NO-ISSUE: Update module github.com/golangci/golangci-lint to v2.12.2

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/golangci/golangci-lint	v2.11.4 → v2.12.2

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

v2.12.1

Compare Source

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Compare Source

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d to c99c5cf (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce21 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci-robot]

@red-hat-konflux[bot]: This pull request explicitly references no jira issue.

Details

In response to this:

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/golangci/golangci-lint	v2.11.4 → v2.12.0

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.12.0

Compare Source

Released on 2026-05-01

1. New linters

• Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter

2. Linters new features or changes

• dupl: from f665c8d to c99c5cf (extended detection)
• funcorder: from 0.5.0 to 0.6.0 (new option: function)
• goconst: add an option to ignore strings from tests
• goconst: from 1.8.2 to 1.10.0 (extended detection)
• gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
• gosec: from 619ce21 to 2.26.1 (new checks: G124, G708, G709, G710)
• govet: add inline analyzer
• makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
• paralleltest: expose checkcleanup option
• sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
• wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)

3. Linters bug fixes

• forbidigo: from 2.3.0 to 2.3.1
• godot: from 1.5.4 to 1.5.6
• govet-modernize: from 0.43.0 to 0.44.0
• ireturn: from 0.4.0 to 0.4.1
• rowserrcheck: from 1.1.1 to c5f79b8

4. Misc.

• Decrease cache entropy
• Embed the JSON schema in the binary
• Filter env vars when cloning the repository with the custom command

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Two Dockerfiles update the pinned golangci-lint installer version from v2.11.4 to v2.12.1; the install script, invocation, and target binary destination remain unchanged.

Changes

Golangci-lint version bumps

Layer / File(s)	Summary
Installer version Dockerfile.assisted-service-build, ci-images/Dockerfile.lint	Pin golangci-lint installer argument to v2.12.1 (was v2.11.4).
Installer invocation / destination Dockerfile.assisted-service-build, ci-images/Dockerfile.lint	Invocation still uses the upstream install.sh and installs to the same destination (e.g., $(go env GOPATH)/bin or -b /usr/bin).
Tests / Documentation (none)	No test or documentation changes in this PR.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title states 'v2.12.2' but the actual changes in the Dockerfiles update to v2.12.1, creating a discrepancy between the title and the changeset.	Correct the title to reference v2.12.1, the actual version being installed in the Dockerfile changes.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only Dockerfile files to update golangci-lint version; no test files or Ginkgo tests are modified.
Test Structure And Quality	✅ Passed	PR only updates golangci-lint version in Dockerfile files with no Ginkgo test code modifications.
Microshift Test Compatibility	✅ Passed	PR contains only Dockerfile changes updating golangci-lint version; no new Ginkgo e2e tests added or modified, so MicroShift compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR only updates golangci-lint version in Dockerfiles with no Ginkgo e2e tests added.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only Dockerfile build tool versions (golangci-lint), not scheduling constraints or topology-aware deployment configurations.
Ote Binary Stdout Contract	✅ Passed	PR contains only Dockerfile modifications for golangci-lint dependency update; no Go/proto source code changes detected, making this check not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only updates golangci-lint version in Dockerfile files; no Ginkgo e2e test code is added, modified, or introduced.
Description check	✅ Passed	The description is mostly complete with relevant context about the dependency update, release notes, and configuration information, covering the primary aspects of the change.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/master/linter

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

ci-images/Dockerfile.lint (1)

3-3: 🏗️ Heavy lift

Supply-chain risk: piping a remote installer script into sh

Line 3 uses curl .../install.sh | sh .... Even though this is the standard golangci-lint install pattern, it weakens supply-chain integrity guarantees for the build context.

Consider improving this by:

• pinning the installer script URL to a specific commit/tag (not main), and/or
• verifying the downloaded script (or the installed binary) via checksum/signature.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-images/Dockerfile.lint` at line 3, The RUN line that pipes the remote
installer into sh (the golangci-lint install command) creates a supply-chain
risk; change it to download a specific, pinned installer URL (use a fixed
commit/tag instead of main) and verify integrity before execution (for example
fetch the installer to a file, validate its checksum or signature, then run it),
or alternatively download the golangci-lint release binary for the pinned
version and verify its checksum/signature before installing; update the RUN
statement accordingly to reference the pinned version and include verification
steps instead of piping to sh.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@ci-images/Dockerfile.lint`:
- Line 3: The RUN line that pipes the remote installer into sh (the
golangci-lint install command) creates a supply-chain risk; change it to
download a specific, pinned installer URL (use a fixed commit/tag instead of
main) and verify integrity before execution (for example fetch the installer to
a file, validate its checksum or signature, then run it), or alternatively
download the golangci-lint release binary for the pinned version and verify its
checksum/signature before installing; update the RUN statement accordingly to
reference the pinned version and include verification steps instead of piping to
sh.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: de58e1ee-e41d-4455-a0dd-76a95eb2ff85

📥 Commits

Reviewing files that changed from the base of the PR and between 9becb36 and b18d74c.

📒 Files selected for processing (2)

• Dockerfile.assisted-service-build
• ci-images/Dockerfile.lint

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 44.35%. Comparing base (b8b5e5d) to head (1792647).

⚠️ Current head 1792647 differs from pull request most recent head a70544e

Please upload reports for the commit a70544e to get more accurate results.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #10268   +/-   ##
=======================================
  Coverage   44.35%   44.35%           
=======================================
  Files         416      416           
  Lines       72808    72808           
=======================================
+ Hits        32295    32297    +2     
+ Misses      37579    37578    -1     
+ Partials     2934     2933    -1     

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 9becb36 and 2 for PR HEAD b18d74c in total

[openshift-ci]

New changes are detected. LGTM label has been removed.

[coderabbitai]

🧹 Nitpick comments (1)

ci-images/Dockerfile.lint (1)

3-3: Consider pinning install.sh to the version tag as a best practice.

At Line 3, the binary version is pinned (v2.12.1) but the installer script is fetched from main. While the current scripts are identical, pinning the installer URL to the version tag makes the build future-proof against potential script changes and improves supply-chain clarity.

🔧 Suggested patch

-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/main/install.sh | sh -s -- -b /usr/bin v2.12.1
+ARG GOLANGCI_LINT_VERSION=v2.12.1
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/${GOLANGCI_LINT_VERSION}/install.sh \
+  | sh -s -- -b /usr/bin ${GOLANGCI_LINT_VERSION}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-images/Dockerfile.lint` at line 3, Replace the installer URL fetched in
the RUN command so it is pinned to the same release tag as the binary (v2.12.1)
instead of using the `main` branch; update the invocation that currently pipes
https://raw.githubusercontent.com/golangci/golangci-lint/main/install.sh to curl
so it fetches the install.sh for tag v2.12.1, keeping the existing `sh -s -- -b
/usr/bin v2.12.1` arguments intact to ensure the installer and binary versions
match.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@ci-images/Dockerfile.lint`:
- Line 3: Replace the installer URL fetched in the RUN command so it is pinned
to the same release tag as the binary (v2.12.1) instead of using the `main`
branch; update the invocation that currently pipes
https://raw.githubusercontent.com/golangci/golangci-lint/main/install.sh to curl
so it fetches the install.sh for tag v2.12.1, keeping the existing `sh -s -- -b
/usr/bin v2.12.1` arguments intact to ensure the installer and binary versions
match.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f4a2c12a-b6c3-4721-b8aa-27e6067eaff2

📥 Commits

Reviewing files that changed from the base of the PR and between b18d74c and 0a82d2f.

📒 Files selected for processing (2)

• Dockerfile.assisted-service-build
• ci-images/Dockerfile.lint

✅ Files skipped from review due to trivial changes (1)

• Dockerfile.assisted-service-build

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/edge-subsystem-kubeapi-aws	1792647	link	true	/test edge-subsystem-kubeapi-aws
ci/prow/edge-lint	1792647	link	true	/test edge-lint
ci/prow/edge-e2e-ai-operator-ztp	1792647	link	true	/test edge-e2e-ai-operator-ztp
ci/prow/edge-subsystem-aws	1792647	link	true	/test edge-subsystem-aws
ci/prow/edge-e2e-metal-assisted-4-22	1792647	link	true	/test edge-e2e-metal-assisted-4-22

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.