diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index fb5dd17..28f26ea 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -21,12 +21,12 @@ jobs: go-version: '1.26' cache: false - name: golangci-lint - uses: golangci/golangci-lint-action@v4 + uses: golangci/golangci-lint-action@v9 with: # Require: The version of golangci-lint to use. # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. - version: v1.55 + version: v2.10.1 # Optional: working directory, useful for monorepos # working-directory: somedir diff --git a/.golangci.yaml b/.golangci.yaml index ac33930..8633c06 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,32 +1,27 @@ +version: "2" + run: timeout: 5m + linters: enable: - asasalint - bidichk - bodyclose - - containedctx - - contextcheck - - dogsled - dupl - dupword - durationcheck - errorlint - errchkjson - exhaustive - - exportloopref - forcetypeassert # - gochecknoglobals - goconst - gocritic # - goerr113 - - gofmt - - goprintffuncname - gosec - - grouper - ireturn - loggercheck - - makezero - mirror - misspell # - musttag @@ -35,21 +30,18 @@ linters: - nilerr #- noctx - nonamedreturns - - nosprintfhostport - - prealloc - predeclared - - promlinter - reassign - revive - sqlclosecheck - - stylecheck # - tagliatelle - - tenv - thelper - - tparallel - unconvert - unparam - usestdlibvars # - varnamelen - - wastedassign - whitespace + +formatters: + enable: + - gofmt diff --git a/main.go b/main.go index 75e014e..0030510 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ // // Modifications Copyright 2021 Liatrio +// Package main implements the vault-init service for initializing and unsealing Vault. package main import ( @@ -164,7 +165,7 @@ func runner(ctx context.Context, checkInterval time.Duration, vaultAutoUnseal bo response, err := httpClient.Head(vaultAddr + "/v1/sys/health") if response != nil && response.Body != nil { - response.Body.Close() + _ = response.Body.Close() } if err != nil { @@ -237,12 +238,12 @@ func initialize(ctx context.Context) { return } - response, err := httpClient.Do(request) + response, err := httpClient.Do(request) //nolint:gosec // URL is constructed from trusted config if err != nil { log.Println(err) return } - defer response.Body.Close() + defer func() { _ = response.Body.Close() }() initRequestResponseBody, err := io.ReadAll(response.Body) if err != nil { @@ -251,7 +252,7 @@ func initialize(ctx context.Context) { } if response.StatusCode != http.StatusOK { - log.Printf("init: non 200 status code: %d", response.StatusCode) + log.Printf("init: non 200 status code: %d", response.StatusCode) //nolint:gosec // status code is an int, not tainted return } @@ -349,11 +350,11 @@ func unsealOne(ctx context.Context, key string) (bool, error) { return false, err } - response, err := httpClient.Do(request) + response, err := httpClient.Do(request) //nolint:gosec // URL is constructed from trusted config if err != nil { return false, err } - defer response.Body.Close() + defer func() { _ = response.Body.Close() }() if response.StatusCode != http.StatusOK { return false, fmt.Errorf("unseal: non-200 status code: %d", response.StatusCode) @@ -381,7 +382,7 @@ func processTLSConfig(cfg *tls.Config, serverName, caCert, caPath string) error // If a CA cert is provided, trust only that cert if caCert != "" { - b, err := os.ReadFile(caCert) + b, err := os.ReadFile(caCert) //nolint:gosec // path comes from trusted env config if err != nil { return fmt.Errorf("failed to read CA cert: %w", err) }