config loads cleanly. Touches only CI config.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-23 12:44:32 +02:00

88 lines
2.7 KiB
YAML
Raw Blame History

# golangci-lint configuration for ai-compliance-sdk
# Docs: https://golangci-lint.run/usage/configuration/
#
# Philosophy: catch real bugs and security issues; skip style nits on legacy code.
# Run: cd ai-compliance-sdk && golangci-lint run --timeout 5m ./...
run:
timeout: 5m
modules-download-mode: readonly
linters:
disable-all: true
enable:
# --- Correctness ---
- errcheck # unhandled error returns
- govet # suspicious constructs (shadow, printf, copylocks, …)
- staticcheck # SA* checks: bugs, deprecated APIs, ineffectual code
- ineffassign # assignments whose result is never used
- unused # exported/unexported symbols that are never referenced
# --- Security ---
- gosec # G* checks: SQL injection, hardcoded credentials, weak crypto, …
# --- Complexity / maintainability ---
- gocyclo # cyclomatic complexity > threshold
- gocritic # opinionated but practical style + correctness checks
- revive # linter on top of golint; many useful checks
# --- Formatting / imports ---
- goimports # gofmt + import grouping
linters-settings:
errcheck:
# Don't flag fmt.Print* and similar convenience functions.
exclude-functions:
- fmt.Print
- fmt.Println
- fmt.Printf
- fmt.Fprint
- fmt.Fprintln
- fmt.Fprintf
gocyclo:
# Handlers and store methods that wrap many DB queries are allowed to be
# somewhat complex. This is a reasonable threshold.
min-complexity: 20
gosec:
# G104 (unhandled errors) is covered by errcheck; G304/G306 (file
# path injection) would need context — keep but accept on review.
excludes:
- G104
revive:
rules:
- name: exported
arguments:
- disableStutteringCheck
- name: error-return
- name: increment-decrement
- name: var-declaration
- name: package-comments
disabled: true # not enforced on internal packages
gocritic:
enabled-tags:
- diagnostic
- performance
disabled-checks:
- hugeParam # flags large structs passed by value — too noisy until we audit
- rangeValCopy # same reason
issues:
# Don't fail on generated protobuf stubs or vendor code.
exclude-rules:
- path: "_pb\\.go$"
linters: [all]
- path: "vendor/"
linters: [all]
# Report at most 50 issues per linter so the first run is readable.
max-issues-per-linter: 50
max-same-issues: 5
# New code only: lint lines changed vs main, so pre-existing debt doesn't fail CI.
# Needs the go-lint job to clone with a local `main` ref (see .gitea/workflows/ci.yaml).
new-from-merge-base: main
Reference in New Issue View Git Blame Copy Permalink