Skip to content

fix(#2060): set up Go on runner before post-code pre-commit#2213

Merged
rh-hemartin merged 1 commit into
mainfrom
fix/2060-golangci-lint-go-toolchain
Jun 15, 2026
Merged

fix(#2060): set up Go on runner before post-code pre-commit#2213
rh-hemartin merged 1 commit into
mainfrom
fix/2060-golangci-lint-go-toolchain

Conversation

@rh-hemartin

Copy link
Copy Markdown
Member

Summary

Fixes #2060.

When a target repo's go.mod declares a Go version newer than the golangci-lint binary installed by pre-commit's language: golang mechanism, golangci-lint exits with code 3 before analyzing any code — blocking PR creation with:

Error: can't load config: the Go language version (go1.25) used to build
golangci-lint is lower than the targeted Go version (1.26.0)

Change

Add a conditional actions/setup-go@v6 step in action.yml that runs before fullsend run (and therefore before post-code.sh's authoritative pre-commit gate). The step reads the target repo's go.mod via go-version-file and installs the matching Go toolchain on the runner. pre-commit then uses that toolchain when building golangci-lint from source, satisfying the version requirement.

- name: Set up Go for target repo pre-commit hooks
  if: hashFiles('target-repo/go.mod') != ''
  uses: actions/setup-go@v6
  with:
    go-version-file: target-repo/go.mod
    cache: false

Non-Go repos: the hashFiles guard skips the step entirely — no latency impact.

cache: false: avoids polluting the runner's module cache with the target repo's dependencies.

Relation to prior fixes

When a target repo's go.mod declares a Go version newer than the
golangci-lint binary installed by pre-commit's language: golang
mechanism, golangci-lint exits with code 3 before analyzing any
code — blocking PR creation.

Add a conditional actions/setup-go step in action.yml that runs before
fullsend (and therefore before post-code.sh's authoritative pre-commit
gate). The step reads the target repo's go.mod via go-version-file and
installs the matching toolchain on the runner. pre-commit then uses
that toolchain when building golangci-lint, satisfying the version
requirement.

The step is skipped entirely for non-Go repos (hashFiles guard), so
there is no latency impact on other runs. cache: false avoids
polluting the runner's module cache with the target repo's dependencies.

Signed-off-by: Hector Martinez <hemartin@redhat.com>
@github-actions

Copy link
Copy Markdown

Site preview

Preview: https://1f140caf-site.fullsend-ai.workers.dev

Commit: bce0fcc501390857c6fbbdb498aa358fcc794649

@codecov

codecov Bot commented Jun 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 12, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 9:43 AM UTC · Completed 9:53 AM UTC
Commit: bce0fcc · View workflow run →

@rh-hemartin rh-hemartin self-assigned this Jun 12, 2026
@fullsend-ai-review

Copy link
Copy Markdown

Review

Findings

Medium

  • [timing-mismatch] action.yml:334 — The Go setup step reads go.mod from the initial checkout, not from the agent-modified version. If the agent updates go.mod to require a newer Go version during its run, the runner will still have the old version installed when post-code.sh runs pre-commit. The primary use case (repo's existing go.mod exceeding the runner's Go version) is correctly addressed by this placement, but the agent-modified-go.mod scenario is an unhandled edge case.
    Remediation: For full correctness, add Go setup logic to post-code.sh itself (after sandbox extraction) so it reads the final go.mod. Alternatively, accept and document this limitation.

  • [edge-case] action.yml:335 — The new step hardcodes target-repo/go.mod in both hashFiles() and go-version-file, but inputs.target-repo allows callers to override the target repo path. When a non-default target-repo is provided, hashFiles evaluates to empty (step is silently skipped) and Go will not be set up — the pre-commit failure this PR aims to fix will persist for those callers.
    Remediation: Use the inputs.target-repo value with the same fallback logic as the "Run fullsend" step: go-version-file: ${{ inputs.target-repo || 'target-repo' }}/go.mod.

Low

  • [edge-case] action.yml:335 — When install-method == 'source', two actions/setup-go@v6 invocations run: the first installs Go matching fullsend's go.mod for the source build, and the new step installs Go matching the target repo's go.mod. The last invocation wins for go version on PATH, which is the desired behavior for post-code pre-commit but worth noting.

  • [naming-consistency] action.yml:334 — Step name "Set up Go for target repo pre-commit hooks" is slightly longer than the established pattern (cf. "Set up Go for source build"). Consider shortening to "Set up Go for target repo hooks" or "Set up Go for pre-commit".

  • [architectural-fit] action.yml:334 — The project installs other language toolchains inline in post-code.sh (gitleaks, lychee, uv/uvx). Adding Go setup to post-code.sh would maintain that pattern and make the script self-sufficient regardless of invocation context. However, Go installation is more complex than single-binary tools, so using actions/setup-go in action.yml is a reasonable pragmatic choice.

@fullsend-ai-review fullsend-ai-review Bot added the requires-manual-review Review requires human judgment label Jun 12, 2026
@rh-hemartin rh-hemartin added this pull request to the merge queue Jun 15, 2026
Merged via the queue into main with commit ca0551b Jun 15, 2026
10 checks passed
@rh-hemartin rh-hemartin deleted the fix/2060-golangci-lint-go-toolchain branch June 15, 2026 06:22
@fullsend-ai-retro

fullsend-ai-retro Bot commented Jun 15, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 6:26 AM UTC · Completed 6:33 AM UTC
Commit: bce0fcc · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #2213fix(#2060): set up Go on runner before post-code pre-commit

Timeline: Human-authored PR by rh-hemartin adding a 7-line actions/setup-go@v6 step to action.yml. Filed June 12, merged June 15. The review agent completed in ~14 minutes with 2 medium and 3 low findings. A human (ralphbean) approved ~6 hours later without commenting on the findings. The PR merged 3 days after opening.

Review quality was good. The review agent identified two valid medium-severity issues:

  1. The Go setup step reads go.mod before the agent runs, so agent modifications to go.mod won't be reflected (low practical impact).
  2. The step hardcodes target-repo/go.mod instead of respecting inputs.target-repo, meaning the fix silently fails for callers who override the target repo path. This is a real bug that shipped.

Gap: Finding #2 is a valid bug that was merged without being addressed or tracked. No existing issue covers it. The review agent did its job, but there was no mechanism to ensure the finding was acted on.

Existing coverage note: Issues #2188 and #1286 propose auto-filing tracking issues for unaddressed info and low-severity findings respectively. Neither covers medium-severity findings. If either were implemented broadly (covering all non-blocking findings), this class of lost finding would be prevented. I'm not filing a separate proposal for that since the existing issues could be extended — noting it here for awareness.

1 proposal filed for the concrete bug that shipped.

Proposals filed

ggallen pushed a commit to ggallen/fullsend that referenced this pull request Jun 15, 2026
The Go setup step added in PR fullsend-ai#2213 hardcoded 'target-repo' in
both the hashFiles condition and the go-version-file parameter.
When inputs.target-repo is overridden to a custom path,
hashFiles('target-repo/go.mod') returns empty, the if condition
is false, and the step is silently skipped — defeating the
purpose of the Go setup for non-default checkout paths.

Apply the same fallback pattern used in the Run fullsend step:
- hashFiles: use format() with inputs.target-repo fallback
- go-version-file: use expression with fallback to default

Note: pre-commit could not run (shellcheck hook failed to
install due to network restrictions in sandbox). The post-script
will run pre-commit authoritatively.

Closes fullsend-ai#2281
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

requires-manual-review Review requires human judgment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

post-code: golangci-lint pre-commit fails when repo go.mod exceeds runner Go toolchain

2 participants