feat(build): split Go CI into separate lint and test pipelines

[katriendg]

Description

Split Go CI validation into dedicated lint and test pipelines to align with the established Terraform pattern, where linting (tflint.yml) and validation/testing run as separate workflows and npm scripts. A discovery during #333 documentation work revealed that Go linting and testing were bundled in a single Invoke-GoTest.ps1 script and go-tests.yml workflow — inconsistent with how every other toolchain in this repository separates these concerns.

This split mirrors the Terraform lint/validate architecture and the broader CI convention of independent, focused validation jobs. Separating lint from test enables faster feedback loops in PRs (lint-only when Go files change) and clearer failure attribution.

Extracted all golangci-lint logic from Invoke-GoTest.ps1 into a new Invoke-GoLint.ps1 script, added a dedicated go-lint.yml reusable workflow, wired it into both orchestrator workflows, introduced the lint:go npm script, and updated contributing documentation with Go tooling prerequisites.

CI/CD Workflow Changes

The new go-lint.yml reusable workflow runs golangci-lint with configurable soft-fail and changed-files-only inputs. Both main.yml and pr-validation.yml now call go-lint as a separate job positioned before go-tests, with soft-fail: true to prevent lint failures from blocking releases and changed-files-only: true in PR validation for faster feedback.

• Added go-lint.yml reusable workflow with workflow_call trigger and soft-fail/changed-files-only inputs
• Wired go-lint job into main.yml (soft-fail) and pr-validation.yml (soft-fail + changed-files-only)
• Updated go-tests.yml description to clarify its test-only responsibility

Script Extraction

Created Invoke-GoLint.ps1 as a standalone golangci-lint wrapper following established PowerShell conventions (shebang, copyright, #Requires, CmdletBinding). The script includes SHA256-verified binary installation, go.mod guard, ChangedFilesOnly parameter, JSON results output, CI annotations, and step summary generation.

• Added shared/ci/linting/Invoke-GoLint.ps1 with SHA256-verified golangci-lint install and lint execution
• Refactored shared/ci/linting/Invoke-GoTest.ps1 to remove all lint logic, simplified pass/fail to test-only
  • Removed lint_passed and golangci_lint_version from JSON output schema (breaking change)

Test Suite

Added a comprehensive Pester test suite for the new lint script and decoupled lint-related tests from the existing test suite.

• Added shared/ci/tests/linting/Invoke-GoLint.Tests.ps1 with 17 tests across 6 contexts (tool availability, go.mod guard, ChangedFilesOnly, lint success/failure, output file creation)
• Simplified shared/ci/tests/linting/Invoke-GoTest.Tests.ps1 by removing all golangci-lint mocks and lint-coupled test contexts

Documentation and Configuration

• Added lint:go npm script to package.json and integrated into the lint:all command chain
• Updated *.go validation entry in copilot-instructions.md with both npm run lint:go and npm run test:go
• Added Go 1.24+ and golangci-lint 2.11+ installation instructions to prerequisites.md
• Added Go modules row to testing requirements table in contribution-workflow.md
• Added "golangci" to .cspell/general-technical.txt dictionary

Closes #333
Closes #353

Type of Change

• 🐛 Bug fix (non-breaking change fixing an issue)
• ✨ New feature (non-breaking change adding functionality)
• 💥 Breaking change (fix or feature causing existing functionality to change)
• 📚 Documentation update
• 🏗️ Infrastructure change (Terraform/IaC)
• ♻️ Refactoring (no functional changes)

Component(s) Affected

• infrastructure/terraform/prerequisites/ - Azure subscription setup
• infrastructure/terraform/ - Terraform infrastructure
• infrastructure/setup/ - OSMO control plane / Helm
• workflows/ - Training and evaluation workflows
• training/ - Training pipelines and scripts
• docs/ - Documentation

Testing Performed

• Terraform plan reviewed (no unexpected changes)
• Terraform apply tested in dev environment
• Training scripts tested locally with Isaac Sim
• OSMO workflow submitted successfully
• Smoke tests passed (smoke_test_azure.py)

Documentation Impact

• No documentation changes needed
• Documentation updated in this PR
• Documentation issue filed

Bug Fix Checklist

Complete this section for bug fix PRs. Skip for other contribution types.

• Linked to issue being fixed
• Regression test included, OR
• Justification for no regression test:

Checklist

• My code follows the project conventions
• Commit messages follow conventional commit format
• I have performed a self-review
• Documentation impact assessed above
• No new linting warnings introduced

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 663765d.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	de0fac2e4500dabe0009e67214ff5f5447ce83dd	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool detected but not run on all commits
actions/actions/setup-go	40f1582b2485089dde7abd97c1529aa768e1baff	🟢 6.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 12 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9
actions/actions/upload-artifact	bbbca2ddaa5d8feaa63e36b76fdaad77386f024f	🟢 5.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• .github/workflows/go-lint.yml

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.58%. Comparing base (2d734f4) to head (663765d).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #354   +/-   ##
=======================================
  Coverage   43.58%   43.58%           
=======================================
  Files         242      242           
  Lines       14840    14840           
  Branches     1903     1903           
=======================================
  Hits         6468     6468           
  Misses       8082     8082           
  Partials      290      290           

Flag	Coverage Δ		*Carryforward flag
pester	79.87% <ø> (ø)
pytest	6.89% <ø> (ø)		Carriedforward from 1ac7c70
pytest-dataviewer	61.98% <ø> (ø)
vitest	50.72% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.