fix(ci): bump GO_VERSION to 1.25 + golangci-lint v2.5 + repair sha tag#255
Conversation
… tag
Three pre-existing CI failures unrelated to product code:
1. GO_VERSION='1.21' was older than every module in the repo (api: 1.24,
k8s-agent: 1.24, docker-agent: 1.25). Lint and build steps could not
parse the modules' Go directive. Bump to 1.25 across CI and align
security-scan.yml from 1.24 → 1.25.
2. golangci-lint v1.55.2 cannot read Go 1.23+ export data, so the K8s
agent lint failed with "internal/goarch unsupported version: 2".
Pin to v2.5.0 (Go 1.25 support) via GOLANGCI_LINT_VERSION env var.
3. container-images.yml had `type=sha,prefix={{branch}}-` which
evaluates `{{branch}}` to empty on pull_request events, producing
the malformed tag `:-<sha>` and aborting buildx with
"invalid reference format". Replace with `prefix=sha-` for an
unambiguous, always-valid tag.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1ad01eab75
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Install golangci-lint | ||
| curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2 | ||
| # Install golangci-lint (pinned to a version that supports the modules' Go directive) | ||
| curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "$(go env GOPATH)/bin" "${GOLANGCI_LINT_VERSION}" |
There was a problem hiding this comment.
"${GOLANGCI_LINT_VERSION}" is used here, but this workflow never defines that variable (the top-level env only sets GO_VERSION and NODE_VERSION). In bash, this expands to an empty argument, so the installer falls back to an implicit/latest release instead of the pinned version described in the change, making CI behavior non-reproducible and vulnerable to future lint breakage when upstream releases change.
Useful? React with 👍 / 👎.
Two pre-existing CI failures newly visible after PR #255 / #256 made the lint and test infrastructure functional: 1. TestProcessCommandAgentConnected raced on go-sqlmock for the same reason as TestUpdateAgentHeartbeat (PR #256). Apply the same ExpectationsWereMet polling pattern. 2. golangci-lint v2.5 (newly running) found 5 unchecked Close() return values in k8s-agent (vnc tunnel, websocket conn, two HTTP retry bodies) plus one staticcheck ST1005 capitalized error string. Verified: 10 race reruns clean, both modules build clean. Other test files (agent_hub_redis_test.go, websocket_enterprise_test.go, etc) use the same time.Sleep + mock.ExpectExec pattern. Deferred to a follow-up — they have not yet failed in CI under -race.
1 participant
Summary
Repairs three pre-existing CI failures unrelated to product code:
`GO_VERSION: '1.21'` was older than every module in the repo (api: 1.24, k8s-agent: 1.24, docker-agent: 1.25). Lint and build steps could not parse the modules' Go directive. Bumped to 1.25 across `ci.yml`; aligned `security-scan.yml` 1.24 → 1.25.
`golangci-lint v1.55.2` cannot read Go 1.23+ export data — the K8s agent lint failed with `internal/goarch unsupported version: 2`. Pinned to `v2.5.0` via `GOLANGCI_LINT_VERSION` env var.
Bad image tag template — `container-images.yml` had `type=sha,prefix={{branch}}-` at three lines. `{{branch}}` evaluates to empty on `pull_request` events, so buildx received `:-` and aborted with `invalid reference format`. Replaced with `prefix=sha-` for an always-valid tag.
Files
Test plan