Skip to content

Subscribe to boilerplate openshift/golang-lint convention#556

Open
clcollins wants to merge 1 commit into
openshift:masterfrom
clcollins:worktree-boilerplate-subscription
Open

Subscribe to boilerplate openshift/golang-lint convention#556
clcollins wants to merge 1 commit into
openshift:masterfrom
clcollins:worktree-boilerplate-subscription

Conversation

@clcollins

@clcollins clcollins commented Jul 3, 2026

Copy link
Copy Markdown
Member

Summary

  • Subscribe to boilerplate's openshift/golang-lint convention for centralized lint config and golangci-lint version management
  • Remove ad-hoc .golangci.yaml and Makefile lint/coverage targets (replaced by boilerplate-provided equivalents)
  • Fix 42 lint errors surfaced by boilerplate's stricter config (errcheck, gosec, staticcheck, unused)
  • Resolves the Makefile TODO: # TODO: Add golang build/tests here (onboard project to boilerplate?)

What boilerplate provides

  • Standardized golangci.yml with errcheck, gosec, govet, ineffassign, misspell, staticcheck, unused linters
  • Auto-installation of golangci-lint via ensure.sh
  • Centralized version management (currently v2.12.2)
  • make boilerplate-freeze-check to prevent accidental modification of managed files
  • make boilerplate-update to pull latest convention changes

What was NOT subscribed

  • openshift/golang-codecov — its codecov.sh is Prow-oriented; no value with Konflux CI
  • openshift/osd-container-image — generates Prow artifacts, expects build/Dockerfile; incompatible with our multi-variant Containerfile

Lint fixes by category

  • errcheck (19): Handle unchecked errors in ocm client, config save, feature registration (panic in init())
  • staticcheck (16): Lowercase error strings per Go convention, use fmt.Fprintf over WriteString(Sprintf(...)), simplify conditions, use raw strings for regex
  • gosec (5): nolint directives for false positives (env var key names, test fixtures, intentional credential marshaling)
  • unused (2): Remove dead verbose and deferredClose variables

Test plan

  • make lint — 0 issues
  • go test ./... — all 22 packages pass
  • make boilerplate-update — no diff (fully in sync with boilerplate HEAD)
  • make boilerplate-freeze-check — clean
  • Verify Konflux CI builds still pass

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes

    • Improved startup reliability by failing fast when feature registration is unavailable.
    • Updated several error messages and log-level validation text for consistency.
    • Made cluster and token-related save/load handling more robust.
  • Chores

    • Added boilerplate and CI validation support files.
    • Updated build tooling and developer targets, including a new boilerplate update command.
    • Cleaned up lint-related configuration and comments.

Bootstrap boilerplate framework with the golang-lint convention to
standardize linting across SREP repositories. This replaces the ad-hoc
golangci-lint setup with boilerplate's centrally managed config and
auto-installation.

Changes:
- Add boilerplate/ directory with update script, config, and golang-lint
  convention files
- Remove .golangci.yaml (boilerplate provides its own golangci.yml)
- Remove lint and coverage Makefile targets (lint provided by
  boilerplate; coverage was a broken TODO)
- Fix 42 lint errors surfaced by boilerplate's stricter config:
  errcheck, gosec, staticcheck, and unused findings
- Update tests to match lowercased error strings per Go convention

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: clcollins

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 3, 2026
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Walkthrough

This PR adds boilerplate CI infrastructure (.gitattributes, Makefile include/target), removes golangci-lint configuration and related Makefile targets, and adds explicit error handling (panic on failure, warning logs) across feature registration, OCM client, and command code, plus lowercases error message text and adds nolint:gosec suppressions.

Changes

Boilerplate and Lint Tooling

Layer / File(s) Summary
Boilerplate CI infrastructure
.gitattributes, Makefile
Adds a boilerplate block to .gitattributes and updates the Makefile to include boilerplate/generated-includes.mk and add a boilerplate-update target.
Golangci-lint removal
.golangci.yaml, Makefile
Removes the golangci-lint config file, the GOLANGCI_LINT_VERSION variable and its version print, the coverage/lint targets, and a stale TODO comment.

Estimated code review effort: 2 (Simple) | ~12 minutes

Error Handling and Message Fixes

Layer / File(s) Summary
CLI flag and root command cleanup
cmd/flags.go, cmd/root.go
Removes unused verbose flag variable and discards return values from ocm.CloseClient() and MarkHidden().
Feature registration panic-on-error
pkg/features/*/*.go
Updates init() across all feature packages to check features.Register errors and panic on failure; adds nolint:gosec comments in jira and pagerduty.
OCM client error handling and messages
pkg/ocm/ocm.go, pkg/ocm/ocm_test.go, pkg/ocmcontainer/ocmcontainer.go
Removes deferredClose variable, checks ensureArmed and config.Save errors, lowercases error messages in GetCluster, adds nolint:gosec suppressions, and discards return values in cleanup hooks.
Deprecation formatting, engine/log casing, formatter tweaks
pkg/deprecation/deprecation.go, pkg/engine/engine.go, pkg/engine/engine_test.go, pkg/log/logger.go, pkg/log/logger_test.go, pkg/log/log-formatter.go, pkg/subprocess/subprocess_test.go
Switches deprecation messages to fmt.Fprintf-based builder writes, lowercases error message casing with matching test updates, refactors formatter internals, and adds a nolint:gosec comment.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Estimated code review effort

Estimated code review effort: 3 (Moderate) | ~25 minutes

Suggested reviewers: N/A (not determinable from provided information)

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adopting the openshift/golang-lint boilerplate convention.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Touched Ginkgo titles are static string literals; no dynamic pod/UUID/date/node/namespace/IP data appears in any changed test names.
Test Structure And Quality ✅ Passed Changed Ginkgo tests only tweak comments/assertions; they use BeforeEach/AfterEach where needed and add no cluster waits or resource cleanup issues.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e specs were added; the diff only touches unit tests and contains no MicroShift-unsupported OpenShift API use.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new e2e Ginkgo tests were added; the touched test files are unit tests and show no SNO-specific multi-node assumptions.
Topology-Aware Scheduling Compatibility ✅ Passed PASS: The PR only changes lint/config, feature registration, logging, and tests; no deployment manifests, controllers, or scheduling constraints were added or modified.
Ote Binary Stdout Contract ✅ Passed No new stdout writes appear in main/init/setup; the only fmt.Println is in the version subcommand, outside the scoped process-level contexts.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; only unit tests changed, and they don’t require external connectivity or IPv6-specific networking.
No-Weak-Crypto ✅ Passed Scans of the touched Go files and repo found no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret/token comparisons; token code only checks env presence.
Container-Privileges ✅ Passed No changed container/K8s manifests add privileged settings; the only privileged: true hits are test fixtures in pkg/engine/engine_test.go.
No-Sensitive-Data-In-Logs ✅ Passed The patch only adds a generic config-save warning and error-handling tweaks; it doesn’t log tokens, PII, hostnames, or other sensitive fields.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
cmd/root.go (1)

119-119: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Discarded CloseClient() error hides real cleanup failures.

ocm.CloseClient() returns an error from client.Close() (or nil if the client is nil) — a real connection-close failure is now silently dropped via _ =. Elsewhere in this same PR (pkg/ocm/ocm.go's config.Save handling), failures on non-critical cleanup paths are logged via log.Warningf rather than discarded outright. Consider the same pattern here for consistency and easier debugging of shutdown issues.

As per path instructions, **/*.go guidance states: "Never ignore error returns."

♻️ Proposed fix
 	PersistentPostRun: func(cmd *cobra.Command, args []string) {
-		_ = ocm.CloseClient()
+		if err := ocm.CloseClient(); err != nil {
+			log.Debugf("error closing OCM client: %v", err)
+		}
 	},
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/root.go` at line 119, The cleanup in ocm.CloseClient() is currently being
discarded, which hides shutdown failures. Update the caller in root command
teardown to handle the returned error instead of assigning it to _, and follow
the same non-critical cleanup pattern used in pkg/ocm/ocm.go by logging a
warning with context when CloseClient() fails. Use the ocm.CloseClient symbol to
locate the call site and preserve consistency with other cleanup error handling
in this PR.

Source: Path instructions

pkg/ocmcontainer/ocmcontainer.go (1)

116-116: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Discarded cleanup errors mask real failures (client close / container stop).

Both ocm.CloseClient() and o.Stop(0) return an error from client.Close() (or nil if the client is nil) that is now silently discarded via _ =. A failed Stop(0) in particular can mean the container is left running (resource leak) with no diagnostic trail. Consider at least a debug/warning log on failure, matching the pattern used for config.Save in pkg/ocm/ocm.go.

As per path instructions, **/*.go guidance states: "Never ignore error returns."

♻️ Proposed fix
-	o.RegisterPreExecCleanupFunc(func() { _ = ocm.CloseClient() })
+	o.RegisterPreExecCleanupFunc(func() {
+		if err := ocm.CloseClient(); err != nil {
+			log.Debugf("error closing OCM client: %v", err)
+		}
+	})
 		o.RegisterPostExecCleanupFunc(func() {
-			_ = o.Stop(0)
+			if err := o.Stop(0); err != nil {
+				log.Warningf("error stopping container: %v", err)
+			}
 		})

Also applies to: 418-418

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/ocmcontainer/ocmcontainer.go` at line 116, The cleanup callback
registered via o.RegisterPreExecCleanupFunc is discarding failures from
ocm.CloseClient, and the same issue applies to o.Stop(0) elsewhere in
ocmcontainer.go. Update these cleanup paths to handle returned errors instead of
assigning them to _, and add a debug/warning log on failure using the same style
as the config.Save error handling in pkg/ocm/ocm.go. Keep the cleanup behavior
intact, but make sure any close/stop failure is visible through a log message
tied to ocm.CloseClient and o.Stop.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/subprocess/subprocess_test.go`:
- Line 54: The subprocess test still triggers the noctx lint because
exec.Command is used without a context, and the gosec nolint does not cover that
warning. Update the test helper that builds cmd to use exec.CommandContext with
an appropriate context (for example from the test) and add the context import if
needed, while keeping the existing subprocess invocation behavior intact.

---

Nitpick comments:
In `@cmd/root.go`:
- Line 119: The cleanup in ocm.CloseClient() is currently being discarded, which
hides shutdown failures. Update the caller in root command teardown to handle
the returned error instead of assigning it to _, and follow the same
non-critical cleanup pattern used in pkg/ocm/ocm.go by logging a warning with
context when CloseClient() fails. Use the ocm.CloseClient symbol to locate the
call site and preserve consistency with other cleanup error handling in this PR.

In `@pkg/ocmcontainer/ocmcontainer.go`:
- Line 116: The cleanup callback registered via o.RegisterPreExecCleanupFunc is
discarding failures from ocm.CloseClient, and the same issue applies to
o.Stop(0) elsewhere in ocmcontainer.go. Update these cleanup paths to handle
returned errors instead of assigning them to _, and add a debug/warning log on
failure using the same style as the config.Save error handling in
pkg/ocm/ocm.go. Keep the cleanup behavior intact, but make sure any close/stop
failure is visible through a log message tied to ocm.CloseClient and o.Stop.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b36ad991-f110-4794-ad87-acef40a7868f

📥 Commits

Reviewing files that changed from the base of the PR and between 54ab2a1 and 1980134.

⛔ Files ignored due to path filters (23)
  • boilerplate/_data/backing-image-tag is excluded by !boilerplate/**
  • boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
  • boilerplate/_lib/boilerplate-commit is excluded by !boilerplate/**
  • boilerplate/_lib/boilerplate.mk is excluded by !boilerplate/**
  • boilerplate/_lib/common.sh is excluded by !boilerplate/**
  • boilerplate/_lib/container-make is excluded by !boilerplate/**
  • boilerplate/_lib/freeze-check is excluded by !boilerplate/**
  • boilerplate/_lib/release.sh is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-propose is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-propose-update is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-report is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-report-onboarding is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-report-pr is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-report-release is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber.sh is excluded by !boilerplate/**
  • boilerplate/generated-includes.mk is excluded by !boilerplate/**
  • boilerplate/openshift/golang-lint/README.md is excluded by !boilerplate/**
  • boilerplate/openshift/golang-lint/ensure.sh is excluded by !boilerplate/**
  • boilerplate/openshift/golang-lint/golangci.yml is excluded by !boilerplate/**
  • boilerplate/openshift/golang-lint/standard.mk is excluded by !boilerplate/**
  • boilerplate/update is excluded by !boilerplate/**
  • boilerplate/update.cfg is excluded by !boilerplate/**
📒 Files selected for processing (28)
  • .gitattributes
  • .golangci.yaml
  • Makefile
  • cmd/flags.go
  • cmd/root.go
  • pkg/deprecation/deprecation.go
  • pkg/engine/engine.go
  • pkg/engine/engine_test.go
  • pkg/features/additional-cluster-envs/additional-cluster-envs.go
  • pkg/features/backplane/backplane.go
  • pkg/features/certificate-authorities/certificate-authorities.go
  • pkg/features/gcloud/gcloud.go
  • pkg/features/image-cache/image-cache.go
  • pkg/features/jira/jira.go
  • pkg/features/legacy-aws-credentials/legacy-aws-credentials.go
  • pkg/features/ops-utils/ops-utils.go
  • pkg/features/osdctl/osdctl.go
  • pkg/features/pagerduty/pagerduty.go
  • pkg/features/persistent-histories/persistent-histories.go
  • pkg/features/personalization/personalization.go
  • pkg/features/ports/ports.go
  • pkg/log/log-formatter.go
  • pkg/log/logger.go
  • pkg/log/logger_test.go
  • pkg/ocm/ocm.go
  • pkg/ocm/ocm_test.go
  • pkg/ocmcontainer/ocmcontainer.go
  • pkg/subprocess/subprocess_test.go
💤 Files with no reviewable changes (2)
  • .golangci.yaml
  • cmd/flags.go

allArgs := []string{"-test.run=^$", "--", command}
allArgs = append(allArgs, args...)
cmd := exec.Command(os.Args[0], allArgs...)
cmd := exec.Command(os.Args[0], allArgs...) //nolint:gosec // test helper re-invoking own binary

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

noctx lint finding not addressed.

Static analysis still flags Line 54: exec.Command should be exec.CommandContext. The added //nolint:gosec only suppresses gosec (G204), not the separate noctx linter warning, so this line will likely still fail make lint.

🔧 Proposed fix
-	cmd := exec.Command(os.Args[0], allArgs...) //nolint:gosec // test helper re-invoking own binary
+	cmd := exec.CommandContext(context.Background(), os.Args[0], allArgs...) //nolint:gosec // test helper re-invoking own binary

Add "context" to imports if not already present.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
cmd := exec.Command(os.Args[0], allArgs...) //nolint:gosec // test helper re-invoking own binary
cmd := exec.CommandContext(context.Background(), os.Args[0], allArgs...) //nolint:gosec // test helper re-invoking own binary
🧰 Tools
🪛 golangci-lint (2.12.2)

[error] 54-54: os/exec.Command must not be called. use os/exec.CommandContext

(noctx)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/subprocess/subprocess_test.go` at line 54, The subprocess test still
triggers the noctx lint because exec.Command is used without a context, and the
gosec nolint does not cover that warning. Update the test helper that builds cmd
to use exec.CommandContext with an appropriate context (for example from the
test) and add the context import if needed, while keeping the existing
subprocess invocation behavior intact.

Source: Linters/SAST tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant