Skip to content

Refactor Go CI workflow test job to Go-version matrix#385

Merged
gaissmai merged 1 commit into
mainfrom
devel
Jun 19, 2026
Merged

Refactor Go CI workflow test job to Go-version matrix#385
gaissmai merged 1 commit into
mainfrom
devel

Conversation

@gaissmai

@gaissmai gaissmai commented Jun 19, 2026

Copy link
Copy Markdown
Owner

Summary by CodeRabbit

  • Chores
    • Enhanced CI/CD testing pipeline to validate against multiple Go versions (stable and from-gomod)
    • Improved build performance through standardized Go module caching
    • Streamlined workflow configuration for consistency across test jobs

@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The Go CI workflow's test job is refactored from an OS-based matrix to a Go-version matrix (stable and from-gomod), running exclusively on ubuntu-latest with fail-fast: false and Go module caching enabled. The coverage and linting jobs switch from go-version-file: go.mod to go-version: stable.

Changes

Go CI Workflow Refactor

Layer / File(s) Summary
Test job matrix and Go version standardization
.github/workflows/go.yml
test job switches from OS matrix to a Go-version matrix (stable, from-gomod), runs on ubuntu-latest, disables fail-fast, and enables module caching. coverage and linting jobs replace go-version-file: go.mod with go-version: stable in their actions/setup-go steps.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

  • gaissmai/bart#285: Modifies the same test, coverage, and linting jobs in .github/workflows/go.yml, switching between go-version and go-version-file: go.mod and adjusting matrix/toolchain settings.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title accurately describes the main change: refactoring the Go CI workflow's test job from an OS-based matrix to a Go-version matrix.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch devel

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps

greptile-apps Bot commented Jun 19, 2026

Copy link
Copy Markdown

Greptile Summary

This PR refactors the GitHub Actions CI workflow to test against two Go versions (current stable and the version pinned in go.mod) on Ubuntu, replacing the previous approach of testing a single Go version on both Ubuntu and macOS.

  • The test job matrix is changed from os: [ubuntu-latest, macos-latest] to go-version-name: ['stable', 'from-gomod'], removing macOS coverage but adding Go-version coverage; fail-fast is also flipped to false so both matrix legs always complete.
  • The coverage and linting jobs now pin go-version: stable instead of reading from go.mod, meaning they always run against the current stable release regardless of the minimum version declared in the module.

Confidence Score: 5/5

The workflow change is safe to merge; it adjusts which Go versions and operating systems are tested but does not affect the library code itself.

The only behavioral changes are dropping macOS from the test matrix and switching coverage/lint to always use the stable toolchain. The matrix inputs (go-version / go-version-file) are handled correctly because exactly one of the two is non-empty for every matrix entry, which is the standard supported pattern for actions/setup-go. No production logic is touched.

No files require special attention; the single changed file is a CI workflow with no impact on library correctness.

Important Files Changed

Filename Overview
.github/workflows/go.yml CI workflow refactored: test matrix now covers Go stable + go.mod version on Ubuntu only; coverage and lint jobs switched from go.mod-pinned version to stable.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    push["Push / Pull Request"]
    push --> test_stable["test (Ubuntu / Go stable)"]
    push --> test_gomod["test (Ubuntu / Go from-gomod)"]
    push --> coverage["coverage (Ubuntu / Go stable)"]
    push --> linting["linting (Ubuntu / Go stable)"]
    test_stable --> steps1["Checkout -> Setup Go stable -> go mod download -> go test -> go test -race"]
    test_gomod --> steps2["Checkout -> Setup Go from-gomod -> go mod download -> go test -> go test -race"]
    coverage --> steps3["Checkout -> Setup Go stable -> go test -coverprofile -> goveralls"]
    linting --> steps4["Checkout -> Setup Go stable -> golangci-lint"]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    push["Push / Pull Request"]
    push --> test_stable["test (Ubuntu / Go stable)"]
    push --> test_gomod["test (Ubuntu / Go from-gomod)"]
    push --> coverage["coverage (Ubuntu / Go stable)"]
    push --> linting["linting (Ubuntu / Go stable)"]
    test_stable --> steps1["Checkout -> Setup Go stable -> go mod download -> go test -> go test -race"]
    test_gomod --> steps2["Checkout -> Setup Go from-gomod -> go mod download -> go test -> go test -race"]
    coverage --> steps3["Checkout -> Setup Go stable -> go test -coverprofile -> goveralls"]
    linting --> steps4["Checkout -> Setup Go stable -> golangci-lint"]
Loading

Reviews (1): Last reviewed commit: "run tests on stable and go version from ..." | Re-trigger Greptile

@coderabbitai coderabbitai Bot changed the title @coderabbitai Refactor Go CI workflow test job to Go-version matrix Jun 19, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/go.yml:
- Around line 38-43: The GitHub Actions workflow uses movable version tags (`@v5`
for actions/checkout and `@v6` for actions/setup-go) which should be replaced with
immutable commit SHAs for supply-chain security. Replace the checkout action
reference with its full commit SHA instead of `@v5` and similarly replace the
setup-go action reference with its full commit SHA instead of `@v6`. This ensures
the workflow always uses a specific, known version of these actions rather than
potentially different versions if the tags are updated.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 284f0fb2-e3a3-4070-b029-ae56a9b57871

📥 Commits

Reviewing files that changed from the base of the PR and between 809367a and bdac10a.

📒 Files selected for processing (1)
  • .github/workflows/go.yml

Comment thread .github/workflows/go.yml
Comment on lines +38 to +43
uses: actions/checkout@v5
with:
persist-credentials: false

- uses: actions/setup-go@v6
- name: Set up Go
uses: actions/setup-go@v6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Pin third-party GitHub Actions to immutable commit SHAs.

Line 38 and Line 43 use movable tags (@v5, @v6), which violates the pinned-actions policy and weakens supply-chain integrity.

🔒 Suggested fix
-      - name: Checkout Code
-        uses: actions/checkout@v5
+      - name: Checkout Code
+        uses: actions/checkout@<full_commit_sha_for_v5>

-      - name: Set up Go
-        uses: actions/setup-go@v6
+      - name: Set up Go
+        uses: actions/setup-go@<full_commit_sha_for_v6>
🧰 Tools
🪛 zizmor (1.25.2)

[error] 38-38: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)


[error] 43-43: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/go.yml around lines 38 - 43, The GitHub Actions workflow
uses movable version tags (`@v5` for actions/checkout and `@v6` for
actions/setup-go) which should be replaced with immutable commit SHAs for
supply-chain security. Replace the checkout action reference with its full
commit SHA instead of `@v5` and similarly replace the setup-go action reference
with its full commit SHA instead of `@v6`. This ensures the workflow always uses a
specific, known version of these actions rather than potentially different
versions if the tags are updated.

Source: Linters/SAST tools

@gaissmai gaissmai merged commit 8db72f9 into main Jun 19, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant