diff --git a/.golangci.yml b/.golangci.yml index da889369f3..1d8f1ba60d 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -6,12 +6,10 @@ linters: - dogsled - gocyclo - goimports - - golint - gosec - gosimple - govet - ineffassign - - interfacer - lll - megacheck - misspell @@ -22,6 +20,7 @@ linters: - unconvert - unparam - unused + - revive - varcheck disable: @@ -59,30 +58,65 @@ issues: - parameter .* always receives exclude-rules: - # These are copied from the default exclude rules, except for "ineffective break statement" - # and GoDoc checks. - # https://github.com/golangci/golangci-lint/blob/0cc87df732aaf1d5ad9ce9ca538d38d916918b36/pkg/config/config.go#L36 - - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked" + # We prefer to use an "exclude-list" so that new "default" exclusions are not + # automatically inherited. We can decide whether or not to follow upstream + # defaults when updating golang-ci-lint versions. + # Unfortunately, this means we have to copy the whole exclusion pattern, as + # (unlike the "include" option), the "exclude" option does not take exclusion + # ID's. + # + # These exclusion patterns are copied from the default excluses at: + # https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104 + + # EXC0001 + - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked" linters: - errcheck + # EXC0003 - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this" linters: - - golint - - text: "G103: Use of unsafe calls should be audited" + - revive + # EXC0006 + - text: "Use of unsafe calls should be audited" linters: - gosec - - text: "G104: Errors unhandled" + # EXC0007 + - text: "Subprocess launch(ed with variable|ing should be audited)" linters: - gosec - - text: "G204: Subprocess launch(ed with (variable|function call)|ing should be audited)" + # EXC0008 + # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec) + - text: "(G104|G307)" linters: - gosec - - text: "(G301|G302): (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" + # EXC0009 + - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" linters: - gosec - - text: "G304: Potential file inclusion via variable" + # EXC0010 + - text: "Potential file inclusion via variable" linters: - gosec - - text: "(G201|G202): SQL string (formatting|concatenation)" + + # Looks like the match in "EXC0007" above doesn't catch this one + # TODO: consider upstreaming this to golangci-lint's default exclusion rules + - text: "G204: Subprocess launched with a potential tainted input or cmd arguments" linters: - gosec + # Looks like the match in "EXC0009" above doesn't catch this one + # TODO: consider upstreaming this to golangci-lint's default exclusion rules + - text: "G306: Expect WriteFile permissions to be 0600 or less" + linters: + - gosec + + # Exclude some linters from running on tests files. + - path: _test\.go + linters: + - errcheck + - gosec + + # Maximum issues count per one linter. Set to 0 to disable. Default is 50. + max-issues-per-linter: 0 + + # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. + max-same-issues: 0 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 8f3c30ec01..b28d02634f 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG GO_VERSION=1.17.8 -ARG GOLANGCI_LINT_VERSION=v1.23.8 +ARG GOLANGCI_LINT_VERSION=v1.45.2 FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint