Run go-makefile-maker

sapcc-bot · sapcc-bot · commit fd9be7a9b6c0 · 2026-02-26T19:02:24.000Z
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -12,7 +12,7 @@
   ],
   "commitMessageAction": "Renovate: Update",
   "constraints": {
-    "go": "1.25"
+    "go": "1.26"
   },
   "dependencyDashboardOSVVulnerabilitySummary": "all",
   "osvVulnerabilityAlerts": true,
diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
@@ -29,7 +29,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.25.7
+          go-version: 1.26.0
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v9
         with:
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -32,7 +32,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.25.7
+          go-version: 1.26.0
       - name: Build all binaries
         run: make build-all
   code_coverage:
@@ -65,7 +65,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.25.7
+          go-version: 1.26.0
       - name: Run tests and generate coverage report
         run: make build/cover.out
       - name: Archive code coverage results
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -32,7 +32,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.25.7
+          go-version: 1.26.0
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4
         with:
diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           check-latest: true
-          go-version: 1.25.7
+          go-version: 1.26.0
       - name: Install syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Generate release info
@@ -36,7 +36,7 @@ jobs:
           mkdir -p build
           release-info CHANGELOG.md "$(git describe --tags --abbrev=0)" > build/release-info
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
         with:
           args: release --clean --release-notes=./build/release-info
           version: latest
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -136,6 +136,8 @@ linters:
       excludes:
         # gosec wants us to set a short ReadHeaderTimeout to avoid Slowloris attacks, but doing so would expose us to Keep-Alive race conditions (see https://iximiuz.com/en/posts/reverse-proxy-http-keep-alive-and-502s/
         - G112
+        # if we put a password or token into a serialized payload, guess what, we probably did that on purpose
+        - G117
         # created file permissions are restricted by umask if necessary
         - G306
         # the following lints cause false-positives in many repositories, should be fixed with the next release. (see https://github.com/securego/gosec/issues/1500)
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/sapcc/git-cert-shim
 
-go 1.25
+go 1.26
 
 require (
 	github.com/cert-manager/cert-manager v1.18.2
diff --git a/shell.nix b/shell.nix
@@ -9,7 +9,7 @@ mkShell {
   nativeBuildInputs = [
     addlicense
     go-licence-detector
-    go_1_25
+    go_1_26
     golangci-lint
     goreleaser
     gotools # goimports
