linters: enable: - bodyclose - copyloopvar # Detects places where loop variables are copied. - depguard - dogsled - dupword # Detects duplicate words. - durationcheck - errchkjson - gocritic # Metalinter; detects bugs, performance, and styling issues. - gocyclo - gofumpt # Detects whether code was gofumpt-ed. - goimports - gosec # Detects security problems. - gosimple - govet - ineffassign - lll - misspell # Detects commonly misspelled English words in comments. - nakedret - nilerr # Detects code that returns nil even if it checks that the error is not nil. - nolintlint # Detects ill-formed or insufficient nolint directives. - perfsprint # Detects fmt.Sprintf uses that can be replaced with a faster alternative. - prealloc # Detects slice declarations that could potentially be pre-allocated. - predeclared # Detects code that shadows one of Go's predeclared identifiers - reassign - revive # Metalinter; drop-in replacement for golint. - staticcheck - stylecheck # Replacement for golint - tenv # Detects using os.Setenv instead of t.Setenv. - thelper # Detects test helpers without t.Helper(). - tparallel # Detects inappropriate usage of t.Parallel(). - typecheck - unconvert # Detects unnecessary type conversions. - unparam - unused - usestdlibvars - wastedassign disable: - errcheck run: # prevent golangci-lint from deducting the go version to lint for through go.mod, # which causes it to fallback to go1.17 semantics. go: "1.23.2" timeout: 5m linters-settings: depguard: rules: main: deny: - pkg: io/ioutil desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil gocyclo: min-complexity: 16 gosec: excludes: - G104 # G104: Errors unhandled; (TODO: reduce unhandled errors, or explicitly ignore) - G113 # G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772); (only affects go < 1.16.14. and go < 1.17.7) - G115 # G115: integer overflow conversion; (TODO: verify these: https://github.com/docker/cli/issues/5584) - G306 # G306: Expect WriteFile permissions to be 0600 or less (too restrictive; also flags "0o644" permissions) - G307 # G307: Deferring unsafe method "*os.File" on type "Close" (also EXC0008); (TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close") govet: enable: - shadow settings: shadow: strict: true lll: line-length: 200 nakedret: command: nakedret pattern: ^(?P.*?\\.go):(?P\\d+)\\s*(?P.*)$ revive: rules: # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#import-shadowing - name: import-shadowing severity: warning disabled: false # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-block - name: empty-block severity: warning disabled: false # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-lines - name: empty-lines severity: warning disabled: false # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#use-any - name: use-any severity: warning disabled: false issues: # The default exclusion rules are a bit too permissive, so copying the relevant ones below exclude-use-default: false # This option has been defined when Go modules was not existed and when the # golangci-lint core was different, this is not something we still recommend. exclude-dirs-use-default: false exclude: - parameter .* always receives exclude-files: - cli/compose/schema/bindata.go - .*generated.* exclude-rules: # We prefer to use an "exclude-list" so that new "default" exclusions are not # automatically inherited. We can decide whether or not to follow upstream # defaults when updating golang-ci-lint versions. # Unfortunately, this means we have to copy the whole exclusion pattern, as # (unlike the "include" option), the "exclude" option does not take exclusion # ID's. # # These exclusion patterns are copied from the default excluses at: # https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104 # # The default list of exclusions can be found at: # https://golangci-lint.run/usage/false-positives/#default-exclusions # EXC0001 - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked" linters: - errcheck # EXC0003 - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this" linters: - revive # EXC0006 - text: "Use of unsafe calls should be audited" linters: - gosec # EXC0007 - text: "Subprocess launch(ed with variable|ing should be audited)" linters: - gosec # EXC0009 - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" linters: - gosec # EXC0010 - text: "Potential file inclusion via variable" linters: - gosec # TODO: make sure all packages have a description. Currently, there's 67 packages without. - text: "package-comments: should have a package comment" linters: - revive # FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272) - text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated" linters: - staticcheck # Exclude some linters from running on tests files. - path: _test\.go linters: - errcheck - gosec - text: "ST1000: at least one file in a package should have a package comment" linters: - stylecheck # Allow "err" and "ok" vars to shadow existing declarations, otherwise we get too many false positives. - text: '^shadow: declaration of "(err|ok)" shadows declaration' linters: - govet # Maximum issues count per one linter. Set to 0 to disable. Default is 50. max-issues-per-linter: 0 # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. max-same-issues: 0