NO-ISSUE: Update module github.com/golangci/golangci-lint to v2.11.4

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/golangci/golangci-lint	v2.8.0 → v2.11.4

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.11.4

Compare Source

Released on 2026-03-22

1. Linters bug fixes
   • govet-modernize: from 0.42.0 to 0.43.0
   • noctx: from 0.5.0 to 0.5.1
   • sqlclosecheck: from 0.5.1 to 0.6.0

v2.11.3

Compare Source

Released on 2026-03-10

1. Linters bug fixes
   • gosec: from v2.24.7 to 619ce21

v2.11.2

Compare Source

Released on 2026-03-07

1. Fixes
   • fmt: fix error when using the fmt command with explicit paths.

v2.11.1

Compare Source

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Compare Source

Released on 2026-03-06

1. Linters new features or changes
   • errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
   • gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
   • noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
   • prealloc: from 1.0.2 to 1.1.0
   • revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)
2. Linters bug fixes
   • gocognit: from 1.2.0 to 1.2.1
   • gosec: from 2.24.6 to 2.24.7
   • unqueryvet: from 1.5.3 to 1.5.4

v2.10.1

Compare Source

Released on 2026-02-17

1. Fixes
   • buildssa panic

v2.10.0

Compare Source

Released on 2026-02-17

1. Linters new features or changes
   • ginkgolinter: from 0.22.0 to 0.23.0
   • gosec: from 2.22.11 to 2.23.0 (new rules: G117, G602, G701, G702, G703, G704, G705, G706)
   • staticcheck: from 0.6.1 to 0.7.0
2. Linters bug fixes
   • godoclint: from 0.11.1 to 0.11.2

v2.9.0

Compare Source

Released on 2026-02-10

1. Enhancements
   • 🎉 go1.26 support
2. Linters new features or changes
   • arangolint: from 0.3.1 to 0.4.0 (new rule: detect potential query injections)
   • ginkgolinter: from 0.21.2 to 0.22.0 (support for wrappers)
   • golines: from 0.14.0 to 0.15.0
   • misspell: from 0.7.0 to 0.8.0
   • revive: from v1.13.0 to v1.14.0 (new rules: epoch-naming, use-slices-sort)
   • unqueryvet: from 1.4.0 to 1.5.3 (new options: check-n1, check-sql-injection, check-tx-leaks, allow, custom-rules)
   • wsl_v5: from 5.3.0 to 5.6.0 (new rule: after-block)
3. Linters bug fixes
   • modernize: from 0.41.0 to 0.42.0
   • prealloc: from 1.0.1 to 1.0.2
   • protogetter: from 0.3.18 to 0.3.20
4. Misc.
   • Log information about files when configuration verification
   • Emit an error when no linters enabled
   • Do not collect VCS information when loading code

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci-robot]

@red-hat-konflux[bot]: This pull request explicitly references no jira issue.

Details

In response to this:

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/golangci/golangci-lint	v2.8.0 -> v2.11.1

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.11.1

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Released on 2026-03-06

1. Linters new features or changes

• errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
• gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
• noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
• prealloc: from 1.0.2 to 1.1.0
• revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)

2. Linters bug fixes

• gocognit: from 1.2.0 to 1.2.1
• gosec: from 2.24.6 to 2.24.7
• unqueryvet: from 1.5.3 to 1.5.4

v2.10.1

Compare Source

Released on 2026-02-17

1. Fixes

• buildssa panic

v2.10.0

Compare Source

Released on 2026-02-17

1. Linters new features or changes

• ginkgolinter: from 0.22.0 to 0.23.0
• gosec: from 2.22.11 to 2.23.0 (new rules: G117, G602, G701, G702, G703, G704, G705, G706)
• staticcheck: from 0.6.1 to 0.7.0

2. Linters bug fixes

• godoclint: from 0.11.1 to 0.11.2

v2.9.0

Compare Source

Released on 2026-02-10

1. Enhancements

• 🎉 go1.26 support

2. Linters new features or changes

• arangolint: from 0.3.1 to 0.4.0 (new rule: detect potential query injections)
• ginkgolinter: from 0.21.2 to 0.22.0 (support for wrappers)
• golines: from 0.14.0 to 0.15.0
• misspell: from 0.7.0 to 0.8.0
• revive: from v1.13.0 to v1.14.0 (new rules: epoch-naming, use-slices-sort)
• unqueryvet: from 1.4.0 to 1.5.3 (new options: check-n1, check-sql-injection, check-tx-leaks, allow, custom-rules)
• wsl_v5: from 5.3.0 to 5.6.0 (new rule: after-block)

3. Linters bug fixes

• modernize: from 0.41.0 to 0.42.0
• prealloc: from 1.0.1 to 1.0.2
• protogetter: from 0.3.18 to 0.3.20

4. Misc.

• Log information about files when configuration verification
• Emit an error when no linters enabled
• Do not collect VCS information when loading code

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

The Dockerfile.assisted-installer-build was modified to bump the GolangCI-Lint installation from v2.8.0 to v2.11.3; no other commands or build steps were changed.

Changes

Cohort / File(s)	Summary
GolangCI-Lint Version Update Dockerfile.assisted-installer-build	Replaced GolangCI-Lint v2.8.0 with v2.11.3 in the RUN install sequence (single-line version bump).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title states v2.11.4 but the actual change updates golangci-lint to v2.11.3, creating a mismatch between the title and the actual implementation.	Update the PR title to reflect the correct version: 'NO-ISSUE: Update module github.com/golangci/golangci-lint to v2.11.3'

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/master/linter

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile.assisted-installer-build`:
- Line 5: The Dockerfile RUN that downloads and executes the golangci-lint
installer uses the mutable master branch URL (the curl | sh pipeline) while
installing v2.11.1; change the download URL in that RUN line to a pinned,
immutable release URL for v2.11.1 (e.g., the raw file or releases/download path
for tag v2.11.1) so the installer script matches the version being installed
(and optionally add a checksum verification step), keeping the rest of the
invocation (-s -- -b $(go env GOPATH)/bin v2.11.1) unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8b390c51-39dc-4adb-9e60-50a3092d3146

📥 Commits

Reviewing files that changed from the base of the PR and between c3de390 and 3463ba0.

📒 Files selected for processing (1)

• Dockerfile.assisted-installer-build

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.82%. Comparing base (28bc267) to head (b414a81).

⚠️ Current head b414a81 differs from pull request most recent head 9fe58e5

Please upload reports for the commit 9fe58e5 to get more accurate results.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2046   +/-   ##
=======================================
  Coverage   48.82%   48.82%           
=======================================
  Files          20       20           
  Lines        4397     4397           
=======================================
  Hits         2147     2147           
  Misses       2026     2026           
  Partials      224      224           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[openshift-ci]

New changes are detected. LGTM label has been removed.

[coderabbitai]

♻️ Duplicate comments (1)

Dockerfile.assisted-installer-build (1)

5-5: ⚠️ Potential issue | 🟠 Major

Pin install.sh to the same golangci-lint tag.

Line 5 still downloads the installer from master while installing v2.11.2. That keeps the build non-reproducible and weakens supply-chain guarantees because the script can change independently of the versioned artifact.

🔧 Proposed hardening

-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.11.2 && \
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/v2.11.2/install.sh | sh -s -- -b "$(go env GOPATH)/bin" v2.11.2 && \

#!/bin/bash
set -euo pipefail

echo "=== Dockerfile line ==="
sed -n '5p' Dockerfile.assisted-installer-build

echo
echo "=== Compare installer scripts ==="
for ref in master v2.11.2; do
  url="https://raw.githubusercontent.com/golangci/golangci-lint/${ref}/install.sh"
  curl -fsSL "$url" -o "/tmp/golangci-${ref}.sh"
  printf '%s sha256=%s size=%s\n' \
    "$ref" \
    "$(sha256sum "/tmp/golangci-${ref}.sh" | awk '{print $1}')" \
    "$(wc -c < "/tmp/golangci-${ref}.sh")"
done

echo
if cmp -s /tmp/golangci-master.sh /tmp/golangci-v2.11.2.sh; then
  echo "master and v2.11.2 install.sh are identical"
else
  echo "master and v2.11.2 install.sh differ"
  diff -u /tmp/golangci-v2.11.2.sh /tmp/golangci-master.sh | sed -n '1,40p'
fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile.assisted-installer-build` at line 5, The Dockerfile downloads the
golangci-lint installer from master while installing v2.11.2, which makes the
build non-reproducible; update the curl invocation that currently fetches
"https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh" so
it references the matching tag (v2.11.2) instead of master (e.g., use the URL
with the v2.11.2 ref) so the installer script and the installed version are
pinned together in the RUN line that calls install.sh and sh -s -- -b $(go env
GOPATH)/bin v2.11.2.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@Dockerfile.assisted-installer-build`:
- Line 5: The Dockerfile downloads the golangci-lint installer from master while
installing v2.11.2, which makes the build non-reproducible; update the curl
invocation that currently fetches
"https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh" so
it references the matching tag (v2.11.2) instead of master (e.g., use the URL
with the v2.11.2 ref) so the installer script and the installed version are
pinned together in the RUN line that calls install.sh and sh -s -- -b $(go env
GOPATH)/bin v2.11.2.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fcd259cb-b2a2-4c58-921f-c9663df4a568

📥 Commits

Reviewing files that changed from the base of the PR and between c5e8ea7 and 4ebd824.

📒 Files selected for processing (1)

• Dockerfile.assisted-installer-build

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@red-hat-konflux[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-deps	73a8c86	link	true	/test verify-deps

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.