build(go): upgrade Go toolchain to 1.26.3 + golangci-lint to v2.12.2#43
Merged
Conversation
Brainstormed design for upgrading the Operation Cache Controller from Go 1.24 to Go 1.26 with idiomatic modernization across the codebase. Approach: 7 sequential stacked PRs (toolchain bump → mockgen regen → direct dep upgrades → golangci-lint + new linters with suppressions → mechanical refactor → idiomatic library swaps → Go 1.26-specific features). Scope explicitly excludes structural and behavioral changes. Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
golangci-lint v1.64.8 was built with Go 1.24 and refuses to parse source targeting Go 1.26. v1.64.8 is the last v1.x release, so v2 is the only forward path. .golangci.yml migrated to v2 schema; lint surface kept equivalent to the prior config.
The Microsoft Go 1.26 base image defaults GOEXPERIMENT=systemcrypto, which routes crypto/* through OpenSSL via cgo and requires CGO_ENABLED=1. ms_nocgo_opensslcrypto keeps the OpenSSL backend (FIPS-friendly) but resolves libssl via dlopen at runtime, so CGO_ENABLED=0 still produces a static binary suitable for the distroless final stage. Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
The previous attempt (ms_nocgo_opensslcrypto) avoided CGO at link time but
still dlopens libssl at runtime, which requires glibc's dynamic linker in
the final image. The distroless/minimal:3.0 base ships neither, so the
manager container failed to start with:
exec /manager: no such file or directory
Disable systemcrypto entirely so Go's pure-Go crypto is used; the resulting
binary is fully static and runs on the minimal distroless image as before.
Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
1.24.0→1.26.3(go.mod,Dockerfile,CLAUDE.md)golangci-lintfromv1.64.8→v2.12.2because v1.64.8 (the last v1.x release) cannot lint Go 1.26 source —.golangci.ymlmigrated to v2 schemago-version-file: go.mod; onlylint.ymlneeded an action/version bumpThis is the toolchain-bump slice (PR #1) of the broader Go 1.26 modernization effort designed in
docs/superpowers/specs/2026-05-08-go126-modernization-design.md. The linter bump (originally PR #4 in that design) was pulled forward into this PR because v1.64.8 hard-fails on Go 1.26 source. Source-code modernization (any,range n,errors.Join, etc.) and dependency upgrades remain in subsequent PRs.Key changes
go.modgo 1.24.0→go 1.26.0, addtoolchain go1.26.3, dropgodebug default=go1.24Dockerfilemcr.microsoft.com/oss/go/microsoft/golang:1.24→:1.26MakefileGOLANGCI_LINT_VERSIONv1.64.8→v2.12.2; install path.../v2/cmd/golangci-lint.golangci.yml.github/workflows/lint.ymlgolangci-lint-action@v6→@v8,version: v2.12.2CLAUDE.mdNotes
.gosource files were touched. All public API surfaces, reconciler logic, finalizers, requeue intervals, owner references, and label/annotation keys are unchanged.staticcheck.checksis set to[\"all\", \"-ST*\", \"-QF*\"]to suppress style/quickfix checks newly merged into staticcheck in v2 (these were not enabled under v1.64.8). They surface ~57 pre-existing nits worth a follow-up PR but are not introduced by this PR.Test Plan