Skip to content

Commit

Permalink
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /to…
Browse files Browse the repository at this point in the history
…ols (#1757)

* 🌱 Bump github.com/golangci/golangci-lint in /tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](golangci/golangci-lint@v1.44.2...v1.45.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* golangci-lint: Surface and fix as many lint warnings automatically

Signed-off-by: Stephen Augustus <[email protected]>

* generated: Run golangci-lint with `fix: true`

Signed-off-by: Stephen Augustus <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <[email protected]>
  • Loading branch information
dependabot[bot] and justaugustus authored Mar 23, 2022
1 parent 10bd777 commit 66b3d8c
Show file tree
Hide file tree
Showing 27 changed files with 188 additions and 105 deletions.
12 changes: 11 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,23 @@ run:
concurrency: 6
deadline: 5m
issues:
new-from-rev: ""
include:
# revive `package-comments` and `exported` rules.
- EXC0012
- EXC0013
- EXC0014
- EXC0015
# Maximum issues count per one linter.
# Set to 0 to disable.
# Default: 50
max-issues-per-linter: 0
# Maximum count of issues with the same text.
# Set to 0 to disable.
# Default: 3
max-same-issues: 0
new-from-rev: ""
# Fix found issues (if it's supported by the linter).
fix: true
skip-files:
- cron/data/request.pb.go # autogenerated
linters:
Expand Down
6 changes: 3 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ GINKGO := ginkgo
GIT_HASH := $(shell git rev-parse HEAD)
GIT_VERSION ?= $(shell git describe --tags --always --dirty)
SOURCE_DATE_EPOCH=$(shell git log --date=iso8601-strict -1 --pretty=%ct)
GOLANGGCI_LINT := golangci-lint
GOLANGCI_LINT := golangci-lint
PROTOC_GEN_GO := protoc-gen-go
MOCKGEN := mockgen
PROTOC := $(shell which protoc)
Expand Down Expand Up @@ -58,9 +58,9 @@ update-dependencies: ## Update go dependencies for all modules
cd tools
go mod tidy && go mod verify

$(GOLANGGCI_LINT): install
$(GOLANGCI_LINT): install
check-linter: ## Install and run golang linter
check-linter: $(GOLANGGCI_LINT)
check-linter: $(GOLANGCI_LINT)
# Run golangci-lint linter
golangci-lint run -c .golangci.yml

Expand Down
3 changes: 2 additions & 1 deletion checker/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@ func GetClients(ctx context.Context, repoURI, localURI string, logger *log.Logge
clients.RepoClient, // ossFuzzClient
clients.CIIBestPracticesClient, // ciiClient
clients.VulnerabilitiesClient, // vulnClient
error) {
error,
) {
var githubRepo clients.Repo
if localURI != "" {
localRepo, errLocal := localdir.MakeLocalDirRepo(localURI)
Expand Down
42 changes: 28 additions & 14 deletions checks/dangerous_workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@ func DangerousWorkflow(c *checker.CheckRequest) checker.CheckResult {
// Check file content.
var validateGitHubActionWorkflowPatterns fileparser.DoWhileTrueOnFileContent = func(path string,
content []byte,
args ...interface{}) (bool, error) {
args ...interface{},
) (bool, error) {
if !fileparser.IsWorkflowFile(path) {
return true, nil
}
Expand Down Expand Up @@ -160,7 +161,8 @@ var validateGitHubActionWorkflowPatterns fileparser.DoWhileTrueOnFileContent = f
}

func validateSecretsInPullRequests(workflow *actionlint.Workflow, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
triggers := make(map[triggerName]bool)

// We need pull request trigger.
Expand Down Expand Up @@ -194,7 +196,8 @@ func validateSecretsInPullRequests(workflow *actionlint.Workflow, path string,
}

func validateUntrustedCodeCheckout(workflow *actionlint.Workflow, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
if !usesEventTrigger(workflow, triggerPullRequestTarget) {
return nil
}
Expand Down Expand Up @@ -229,7 +232,8 @@ func jobUsesEnvironment(job *actionlint.Job) bool {
}

func checkJobForUsedSecrets(job *actionlint.Job, triggers map[triggerName]bool,
path string, dl checker.DetailLogger, pdata *patternCbData) error {
path string, dl checker.DetailLogger, pdata *patternCbData,
) error {
if job == nil {
return nil
}
Expand Down Expand Up @@ -271,7 +275,8 @@ func checkJobForUsedSecrets(job *actionlint.Job, triggers map[triggerName]bool,
}

func workflowUsesCodeCheckoutAndNoEnvironment(workflow *actionlint.Workflow,
triggers map[triggerName]bool) bool {
triggers map[triggerName]bool,
) bool {
if workflow == nil {
return false
}
Expand Down Expand Up @@ -318,7 +323,8 @@ func jobUsesCodeCheckout(job *actionlint.Job) (bool, string) {
}

func checkJobForUntrustedCodeCheckout(job *actionlint.Job, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
if job == nil {
return nil
}
Expand Down Expand Up @@ -359,7 +365,8 @@ func checkJobForUntrustedCodeCheckout(job *actionlint.Job, path string,
}

func validateScriptInjection(workflow *actionlint.Workflow, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
for _, job := range workflow.Jobs {
if job == nil {
continue
Expand All @@ -382,7 +389,8 @@ func validateScriptInjection(workflow *actionlint.Workflow, path string,
}

func checkWorkflowSecretInEnv(workflow *actionlint.Workflow, triggers map[triggerName]bool,
path string, dl checker.DetailLogger, pdata *patternCbData) error {
path string, dl checker.DetailLogger, pdata *patternCbData,
) error {
// We need code checkout and not environment rule protection.
if !workflowUsesCodeCheckoutAndNoEnvironment(workflow, triggers) {
return nil
Expand All @@ -392,7 +400,8 @@ func checkWorkflowSecretInEnv(workflow *actionlint.Workflow, triggers map[trigge
}

func checkSecretInEnv(env *actionlint.Env, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
if env == nil {
return nil
}
Expand All @@ -406,7 +415,8 @@ func checkSecretInEnv(env *actionlint.Env, path string,
}

func checkSecretInRun(step *actionlint.Step, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
if step == nil || step.Exec == nil {
return nil
}
Expand All @@ -421,7 +431,8 @@ func checkSecretInRun(step *actionlint.Step, path string,
}

func checkSecretInActionArgs(step *actionlint.Step, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
if step == nil || step.Exec == nil {
return nil
}
Expand All @@ -442,7 +453,8 @@ func checkSecretInActionArgs(step *actionlint.Step, path string,
}

func checkSecretInScript(script string, pos *actionlint.Pos, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
for {
s := strings.Index(script, "${{")
if s == -1 {
Expand Down Expand Up @@ -472,7 +484,8 @@ func checkSecretInScript(script string, pos *actionlint.Pos, path string,
}

func checkVariablesInScript(script string, pos *actionlint.Pos, path string,
dl checker.DetailLogger, pdata *patternCbData) error {
dl checker.DetailLogger, pdata *patternCbData,
) error {
for {
s := strings.Index(script, "${{")
if s == -1 {
Expand Down Expand Up @@ -548,7 +561,8 @@ func createResultForDangerousWorkflowPatterns(result patternCbData, err error) c
}

func testValidateGitHubActionDangerousWorkflow(pathfn string,
content []byte, dl checker.DetailLogger) checker.CheckResult {
content []byte, dl checker.DetailLogger,
) checker.CheckResult {
data := patternCbData{
workflowPattern: make(map[dangerousResults]bool),
}
Expand Down
3 changes: 2 additions & 1 deletion checks/evaluation/binary_artifacts.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ import (

// BinaryArtifacts applies the score policy for the Binary-Artifacts check.
func BinaryArtifacts(name string, dl checker.DetailLogger,
r *checker.BinaryArtifactData) checker.CheckResult {
r *checker.BinaryArtifactData,
) checker.CheckResult {
if r == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
return checker.CreateRuntimeErrorResult(name, e)
Expand Down
3 changes: 2 additions & 1 deletion checks/evaluation/branch_protection.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,8 @@ type levelScore struct {

// BranchProtection runs Branch-Protection check.
func BranchProtection(name string, dl checker.DetailLogger,
r *checker.BranchProtectionsData) checker.CheckResult {
r *checker.BranchProtectionsData,
) checker.CheckResult {
var scores []levelScore

// Check protections on all the branches.
Expand Down
3 changes: 2 additions & 1 deletion checks/evaluation/code_review.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ var (

// CodeReview applies the score policy for the Code-Review check.
func CodeReview(name string, dl checker.DetailLogger,
r *checker.CodeReviewData) checker.CheckResult {
r *checker.CodeReviewData,
) checker.CheckResult {
if r == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
return checker.CreateRuntimeErrorResult(name, e)
Expand Down
3 changes: 2 additions & 1 deletion checks/evaluation/dependency_update_tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ import (

// DependencyUpdateTool applies the score policy for the Dependency-Update-Tool check.
func DependencyUpdateTool(name string, dl checker.DetailLogger,
r *checker.DependencyUpdateToolData) checker.CheckResult {
r *checker.DependencyUpdateToolData,
) checker.CheckResult {
if r == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
return checker.CreateRuntimeErrorResult(name, e)
Expand Down
3 changes: 2 additions & 1 deletion checks/evaluation/vulnerabilities.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ import (

// Vulnerabilities applies the score policy for the Vulnerabilities check.
func Vulnerabilities(name string, dl checker.DetailLogger,
r *checker.VulnerabilitiesData) checker.CheckResult {
r *checker.VulnerabilitiesData,
) checker.CheckResult {
if r == nil {
e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
return checker.CreateRuntimeErrorResult(name, e)
Expand Down
3 changes: 2 additions & 1 deletion checks/fileparser/github_workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,8 @@ type JobMatcherStep struct {

// AnyJobsMatch returns true if any of the jobs have a match in the given workflow.
func AnyJobsMatch(workflow *actionlint.Workflow, jobMatchers []JobMatcher, fp string, dl checker.DetailLogger,
logMsgNoMatch string) bool {
logMsgNoMatch string,
) bool {
for _, job := range workflow.Jobs {
for _, matcher := range jobMatchers {
if !matcher.matches(job) {
Expand Down
3 changes: 2 additions & 1 deletion checks/fileparser/listing.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ type DoWhileTrueOnFileContent func(path string, content []byte, args ...interfac
// Continues iterating along the matched files until onFileContent returns
// either a false value or an error.
func OnMatchingFileContentDo(repoClient clients.RepoClient, matchPathTo PathMatcher,
onFileContent DoWhileTrueOnFileContent, args ...interface{}) error {
onFileContent DoWhileTrueOnFileContent, args ...interface{},
) error {
predicate := func(filepath string) (bool, error) {
// Filter out test files.
if isTestdataFile(filepath) {
Expand Down
18 changes: 12 additions & 6 deletions checks/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ func TokenPermissions(c *checker.CheckRequest) checker.CheckResult {
// Check file content.
var validateGitHubActionTokenPermissions fileparser.DoWhileTrueOnFileContent = func(path string,
content []byte,
args ...interface{}) (bool, error) {
args ...interface{},
) (bool, error) {
if !fileparser.IsWorkflowFile(path) {
return true, nil
}
Expand Down Expand Up @@ -146,7 +147,8 @@ var validateGitHubActionTokenPermissions fileparser.DoWhileTrueOnFileContent = f

func validatePermission(permissionKey permission, permissionValue *actionlint.PermissionScope,
permLevel, path string, dl checker.DetailLogger, pPermissions map[permission]bool,
ignoredPermissions map[permission]bool) error {
ignoredPermissions map[permission]bool,
) error {
if permissionValue.Value == nil {
return sce.WithMessage(sce.ErrScorecardInternal, errInvalidGitHubWorkflow.Error())
}
Expand Down Expand Up @@ -188,7 +190,8 @@ func validatePermission(permissionKey permission, permissionValue *actionlint.Pe

func validateMapPermissions(scopes map[string]*actionlint.PermissionScope, permLevel, path string,
dl checker.DetailLogger, pPermissions map[permission]bool,
ignoredPermissions map[permission]bool) error {
ignoredPermissions map[permission]bool,
) error {
for key, v := range scopes {
if err := validatePermission(permission(key), v, permLevel, path, dl, pPermissions, ignoredPermissions); err != nil {
return err
Expand Down Expand Up @@ -223,7 +226,8 @@ func recordAllPermissionsWrite(p *permissionCbData, permLevel, path string) {

func validatePermissions(permissions *actionlint.Permissions, permLevel, path string,
dl checker.DetailLogger, pdata *permissionCbData,
ignoredPermissions map[permission]bool) error {
ignoredPermissions map[permission]bool,
) error {
allIsSet := permissions != nil && permissions.All != nil && permissions.All.Value != ""
scopeIsSet := permissions != nil && len(permissions.Scopes) > 0
if permissions == nil || (!allIsSet && !scopeIsSet) {
Expand Down Expand Up @@ -264,7 +268,8 @@ func validatePermissions(permissions *actionlint.Permissions, permLevel, path st
}

func validateTopLevelPermissions(workflow *actionlint.Workflow, path string,
dl checker.DetailLogger, pdata *permissionCbData) error {
dl checker.DetailLogger, pdata *permissionCbData,
) error {
// Check if permissions are set explicitly.
if workflow.Permissions == nil {
dl.Warn(&checker.LogMessage{
Expand All @@ -283,7 +288,8 @@ func validateTopLevelPermissions(workflow *actionlint.Workflow, path string,

func validatejobLevelPermissions(workflow *actionlint.Workflow, path string,
dl checker.DetailLogger, pdata *permissionCbData,
ignoredPermissions map[permission]bool) error {
ignoredPermissions map[permission]bool,
) error {
for _, job := range workflow.Jobs {
// Run-level permissions may be left undefined.
// For most workflows, no write permissions are needed,
Expand Down
3 changes: 2 additions & 1 deletion checks/permissions_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ type file struct {
}

func testValidateGitHubActionTokenPermissions(files []file,
dl checker.DetailLogger) checker.CheckResult {
dl checker.DetailLogger,
) checker.CheckResult {
data := permissionCbData{
workflows: make(map[string]permissions),
}
Expand Down
Loading

0 comments on commit 66b3d8c

Please sign in to comment.