Skip to content

docs: add "Enforce a No-New-LaunchDarkly Policy for Go in CI" guide#16

Merged
Krishan27 merged 2 commits into
mainfrom
docs/go-enforce-in-ci-guide
Jul 6, 2026
Merged

docs: add "Enforce a No-New-LaunchDarkly Policy for Go in CI" guide#16
Krishan27 merged 2 commits into
mainfrom
docs/go-enforce-in-ci-guide

Conversation

@flaglint

@flaglint flaglint commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Summary

New guide at /docs/go/guides/enforce-in-ci/, mirroring the existing JS tutorials/integrations pages but honest about what flaglint-go actually has today: no published GitHub Action, so it shows raw workflow steps (install via go install/actions/setup-go or Homebrew, then run validate directly) instead of a composite action that doesn't exist.

  • Recommended path: baseline-mode adoption (--baseline --fail-on-new) — most real teams need this since --no-direct-launchdarkly fails immediately on any existing debt
  • Strict blocking policy once debt is cleared, plus --bootstrap-exclude
  • SARIF upload for GitHub Code Scanning, with the correct flaglint.go.direct-launchdarkly rule ID (verified against internal/validator/sarif.go)

Adds the page to the "Go CLI" sidebar (held back from #15 since Starlight's build fails hard on a sidebar slug that doesn't exist yet — confirmed this by hitting that exact build error before removing the entry there).

Test plan

  • npm run build — clean, 87 pages (up from 86)
  • Verified in-browser: sidebar placement/pagination, YAML syntax highlighting, and the pre-existing quickstart.md link to this page all render correctly
  • All install commands and CLI flags verified against the real flaglint-go binary and source (setup-go/go install version pinning, actions/setup-go@v5 matching flaglint-go's own CI, real release asset naming checked before deciding against a raw curl-download example)

Summary by CodeRabbit

  • New Features
    • Added a new Go CLI guide for enforcing checks in CI.
    • Documented setup options, gradual rollout with a baseline, strict enforcement, and an optional bootstrap exclusion path.
    • Included a GitHub Code Scanning workflow example for reporting results in CI.
  • Documentation
    • Updated the Go CLI navigation to include the new guide.

flaglint-go has no published GitHub Action (unlike flaglint-js's
flaglint/flaglint composite action) — the guide is honest about that and
shows raw workflow steps instead: install via go install (actions/setup-go)
or Homebrew (preinstalled on GitHub-hosted runners), then run validate
directly.

Structure mirrors the existing JS tutorials/integrations pages:
- Recommended path: baseline-mode adoption (--baseline --fail-on-new),
  which most real teams need since --no-direct-launchdarkly fails
  immediately on any existing debt
- Strict blocking policy once debt is cleared, plus bootstrap-exclude
- SARIF upload for GitHub Code Scanning, with the correct
  flaglint.go.direct-launchdarkly rule ID

Adds the page to the "Go CLI" sidebar section (held back from the previous
PR since Starlight's build fails hard on a sidebar slug that doesn't exist
yet) and verified in-browser: sidebar placement, pagination, YAML syntax
highlighting, and the pre-existing quickstart.md link to this page all work.

Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@flaglint, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 55 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 6d9e7f35-f9d0-48be-8699-0859ce5c4a7e

📥 Commits

Reviewing files that changed from the base of the PR and between 9bfffa7 and f7617ba.

📒 Files selected for processing (1)
  • src/content/docs/docs/go/guides/enforce-in-ci.md
📝 Walkthrough

Walkthrough

Adds a new Starlight documentation page describing how to enforce a "no new direct LaunchDarkly Go SDK calls" policy in CI using flaglint-go validate, and registers a corresponding sidebar navigation entry in the Go CLI guides section.

Changes

Go CI Enforcement Documentation

Layer / File(s) Summary
Enforce-in-CI guide and sidebar entry
src/content/docs/docs/go/guides/enforce-in-ci.md, astro.config.mjs
New guide covers install options, baseline-mode rollout (--write-baseline, --fail-on-new), strict enforcement (--no-direct-launchdarkly), bootstrap exclusion (--bootstrap-exclude), and a GitHub Actions SARIF upload workflow; a new sidebar entry "Enforce in CI" links to the page.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Possibly related PRs

  • flaglint/flaglint.dev#12: Adds equivalent "enforce in CI" documentation for the TypeScript SDK using the same --no-direct-launchdarkly and baseline-mode workflow.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: adding a new Go CI guide about enforcing a no-new-LaunchDarkly policy.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/go-enforce-in-ci-guide

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 6, 2026

Copy link
Copy Markdown

Deploying flaglint with  Cloudflare Pages  Cloudflare Pages

Latest commit: f7617ba
Status: ✅  Deploy successful!
Preview URL: https://8999f9ae.flaglint.pages.dev
Branch Preview URL: https://docs-go-enforce-in-ci-guide.flaglint.pages.dev

View logs

The guide claimed brew is "preinstalled" on both ubuntu-latest and
macos-latest with no caveat, showing a bare `brew install` step for both.
Per actions/runner-images' own Ubuntu docs, Homebrew is preinstalled there
but NOT added to PATH by default (it lives at /home/linuxbrew) — the shown
one-liner would fail with "brew: command not found" as written. Only
macos-latest has brew on PATH out of the box.

Split the Homebrew instructions: macOS gets the bare install step, Ubuntu
gets the required `brew shellenv` PATH setup first. go install remains the
option used in the full workflow examples since it's runner-OS-agnostic.

Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/docs/go/guides/enforce-in-ci.md`:
- Around line 13-18: The documentation example still uses an unpinned go install
target, so update the flaglint-go installation snippet in the CI guide to use
v0.1.1 instead of `@latest`, and make the same version pin consistently across the
other go install snippets in this doc so the examples stay stable. Refer to the
go install commands in the CI guide and ensure each one is explicitly versioned
to v0.1.1.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 57593e5f-c27e-401f-8523-7a97c7d681b8

📥 Commits

Reviewing files that changed from the base of the PR and between 2ebe226 and 9bfffa7.

📒 Files selected for processing (2)
  • astro.config.mjs
  • src/content/docs/docs/go/guides/enforce-in-ci.md

Comment on lines +13 to +18
```yaml
- uses: actions/setup-go@v5
with:
go-version: '1.23'
- run: go install github.com/flaglint/flaglint-go/cmd/flaglint-go@latest
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'

Repository: flaglint/flaglint.dev

Length of output: 166


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== file outline ==\n'
git ls-files 'src/content/docs/docs/go/guides/enforce-in-ci.md'
printf '\n== relevant lines ==\n'
nl -ba src/content/docs/docs/go/guides/enforce-in-ci.md | sed -n '1,140p'

printf '\n== release tag already known ==\n'
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'

Repository: flaglint/flaglint.dev

Length of output: 290


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '== file lines 1-140 ==\n'
sed -n '1,140p' src/content/docs/docs/go/guides/enforce-in-ci.md

printf '\n== occurrences of go install ==\n'
grep -n "go install" -n src/content/docs/docs/go/guides/enforce-in-ci.md || true

printf '\n== latest release tag ==\n'
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'

Repository: flaglint/flaglint.dev

Length of output: 4611


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '== file lines 1-140 ==\n'
sed -n '1,140p' src/content/docs/docs/go/guides/enforce-in-ci.md

printf '\n== go install occurrences ==\n'
grep -n "go install" src/content/docs/docs/go/guides/enforce-in-ci.md || true

printf '\n== latest release tag ==\n'
gh api repos/flaglint/flaglint-go/releases/latest --jq '.tag_name'

Repository: flaglint/flaglint.dev

Length of output: 4608


Pin all three go install snippets to v0.1.1. Using @latest lets the documented CI flow drift as new releases land, so the examples can change behavior without a docs update.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/go/guides/enforce-in-ci.md` around lines 13 - 18, The
documentation example still uses an unpinned go install target, so update the
flaglint-go installation snippet in the CI guide to use v0.1.1 instead of
`@latest`, and make the same version pin consistently across the other go install
snippets in this doc so the examples stay stable. Refer to the go install
commands in the CI guide and ensure each one is explicitly versioned to v0.1.1.

@Krishan27 Krishan27 merged commit f75e55b into main Jul 6, 2026
4 checks passed
@Krishan27 Krishan27 deleted the docs/go-enforce-in-ci-guide branch July 6, 2026 21:24
flaglint pushed a commit that referenced this pull request Jul 8, 2026
…trict-types and baseline counts

Every identity-resolution gap listed as "not resolved yet" on the
flaglint-go Limitations and Supported Scope pages has actually been
closed (verified directly against the flaglint-go issue tracker):
chained factory-call-then-method (#20), method values (#6), interface
satisfaction (#15), block-scoped shadowing (#5), factory returning a
wrapper type (#16), and nested go.mod files (#17). These pages were last
updated right before that work landed.

- limitations.md / supported-scope.md: mark all six as resolved (noting
  which layer resolves each — Phase 1 default vs. opt-in --strict-types),
  add two newer Phase-1 mechanisms these pages never mentioned at all
  (a struct field declared *ld.LDClient with no observed construction,
  and a composite literal directly initializing a package-level var),
  and state plainly that zero identity-resolution gaps are currently
  tracked.
- identity-model.md: add worked examples for both newer Phase-1
  mechanisms above, plus a new "Phase 2 — --strict-types" section
  (interface satisfaction, transitive factory wrapping, cross-function
  method-value forwarding) that didn't exist on this page at all before.
- index.md: same corrections to the "what flaglint-go does/doesn't do"
  summary — it previously named method values and interface satisfaction
  as open gaps.
- cli/{scan,audit,validate}.md: --strict-types wasn't documented as a
  flag anywhere on the site despite being available on all three
  commands since it shipped; added to each page's options table.
  audit.md's baseline JSON example was also missing the "schemaVersion"
  and "counts" fields flaglint-go now emits; validate.md's Baseline Mode
  section gains a note on what "counts" actually catches (a brand-new
  duplicate of an already-baselined call, not just a brand-new
  fingerprint).

Verified: `npm run build` completes cleanly (90 pages), spot-checked the
rendered Limitations page's output directly.

Signed-off-by: Krishan Kant Sharma <krishansharma0327@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants