chore(deps): bump golangci/golangci-lint-action from 6.5.2 to 7.0.0

[dependabot]

Bumps golangci/golangci-lint-action from 6.5.2 to 7.0.0.

Release notes

Sourced from golangci/golangci-lint-action's releases.

v7.0.0

⚠️ The GitHub Action v7 supports golangci-lint v2 only. ⚠️

What's Changed

Changes

• feat: golangci-lint v2 support by @​ldez in golangci/golangci-lint-action#1198

Documentation

• docs: update annotation permissions by @​ldez in golangci/golangci-lint-action#1203
• docs: fix checks permissions for annotations by @​kema-dev in golangci/golangci-lint-action#1204

Dependencies

• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1207

New Contributors

• @​kema-dev made their first contribution in golangci/golangci-lint-action#1204

Full Changelog: golangci/golangci-lint-action@v6.5.2...v7.0.0

Commits

• 1481404 7.0.0
• dec74fa feat: golangci-lint v2 support (#1198)
• 1f07148 build(deps-dev): bump the dev-dependencies group with 3 updates (#1207)
• 9938e10 docs: fix checks permissions for annotations (#1204)
• b91d580 docs: update annotation permissions (#1203)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[tenthirtyam]

@annakhm @salv-orlando @ksamoray - I recommend having dependabot skip this major version, using the Dependabot command, until the configuration portion is updated to support GoReleaser v2, which v7 of the action requires.

[ksamoray]

@annakhm @salv-orlando @ksamoray - I recommend having dependabot skip this major version, using the Dependabot command, until the configuration portion is updated to support GoReleaser v2, which v7 of the action requires.

@tenthirtyam makes sense. Just noticed though that linter version in release.yml defers from the one in golangci-lint.yml, I think that this might cause problems when we release, right?

[tenthirtyam]

Just noticed though that linter version in release.yml defers from the one in golangci-lint.yml, I think that this might cause problems when we release, right?

Indeed - these should be the same version.

I have a refactoring suggestion to make things a bit easier using a reusable workflow.

For example:

Update the golangci-lint workflow golangci-lint.yml as follows:

golangci-lint.yml

name: golangci-lint

on:
  workflow_call:
    inputs:
      go-version-file:
        required: true
        type: string
      cache:
        required: false
        type: boolean
        default: false
  pull_request:
    paths-ignore:
      - 'README.md'
  push:
    paths-ignore:
      - 'README.md'

permissions:
  contents: read

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Setup Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version-file: 'go.mod'
          cache: false
      - run: go mod download
      - run: go build -v .
      - name: Run Linters
        uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
        with:
          version: v1.64.8
          args: --issues-exit-code=1 --timeout 10m
          only-new-issues: true

Then update the release workflow release.yml to call the same workflow in a step so that it's defined in one place only.

release.yml

name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout and Run Linters
        uses: ./.github/workflows/golangci-lint.yml
        with:
          go-version-file: 'go.mod'
          cache: false
      - name: Import GPG Key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
        with:
          version: latest
          args: release --clean --timeout 60m --release-header-tmpl .goreleaser.tmpl
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

Let me know what you think. cc @annakhm and @salv-orlando for consideration, too.