docs: add "Enforce a No-New-LaunchDarkly Policy for Go in CI" guide#16
Conversation
flaglint-go has no published GitHub Action (unlike flaglint-js's flaglint/flaglint composite action) — the guide is honest about that and shows raw workflow steps instead: install via go install (actions/setup-go) or Homebrew (preinstalled on GitHub-hosted runners), then run validate directly. Structure mirrors the existing JS tutorials/integrations pages: - Recommended path: baseline-mode adoption (--baseline --fail-on-new), which most real teams need since --no-direct-launchdarkly fails immediately on any existing debt - Strict blocking policy once debt is cleared, plus bootstrap-exclude - SARIF upload for GitHub Code Scanning, with the correct flaglint.go.direct-launchdarkly rule ID Adds the page to the "Go CLI" sidebar section (held back from the previous PR since Starlight's build fails hard on a sidebar slug that doesn't exist yet) and verified in-browser: sidebar placement, pagination, YAML syntax highlighting, and the pre-existing quickstart.md link to this page all work. Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
|
Warning Review limit reached
Next review available in: 55 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a new Starlight documentation page describing how to enforce a "no new direct LaunchDarkly Go SDK calls" policy in CI using ChangesGo CI Enforcement Documentation
Estimated code review effort: 1 (Trivial) | ~3 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying flaglint with
|
| Latest commit: |
f7617ba
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://8999f9ae.flaglint.pages.dev |
| Branch Preview URL: | https://docs-go-enforce-in-ci-guide.flaglint.pages.dev |
The guide claimed brew is "preinstalled" on both ubuntu-latest and macos-latest with no caveat, showing a bare `brew install` step for both. Per actions/runner-images' own Ubuntu docs, Homebrew is preinstalled there but NOT added to PATH by default (it lives at /home/linuxbrew) — the shown one-liner would fail with "brew: command not found" as written. Only macos-latest has brew on PATH out of the box. Split the Homebrew instructions: macOS gets the bare install step, Ubuntu gets the required `brew shellenv` PATH setup first. go install remains the option used in the full workflow examples since it's runner-OS-agnostic. Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/content/docs/docs/go/guides/enforce-in-ci.md`:
- Around line 13-18: The documentation example still uses an unpinned go install
target, so update the flaglint-go installation snippet in the CI guide to use
v0.1.1 instead of `@latest`, and make the same version pin consistently across the
other go install snippets in this doc so the examples stay stable. Refer to the
go install commands in the CI guide and ensure each one is explicitly versioned
to v0.1.1.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 57593e5f-c27e-401f-8523-7a97c7d681b8
📒 Files selected for processing (2)
astro.config.mjssrc/content/docs/docs/go/guides/enforce-in-ci.md
| ```yaml | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.23' | ||
| - run: go install github.com/flaglint/flaglint-go/cmd/flaglint-go@latest | ||
| ``` |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'Repository: flaglint/flaglint.dev
Length of output: 166
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== file outline ==\n'
git ls-files 'src/content/docs/docs/go/guides/enforce-in-ci.md'
printf '\n== relevant lines ==\n'
nl -ba src/content/docs/docs/go/guides/enforce-in-ci.md | sed -n '1,140p'
printf '\n== release tag already known ==\n'
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'Repository: flaglint/flaglint.dev
Length of output: 290
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '== file lines 1-140 ==\n'
sed -n '1,140p' src/content/docs/docs/go/guides/enforce-in-ci.md
printf '\n== occurrences of go install ==\n'
grep -n "go install" -n src/content/docs/docs/go/guides/enforce-in-ci.md || true
printf '\n== latest release tag ==\n'
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'Repository: flaglint/flaglint.dev
Length of output: 4611
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '== file lines 1-140 ==\n'
sed -n '1,140p' src/content/docs/docs/go/guides/enforce-in-ci.md
printf '\n== go install occurrences ==\n'
grep -n "go install" src/content/docs/docs/go/guides/enforce-in-ci.md || true
printf '\n== latest release tag ==\n'
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'Repository: flaglint/flaglint.dev
Length of output: 4608
Pin all three go install snippets to v0.1.1. Using @latest lets the documented CI flow drift as new releases land, so the examples can change behavior without a docs update.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/go/guides/enforce-in-ci.md` around lines 13 - 18, The
documentation example still uses an unpinned go install target, so update the
flaglint-go installation snippet in the CI guide to use v0.1.1 instead of
`@latest`, and make the same version pin consistently across the other go install
snippets in this doc so the examples stay stable. Refer to the go install
commands in the CI guide and ensure each one is explicitly versioned to v0.1.1.
…trict-types and baseline counts Every identity-resolution gap listed as "not resolved yet" on the flaglint-go Limitations and Supported Scope pages has actually been closed (verified directly against the flaglint-go issue tracker): chained factory-call-then-method (#20), method values (#6), interface satisfaction (#15), block-scoped shadowing (#5), factory returning a wrapper type (#16), and nested go.mod files (#17). These pages were last updated right before that work landed. - limitations.md / supported-scope.md: mark all six as resolved (noting which layer resolves each — Phase 1 default vs. opt-in --strict-types), add two newer Phase-1 mechanisms these pages never mentioned at all (a struct field declared *ld.LDClient with no observed construction, and a composite literal directly initializing a package-level var), and state plainly that zero identity-resolution gaps are currently tracked. - identity-model.md: add worked examples for both newer Phase-1 mechanisms above, plus a new "Phase 2 — --strict-types" section (interface satisfaction, transitive factory wrapping, cross-function method-value forwarding) that didn't exist on this page at all before. - index.md: same corrections to the "what flaglint-go does/doesn't do" summary — it previously named method values and interface satisfaction as open gaps. - cli/{scan,audit,validate}.md: --strict-types wasn't documented as a flag anywhere on the site despite being available on all three commands since it shipped; added to each page's options table. audit.md's baseline JSON example was also missing the "schemaVersion" and "counts" fields flaglint-go now emits; validate.md's Baseline Mode section gains a note on what "counts" actually catches (a brand-new duplicate of an already-baselined call, not just a brand-new fingerprint). Verified: `npm run build` completes cleanly (90 pages), spot-checked the rendered Limitations page's output directly. Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
Summary
New guide at
/docs/go/guides/enforce-in-ci/, mirroring the existing JS tutorials/integrations pages but honest about what flaglint-go actually has today: no published GitHub Action, so it shows raw workflow steps (install viago install/actions/setup-goor Homebrew, then runvalidatedirectly) instead of a composite action that doesn't exist.--baseline --fail-on-new) — most real teams need this since--no-direct-launchdarklyfails immediately on any existing debt--bootstrap-excludeflaglint.go.direct-launchdarklyrule ID (verified againstinternal/validator/sarif.go)Adds the page to the "Go CLI" sidebar (held back from #15 since Starlight's build fails hard on a sidebar slug that doesn't exist yet — confirmed this by hitting that exact build error before removing the entry there).
Test plan
npm run build— clean, 87 pages (up from 86)Summary by CodeRabbit