docs/LINTING.md
Last reviewed: 2026-05-28
Freshness source: .golangci.yml, .github/workflows/ci.yml, and
golangci-lint run --timeout=5m --build-tags=gms_pure_go ./... returning
0 issues.
This document explains the required Go lint gate for this codebase.
Lint is a required CI gate. The CI workflow runs golangci-lint with the
repository configuration and --build-tags=gms_pure_go; it is expected to pass
with zero issues.
Run the same check locally with:
golangci-lint run --timeout=5m --build-tags=gms_pure_go ./...
Formatting is a separate required gate:
make fmt-check
Treat new lint findings as defects to fix before merge. Do not add a tolerated
failing baseline, and do not configure CI with --issues-exit-code=0.
When a linter reports an intentional or false-positive pattern:
.golangci.yml exclusion tied to a path, linter, and message.//nolint:<linter> only when the reason is local to a specific line and
the comment explains why the warning is not actionable.The current configuration already encodes accepted exclusions for intentional patterns such as deferred cleanup errors, controlled subprocess execution, test-fixture file reads, and documented security false positives.
pr-lint should stay separate from pr-policy and pr-core so failures are
easy to identify and rerun. It should include:
make fmt-checkgolangci-lint run --timeout=5m --build-tags=gms_pure_go ./...See CI_CLEANUP_PLAN.md for the full CI tier policy.
golangci-lint version in CI instead of using version: latest.scripts/ci/pr-lint.sh
wrapper..golangci.yml exclusions and remove entries that are no
longer needed.