From 646ace6ee3582d8e873450907341e6be74dd9a79 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 28 Jan 2022 00:09:48 +0100 Subject: [PATCH] Dockerfile: update golangci-lint v1.44.0 Looks like this may be needed for Go 1.18 Also updating the golangci-lint configuration to account for updated exclusion rules. Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- hack/validate/golangci-lint.yml | 47 ++++++++++++++++++++++----------- 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2934a6446c..ff9fd941f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -175,7 +175,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ PREFIX=/build /install.sh containerd FROM base AS golangci_lint -ARG GOLANGCI_LINT_VERSION=v1.23.8 +ARG GOLANGCI_LINT_VERSION=v1.44.0 RUN --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/go/pkg/mod \ GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \ diff --git a/hack/validate/golangci-lint.yml b/hack/validate/golangci-lint.yml index 661a85e385..0eb7e26c3b 100644 --- a/hack/validate/golangci-lint.yml +++ b/hack/validate/golangci-lint.yml @@ -41,35 +41,56 @@ issues: exclude-use-default: false exclude-rules: - # These are copied from the default exclude rules, except for "ineffective break statement" - # and GoDoc checks. - # https://github.com/golangci/golangci-lint/blob/0cc87df732aaf1d5ad9ce9ca538d38d916918b36/pkg/config/config.go#L36 - - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked" + # We prefer to use an "exclude-list" so that new "default" exclusions are not + # automatically inherited. We can decide whether or not to follow upstream + # defaults when updating golang-ci-lint versions. + # Unfortunately, this means we have to copy the whole exclusion pattern, as + # (unlike the "include" option), the "exclude" option does not take exclusion + # ID's. + # + # These exclusion patterns are copied from the default excluses at: + # https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104 + + # EXC0001 + - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked" linters: - errcheck + # EXC0003 - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this" linters: - golint - - text: "G103: Use of unsafe calls should be audited" + # EXC0006 + - text: "Use of unsafe calls should be audited" linters: - gosec - - text: "G104: Errors unhandled" + # EXC0007 + - text: "Subprocess launch(ed with variable|ing should be audited)" linters: - gosec - - text: "G204: Subprocess launch(ed with (variable|function call)|ing should be audited)" + # EXC0008 + # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec) + - text: "(G104|G307)" linters: - gosec - - text: "(G301|G302): (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" + # EXC0009 + - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" linters: - gosec - - text: "G304: Potential file inclusion via variable" + # EXC0010 + - text: "Potential file inclusion via variable" linters: - gosec + + # Looks like the match in "EXC0007" above doesn't catch this one + # TODO: consider upstreaming this to golangci-lint's default exclusion rules + - text: "G204: Subprocess launched with a potential tainted input or cmd arguments" + linters: + - gosec + # Looks like the match in "EXC0009" above doesn't catch this one + # TODO: consider upstreaming this to golangci-lint's default exclusion rules - text: "G306: Expect WriteFile permissions to be 0600 or less" linters: - gosec - - text: 'G307: Deferring unsafe method "Close" on type "*os.File"' - linters: gosec # Exclude some linters from running on tests files. - path: _test\.go @@ -82,10 +103,6 @@ issues: path: "api/types/(volume|container)/" linters: - golint - # FIXME: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec) - - text: "G307: Deferring unsafe method" - linters: - - gosec # FIXME temporarily suppress these. See #39924 - text: "SA1019: .*\\.Xattrs is deprecated: Use PAXRecords instead" linters: