chore: Update dependencies, docker config, and tooling #23
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates project dependencies, modernizes Docker configuration, and restructures the golangci-lint configuration. However, it contains critical issues with non-existent Go versions that will prevent the project from building.
Key changes:
- Dependency updates across multiple packages (sonic, fiber, validator, etc.)
- Go version updates (problematic - versions don't exist yet)
- Docker Compose V2 migration (removing version field, changing commands)
- golangci-lint configuration restructuring to v2 format
Reviewed changes
Copilot reviewed 13 out of 15 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Updates Go to 1.24.0 (non-existent) and updates multiple dependencies |
| go.sum | Corresponding dependency checksum updates |
| Dockerfile | Updates base image to golang:1.25 (non-existent) and adds tzdata package |
| docker-compose.yml | Removes obsolete version field for Docker Compose V2 compatibility |
| Makefile | Updates docker-compose commands to docker compose (V2 syntax) |
| .golangci.yml | Major restructuring to v2 config format, removes some linters |
| README.md | Adds important documentation about test database requirements |
| .gitignore | Adds bin/golangci-lint to ignored files |
| src/utils/verify.go | Adds revive:disable:var-naming directive |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| module app | ||
|
|
||
| go 1.22.5 | ||
| go 1.24.0 |
There was a problem hiding this comment.
The Go version in go.mod should match the Go version used in the Dockerfile. Currently go.mod specifies 1.24.0 while Dockerfile specifies 1.25. Even after fixing the nonexistent versions, these should be aligned to ensure consistent build behavior across development and production environments.
| go 1.24.0 | |
| go 1.22 |
| # Default: false | ||
| all: true | ||
|
|
||
| version: "2" |
There was a problem hiding this comment.
The golangci-lint configuration has been changed from a detailed v1.60.1 configuration format to version "2" format. This is a significant structural change that removes the explicit version comment and run timeout configuration. Ensure this new format is compatible with the version of golangci-lint being used in the project and that the timeout settings are still appropriate for your codebase.
| version: "2" | |
| version: "2" | |
| run: | |
| timeout: 5m |
| version: "2" | ||
| linters: | ||
| disable-all: true | ||
| default: none |
There was a problem hiding this comment.
The new configuration uses "default: none" which explicitly disables all default linters. While this is valid, it's worth noting that this differs from the previous "disable-all: true" approach. Ensure this change is intentional and that all necessary linters are explicitly enabled in the enable list below.
| - unused | ||
| - usestdlibvars | ||
| - wastedassign | ||
| - whitespace |
There was a problem hiding this comment.
The new configuration is missing the "typecheck" linter which was enabled in the previous configuration. typecheck acts like the front-end of a Go compiler and parses and type-checks Go code. This is an important linter that catches type errors. Consider adding it back to maintain the same level of static analysis coverage.
| - whitespace | |
| - whitespace | |
| - typecheck |
| > [!IMPORTANT] | ||
| > Tests use a **separate test database**. | ||
| > | ||
| > By default, the test database name is defined in: | ||
| > `test/init.go` | ||
| > | ||
| > ```go | ||
| > DB = database.Connect("localhost", "testdb") | ||
| > ``` | ||
| > | ||
| > Make sure the test database (`testdb`) **already exists** and all required | ||
| > tables (`users`, `tokens`, etc.) have been migrated before running the test commands. |
There was a problem hiding this comment.
The new documentation uses a blockquote with IMPORTANT tag which is good for visibility. However, the code example shows a hardcoded database connection string with "localhost" and "testdb". Consider mentioning that these values might need to be adjusted based on the actual test environment configuration, or reference environment variables if they're used in the actual code.
| formatters: | ||
| enable: | ||
| - goimports | ||
| exclusions: | ||
| generated: lax | ||
| paths: | ||
| - third_party$ | ||
| - builtin$ | ||
| - examples$ |
There was a problem hiding this comment.
The new "formatters" section is added but the previous configuration relied on goimports being enabled as a linter. Verify that this formatters section works as expected with your golangci-lint version, as this appears to be a newer configuration feature that may not be available in all versions.
| enable: | ||
| ## enabled by default | ||
| - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases | ||
| - gosimple # specializes in simplifying a code | ||
| - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string | ||
| - ineffassign # detects when assignments to existing variables are not used | ||
| - staticcheck # is a go vet on steroids, applying a ton of static analysis checks | ||
| - typecheck # like the front-end of a Go compiler, parses and type-checks Go code | ||
| - unused # checks for unused constants, variables, functions and types | ||
| ## disabled by default | ||
| - asasalint # checks for pass []any as any in variadic func(...any) | ||
| - asciicheck # checks that your code does not contain non-ASCII identifiers | ||
| - bidichk # checks for dangerous unicode character sequences | ||
| - bodyclose # checks whether HTTP response body is closed successfully | ||
| - canonicalheader # checks whether net/http.Header uses canonical header | ||
| - cyclop # checks function and package cyclomatic complexity | ||
| - dupl # tool for code clone detection | ||
| - durationcheck # checks for two durations multiplied together | ||
| - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error | ||
| - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13 | ||
| - exhaustive # checks exhaustiveness of enum switch statements | ||
| - fatcontext # detects nested contexts in loops | ||
| - forbidigo # forbids identifiers | ||
| - funlen # tool for detection of long functions | ||
| - gocheckcompilerdirectives # validates go compiler directive comments (//go:) | ||
| #- gochecknoglobals # checks that no global variables exist | ||
| #- gochecknoinits # checks that no init functions are present in Go code | ||
| - gochecksumtype # checks exhaustiveness on Go "sum types" | ||
| - gocognit # computes and checks the cognitive complexity of functions | ||
| - goconst # finds repeated strings that could be replaced by a constant | ||
| - gocritic # provides diagnostics that check for bugs, performance and style issues | ||
| - gocyclo # computes and checks the cyclomatic complexity of functions | ||
| #- godot # checks if comments end in a period | ||
| - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt | ||
| - gomoddirectives # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod | ||
| - gomodguard # allow and block lists linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations | ||
| - goprintffuncname # checks that printf-like functions are named with f at the end | ||
| - gosec # inspects source code for security problems | ||
| - intrange # finds places where for loops could make use of an integer range | ||
| - lll # reports long lines | ||
| - loggercheck # checks key value pairs for common logger libraries (kitlog,klog,logr,zap) | ||
| - makezero # finds slice declarations with non-zero initial length | ||
| - mirror # reports wrong mirror patterns of bytes/strings usage | ||
| #- mnd # detects magic numbers | ||
| - musttag # enforces field tags in (un)marshaled structs | ||
| - nakedret # finds naked returns in functions greater than a specified function length | ||
| - nestif # reports deeply nested if statements | ||
| - nilerr # finds the code that returns nil even if it checks that the error is not nil | ||
| - nilnil # checks that there is no simultaneous return of nil error and an invalid value | ||
| - noctx # finds sending http request without context.Context | ||
| - nolintlint # reports ill-formed or insufficient nolint directives | ||
| - nonamedreturns # reports all named returns | ||
| - nosprintfhostport # checks for misuse of Sprintf to construct a host with port in a URL | ||
| - perfsprint # checks that fmt.Sprintf can be replaced with a faster alternative | ||
| - predeclared # finds code that shadows one of Go's predeclared identifiers | ||
| - promlinter # checks Prometheus metrics naming via promlint | ||
| - protogetter # reports direct reads from proto message fields when getters should be used | ||
| - reassign # checks that package variables are not reassigned | ||
| - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint | ||
| - rowserrcheck # checks whether Err of rows is checked successfully | ||
| - sloglint # ensure consistent code style when using log/slog | ||
| - spancheck # checks for mistakes with OpenTelemetry/Census spans | ||
| - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed | ||
| - stylecheck # is a replacement for golint | ||
| - tenv # detects using os.Setenv instead of t.Setenv since Go1.17 | ||
| - testableexamples # checks if examples are testable (have an expected output) | ||
| #- testifylint # checks usage of github.com/stretchr/testify | ||
| - testpackage # makes you use a separate _test package | ||
| - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes | ||
| - unconvert # removes unnecessary type conversions | ||
| - unparam # reports unused function parameters | ||
| - usestdlibvars # detects the possibility to use variables/constants from the Go standard library | ||
| - wastedassign # finds wasted assignment statements | ||
| - whitespace # detects leading and trailing whitespace | ||
|
|
||
| ## you may want to enable | ||
| #- decorder # checks declaration order and count of types, constants, variables and functions | ||
| #- exhaustruct # [highly recommend to enable] checks if all structure fields are initialized | ||
| #- gci # controls golang package import order and makes it always deterministic | ||
| #- ginkgolinter # [if you use ginkgo/gomega] enforces standards of using ginkgo and gomega | ||
| #- godox # detects FIXME, TODO and other comment keywords | ||
| #- goheader # checks is file header matches to pattern | ||
| #- inamedparam # [great idea, but too strict, need to ignore a lot of cases by default] reports interfaces with unnamed method parameters | ||
| #- interfacebloat # checks the number of methods inside an interface | ||
| #- ireturn # accept interfaces, return concrete types | ||
| #- prealloc # [premature optimization, but can be used in some cases] finds slice declarations that could potentially be preallocated | ||
| #- tagalign # checks that struct tags are well aligned | ||
| #- varnamelen # [great idea, but too many false positives] checks that the length of a variable's name matches its scope | ||
| #- wrapcheck # checks that errors returned from external packages are wrapped | ||
| #- zerologlint # detects the wrong usage of zerolog that a user forgets to dispatch zerolog.Event | ||
|
|
||
| ## disabled | ||
| #- containedctx # detects struct contained context.Context field | ||
| #- contextcheck # [too many false positives] checks the function whether use a non-inherited context | ||
| #- copyloopvar # [not necessary from Go 1.22] detects places where loop variables are copied | ||
| #- depguard # [replaced by gomodguard] checks if package imports are in a list of acceptable packages | ||
| #- dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) | ||
| #- dupword # [useless without config] checks for duplicate words in the source code | ||
| #- err113 # [too strict] checks the errors handling expressions | ||
| #- errchkjson # [don't see profit + I'm against of omitting errors like in the first example https://github.com/breml/errchkjson] checks types passed to the json encoding functions. Reports unsupported types and optionally reports occasions, where the check for the returned error can be omitted | ||
| #- execinquery # [deprecated] checks query string in Query function which reads your Go src files and warning it finds | ||
| #- exportloopref # [not necessary from Go 1.22] checks for pointers to enclosing loop variables | ||
| #- forcetypeassert # [replaced by errcheck] finds forced type assertions | ||
| #- gofmt # [replaced by goimports] checks whether code was gofmt-ed | ||
| #- gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed | ||
| #- gosmopolitan # reports certain i18n/l10n anti-patterns in your Go codebase | ||
| #- grouper # analyzes expression groups | ||
| #- importas # enforces consistent import aliases | ||
| #- maintidx # measures the maintainability index of each function | ||
| #- misspell # [useless] finds commonly misspelled English words in comments | ||
| #- nlreturn # [too strict and mostly code is not more readable] checks for a new line before return and branch statements to increase code clarity | ||
| #- paralleltest # [too many false positives] detects missing usage of t.Parallel() method in your Go test | ||
| #- tagliatelle # checks the struct tags | ||
| #- thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers | ||
| #- wsl # [too strict and mostly code is not more readable] whitespace linter forces you to use empty lines | ||
|
|
||
| issues: | ||
| # Maximum count of issues with the same text. | ||
| # Set to 0 to disable. | ||
| # Default: 3 | ||
| max-same-issues: 50 | ||
|
|
||
| exclude-rules: | ||
| - source: "(noinspection|TODO)" | ||
| linters: [godot] | ||
| - source: "//noinspection" | ||
| linters: [gocritic] | ||
| - path: "example\\.go" | ||
| linters: | ||
| - lll | ||
| - path: "_test\\.go" | ||
| linters: | ||
| - bodyclose | ||
| - dupl | ||
| - asasalint | ||
| - asciicheck | ||
| - bidichk | ||
| - bodyclose | ||
| - canonicalheader | ||
| - cyclop | ||
| - dupl | ||
| - durationcheck | ||
| - errcheck | ||
| - errname | ||
| - errorlint | ||
| - exhaustive | ||
| - fatcontext | ||
| - forbidigo | ||
| - funlen | ||
| - gocheckcompilerdirectives | ||
| - gochecksumtype | ||
| - gocognit | ||
| - goconst | ||
| - gocritic | ||
| - gocyclo | ||
| - gomoddirectives | ||
| - gomodguard | ||
| - goprintffuncname | ||
| - gosec | ||
| - govet | ||
| - ineffassign | ||
| - intrange | ||
| - lll | ||
| - loggercheck | ||
| - makezero | ||
| - mirror | ||
| - musttag | ||
| - nakedret | ||
| - nestif | ||
| - nilerr | ||
| - nilnil | ||
| - noctx | ||
| - nolintlint | ||
| - nonamedreturns | ||
| - nosprintfhostport | ||
| - perfsprint | ||
| - predeclared | ||
| - promlinter | ||
| - protogetter | ||
| - reassign | ||
| - revive | ||
| - rowserrcheck | ||
| - sloglint | ||
| - spancheck | ||
| - sqlclosecheck | ||
| - staticcheck | ||
| - testableexamples | ||
| - testpackage | ||
| - tparallel | ||
| - unconvert | ||
| - unparam | ||
| - unused | ||
| - usestdlibvars | ||
| - wastedassign | ||
| - whitespace |
There was a problem hiding this comment.
The new configuration is missing the "gosimple" linter which was enabled in the previous configuration. gosimple specializes in simplifying code and is a valuable linter for maintaining code quality. Consider adding it back to the enable list to maintain the same level of code quality checks.
| presets: | ||
| - comments | ||
| - common-false-positives | ||
| - legacy | ||
| - std-error-handling |
There was a problem hiding this comment.
The exclusions section has been restructured with new "presets" fields (comments, common-false-positives, legacy, std-error-handling). These presets are a newer golangci-lint feature. Ensure your golangci-lint version supports these presets, as they may not be available in older versions.
| presets: | |
| - comments | |
| - common-false-positives | |
| - legacy | |
| - std-error-handling |
| @@ -1,5 +1,3 @@ | |||
| version: '3.8' | |||
|
|
|||
| services: | |||
There was a problem hiding this comment.
The version field has been removed from docker-compose.yml. This is correct for modern Docker Compose (v2.x+), where the version field is obsolete and ignored. However, ensure all team members and CI/CD environments are using Docker Compose v2 or later, as older versions (docker-compose v1.x) may not work without the version field.
| @docker compose up --build | ||
| docker-test: | ||
| @docker-compose up -d && make tests | ||
| @docker compose up -d && make tests | ||
| docker-down: | ||
| @docker-compose down --rmi all --volumes --remove-orphans | ||
| @docker compose down --rmi all --volumes --remove-orphans |
There was a problem hiding this comment.
The commands have been updated from "docker-compose" to "docker compose" (without hyphen), which aligns with Docker Compose V2 where it's now a docker CLI plugin. This is a good modernization, but ensure that all environments (development, CI/CD, documentation) are updated to use Docker Compose V2 as this change will break compatibility with the older standalone docker-compose tool.
No description provided.