Background
v0.1's .golangci.yml trims staticcheck and unused from the active linter set because they reproducibly time-budgeted the GitHub-hosted runner during Phase 2 lint runs (~2 min then "shutdown signal"). The dep tree inflates the SSA analysis graph (~80 indirect modules from k8s.io/client-go) past what the standard 4-CPU runner can handle in the allocated time.
Three options to bring them back without losing CI:
Option A — narrower scope
Run staticcheck only on ./internal/... (our own code), exclude module-cache packages. golangci-lint v2.x supports skip-files patterns that v1.64 doesn't.
Option B — larger runner
Switch the Lint job to runs-on: ubuntu-latest-4core (or self-hosted with 8+ GB more RAM). Pros: zero config drift. Cons: $$ + provisioning if self-hosted; the GitHub-Pro larger-runner SKU isn't free either.
Option C — successor tool
govulncheck covers the security-focused SA checks staticcheck does, runs much faster (vuln-DB-driven), and the unused checks are arguably out of scope for a CLI that's still adding code daily. Pick the strict subset of staticcheck checks that matter (SA1xxx + SA4xxx are the highest-signal) and run those via goanalysis_metalinter directly.
Acceptance criteria
staticcheck SA1xxx + SA4xxx (or whatever subset stays valuable) runs on every PR- Lint job completes in < 90s on a standard runner
unused either runs against our own code only, or is dropped permanently with a writeup
Found by
PR #2 (Phase 2 cluster discovery) CI iteration — three failed runs in a row before the lint set was trimmed. The trim is in .golangci.yml of that PR with a comment referencing this ticket.
Background
v0.1's
.golangci.ymltrimsstaticcheckandunusedfrom the active linter set because they reproducibly time-budgeted the GitHub-hosted runner during Phase 2 lint runs (~2 min then "shutdown signal"). The dep tree inflates the SSA analysis graph (~80 indirect modules from k8s.io/client-go) past what the standard 4-CPU runner can handle in the allocated time.Three options to bring them back without losing CI:
Option A — narrower scope
Run
staticcheckonly on./internal/...(our own code), exclude module-cache packages. golangci-lint v2.x supportsskip-filespatterns that v1.64 doesn't.Option B — larger runner
Switch the Lint job to
runs-on: ubuntu-latest-4core(or self-hosted with 8+ GB more RAM). Pros: zero config drift. Cons: $$ + provisioning if self-hosted; the GitHub-Pro larger-runner SKU isn't free either.Option C — successor tool
govulncheckcovers the security-focused SA checksstaticcheckdoes, runs much faster (vuln-DB-driven), and theunusedchecks are arguably out of scope for a CLI that's still adding code daily. Pick the strict subset of staticcheck checks that matter (SA1xxx + SA4xxx are the highest-signal) and run those viagoanalysis_metalinterdirectly.Acceptance criteria
staticcheckSA1xxx + SA4xxx (or whatever subset stays valuable) runs on every PRunusedeither runs against our own code only, or is dropped permanently with a writeupFound by
PR #2 (Phase 2 cluster discovery) CI iteration — three failed runs in a row before the lint set was trimmed. The trim is in
.golangci.ymlof that PR with a comment referencing this ticket.