ci: local↔CI test parity — make verify + pinned golangci-lint + .golangci.yml#49
ci: local↔CI test parity — make verify + pinned golangci-lint + .golangci.yml#49bdchatham wants to merge 4 commits into
Conversation
Closes the "passes locally, fails CI" gap: the dev loop ran go build / test / vet but not golangci-lint, so staticcheck violations (SA9005, SA4015, ST1023) slipped past local checks and failed CI. - `make verify`: runs the exact CI gate in order — lint, test, check-bindings. One command for local CI parity; run before pushing. - Pin golangci-lint to v2.12.2 (what the workflow's `latest` currently resolves to) in three synced places: GOLANGCI_VERSION (Makefile), the golangci-lint-action `version:`, and a new `.golangci.yml`. - `install-lint` target (go install at the pinned tag), wired into install-tools. `make lint` warns if the PATH binary differs. - `.golangci.yml` pins v2.12.2's default linter set explicitly (errcheck, govet, ineffassign, staticcheck, unused) for determinism, not stricter-than-today — repo is clean under it. - Document the pre-push flow in `make help` and README. `make verify` passes end-to-end and `golangci-lint run` is clean on this branch under v2.12.2. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Note staticcheck subsumes ST* stylecheck diagnostics in v2 (ST1023). - install-tools also sets up Node via nvm; point to install-lint for linter-only. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
PR SummaryLow Risk Overview
golangci-lint v2.12.2 is pinned in three places (workflow action, Makefile README adds a Before you push section documenting Reviewed by Cursor Bugbot for commit 58e0dfc. Bugbot is set up for automated code reviews on this repo. Configure here. |
The header restated the README "Before you push" pinning narrative and the inline default:none comment re-listed the linters plus a one-off incident history. Keep the load-bearing why (determinism, pinned v2.12.2 default set, keep-in-sync with GOLANGCI_VERSION); point to the README for the rest. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Trim the new-target comments (GOLANGCI_VERSION, install-lint, lint, verify) to the critical at-site context — the 3-way version sync coupling, the warn-not-fail rationale, what verify runs — leaning on the README 'Before you push' section for the full pinning/parity narrative. Comment-only; no target behavior change. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 58e0dfc. Configure here.
| ``` | ||
|
|
||
| A green `make verify` means the gating CI jobs (`build-and-test`, `bindings-check`) | ||
| will pass. Install the pinned toolchain once first so your local results match CI: |
There was a problem hiding this comment.
Verify omits build job steps
Medium Severity
make verify runs only lint, test, and check-bindings, but the README and Makefile say a green run means the build-and-test job will pass. That workflow also runs make build, --help, and a dry-run smoke test, and the root main package has no tests so go test ./... may not compile it.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 58e0dfc. Configure here.
1 participant
Closes the gap that let staticcheck violations slip to CI on #46/#48: our local loop ran
build+test+vet(nogolangci-lint), and CI's linter was unpinned (latest).What (parity + determinism, not a CI rewrite)
make verify=lint+test+check-bindings— runs exactly what CI gates, in one command. Run it before pushing.build-and-test.ymlaction (latest→v2.12.2), a MakefileGOLANGCI_VERSION+make install-lint, and a new.golangci.ymlthat freezes the enabled linter set (v2.12.2 defaults: errcheck, govet, ineffassign, staticcheck, unused).make lintwarns if your PATH binary drifts.Why
go vetdoesn't run staticcheck; CI's golangci-lint does — andversion: latestdrifts (local 2.12.1 vs CI 2.12.2). Pinning + a singleverifytarget makes local results match CI deterministically.Review
Idiom: clean (mirrors the existing
SOLC_VERSION/GETH_VERSIONpinning convention). Security: net supply-chain improvement (pinning narrows drift;go install @v2.12.2is checksum-DB-backed) — no token/permission/trigger changes.Tracked: PLT-474. (Deferred, noted in review: SHA-pinning the
@v7action major — pre-existing repo convention, repo-wide pass.)🤖 Generated with Claude Code