Skip to content

Upgrade go and deps#1456

Merged
vcheung-stripe merged 13 commits intomasterfrom
upgrade-go-and-deps
Mar 18, 2026
Merged

Upgrade go and deps#1456
vcheung-stripe merged 13 commits intomasterfrom
upgrade-go-and-deps

Conversation

@tomer-stripe
Copy link
Copy Markdown
Collaborator

@tomer-stripe tomer-stripe commented Mar 5, 2026

Reviewers

r? @
cc @stripe/developer-products

Summary

This updates golang to latest, golangci to latest (and uses the new file format), updates github actions, and all our dependencies.

I also asked Claude to go through and fix linting issues and re-enable a few previously disabled ones. This is where we landed after a bit:

  Re-enabled (all suppressions removed):
  - SA1006 — 0 violations, was unnecessarily suppressed
  - SA1019 — Fixed 42 grpc.DialContext → grpc.NewClient calls + 1 root.SetOutput → root.SetOut/root.SetErr
  - ST1000 — Added package comments to ~20 packages
  - ST1003 — Renamed HttpStatusCode → HTTPStatusCode, AuthorizeHttpError → AuthorizeHTTPError
  - ST1005 — Lowercased ~20 error strings, removed trailing punctuation
  - ST1012 — Renamed jsonDataFlagInvalidErr → errJSONDataFlagInvalid
  - ST1016 — Fixed sampleManager receiver → s in create.go
  - ST1019 — Merged 2 duplicate imports (samples.go, tail.go)
  - ST1020 — Fixed BuildDataForV1Request comment format
  - QF1002/QF1003 — Converted 2 if-else chains to tagged switches
  - QF1008 — Simplified 4 embedded field selectors in tests
  - QF1012 — Replaced WriteString(Sprintf(...)) with Fprintf
  - govet printf — Re-enabled (0 violations)
  - govet nilness — Re-enabled after fixing 4 dead-code/tautological conditions

  Still suppressed (with good reason):
  - govet fieldalignment — 49 struct reordering suggestions, pure memory optimization, high churn / low value
  - govet shadow — 16 err shadowing instances, standard Go idiom, too noisy

@tomer-stripe tomer-stripe requested a review from a team as a code owner March 5, 2026 03:13
@tomer-stripe
Copy link
Copy Markdown
Collaborator Author

tomer-stripe commented Mar 5, 2026

I want to ideally merge #1441 before this one to make sure things work afterwards too.

@tomer-stripe tomer-stripe force-pushed the upgrade-go-and-deps branch 2 times, most recently from 7d3fdb1 to 3c045c8 Compare March 11, 2026 23:06
@tomer-stripe
Copy link
Copy Markdown
Collaborator Author

tomer-stripe commented Mar 12, 2026

r? @vcheung-stripe @vzhang-stripe

@vcheung-stripe
Copy link
Copy Markdown
Collaborator

vcheung-stripe commented Mar 18, 2026

Looking now! I'll resolve the conflicts and do some sanity checks.

tomer-stripe and others added 12 commits March 18, 2026 09:40
@tomer-stripe @claude @vcheung-stripe
Upgrade Go to 1.26.0, golangci-lint to v2, and update all dependencies
ed3e793 
- Bump Go from 1.24.1 to 1.26.0 across go.mod and all CI workflows
- Update all go.mod dependencies via go get -u, including grpc, protobuf,
  cobra, go-git, and go-github (v28 → v72 with import path update)
- Migrate .golangci.yml from v1 to v2 format (default: none, formatters
  section, exclusions restructure, suppress new ST/QF style checks)
- Upgrade golangci-lint from v1.64.2 to v2.10.1 in Makefile and CI
- Bump CI action versions (setup-go@v5, checkout@v4, golangci-lint-action@v9)
- Update protoc tooling versions in Makefile and CI

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Add CLAUDE.md with project context for Claude Code
6181d35 
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Re-enable all suppressed linters and fix violations
2dd30d0 
Remove all staticcheck and govet suppressions that were added during
the golangci-lint v2 migration, fixing the underlying issues instead:

- SA1019: Replace deprecated grpc.DialContext with grpc.NewClient (42 calls),
  replace root.SetOutput with SetOut/SetErr
- ST1000: Add package comments to all packages (~20)
- ST1003: Rename HttpStatusCode -> HTTPStatusCode, AuthorizeHttpError ->
  AuthorizeHTTPError
- ST1005: Lowercase error strings, remove trailing punctuation (~20)
- ST1012: Rename jsonDataFlagInvalidErr -> errJSONDataFlagInvalid
- ST1016: Fix inconsistent receiver name in samples/create.go
- ST1019: Merge duplicate imports in samples.go and tail.go
- ST1020: Fix comment format on BuildDataForV1Request
- QF1002/QF1003: Convert if-else chains to tagged switches
- QF1008: Simplify embedded field selectors in websocket tests
- QF1012: Use fmt.Fprintf instead of WriteString(Sprintf)
- govet nilness: Remove dead code (tautological nil checks in 4 files)
- govet printf: Re-enable (zero violations)
- Enable govet enable-all for broader analysis coverage

Only two govet analyzers remain disabled: fieldalignment (49 struct
reordering suggestions, pure optimization churn) and shadow (16
idiomatic err shadowing instances).

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Fix golangci-lint v2 config: move max-issues to CLI args
9f90be4 
In golangci-lint v2, max-issues-per-linter and max-same-issues are
CLI-only flags, not valid config file options. Move them to CLI args
in the Makefile and CI workflow. Also remove stale TODO comment.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Fix test expectations for lowercased error strings
b7227f2 
Update test assertions to match error strings that were lowercased
in the ST1005 linter fix, plus one additional ST1005 violation in
plugins/utilities.go surfaced after rebase.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Regenerate protobuf code with updated protoc-gen-go and protoc-gen-go…
c5e60b5 
…-grpc

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Work around Go 1.26.0 linker crash on darwin/arm64 with -race
90f99cf 
Set CGO_ENABLED=0 for tests to avoid a nil pointer dereference in
the arm64 linker's gensymlate function when building large race-
instrumented binaries (golang/go#77593).

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Fix CGO_ENABLED=0 workaround: apply only on macOS CI
bb40a53 
CGO_ENABLED=0 with -race is not supported on Linux. Move the
workaround for the Go 1.26.0 linker crash (golang/go#77593) from
the Makefile to the CI workflow, applying it only on macOS runners.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Move CGO_ENABLED=0 workaround to Makefile with OS detection
aa1290f 
Use a Makefile conditional to set CGO_ENABLED=0 only on Darwin,
rather than a workflow env that breaks cross-compilation on Linux
and is incompatible with the race detector on Linux/Windows.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Fix lint violations in newly merged plugin runtime code
9fe2518 
Lowercase error strings (ST1005) and convert to tagged switch (QF1002)
in files introduced by recent master commits.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@tomer-stripe @claude @vcheung-stripe
Update all GitHub Actions to latest major versions
1c4a9dd 
- actions/checkout: v4 → v6
- actions/setup-go: v5 → v6
- docker/setup-buildx-action: v3 → v4
- goreleaser/goreleaser-action: v6 → v7
- peter-evans/create-pull-request: v6 → v8
- tibdex/github-app-token: v1.5.2 → v2

All bumps are Node.js runtime upgrades (Node 24) with no input
parameter changes. Also fixes canary-test.yml Go version (1.24.1 → 1.26.0).

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Committed-By-Agent: claude
@vcheung-stripe
fix TestConflictWithPluginCommand
9dd3f64
@vcheung-stripe
Copy link
Copy Markdown
Collaborator

vcheung-stripe commented Mar 18, 2026

Confirmed these manually:

go run cmd/stripe/main.go logout                  
Logging out...
Credentials have been cleared for the default project.

go run cmd/stripe/main.go login        
Your pairing code is: award-divine-works-lavish
This pairing code verifies your authentication with Stripe.
Press Enter to open the browser or visit https://dashboard.stripe.com/stripecli/confirm_auth?t=kbZ4o1YFnK88BuIxhXn8wdZIseCHhGzl (^C to quit)
> Done! The Stripe CLI is configured for Test with account id acct_1PsqfLPqp2mVt2wm

Please note: this key will expire after 90 days, at which point you'll need to re-authenticate.

go run cmd/stripe/main.go listen                                                                                                                                                                                                             
> Ready! You are using Stripe API Version [2022-11-15]. Your webhook signing secret is whsec_e20f7827054f1858417c7f2727b23ca481725dc74f63426e07eb1ab806e8c441 (^C to quit)
2026-03-18 10:01:35   --> customer.created [evt_1TCNTPLJDmqA11cncMd6doTO]
2026-03-18 10:01:52   --> customer.created [evt_1TCNTgLJDmqA11cntdFUj1yu]

go run cmd/stripe/main.go logs tail               
> Ready! You're now waiting to receive API request logs (^C to quit)
2026-03-18 10:01:51 [200] POST /v1/customers [req_IpcGmeEZlW4Qu6]

go run cmd/stripe/main.go trigger customer.created
Setting up fixture for: customer
Running fixture for: customer
Trigger succeeded! Check dashboard for event details.

go run cmd/stripe/main.go get /v1/customers -d 'limit=1'
{
  "object": "list",
  "data": [
    {
      "id": "cus_UAivb61IAu9YC6",
      "object": "customer",
      "address": null,
      "balance": 0,
      "created": 1773853311,
      "currency": null,
      "customer_account": null,
      "default_source": null,
      "delinquent": false,
      "description": "(created by Stripe CLI)",
      "discount": null,
      "email": null,
      "invoice_prefix": "JO2YXUY0",
      "invoice_settings": {
        "custom_fields": null,
        "default_payment_method": null,
        "footer": null,
        "rendering_options": null
      },
      "livemode": false,
      "metadata": {},
      "name": null,
      "next_invoice_sequence": 1,
      "phone": null,
      "preferred_locales": [],
      "shipping": null,
      "tax_exempt": "none",
      "test_clock": null
    }
  ],
  "has_more": true,
  "url": "/v1/customers"
}

go run cmd/stripe/main.go customers list --limit 1      
{
  "object": "list",
  "data": [
    {
      "id": "cus_UAivb61IAu9YC6",
      "object": "customer",
      "address": null,
      "balance": 0,
      "created": 1773853311,
      "currency": null,
      "customer_account": null,
      "default_source": null,
      "delinquent": false,
      "description": "(created by Stripe CLI)",
      "discount": null,
      "email": null,
      "invoice_prefix": "JO2YXUY0",
      "invoice_settings": {
        "custom_fields": null,
        "default_payment_method": null,
        "footer": null,
        "rendering_options": null
      },
      "livemode": false,
      "metadata": {},
      "name": null,
      "next_invoice_sequence": 1,
      "phone": null,
      "preferred_locales": [],
      "shipping": null,
      "tax_exempt": "none",
      "test_clock": null
    }
  ],
  "has_more": true,
  "url": "/v1/customers"
}

@vcheung-stripe @claude
Fix remaining lint violations from golangci-lint v2
8c9e4c7 
- Fix comment format on GRPCServer and GRPCClient methods (ST1020)
- Replace deprecated grpc.DialContext with grpc.NewClient in tests (SA1019)
- Use passthrough:/// scheme for bufnet connections with grpc.NewClient

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
Committed-By-Agent: claude
@vcheung-stripe
Copy link
Copy Markdown
Collaborator

vcheung-stripe commented Mar 18, 2026

More testing:

go run cmd/stripe/main.go plugin uninstall apps  
✔ apps has been uninstalled.

go run cmd/stripe/main.go plugin install apps                  
✔ installation complete.

go run cmd/stripe/main.go apps 
Commands for building Stripe apps

Usage:
  stripe apps [command]

Available Commands:
  add               Add a building block for developing your app
  create            Create a new Stripe app
  grant             Grant configuration access to your app
  help              Help about any command
  remove            Remove a building block from your stripe-app json
  revoke            Revoke configuration access to your app
  set               Update App Manifest
  start             Start a development server for viewing your app in the Stripe dashboard
  upload            Upload your app to be submitted for review

Flags:
      --api-key string        Your API key to use for the command
      --color string          turn on/off color output (on, off, auto)
      --config string         config file (default is $HOME/.config/stripe/config.toml)
      --device-name string    device name
  -h, --help                  help for apps
      --log-level string      log level (debug, info, trace, warn, error) (default "info")
  -p, --project-name string   the project name to read from for config (default "default")

Use "stripe apps [command] --help" for more information about a command.

@vcheung-stripe vcheung-stripe merged commit 3862115 into master Mar 18, 2026
13 checks passed
@vcheung-stripe vcheung-stripe deleted the upgrade-go-and-deps branch March 18, 2026 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vcheung-stripe vcheung-stripe vcheung-stripe approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomer-stripe @vcheung-stripe