From 5929853f95e34e960707b4370a8dc0ab75f6214c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 08:54:12 +0000 Subject: [PATCH 1/4] chore(deps): update golangci/golangci-lint-action action to v9 --- .github/workflows/golangci-lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index fb5dd17..770fefb 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -21,7 +21,7 @@ jobs: go-version: '1.26' cache: false - name: golangci-lint - uses: golangci/golangci-lint-action@v4 + uses: golangci/golangci-lint-action@v9 with: # Require: The version of golangci-lint to use. # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. From 33e23b688426b490b1ffde9842289a7e31a0b8f8 Mon Sep 17 00:00:00 2001 From: Tim Collins Date: Thu, 5 Mar 2026 08:57:20 +0000 Subject: [PATCH 2/4] merge in changes Signed-off-by: Tim Collins --- .github/workflows/golangci-lint.yaml | 2 +- .golangci.yaml | 21 +++++++-------------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index 770fefb..28f26ea 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -26,7 +26,7 @@ jobs: # Require: The version of golangci-lint to use. # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. - version: v1.55 + version: v2.10.1 # Optional: working directory, useful for monorepos # working-directory: somedir diff --git a/.golangci.yaml b/.golangci.yaml index ac33930..81bb399 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,32 +1,27 @@ +version: "2" + run: timeout: 5m + linters: enable: - asasalint - bidichk - bodyclose - - containedctx - - contextcheck - - dogsled - dupl - dupword - durationcheck - errorlint - errchkjson - exhaustive - - exportloopref - forcetypeassert # - gochecknoglobals - goconst - gocritic # - goerr113 - - gofmt - - goprintffuncname - gosec - - grouper - ireturn - loggercheck - - makezero - mirror - misspell # - musttag @@ -35,21 +30,19 @@ linters: - nilerr #- noctx - nonamedreturns - - nosprintfhostport - - prealloc - predeclared - - promlinter - reassign - revive - sqlclosecheck - stylecheck # - tagliatelle - - tenv - thelper - - tparallel - unconvert - unparam - usestdlibvars # - varnamelen - - wastedassign - whitespace + +formatters: + enable: + - gofmt From 1f51d79f477d7fbc404ef6ae124fdff00dc86450 Mon Sep 17 00:00:00 2001 From: Tim Collins Date: Thu, 5 Mar 2026 08:58:20 +0000 Subject: [PATCH 3/4] drop stylecheck Signed-off-by: Tim Collins --- .golangci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 81bb399..8633c06 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -34,7 +34,6 @@ linters: - reassign - revive - sqlclosecheck - - stylecheck # - tagliatelle - thelper - unconvert From 5ebeb01f3825af1c3245c28b8c69b42e22658711 Mon Sep 17 00:00:00 2001 From: Tim Collins Date: Thu, 5 Mar 2026 09:00:49 +0000 Subject: [PATCH 4/4] appease linter Signed-off-by: Tim Collins --- main.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/main.go b/main.go index 75e014e..0030510 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ // // Modifications Copyright 2021 Liatrio +// Package main implements the vault-init service for initializing and unsealing Vault. package main import ( @@ -164,7 +165,7 @@ func runner(ctx context.Context, checkInterval time.Duration, vaultAutoUnseal bo response, err := httpClient.Head(vaultAddr + "/v1/sys/health") if response != nil && response.Body != nil { - response.Body.Close() + _ = response.Body.Close() } if err != nil { @@ -237,12 +238,12 @@ func initialize(ctx context.Context) { return } - response, err := httpClient.Do(request) + response, err := httpClient.Do(request) //nolint:gosec // URL is constructed from trusted config if err != nil { log.Println(err) return } - defer response.Body.Close() + defer func() { _ = response.Body.Close() }() initRequestResponseBody, err := io.ReadAll(response.Body) if err != nil { @@ -251,7 +252,7 @@ func initialize(ctx context.Context) { } if response.StatusCode != http.StatusOK { - log.Printf("init: non 200 status code: %d", response.StatusCode) + log.Printf("init: non 200 status code: %d", response.StatusCode) //nolint:gosec // status code is an int, not tainted return } @@ -349,11 +350,11 @@ func unsealOne(ctx context.Context, key string) (bool, error) { return false, err } - response, err := httpClient.Do(request) + response, err := httpClient.Do(request) //nolint:gosec // URL is constructed from trusted config if err != nil { return false, err } - defer response.Body.Close() + defer func() { _ = response.Body.Close() }() if response.StatusCode != http.StatusOK { return false, fmt.Errorf("unseal: non-200 status code: %d", response.StatusCode) @@ -381,7 +382,7 @@ func processTLSConfig(cfg *tls.Config, serverName, caCert, caPath string) error // If a CA cert is provided, trust only that cert if caCert != "" { - b, err := os.ReadFile(caCert) + b, err := os.ReadFile(caCert) //nolint:gosec // path comes from trusted env config if err != nil { return fmt.Errorf("failed to read CA cert: %w", err) }