ci: Modernize dev tooling and add workflows#6
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes:
Modernized
.golangci.ymlto golangci-lint v2 config.1.25.bodyclose,durationcheck,errorlint,gosec,govet,nil*,nolintlint,staticcheck, etc.Updated
Makefile.ci/verifyorchestration.mod-verifyfmtfmt-checklintlint-fixlint-civetvulntest-db-setuptest-env-checkcoveragebuildgolangci-lintvia:go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2Added GitHub Actions workflow at
.github/workflows/ci.yml.master.8.4service.ETHBLOCKS_*test env vars.Added Dependabot config at
.github/dependabot.yml.gomodandgithub-actions.Added a PR template at
.github/pull_request_template.md.Updated Go/dependencies enough to make the gate viable.
go.modnow targets Go1.25.11.github.com/ethereum/go-ethereumtov1.17.0.go mod tidy.Vulnerability scan handling
govulnchecknow only reports one reachable advisory:GO-2026-4479ingithub.com/pion/dtls/v2N/ABecause there is no upstream fixed version, I added a narrow allowlist:
GOVULNCHECK_KNOWN ?= GO-2026-4479Any new/unacknowledged vulnerability still fails
make vulnand CI.How did you test it?
Ran the whole CI pipeline locally, step by step in workflow order.
Passed locally:
Notes for the reviewer
intentionally acknowledged in
make vuln.blob DEFAULT ''->blob.revive.toml,staticcheck.conf,errcheck_excludes.txt. Configuration included in.golangci.yml.ETHBLOCKS_CLIENT); swap for a keyed URL viasecrets if CI flakes on the network.
Checklist
make fmt-check)make lint)make vet)make vuln)make test)make verify)fix:,feat:,build:,chore:,ci:,docs:,style:,refactor:,perf:,test:.