chore: upgrade Go to 1.26.3

[BradLugo]

Largely based on the work done in #3298.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

@github-actions[bot]: No presubmit jobs available for stackrox/scanner@blugo/remove-apollo-images

Details

In response to this:

/retest scanner-slim-on-push

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@github-actions[bot]: No presubmit jobs available for stackrox/scanner@blugo/remove-apollo-images

Details

In response to this:

/retest scanner-on-push

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@github-actions[bot]: No presubmit jobs available for stackrox/scanner@blugo/remove-apollo-images

Details

In response to this:

/retest scanner-slim-on-push

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@github-actions[bot]: No presubmit jobs available for stackrox/scanner@blugo/remove-apollo-images

Details

In response to this:

/retest scanner-on-push

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Warning

Review limit reached

@BradLugo, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 51 minutes and 30 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: bbde29f9-f87c-4e83-8416-08d6126fd498

📥 Commits

Reviewing files that changed from the base of the PR and between 0c83711 and a53af14.

⛔ Files ignored due to path filters (1)

• tools/linters/go.sum is excluded by !**/*.sum

📒 Files selected for processing (6)

• .golangci.yml
• go.mod
• image/scanner/rhel/konflux.Dockerfile
• pkg/rhelv2/rhelv2.go
• tools/linters/go.mod
• tools/test/go.mod

📝 Walkthrough

Walkthrough

The PR updates Go toolchain versions, golangci-lint modules and configuration, CI execution settings, and the scanner builder image. It also changes one Repo2CPE HTTP error message to print the status code numerically.

Changes

Toolchain and CI refresh

Layer / File(s)	Summary
Go toolchain and linter versions go.mod, tools/test/go.mod, tools/linters/go.mod, tools/linters/tools-import.go, Makefile, image/scanner/rhel/konflux.Dockerfile	Go version directives, golangci-lint module versions, the golangci-lint import/install path, and the scanner builder image are updated to the newer toolchain baseline.
golangci-lint policy rewrite .golangci.yml	The golangci-lint config switches to version 2, changes output and linter selection, and reorganizes linter settings, exclusions, and formatter rules.
Workflow jobs run without the container .github/workflows/ci.yaml	The CI workflow removes the explicit container image from the scanner build, test, dump, bundle, image, manifest, diff, and upload jobs.
Repo2CPE status format pkg/rhelv2/rhelv2.go	updateRepoToCPE now formats the HTTP status code as a decimal number in the non-200 error message.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly captures the main change: upgrading the project to Go 1.26.3.
Description check	✅ Passed	The description is related to the changeset and references the upstream work this PR is based on.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch blugo/go-1.26.3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[jvdm]

Sanity: Any follow-ups on the konflux side of things?

[BradLugo]

Good catch. Updated Konflux image

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.golangci.yml:
- Around line 18-37: Re-enable the errcheck linter in the golangci config by
updating the enabled linter list in the v2 configuration, since the current
setup omits unchecked-error detection and no other enabled linter covers it.
Locate the enable section in the config and restore errcheck alongside the
existing linters such as staticcheck and govet, keeping the comment only if
needed for follow-up notes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 84a6e343-dd49-4d0c-8f6a-d1ef56ab7978

📥 Commits

Reviewing files that changed from the base of the PR and between 1a300c5 and 0c83711.

⛔ Files ignored due to path filters (1)

• tools/linters/go.sum is excluded by !**/*.sum

📒 Files selected for processing (9)

• .github/workflows/ci.yaml
• .golangci.yml
• Makefile
• go.mod
• image/scanner/rhel/konflux.Dockerfile
• pkg/rhelv2/rhelv2.go
• tools/linters/go.mod
• tools/linters/tools-import.go
• tools/test/go.mod

💤 Files with no reviewable changes (1)

• .github/workflows/ci.yaml

[coderabbitai]

🩺 Stability & Availability | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

🏁 Script executed:

sed -n '1,220p' .golangci.yml

Repository: stackrox/scanner

Length of output: 2862

---

Re-enable errcheck in the v2 config.

Commenting it out removes unchecked-error detection from CI, and none of the remaining enabled linters cover that gap.

Suggested change

   enable:
   - asciicheck
   - copyloopvar
-  # - errcheck
+  - errcheck
   # - forbidigo

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	enable:
	- asciicheck
	- copyloopvar
	# - errcheck
	# - forbidigo
	- gocritic
	# - exptostd
	- gosec
	- govet
	- ineffassign
	# - modernize
	- nolintlint
	# - protogetter
	- revive # replaces golint
	- rowserrcheck
	- staticcheck
	# - wrapcheck
	# - nakedret TODO: add in follow-up
	- unconvert
	# - unparam TODO: add in follow-up
	enable:
	- asciicheck
	- copyloopvar
	- errcheck
	# - forbidigo
	- gocritic
	# - exptostd
	- gosec
	- govet
	- ineffassign
	# - modernize
	- nolintlint
	# - protogetter
	- revive # replaces golint
	- rowserrcheck
	- staticcheck
	# - wrapcheck
	# - nakedret TODO: add in follow-up
	- unconvert
	# - unparam TODO: add in follow-up

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.golangci.yml around lines 18 - 37, Re-enable the errcheck linter in the
golangci config by updating the enabled linter list in the v2 configuration,
since the current setup omits unchecked-error detection and no other enabled
linter covers it. Locate the enable section in the config and restore errcheck
alongside the existing linters such as staticcheck and govet, keeping the
comment only if needed for follow-up notes.