Hamburger Cross Icon
Go Project Guardrails - Lunar Policy for Devex Build And Ci

Go Project Guardrails

Policy Stable Devex Build And Ci

Enforce Go-specific project standards including module configuration, Go version requirements, test execution scope, and vendoring policies.

Add golang to your lunar-config.yml:
uses: github://earthly/lunar-lib/policies/golang@v1.0.0
Get Started View on GitHub

Included Guardrails

This policy includes 6 guardrails that enforce standards for your devex build and ci.

Guardrail

go-mod-exists

Ensures the project has a go.mod file for module management. Required for all Go projects using modules.

go modules go.mod project structure
View Guardrail
Guardrail

go-sum-exists

Ensures the project has a go.sum file for dependency verification. Required for reproducible builds.

go.sum dependencies checksums reproducibility
View Guardrail
Guardrail

min-go-version

Ensures the project uses at least the minimum required Go version. Helps maintain security and compatibility standards.

go version compatibility security
View Guardrail
Guardrail

min-go-version-cicd

Ensures the Go version used in CI/CD commands meets the minimum required version. Helps maintain security and compatibility standards for build environments.

go version ci/cd compatibility security
View Guardrail
Guardrail

tests-recursive

Ensures tests run recursively (./...) to cover all packages. Prevents accidentally missing tests in subpackages.

go test test scope recursive tests
View Guardrail
Guardrail

vendoring

Enforces vendoring policy - can require vendor directory exists or forbid it, depending on team standards.

vendor go mod vendor dependencies
View Guardrail

How Guardrails Fit into Lunar

Lunar guardrails define your engineering standards as code. They evaluate data collected by integrations and produce pass/fail checks with actionable feedback.

Policies support gradual enforcement—from silent scoring to blocking PRs or deployments—letting you roll out standards at your own pace without disrupting existing workflows.

Learn How Lunar Works
1
Integrations Gather Data
Collectors extract metadata from code, CI pipelines, tool outputs, and scans
2
{ } Centralized as JSON
All data merged into each component's unified metadata document
3
Guardrails Enforce Standards This Policy
Real-time feedback in PRs and AI workflows

Required Integrations

This policy evaluates data gathered by one or more of the following integration(s). Make sure to enable them in your lunar-config.yml.

Collector LanguagesBuild Required
Go Collector

Provides Go project metadata

Configuration

Configure this policy in your lunar-config.yml.

Inputs

Input Required Default Description
min_go_version Optional 1.21 Minimum required Go version (e.g., "1.21", "1.22")
min_go_version_cicd Optional 1.21 Minimum required Go version for CI/CD commands (e.g., "1.21", "1.22")
vendoring_mode Optional none Vendoring enforcement mode: - "required": Fail if vendor/ directory doesn't exist - "forbidden": Fail if vendor/ directory exists - "none": Skip vendoring check (default)

Documentation

View on GitHub

Go Project Guardrails

Enforce Go-specific project standards including module configuration, Go version requirements, test execution scope, and vendoring policies.

Overview

This policy validates Go projects against best practices for module management and project structure. It ensures projects have proper go.mod and go.sum files, use a minimum Go version, run tests recursively to cover all packages, and follow your team's vendoring standards.

Policies

This plugin provides the following policies (use include to select a subset):

Policy Description Failure Meaning
go-mod-exists Validates go.mod exists Project lacks module definition
go-sum-exists Validates go.sum exists Missing dependency checksums
min-go-version Ensures minimum Go version in go.mod Go version too old
min-go-version-cicd Ensures minimum Go version in CI/CD CI/CD Go version too old
tests-recursive Ensures tests run with ./... Tests may miss subpackages
vendoring Enforces vendoring policy Vendor dir present/absent per policy

Required Data

This policy reads from the following Component JSON paths:

Path Type Provided By
.lang.go object golang collector
.lang.go.native.go_mod.exists boolean golang collector
.lang.go.native.go_sum.exists boolean golang collector
.lang.go.version string golang collector
.lang.go.tests.scope string golang collector
.lang.go.cicd.cmds array golang collector
.lang.go.native.vendor.exists boolean golang collector

Installation

Add to your lunar-config.yml:

policies:
  - uses: github://earthly/lunar-lib/policies/golang@v1.0.0
    on: [go]  # Or use tags like ["domain:backend"]
    enforcement: report-pr
    # include: [go-mod-exists, go-sum-exists]  # Only run specific checks
    with:
      min_go_version: "1.21"       # Minimum required Go version in go.mod (default: "1.21")
      min_go_version_cicd: "1.21"  # Minimum Go version for CI/CD commands (default: "1.21")
      vendoring_mode: "none"       # "required", "forbidden", or "none" (default: "none")

Examples

Passing Example

{
  "lang": {
    "go": {
      "module": "github.com/acme/myproject",
      "version": "1.22",
      "native": {
        "go_mod": { "exists": true },
        "go_sum": { "exists": true },
        "vendor": { "exists": false }
      },
      "tests": {
        "scope": "recursive"
      }
    }
  }
}

Failing Example

{
  "lang": {
    "go": {
      "version": "1.19",
      "native": {
        "go_mod": { "exists": false },
        "go_sum": { "exists": false }
      }
    }
  }
}

Failure messages:

  • "go.mod not found. Initialize with 'go mod init <module-path>'"
  • "go.sum not found. Run 'go mod tidy' to generate checksums."
  • "Go version 1.19 is below minimum 1.21. Update go.mod to require Go 1.21 or higher."

Remediation

go-mod-exists

  1. Run go mod init <module-path> to create a go.mod file
  2. The module path should match your repository URL (e.g., github.com/org/repo)

go-sum-exists

  1. Run go mod tidy to generate the go.sum file
  2. Commit the go.sum file to version control

min-go-version

  1. Update the go directive in your go.mod file: go 1.21
  2. Run go mod tidy to update dependencies
  3. Test your code with the new Go version

min-go-version-cicd

  1. Update your CI/CD pipeline to use a newer Go version
  2. For GitHub Actions: update go-version in your workflow
  3. For Docker-based builds: update your base Go image version

tests-recursive

  1. Update your CI configuration to run go test ./... instead of targeting specific packages
  2. This ensures all packages and subpackages are tested

vendoring

  • If vendoring_mode: required: Run go mod vendor to create the vendor directory
  • If vendoring_mode: forbidden: Remove the vendor/ directory from your repository

Open Source

This policy is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.

View Repository

Common Use Cases

Explore how individual guardrails work with specific integrations.

+
Go Mod Exists + Go Collector Ensures the project has a go.mod file for module management. Required for all Go...
+
Go Sum Exists + Go Collector Ensures the project has a go.sum file for dependency verification. Required for...
+
Min Go Version + Go Collector Ensures the project uses at least the minimum required Go version. Helps...
+
Min Go Version Cicd + Go Collector Ensures the Go version used in CI/CD commands meets the minimum required...
+
Tests Recursive + Go Collector Ensures tests run recursively (./...) to cover all packages. Prevents...
+
Vendoring + Go Collector Enforces vendoring policy - can require vendor directory exists or forbid it,...

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check Infrastructure conventions
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Book a Demo
See it work with your own use cases
See How It Works