diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index efef789e..c4398c17 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,24 +8,12 @@ on: types: [opened, synchronize, reopened] jobs: - check: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - uses: reviewdog/action-staticcheck@v1 - with: - github_token: ${{ secrets.github_token }} - reporter: github-pr-review - filter_mode: nofilter - fail_on_error: true - build: runs-on: ubuntu-latest strategy: fail-fast: false matrix: - go: ["1.18", "1.19", "1.20"] + go: ["1.18.x", "1.19.x", "1.20.x"] steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5b36162b..e82b45c6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,12 +13,10 @@ name: "CodeQL" on: push: - branches: [ main ] - # pull_request: - # The branches below must be a subset of the branches above - # branches: [ main ] + branches: [main] + pull_request: schedule: - - cron: '31 10 * * 5' + - cron: "31 10 * * 5" jobs: analyze: @@ -32,40 +30,40 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ["go"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + #- run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..55b1a8e1 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,43 @@ +name: golangci +on: + push: + branches: + - main + pull_request: +jobs: + golangci: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: "1.20.x" + check-latest: true + cache: true + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version + version: latest + + # Optional: working directory, useful for monorepos + # working-directory: somedir + + # Optional: golangci-lint command line arguments. + # args: --issues-exit-code=0 + + # Optional: show only new issues if it's a pull request. The default value is `false`. + # only-new-issues: true + + # Optional: if set to true then the all caching functionality will be complete disabled, + # takes precedence over all other caching options. + # skip-cache: true + + # Optional: if set to true then the action don't cache or restore ~/go/pkg. + # skip-pkg-cache: true + + # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. + # skip-build-cache: true diff --git a/example_test.go b/example_test.go index 58fdea43..a84c7e22 100644 --- a/example_test.go +++ b/example_test.go @@ -38,7 +38,7 @@ func ExampleNewWithClaims_customClaimsType() { jwt.RegisteredClaims } - // Create the claims + // Create claims with multiple fields populated claims := MyCustomClaims{ "bar", jwt.RegisteredClaims{ @@ -53,6 +53,8 @@ func ExampleNewWithClaims_customClaimsType() { }, } + fmt.Printf("foo: %v\n", claims.Foo) + // Create claims while leaving out some of the optional fields claims = MyCustomClaims{ "bar", @@ -67,7 +69,8 @@ func ExampleNewWithClaims_customClaimsType() { ss, err := token.SignedString(mySigningKey) fmt.Printf("%v %v", ss, err) - //Output: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.xVuY2FZ_MRXMIEgVQ7J-TFtaucVFRXUzHm9LmV41goM + //Output: foo: bar + //eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.xVuY2FZ_MRXMIEgVQ7J-TFtaucVFRXUzHm9LmV41goM } // Example creating a token using a custom claims type. The RegisteredClaims is embedded diff --git a/http_example_test.go b/http_example_test.go index 090aa4f7..c09cc367 100644 --- a/http_example_test.go +++ b/http_example_test.go @@ -94,7 +94,8 @@ func Example_getTokenViaHTTP() { // Read the token out of the response body buf := new(bytes.Buffer) - io.Copy(buf, res.Body) + _, err = io.Copy(buf, res.Body) + fatal(err) res.Body.Close() tokenString := strings.TrimSpace(buf.String()) @@ -129,7 +130,8 @@ func Example_useTokenViaHTTP() { // Read the response body buf := new(bytes.Buffer) - io.Copy(buf, res.Body) + _, err = io.Copy(buf, res.Body) + fatal(err) res.Body.Close() fmt.Println(buf.String()) diff --git a/request/extractor.go b/request/extractor.go index 57de8b77..780721b6 100644 --- a/request/extractor.go +++ b/request/extractor.go @@ -38,8 +38,8 @@ func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error) { type ArgumentExtractor []string func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error) { - // Make sure form is parsed - req.ParseMultipartForm(10e6) + // Make sure form is parsed. We are explicitly ignoring errors at this point + _ = req.ParseMultipartForm(10e6) // loop over arg names and return the first one that contains data for _, arg := range e { diff --git a/token_test.go b/token_test.go index 52a00212..3679fa89 100644 --- a/token_test.go +++ b/token_test.go @@ -73,7 +73,7 @@ func BenchmarkToken_SigningString(b *testing.B) { b.ResetTimer() b.ReportAllocs() for i := 0; i < b.N; i++ { - t.SigningString() + _, _ = t.SigningString() } }) }