Skip to content

Add Scorecard, link checks, golangci-lint, cache paths, and OAuth state fix#329

Merged
AndreyVMarkelov merged 1 commit into
masterfrom
feat/ci-lint-scorecard-oauth-state
Jul 5, 2026
Merged

Add Scorecard, link checks, golangci-lint, cache paths, and OAuth state fix#329
AndreyVMarkelov merged 1 commit into
masterfrom
feat/ci-lint-scorecard-oauth-state

Conversation

@AndreyVMarkelov

@AndreyVMarkelov AndreyVMarkelov commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Replace standalone Staticcheck with a narrow golangci-lint v2 config (ineffassign, staticcheck, unused) in CI and release workflows.
  • Add scheduled/manual OSSF Scorecard workflow (results as artifact, not published to public API).
  • Add scheduled/manual non-blocking Markdown link check workflow using lychee.
  • Set explicit cache-dependency-path: go.sum on all actions/setup-go steps for deterministic caching.
  • Generate a non-constant OAuth state parameter to resolve the CodeQL go/constant-oauth2-state alert.
  • Fix minor buf.WriteString(fmt.Sprintf(...))fmt.Fprintf(&buf, ...) lint findings in gen-docs.

Test plan

  • gofmt -l . — no unformatted files
  • go vet ./... — clean
  • go test -race ./... — all packages pass
  • TestRequestAccessTokenUsesPKCEOfflineAuthURL verifies generated state appears in auth URL
  • CI runs golangci-lint v2.12.2 with the new .golangci.yml
  • CodeQL re-runs and auto-closes go/constant-oauth2-state alert

…te fix

Replace standalone Staticcheck with a narrow golangci-lint v2 config
(ineffassign, staticcheck, unused). Add OSSF Scorecard and Markdown link
check workflows. Set explicit go.sum cache-dependency-path on all
actions/setup-go steps. Generate a non-constant OAuth state to resolve
the CodeQL go/constant-oauth2-state alert.
@AndreyVMarkelov AndreyVMarkelov merged commit 641cb2e into master Jul 5, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant