Build(deps): Bump golangci/golangci-lint-action from 6 to 9#147
Build(deps): Bump golangci/golangci-lint-action from 6 to 9#147dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 9. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v6...v9) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Summary by CodeRabbit
WalkthroughThe GitHub Actions workflow file for pull request checks was updated to use Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/check-pull-request.yml (1)
76-79:⚠️ Potential issue | 🟠 MajorUpgrade
golangci-lintto v2.1.0 or higher;@v9is incompatible with v1.64.8.The action's compatibility matrix shows
v8.0.0requiresgolangci-lint >= v2.1.0, andv7.0.0supports only v2. The workflow upgrade to@v9with pinnedversion: v1.64.8will fail. Update to at least v2.1.0.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/check-pull-request.yml around lines 76 - 79, Update the golangci-lint invocation to use a compatible CLI release: change the workflow's golangci-lint action usage (uses: golangci/golangci-lint-action@v9) and the pinned CLI version (version: v1.64.8) so the CLI is at least v2.1.0; specifically set the "version" input to "v2.1.0" or newer (or select an action tag that matches the existing CLI pin), ensuring the uses: and version: values are consistent and supported.
🧹 Nitpick comments (1)
.github/workflows/check-pull-request.yml (1)
75-79: Recommended: setworking-directoryexplicitly to avoid path behavior drift.When upgrading across major action versions, it’s safer to pin
working-directoryexplicitly instead of relying on defaults (especially since the action documentsworking-directorybehavior and it’s commonly relevant for config discovery / module layouts). (github.com)♻️ Proposed change
- name: golangci-lint uses: golangci/golangci-lint-action@v9 with: version: v1.64.8 + working-directory: .🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/check-pull-request.yml around lines 75 - 79, The workflow step named "golangci-lint" uses golangci/golangci-lint-action@v9 with a pinned version but does not set working-directory; update that step (the "golangci-lint" job configuration where uses: golangci/golangci-lint-action@v9 and version: v1.64.8) to include an explicit working-directory: ./path/to/module (or the repo root) to ensure consistent config/module discovery across action versions.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In @.github/workflows/check-pull-request.yml:
- Around line 76-79: Update the golangci-lint invocation to use a compatible CLI
release: change the workflow's golangci-lint action usage (uses:
golangci/golangci-lint-action@v9) and the pinned CLI version (version: v1.64.8)
so the CLI is at least v2.1.0; specifically set the "version" input to "v2.1.0"
or newer (or select an action tag that matches the existing CLI pin), ensuring
the uses: and version: values are consistent and supported.
---
Nitpick comments:
In @.github/workflows/check-pull-request.yml:
- Around line 75-79: The workflow step named "golangci-lint" uses
golangci/golangci-lint-action@v9 with a pinned version but does not set
working-directory; update that step (the "golangci-lint" job configuration where
uses: golangci/golangci-lint-action@v9 and version: v1.64.8) to include an
explicit working-directory: ./path/to/module (or the repo root) to ensure
consistent config/module discovery across action versions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: b12deb13-b736-4911-92c6-b7b52bf3d7f8
📒 Files selected for processing (1)
.github/workflows/check-pull-request.yml
Bumps golangci/golangci-lint-action from 6 to 9.
Release notes
Sourced from golangci/golangci-lint-action's releases.
... (truncated)
Commits
1e7e51ebuild(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group (#1324)5256ff0build(deps-dev): bump the dev-dependencies group with 3 updates (#1323)13fed6fchore: update workflows7afe8ffchore: update workflows5a92899chore: move samples into fixtures (#1321)aa6fad0feat: add version-file option (#1320)a6071aabuild(deps): bump actions/checkout from 5 to 6 (#1318)6e36c84build(deps-dev): bump the dev-dependencies group with 2 updates (#1317)e7fa5acfeat: automatic module directories (#1315)f3ae99fdocs: organize options (#1314)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)