chore: Add Code Static Analysis GH Workflow

[ykaiboussiSO]

Description

• Add golangci-lint as tool dependency in go.mod
• Create CI Workflow to run code static analysis

Resolves: PQE-404

Type of Change

• Chore (a change that does not modify the application functionality)
• Bug fix (a change that fixes an issue)
• New feature / enhancement (a change that adds new functionality)
• Refactor (no behaviour change)
• Test coverage
• Build / CI / tooling
• Documentation

Testing

• Unit tests added / updated
• Integration tests added / updated
• Manual integration tests run (go test -tags manual_integration ./integration/...)

Screenshots (if appropriate):

Driver Impact

• PostgreSQL driver (drivers/pg)
• Neo4j driver (drivers/neo4j)

Checklist

• Code is formatted
• All existing tests pass
• go.mod / go.sum are up to date if dependencies changed

Summary by CodeRabbit

• Chores
  • Implemented automated static code analysis for pull requests
  • Added code quality and formatting linting configuration
  • Updated Go module dependencies and development tooling packages

[coderabbitai]

Walkthrough

A static analysis pipeline infrastructure was established for the project. A GitHub Actions workflow was added to automatically execute GolangCI-Lint on pull requests targeting main and stage/** branches. Supporting GolangCI-Lint configuration and Go module tooling entries were introduced to enable this analysis execution.

Changes

Cohort / File(s)	Summary
CI/CD Static Analysis Pipeline .github/workflows/run-static-analysis.yml	Added GitHub Actions workflow named "Run Code Static Analysis" that triggers on PR opened and synchronize events for main and stage/** branches. Configures checkout, Go installation with caching, and executes golangci-lint run ./... with continue-on-error: true.
Linting Configuration .golangci.yml	Added GolangCI-Lint configuration (version 2) with errcheck linter disabled and gofmt/goimports formatters enabled.
Go Module Dependencies and Tooling go.mod	Added extensive indirect dependencies (primarily GolangCI-Lint-related linters and formatters), updated github.com/lib/pq to v1.11.2 and google.golang.org/protobuf to v1.36.8, and added tool directive for github.com/golangci/golangci-lint/v2/cmd/golangci-lint.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Hop hop! The linters now arrive,
With golangci to help code thrive,
No more bugs hiding from our sight,
Static checks will make it right! ✨
Quality code on every hop!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding a GitHub Actions workflow for code static analysis, which aligns with the primary changes across all modified files.
Description check	✅ Passed	The description includes the required sections with most key information: a brief explanation, the related ticket (PQE-404), the correct Type of Change checkbox (Chore), and a checklist. However, the Checklist items are left unchecked, and Build/CI/tooling checkbox is not marked despite this being a tooling PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch PQE-404

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

.github/workflows/run-static-analysis.yml (2)

42-45: Consider adding output formatting for better CI integration.

Adding output formatting (e.g., --out-format=github-actions) provides better integration with GitHub's annotation system, making issues easier to discover directly in the PR diff view.

💡 Proposed enhancement

       - name: Run Analysis
         run: |
-          go tool golangci-lint run ./...
+          go tool golangci-lint run --out-format=github-actions ./...

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/run-static-analysis.yml around lines 42 - 45, Update the
"Run Analysis" workflow step so the golangci-lint invocation emits GitHub
Actions annotations: modify the command "go tool golangci-lint run ./..." to
include the output format flag (e.g., add --out-format=github-actions) so lint
findings surface as PR annotations; ensure the step name "Run Analysis" keeps
continue-on-error: true if desired.

---

24-26: Consider adding reopened event type for completeness.

The workflow triggers on opened and synchronize events but not reopened. Adding reopened ensures static analysis runs when a closed PR is reopened.

✨ Proposed addition

     types:
       - "opened"
       - "synchronize"
+      - "reopened"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/run-static-analysis.yml around lines 24 - 26, Add the
"reopened" pull_request type to the workflow trigger types so the static
analysis job also runs when a previously closed PR is reopened; update the types
array (currently containing "opened" and "synchronize") to include "reopened"
alongside those entries to ensure the workflow triggers on reopened PRs as well.

go.mod (1)

3-3: Consider updating Go version to 1.25.8 or later.

Go 1.25.0 is a valid, released version. However, Go 1.25.8 is available as a more recent patch in the same minor version series, and Go 1.26.1 is the latest stable release. Using an older patch version may miss important security fixes and improvements. Update go 1.25.0 to a more current version.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, Update the Go toolchain version in go.mod by replacing the
existing directive "go 1.25.0" with a newer patch/minor release (e.g., "go
1.25.8" or "go 1.26.1") so the module uses a Go release that includes recent
security fixes and improvements; locate the "go 1.25.0" directive in go.mod and
change it to the chosen newer version.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/run-static-analysis.yml:
- Around line 42-45: The CI step named "Run Analysis" currently sets
continue-on-error: true which allows golangci-lint failures to pass; remove the
continue-on-error: true key from that step so lint failures fail the job, and
optionally update the run command (the golangci-lint invocation) to use
--new-from-rev=<rev> or other flags if you want to enforce only new issues;
ensure you only modify the "Run Analysis" step and retain the existing
golangci-lint run ./... invocation otherwise.

In @.golangci.yml:
- Around line 3-4: The configuration currently disables the entire errcheck
linter; re-enable errcheck (remove the "- errcheck" entry) and, if certain
unchecked errors must be ignored, add targeted exclusions instead using
golangci-lint's configuration (e.g., add linters-settings for errcheck or use
exclude/exclude-rules or excludePatterns to silence specific files, functions,
or error-return patterns). Ensure the symbol "errcheck" is not listed under
disable and create precise exclude rules for known safe exceptions rather than
disabling the linter globally.

---

Nitpick comments:
In @.github/workflows/run-static-analysis.yml:
- Around line 42-45: Update the "Run Analysis" workflow step so the
golangci-lint invocation emits GitHub Actions annotations: modify the command
"go tool golangci-lint run ./..." to include the output format flag (e.g., add
--out-format=github-actions) so lint findings surface as PR annotations; ensure
the step name "Run Analysis" keeps continue-on-error: true if desired.
- Around line 24-26: Add the "reopened" pull_request type to the workflow
trigger types so the static analysis job also runs when a previously closed PR
is reopened; update the types array (currently containing "opened" and
"synchronize") to include "reopened" alongside those entries to ensure the
workflow triggers on reopened PRs as well.

In `@go.mod`:
- Line 3: Update the Go toolchain version in go.mod by replacing the existing
directive "go 1.25.0" with a newer patch/minor release (e.g., "go 1.25.8" or "go
1.26.1") so the module uses a Go release that includes recent security fixes and
improvements; locate the "go 1.25.0" directive in go.mod and change it to the
chosen newer version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dc996af0-15d4-41ee-aaa3-ba850ae459f3

📥 Commits

Reviewing files that changed from the base of the PR and between 2380370 and 731ca05.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• .github/workflows/run-static-analysis.yml
• .golangci.yml
• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Major: Remove continue-on-error: true to enforce code quality standards.

Setting continue-on-error: true means linting failures will not block pull requests, effectively making static analysis advisory rather than enforced. This significantly reduces the value of adding static analysis to your CI pipeline.

If the current codebase has many existing violations that need to be addressed gradually, consider using golangci-lint's --new-from-rev flag to enforce standards only on new code, or configure specific exclusions in .golangci.yml.

🔒 Proposed fix: Remove continue-on-error and optionally check only new code

       - name: Run Analysis
-        continue-on-error: true
         run: |
           go tool golangci-lint run ./...
+
+# Alternative: Only check new code if fixing all existing issues is not feasible
+#       - name: Run Analysis (new code only)
+#         run: |
+#           go tool golangci-lint run --new-from-rev=origin/${{ github.base_ref }} ./...

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/run-static-analysis.yml around lines 42 - 45, The CI step
named "Run Analysis" currently sets continue-on-error: true which allows
golangci-lint failures to pass; remove the continue-on-error: true key from that
step so lint failures fail the job, and optionally update the run command (the
golangci-lint invocation) to use --new-from-rev=<rev> or other flags if you want
to enforce only new issues; ensure you only modify the "Run Analysis" step and
retain the existing golangci-lint run ./... invocation otherwise.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Do not disable the errcheck linter.

Disabling errcheck removes detection of unchecked error returns, which is a common source of correctness bugs and security vulnerabilities in Go. Unchecked errors can lead to silent failures, data corruption, resource leaks, and security issues.

If specific error checks need to be excluded, use targeted exclusions rather than disabling the entire linter.

✅ Proposed fix: Enable errcheck with targeted exclusions if needed

-linters:
-  disable:
-    - errcheck
+linters:
+  enable:
+    - errcheck
+# If specific exclusions are needed:
+# linters-settings:
+#   errcheck:
+#     exclude-functions:
+#       - fmt.Print.*

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	disable:
	- errcheck
	linters:
	enable:
	- errcheck
	# If specific exclusions are needed:
	# linters-settings:
	# errcheck:
	# exclude-functions:
	# - fmt.Print.*

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.golangci.yml around lines 3 - 4, The configuration currently disables the
entire errcheck linter; re-enable errcheck (remove the "- errcheck" entry) and,
if certain unchecked errors must be ignored, add targeted exclusions instead
using golangci-lint's configuration (e.g., add linters-settings for errcheck or
use exclude/exclude-rules or excludePatterns to silence specific files,
functions, or error-return patterns). Ensure the symbol "errcheck" is not listed
under disable and create precise exclude rules for known safe exceptions rather
than disabling the linter globally.

[urangel]

I agree with the 🐇 here in that we would benefit from hard failing given that the static analysis is of value. We may need to tackle the current findings in order to enable merging this check into main