ci(deps): bump golangci/golangci-lint-action from 8 to 9

[dependabot]

Bumps golangci/golangci-lint-action from 8 to 9.

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.0.0

In the scope of this release, we change Nodejs runtime from node20 to node24 (https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/).

What's Changed

Changes

• feat: add install-only option by @​ldez in golangci/golangci-lint-action#1305
• feat: support Module Plugin System by @​ldez in golangci/golangci-lint-action#1306

Full Changelog: golangci/golangci-lint-action@v8.0.0...v9.0.0

Commits

• 0a35821 docs: update readme
• 043b1b8 feat: support Module Plugin System (#1306)
• a66d26a feat: add install-only option (#1305)
• 7fe1b22 build(deps): bump the dependencies group with 2 updates (#1303)
• 14973f1 build(deps-dev): bump the dev-dependencies group with 2 updates (#1299)
• 8c2d575 build(deps): bump @​types/node from 24.8.1 to 24.9.1 in the dependencies group...
• b002b6e build(deps): bump actions/setup-node from 5 to 6 (#1296)
• c13f4ed build(deps): bump @​types/node from 24.7.2 to 24.8.1 in the dependencies group...
• b68d21b docs: improve readme
• 06188a2 build(deps): bump github/codeql-action from 3 to 4 (#1293)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Pull Request Review: golangci-lint-action v8 → v9

Summary

This is a straightforward Dependabot-generated dependency update that bumps the golangci/golangci-lint-action from v8 to v9 in the Go linting workflow.

---

✅ Code Quality & Best Practices

Excellent - The changes are minimal, focused, and follow proper version pinning practices:

• Uses major version pinning (@v9) which is appropriate for GitHub Actions
• Maintains consistency across both lint jobs (backend and operator)
• No additional configuration changes needed

---

✅ Security Considerations

Low Risk - This is a trusted first-party action from the golangci organization:

• Upgrading to Node.js 24 runtime aligns with GitHub's deprecation of Node 20 (Sept 2025)
• The action is widely used in the Go community
• No new permissions or capabilities introduced

Recommendation: The current workflow uses version: latest for the golangci-lint tool itself (lines 68, 107). Consider pinning to a specific version (e.g., version: v1.62) for reproducible builds.

---

✅ Functionality & Breaking Changes

No Breaking Changes - According to the v9.0.0 release notes:

• Main change: Node.js runtime upgrade (node20 → node24)
• New features are additive:
  • install-only option (not used here)
  • Module Plugin System support (not used here)
• All existing parameters remain compatible

---

✅ Test Coverage

Adequate - The workflow will automatically test the changes:

• CI will run on this PR and validate the new action version works
• The lint-summary job ensures both backend and operator linting complete successfully
• Change detection logic (detect-go-changes) ensures targeted execution

---

✅ Performance Considerations

Neutral to Positive:

• Node.js 24 runtime may have minor performance improvements
• No additional overhead introduced
• Caching behavior remains unchanged (cache-dependency-path still configured)

---

📋 Recommendations

1. Approve and merge - This is a safe, necessary update
2. Monitor CI - Ensure all checks pass before merging
3. Future consideration: Pin the golangci-lint tool version for reproducibility:

   - name: Run golangci-lint
     uses: golangci/golangci-lint-action@v9
     with:
       version: v1.62.2  # Instead of 'latest'

---

Verdict: ✅ APPROVED

This is a routine, low-risk dependency update that:

• Maintains compatibility with GitHub Actions' Node.js runtime requirements
• Introduces no breaking changes to the existing workflow
• Follows the project's CI/CD standards as documented in CLAUDE.md

Action: Safe to merge after CI passes.