chore: migrate to Go 1.24 tool directive

[ankurs]

Summary

• Add golangci-lint v2, gomarkdoc, and govulncheck as Go tool dependencies via tool directive in go.mod
• Update Makefile to use go tool instead of go install @latest
• Add govulncheck to make lint target for vulnerability scanning
• Upgrade go-git/go-git/v5 v5.3.0 → v5.17.0 (fixes CVE-2023-49569, CVE-2025-21613)

Test plan

• make build passes
• make test passes (go test -race ./...)
• make lint passes (golangci-lint 0 issues + govulncheck no vulnerabilities)

[coderabbitai]

Warning

Rate limit exceeded

@ankurs has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 34 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: efb1c5ce-b414-4e1d-a89f-4cee6ca75900

📥 Commits

Reviewing files that changed from the base of the PR and between 596208a and 8c1cbee.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• .github/workflows/go.yml
• Makefile
• go.mod

📝 Walkthrough

Walkthrough

The Makefile is refactored to use go tool for running gomarkdoc and golangci-lint, replacing separate go install commands and direct binary invocations. Correspondingly, go.mod declares these tools as formal tool dependencies via a new tool block and expands the indirect dependency list.

Changes

Cohort / File(s)	Summary
Build Configuration Makefile	Updated doc and lint targets to use go tool gomarkdoc and go tool golangci-lint instead of installing and running binaries directly.
Module Tooling go.mod	Added new tool (...) block declaring golangci-lint and gomarkdoc as tool dependencies; expanded indirect dependencies list with numerous linter and analysis libraries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• chore: upgrade Go 1.15 to 1.25, add CI linting, fix lint issues #8: Modifies repository tooling configuration with identical Makefile and go.mod tool dependency updates for gomarkdoc and golangci-lint.

Poem

🐰 A rabbit's ode to organized tools:

Tools in pockets, neat and tight,
Go declares them, clean and right,
No more scattered installs here—
Just go tool makes all clear! 🔧✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: migrating tooling to use Go 1.24's tool directive instead of ad-hoc go install commands.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/modernize-tooling

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR migrates development tooling installation/execution to Go’s module-managed tool dependencies, aiming to make linting and docs generation reproducible without go install @latest.

Changes:

• Add tool dependencies to go.mod via a tool block (golangci-lint, gomarkdoc, and govulncheck) and update indirect requirements accordingly.
• Update Makefile to invoke tools via go tool ... instead of go install ...@latest.
• Regenerate go.sum to capture the expanded tool dependency graph.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File	Description
go.mod	Adds a tool block and pulls in tool-related indirect dependencies.
Makefile	Switches doc/lint targets to go tool, and adds a govulncheck run under lint.
go.sum	Updated checksums for the new/updated tool dependency set.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.