Skip to content

CI: Add govulncheck / Bump main Go version #7934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bbrks merged 5 commits into from
Jan 5, 2026
Merged

CI: Add govulncheck / Bump main Go version #7934

bbrks merged 5 commits into from
Jan 5, 2026
+119 −105

Conversation

@bbrks
Copy link
Member

@bbrks bbrks commented Dec 18, 2025
edited
Loading

  • Add govulncheck to CI workflow
  • Bump to latest Go version in main
  • Bump golangci-lint action and tool due to Go version upgrade
  • Tag activeReplicatorCommon async reconnect function with go:norace directive - fails reliably after Go version change in GH Actions

Integration Tests

Copilot AI review requested due to automatic review settings December 18, 2025 18:32
Copilot AI reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades the Go version to 1.25.5 across the Sync Gateway project and adds vulnerability scanning via govulncheck to the CI workflow. The upgrade affects build configurations, CI pipelines, and linting tools.

Key changes:

  • Go version bumped from 1.24.x to 1.25.5 across all configuration files
  • Added new govulncheck job to GitHub Actions CI workflow
  • Updated golangci-lint action from v7 to v9 and tool version from v2.0.2 to v2.7

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
manifest/product-config.json Updated Go version in product manifest for main branch
go.mod Updated Go directive to require version 1.25.5
Jenkinsfile Updated Go tools version for Jenkins CI pipeline
.github/workflows/ci.yml Updated Go version across all CI jobs, upgraded golangci-lint action and version, added govulncheck job

@bbrks
Copy link
Member Author

bbrks commented Dec 18, 2025

FYI this looks like a legitimate race in ActiveReplicator arc.ctx that may be more reliably detectable now? I'll check it out a little more tomorrow.

torcolvin
torcolvin reviewed Dec 19, 2025
View reviewed changes
torcolvin
torcolvin previously approved these changes Dec 19, 2025
View reviewed changes
Copy link
Collaborator

@torcolvin torcolvin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

github now provide yaml anchors if we wanted to deduplicate the constants in the future https://docs.github.com/en/actions/reference/workflows-and-actions/reusing-workflow-configurations#yaml-anchors-and-aliases

@bbrks bbrks force-pushed the ci-add_govulncheck branch from 609c6ad to df73ab9 Compare January 5, 2026 15:04
@bbrks bbrks merged commit c2cda23 into main Jan 5, 2026
49 checks passed
@bbrks bbrks deleted the ci-add_govulncheck branch January 5, 2026 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@torcolvin torcolvin torcolvin approved these changes

Assignees

@torcolvin torcolvin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bbrks @torcolvin