Skip to content

Lint workflow fails after golangci-lint latest resolved to v2.12.1 #7686

Open
Task
#7690
Open
Lint workflow fails after golangci-lint latest resolved to v2.12.1#7686
Task
#7690
Assignees
steadytao
Milestone
v2.11.3
@steadytao

Description

@steadytao
steadytao
opened on May 3, 2026

Issue Details

The lint workflow is currently failing because golangci/golangci-lint-action is configured with version: latest and the action has recently resolved that to golangci-lint v2.12.1.

That version is now reporting repo-wide findings across gosec, govet and modernize causing the lint job to fail.

Current findings include:

  • gosec
    • G124 cookie attribute findings in:
      • modules/caddyhttp/fileserver/browse.go
      • modules/caddyhttp/reverseproxy/selectionpolicies.go
    • G710 open redirect taint finding in:
      • modules/caddyhttp/fileserver/staticfiles.go
  • govet
    • reflect.Ptr inline constant findings in:
      • cmd/packagesfuncs.go
      • context.go
  • modernize
    • slices.Backward suggestions in:
      • modules/caddyhttp/routes.go
      • modules/caddyhttp/server.go
  • https://github.com/caddyserver/caddy/actions/runs/25268991738/job/74088187876

I think this should be tracked separately because there are two related concerns:

  1. the workflow is currently non-deterministic because it follows latest
  2. several of the new findings appear valid enough to clean up rather than only suppress

A reasonable fix may be to pin golangci-lint to a known-good version first then clean up the new findings and intentionally bump the pinned version afterwards.

Assistance Disclosure

AI not used

If AI was used, describe the extent to which it was used.

No response

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Task

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions