From 84b0b81996f85ee4db11f4994c6428f1e97d8856 Mon Sep 17 00:00:00 2001
From: vmfunc <celeste@linux.com>
Date: Fri, 24 Apr 2026 08:53:43 -0700
Subject: [PATCH] ci: bump go toolchain to 1.25 and migrate golangci-lint to v2

nuclei/v3 v3.8.0 (PR #97) requires go >= 1.25.7 in go.mod.
this breaks the existing CI pinned to go 1.24:

  - build: "go.mod requires go >= 1.25.7 (running go 1.24.13;
    GOTOOLCHAIN=local)"
  - lint:  "the Go language version (go1.24) used to build
    golangci-lint is lower than the targeted Go version (1.25.7)"

bumps setup-go to 1.25 across all workflows and moves the lint
job to golangci-lint-action v8 with golangci-lint v2.11.4 (built
with go 1.25). migrates .golangci.yml to the v2 schema:

  - version: "2"
  - linters-settings -> linters.settings
  - issues.exclude-rules -> linters.exclusions.rules
  - drop gosimple (merged into staticcheck in v2)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/code_quality.yml |  2 +-
 .github/workflows/go.yml           |  8 +--
 .github/workflows/govulncheck.yml  |  2 +-
 .github/workflows/release.yml      |  2 +-
 .github/workflows/runtest.yml      |  2 +-
 .golangci.yml                      | 89 +++++++++++++++---------------
 6 files changed, 54 insertions(+), 51 deletions(-)

diff --git a/.github/workflows/code_quality.yml b/.github/workflows/code_quality.yml
index 4ccba68..4a56bda 100644
--- a/.github/workflows/code_quality.yml
+++ b/.github/workflows/code_quality.yml
@@ -26,7 +26,7 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: initialize codeql
         uses: github/codeql-action/init@v4
         with:
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 6165ede..f83666b 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -21,17 +21,17 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v6
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v8
         with:
-          version: latest
+          version: v2.11.4
 
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: ["1.24"]
+        go-version: ["1.25"]
     steps:
       - uses: actions/checkout@v6
       - name: set up go
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 98d64b5..317948e 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -19,7 +19,7 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@v1.1.4
       - name: run govulncheck
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0c4fe79..0937c07 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version: "1.25"
 
       - name: extract version
         run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
diff --git a/.github/workflows/runtest.yml b/.github/workflows/runtest.yml
index 9916575..5ca397e 100644
--- a/.github/workflows/runtest.yml
+++ b/.github/workflows/runtest.yml
@@ -18,7 +18,7 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24"
+          go-version: "1.25"
       - name: build sif
         run: make
       - name: run sif with features
diff --git a/.golangci.yml b/.golangci.yml
index 9630991..3dd8568 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,10 +1,15 @@
+version: "2"
+
+run:
+  timeout: 5m
+  issues-exit-code: 1
+
 linters:
   enable:
     - errcheck      # check error returns
     - govet         # suspicious constructs
-    - staticcheck   # advanced static analysis
+    - staticcheck   # advanced static analysis (absorbs gosimple in v2)
     - unused        # unused code
-    - gosimple      # simplifications
     - ineffassign   # useless assignments
     - misspell      # spelling mistakes
     - gocritic      # opinionated lints
@@ -18,49 +23,47 @@ linters:
     - wastedassign  # assignments to variables never read
     - usetesting    # os.Setenv in tests instead of t.Setenv, etc.
 
-linters-settings:
-  govet:
-    enable-all: true
-    disable:
-      - fieldalignment  # too many structs to reorder, risks breaking serialization
-      - shadow          # common Go pattern, too noisy
-      - unusedwrite     # false positives on test data structs
-  errcheck:
-    check-blank: false
-    exclude-functions:
-      - github.com/dropalldatabases/sif/internal/logger.Write  # log writes are best-effort
-  revive:
-    rules:
-      - name: exported
-        disabled: true  # stuttering names (scan.ScanResult) require breaking API changes
-  gocritic:
-    enabled-tags:
-      - diagnostic
-      - style
-      - performance
-    disabled-checks:
-      - commentedOutCode   # too opinionated for a project with TODO comments
-      - paramTypeCombine   # style-only, not worth churn
-      - unnamedResult      # style-only
-      - unnecessaryDefer   # common pattern in tests
-      - nestingReduce      # inverting conditions in scan logic hurts readability
-  gosec:
-    excludes:
-      - G104  # errcheck covers this
-      - G107  # pentesting tool -- variable URLs are the whole point
-      - G110  # nuclei template decompression, acceptable context
-      - G304  # sif reads user-supplied wordlist paths -- intentional
+  settings:
+    govet:
+      enable-all: true
+      disable:
+        - fieldalignment  # too many structs to reorder, risks breaking serialization
+        - shadow          # common Go pattern, too noisy
+        - unusedwrite     # false positives on test data structs
+    errcheck:
+      check-blank: false
+      exclude-functions:
+        - github.com/dropalldatabases/sif/internal/logger.Write  # log writes are best-effort
+    revive:
+      rules:
+        - name: exported
+          disabled: true  # stuttering names (scan.ScanResult) require breaking API changes
+    gocritic:
+      enabled-tags:
+        - diagnostic
+        - style
+        - performance
+      disabled-checks:
+        - commentedOutCode   # too opinionated for a project with TODO comments
+        - paramTypeCombine   # style-only, not worth churn
+        - unnamedResult      # style-only
+        - unnecessaryDefer   # common pattern in tests
+        - nestingReduce      # inverting conditions in scan logic hurts readability
+    gosec:
+      excludes:
+        - G104  # errcheck covers this
+        - G107  # pentesting tool -- variable URLs are the whole point
+        - G110  # nuclei template decompression, acceptable context
+        - G304  # sif reads user-supplied wordlist paths -- intentional
 
-run:
-  timeout: 5m
-  issues-exit-code: 1
+  exclusions:
+    rules:
+      # test files get some slack
+      - path: _test\.go
+        linters:
+          - errcheck
+          - noctx
 
 issues:
   max-issues-per-linter: 50
   max-same-issues: 50
-  exclude-rules:
-    # test files get some slack
-    - path: _test\.go
-      linters:
-        - errcheck
-        - noctx