Skip to content

Upgrade to Go 1.26.3, update CI, and fix SSH/run bugs#68

Merged
alajmo merged 11 commits into
mainfrom
misc/update-go
May 30, 2026
Merged

Upgrade to Go 1.26.3, update CI, and fix SSH/run bugs#68
alajmo merged 11 commits into
mainfrom
misc/update-go

Conversation

@alajmo

@alajmo alajmo commented May 19, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

A maintenance pass that upgrades the toolchain and fixes a batch of run/SSH correctness bugs found along the way.

Three themes:

  1. Toolchain — Go 1.26.3, refreshed dependencies, updated CI, Docker Compose v2.
  2. Cleanup — cleared all golangci-lint findings and added CLAUDE.md.
  3. Bug fixes — task execution, SSH argument handling, and target filtering, with regenerated golden tests.

Toolchain & tooling

  • Go 1.26.3 plus dependency updates (go.mod / go.sum).
  • Updated GitHub Actions workflows (build.yml, release.yml) and bumped golangci-lint.
  • Moved the Makefile and test stack to Docker Compose v2, and stabilized the mock-SSH servers (pinned IPv4 / ULA IPv6, fixed sshd MaxStartups so parallel handshakes don't randomly drop).
  • Cleared all golangci-lint findings (errcheck, govet, staticcheck).
  • Added CLAUDE.md with build/test/architecture notes.

Bug fixes

Severity Area What was wrong Fix
High core/run/ssh.goAsExport Env values were split on every =, silently truncating values like URLs with query params; values were also interpolated unescaped, so a value such as $(...) could execute on the remote host. Split on the first = only (SplitN) and single-quote values via a new shellQuote helper.
Medium core/run/unix.go — interactive SSH -i, -p, -o, -J were packed into single argv strings (e.g. "-i /path"), so OpenSSH saw a leading space and looked for a key named " /path". Pass each flag and its value as separate argv elements.
Low core/run/exec.goCleanupClients A signal-forwarding goroutine was torn down immediately (wg.Wait() returned before any wg.Add), so it never did anything. Removed the dead goroutine / wait group; cleanup now just closes sessions.
core/dao/task.go — target filtering A target's invert: true in YAML was ignored, and combining --invert with a config target discarded the target's selection entirely. Use the target's configured invert, overridable by an explicit --invert; treat --invert as a modifier, not a selector.

Also from the integration-test stabilization pass: use && (not ;) between cd <workdir> and the command so a failed cd aborts the task, and a PubFile pointer fix in exec.go.

Tests

  • Regenerated integration golden files and updated the mock-SSH fixtures / main_test.go to match the IP and behavior changes.

alajmo and others added 11 commits May 19, 2026 22:49
@alajmo @claude
Update Go to 1.26.3, add CLAUDE.md, update docs
d7889e6 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@alajmo
Update workflows
cfbb011
@alajmo
bump golangci lint
ae7fa55
@alajmo @claude
Fix golangci-lint errcheck, govet, and staticcheck issues
c90e925 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@alajmo
Fix Makefile docker compose
7e8ab54
@alajmo
Update compose
24e88eb
@alajmo
Update docker compose
b639eaa
@alajmo
Update test servers
cfac47f
@alajmo @claude
Stabilize integration tests and fix run-execution bugs
6742944 
- Pin server-9 IPv4 (172.24.2.12) and swap IPv6 to ULA so containers come up cleanly in CI under the /24 subnet
- Fix sshd MaxStartups to 100:30:100 (single-integer form left start/rate at default, causing random handshake drops under parallel load)
- Drop obsolete compose `version` attribute
- core/run: use `&&` instead of `;` between `cd workDir` and the command so a failed `cd` aborts the task
- core/run/exec.go: fix PubFile pointer assignment
- core/run/unix.go: pass IdentityFile via -i for interactive SSH
- Regenerate golden files for IPv6 address change

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@alajmo @claude
Fix env injection, SSH identity arg, and dead signal trap
ded056e 
- AsExport: split env on first '=' only and single-quote values to
  prevent value truncation and remote shell injection
- unix SSHToServer: pass -p/-o/-i/-J option values as separate argv
  elements so OpenSSH does not see an embedded leading space
- CleanupClients: drop the dead signal-forwarding goroutine whose
  wg.Wait returned immediately

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@alajmo @claude
Respect target invert flag and apply --invert to config targets
46c6cc0 
GetTaskServers passed runFlags.Invert to FilterServers for config
targets, but that value was always false there since any explicit
--invert routes to the runtime-selector branch. As a result a target
with invert: true never inverted, and --invert combined with a config
target was ignored.

Use the target's configured invert (overridable by an explicit
--invert), and stop treating --invert as a runtime selector since it
is a modifier, not a server selector.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@alajmo alajmo changed the title Misc/update go Upgrade to Go 1.26.3, update CI, and fix SSH/run bugs May 30, 2026
@alajmo alajmo merged commit 86986df into main May 30, 2026
1 check passed
@alajmo alajmo deleted the misc/update-go branch May 30, 2026 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alajmo