chore(lint): tighten golangci-lint for agents, normalize mock filenames, add yq#404
Merged
Conversation
…es, add yq - Tighten complexity caps for autonomous-agent workflows: cyclop max-complexity 30->15, package-average 10->8, gocognit 20->12, funlen 100/50->60/40 - Normalize prefix-style test doubles to the suffix convention so the mocks/stubs lint-exclusion rules match them: mock_*.go -> *_mock.go, fake_client.go -> stubs.go - Add yq v4.53.3 to the build with checksum verification (extract-checksum.sh + sha256sum) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens golangci-lint thresholds for agent-driven changes, normalizes mock/stub filenames so existing lint exclusions match, and extends the build image tooling by adding yq with checksum verification.
Changes:
- Tighten lint complexity limits (cyclop/gocognit/funlen) and restructure
.golangci.ymlwhile keeping “new-from-merge-base: main” scoping. - Add/rename Go test doubles (whail/moby fakes, hostproxy mock manager, docker-layer fake client + tests) to align with
_mock.go/stubs.goconventions. - Add
yqinstallation in.clawker.yamlwith checksum verification.
Reviewed changes
Copilot reviewed 2 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pkg/whail/whailtest/stubs.go | Adds a function-field fake for moby/client.APIClient with call recording. |
| internal/hostproxy/hostproxytest/manager_mock.go | Adds a lightweight hostproxy.Service test double. |
| internal/docker/mocks/stubs.go | Adds a docker-layer fake client built on whailtest.FakeAPIClient. |
| internal/docker/mocks/stubs_test.go | Adds unit tests covering the docker-layer fake client behavior. |
| internal/docker/mocks/moby_mock.go | Adds HTTP-transport-based helpers for mocking moby client requests. |
| .golangci.yml | Tightens lint thresholds and reworks exclusions/settings. |
| .clawker.yaml | Installs yq into the build image with checksum validation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
new-from-merge-base: main can't resolve the `main` ref in CI (detached HEAD checkout, no local main branch), so golangci-lint silently fell back to reporting every issue against main instead of just the diff. The action's only-new-issues input fetches the real PR diff via the GitHub API and passes --new-from-patch, overriding the config new-from-* options; the config value stays correct for local pre-commit. Adds pull-requests read permission required to fetch the diff. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Keep new-from-merge-base: main as the single config knob (identical behavior for local pre-commit and CI). The CI checkout is a detached HEAD with no local main branch, so map origin's main to a local ref after checkout; fetch-depth: 0 already supplies the history for the merge-base. Replaces the action-side only-new-issues override. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace the extract-checksum.sh approach with the websocat-style pattern already used in this file: hardcode the per-arch yq release-binary SHA256 and verify via sha256sum -c. Removes build-time execution of an unpinned network-fetched script (the only such block here) plus the checksums and checksums_hashes_order fetches, pinning exact bytes per the CLAUDE.md integrity-verification policy. yq's checksums asset is a multi-hash rhash table, not sha256sum format, so direct validation needs the hardcoded hash rather than a grep | sha256sum -c. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
new-from-merge-base: main, so legacy isn't carpet-bombed._mock.go/stubs.gosuffix convention so themocks/stubslint-exclusion rules actually match them (two files previously escaped the exclusion and got fulldefault: alllinting):mock_manager.go→manager_mock.go,mock_moby.go→moby_mock.gofake_client.go→stubs.go(×2),fake_client_test.go→stubs_test.go_test.go,_GOOS.go); themock_prefix is a gomock package/type-ism, not a file convention.extract-checksum.sh→sha256sum -c; SHA-256 column self-discovered, not hardcoded).Verification
go build ./...— OKgolangci-lint config verify— validmocks//_mock.go/stubs.goexclusion regexes (Go RE2)OK🤖 Generated with Claude Code