Use golangci-lint to manage lints

LeSuisse · LeSuisse · commit bb6b5e2ddd73 · 2023-06-18T09:04:07.000+02:00
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -30,17 +30,8 @@ jobs:
     name: Run static analysis and linting
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
-        with:
-          go-version: '^1.20.0'
-      - name: Go fmt
-        run: diff -u <(echo -n) <(gofmt -d -s *.go gpg/)
-      - name: Go vet
-        run: env GO111MODULE=on go vet ./...
-      - name: Staticcheck
-        run: go run honnef.co/go/tools/cmd/staticcheck -checks 'all,-ST1000' ./...
-      - name: Gosec
-        run: go run github.com/securego/gosec/cmd/gosec -exclude=G104 ./...
+      - uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265
+      - run: nix-shell --run 'golangci-lint run --timeout=5m'
   test_release:
     runs-on: ubuntu-22.04
     permissions:
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -0,0 +1,19 @@
+linters:
+  disable-all: true
+  enable:
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unused
+    - gosec
+    - stylecheck
+    - goimports
+    - gofmt
+    - tparallel
+    - prealloc
+    - misspell
+    - unconvert
+    - unparam
+    - whitespace
diff --git a/go.mod b/go.mod
@@ -6,13 +6,10 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1
 	github.com/hashicorp/vault/api v1.9.2
 	github.com/hashicorp/vault/sdk v0.9.1
-	github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989
 	github.com/sigstore/rekor v1.2.1
-	honnef.co/go/tools v0.4.3
 )
 
 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -77,7 +74,6 @@ require (
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -101,15 +97,13 @@ require (
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/crypto v0.9.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/term v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.8.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
diff --git a/go.sum b/go.sum
diff --git a/gpg/backend.go b/gpg/backend.go
@@ -2,6 +2,7 @@ package gpg
 
 import (
 	"context"
+
 	"github.com/hashicorp/vault/sdk/helper/locksutil"
 
 	"github.com/hashicorp/vault/sdk/framework"
diff --git a/gpg/backend_test.go b/gpg/backend_test.go
@@ -3,11 +3,12 @@ package gpg
 import (
 	"context"
 	"encoding/hex"
-	"github.com/ProtonMail/go-crypto/openpgp"
-	"github.com/hashicorp/vault/sdk/logical"
 	"reflect"
 	"strings"
 	"testing"
+
+	"github.com/ProtonMail/go-crypto/openpgp"
+	"github.com/hashicorp/vault/sdk/logical"
 )
 
 func TestBackend_CRUD(t *testing.T) {
@@ -28,6 +29,7 @@ func TestBackend_CRUD(t *testing.T) {
 	testAccStepDeleteKey(t, b, storage, "test")
 	testAccStepListKey(t, b, storage, []string{"test2", "test3"})
 	testAccStepReadKey(t, b, storage, "test", nil)
+	testAccStepReadKey(t, b, storage, "test2", keyData)
 }
 
 func TestBackend_CRUDImportedKey(t *testing.T) {
diff --git a/gpg/path_config.go b/gpg/path_config.go
@@ -3,6 +3,7 @@ package gpg
 import (
 	"context"
 	"fmt"
+
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/locksutil"
 	"github.com/hashicorp/vault/sdk/logical"
diff --git a/gpg/path_config_test.go b/gpg/path_config_test.go
@@ -2,8 +2,9 @@ package gpg
 
 import (
 	"context"
-	"github.com/hashicorp/vault/sdk/logical"
 	"testing"
+
+	"github.com/hashicorp/vault/sdk/logical"
 )
 
 func TestGPG_SetKeyConfig(t *testing.T) {
diff --git a/gpg/path_decrypt.go b/gpg/path_decrypt.go
@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"io"
+	"strings"
+
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
-	"io"
-	"strings"
 )
 
 func pathDecrypt(b *backend) *framework.Path {
diff --git a/gpg/path_decrypt_test.go b/gpg/path_decrypt_test.go
@@ -2,8 +2,9 @@ package gpg
 
 import (
 	"context"
-	"github.com/hashicorp/vault/sdk/logical"
 	"testing"
+
+	"github.com/hashicorp/vault/sdk/logical"
 )
 
 func TestGPG_Decrypt(t *testing.T) {
@@ -131,7 +132,6 @@ func TestGPG_DecryptError(t *testing.T) {
 
 	// Message is signed but signature does not match the signer key
 	decryptMustFail("test", encryptedAndSignedMessageASCIIArmored, "ascii-armor", privateDecryptKey)
-
 }
 
 const privateDecryptKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
diff --git a/gpg/path_export.go b/gpg/path_export.go
@@ -3,6 +3,7 @@ package gpg
 import (
 	"bytes"
 	"context"
+
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
 	"github.com/hashicorp/vault/sdk/framework"
diff --git a/gpg/path_export_test.go b/gpg/path_export_test.go
@@ -2,8 +2,9 @@ package gpg
 
 import (
 	"context"
-	"github.com/hashicorp/vault/sdk/logical"
 	"testing"
+
+	"github.com/hashicorp/vault/sdk/logical"
 )
 
 func TestGPG_ExportNotExistingKeyReturnsNotFound(t *testing.T) {
diff --git a/gpg/path_keys.go b/gpg/path_keys.go
@@ -5,10 +5,11 @@ import (
 	"context"
 	"encoding/hex"
 	"fmt"
-	"github.com/hashicorp/vault/sdk/helper/locksutil"
 	"io"
 	"strings"
 
+	"github.com/hashicorp/vault/sdk/helper/locksutil"
+
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/hashicorp/vault/sdk/framework"
diff --git a/gpg/path_show_session_key.go b/gpg/path_show_session_key.go
@@ -105,7 +105,7 @@ func (b *backend) pathShowSessionKeyWrite(ctx context.Context, req *logical.Requ
 		}
 		switch p := p.(type) {
 		case *packet.EncryptedKey:
-			encryptedKey := packet.EncryptedKey(*p)
+			encryptedKey := *p
 			keys := keyring.KeysById(encryptedKey.KeyId)
 			for _, key := range keys {
 				encryptedKey.Decrypt(key.PrivateKey, nil)
diff --git a/gpg/path_show_session_key_test.go b/gpg/path_show_session_key_test.go
@@ -133,7 +133,6 @@ func TestGPG_ShowSessionKeyError(t *testing.T) {
 
 	// Signer key is not properly ASCII-armored
 	showSessionKeyMustFail("test", encryptedSessionMessageASCIIArmored, "ascii-armor", "Signer key is not ASCII armored")
-
 }
 
 const privateSessionDecryptKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
diff --git a/gpg/path_sign_verify.go b/gpg/path_sign_verify.go
@@ -6,12 +6,13 @@ import (
 	"crypto"
 	"encoding/base64"
 	"fmt"
+	"strings"
+
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
-	"strings"
 )
 
 func pathSign(b *backend) *framework.Path {
diff --git a/gpg/path_sign_verify_test.go b/gpg/path_sign_verify_test.go
@@ -2,10 +2,11 @@ package gpg
 
 import (
 	"context"
-	"github.com/hashicorp/vault/sdk/logical"
-	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"reflect"
 	"testing"
+
+	"github.com/hashicorp/vault/sdk/logical"
+	"github.com/sigstore/rekor/pkg/generated/client/entries"
 )
 
 func TestGPG_SignVerify(t *testing.T) {
@@ -15,7 +16,6 @@ func TestGPG_SignVerify(t *testing.T) {
 	b = Backend()
 	mockClient := &ClientMock{
 		CreateLogEntryFunc: func(rekorServerUrl string, params *entries.CreateLogEntryParams) (*entries.CreateLogEntryCreated, error) {
-
 			return &entries.CreateLogEntryCreated{
 				ETag:     "some-uuid",
 				Location: "/path/to/entry",
diff --git a/gpg/public_key.go b/gpg/public_key.go
@@ -2,6 +2,7 @@ package gpg
 
 import (
 	"bytes"
+
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
 )
diff --git a/gpg/transparency_log.go b/gpg/transparency_log.go
@@ -2,6 +2,7 @@ package gpg
 
 import (
 	"context"
+
 	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/types"
diff --git a/gpg/transparency_log_test.go b/gpg/transparency_log_test.go
@@ -2,8 +2,9 @@ package gpg
 
 import (
 	"context"
-	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"testing"
+
+	"github.com/sigstore/rekor/pkg/generated/client/entries"
 )
 
 type ClientMock struct {
diff --git a/shell.nix b/shell.nix
@@ -12,5 +12,6 @@ pkgs.mkShell {
     pkgs.goreleaser
     pkgs.syft
     pkgs.cosign
+    pkgs.golangci-lint
   ];
 }
diff --git a/tools.go b/tools.go

-Original file line number
+Diff line change
 	github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1
 	github.com/hashicorp/vault/api v1.9.2
 	github.com/hashicorp/vault/sdk v0.9.1
 -	github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989
 	github.com/sigstore/rekor v1.2.1
 -	honnef.co/go/tools v0.4.3
+)
 require (
 -	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 -	github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/crypto v0.9.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 -	golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/term v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 -	golang.org/x/tools v0.8.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,9 @@ package gpg`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`		`- "github.com/hashicorp/vault/sdk/logical"`
`6`	`5`	`"testing"`
	`6`	`+`
	`7`	`+ "github.com/hashicorp/vault/sdk/logical"`
`7`	`8`	`)`
`8`	`9`
`9`	`10`	`func TestGPG_SetKeyConfig(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func (b backend) pathShowSessionKeyWrite(ctx context.Context, req logical.Requ`
`105`	`105`	`}`
`106`	`106`	`switch p := p.(type) {`
`107`	`107`	`case *packet.EncryptedKey:`
`108`		`- encryptedKey := packet.EncryptedKey(*p)`
	`108`	`+ encryptedKey := *p`
`109`	`109`	`keys := keyring.KeysById(encryptedKey.KeyId)`
`110`	`110`	`for _, key := range keys {`
`111`	`111`	`encryptedKey.Decrypt(key.PrivateKey, nil)`
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,6 @@ func TestGPG_ShowSessionKeyError(t *testing.T) {`
`133`	`133`
`134`	`134`	`// Signer key is not properly ASCII-armored`
`135`	`135`	`showSessionKeyMustFail("test", encryptedSessionMessageASCIIArmored, "ascii-armor", "Signer key is not ASCII armored")`
`136`		`-`
`137`	`136`	`}`
`138`	`137`
`139`	`138`	const privateSessionDecryptKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package gpg`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"bytes"`
	`5`	`+`
`5`	`6`	`"github.com/ProtonMail/go-crypto/openpgp"`
`6`	`7`	`"github.com/ProtonMail/go-crypto/openpgp/armor"`
`7`	`8`	`)`
Original file line number	Diff line number	Diff line change
`@@ -12,5 +12,6 @@ pkgs.mkShell {`
`12`	`12`	`pkgs.goreleaser`
`13`	`13`	`pkgs.syft`
`14`	`14`	`pkgs.cosign`
	`15`	`+ pkgs.golangci-lint`
`15`	`16`	`];`
`16`	`17`	`}`