Fix the CI lint gate and resolve golangci-lint findings#20
Merged
Conversation
Close the response body in the Link-header pager after reading the Link header (the pager owns the response once fetch returns it). Annotate the protocol-mandated MD5 import and the SSRF-taint false positive on the transport, and the intentional non-error return when a Digest 401 cannot be retried. Tidy test stubs (http.StatusOK, De Morgan rewrite) and scope the bodyclose check to non-test code, where stub bodies hold no resources.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
lintCI job has been failing on every run, includingmain— the project'sgolangci-lintquality gate was never actually enforced. This fixes the job so it runs, and resolves every finding it surfaces.Why the job failed
golangci-lint-action@v6installs a golangci-lint v1 binary built with Go 1.24, but the module targetsgo 1.26and the config is v2-format. golangci-lint refuses to run when its own build Go version is older than the target module's, so it exited before linting anything.The fix builds golangci-lint v2 from source with the CI's Go 1.26 toolchain (
go install …@v2.12.2), so the binary's Go version matches the module and the v2 config loads.Findings resolved (first real run of the linter)
pagination.NewLinkHeader) read each response'sLinkheader but never closed the body — a connection leak. The pager owns the response oncefetchreturns it, so it now closes the body after extracting the link. (bodyclose)//nolintwith rationale): MD5 is mandated by RFC 7616 Digest (gosecG501); the transport issuing the caller's own request is not SSRF (gosecG704); the Digest policy intentionally returns the 401 when a body can't be rewound (nilerr).http.StatusOKinstead of the200literal, a De Morgan rewrite, an explicit alias on the umbrella import, and a checkedfmt.Fprint.bodycloseis scoped to non-test code — test stub transporters return in-memory bodies (NopCloser/http.NoBody) that hold no resources.Test plan
golangci-lint run ./...(v2.12.2, built with go1.26.3): 0 issuesgofmt -l .clean,go vet ./...clean,go test -race ./...green across all packages🤖 Generated with Claude Code