build: upgrade go lint (#892)

.github/workflows/golangci-lint.yml

@@ -15,9 +15,9 @@ jobs:
     steps:
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version: 1.19
+          go-version: '1.20'
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
         with:
-          version: v1.50
+          version: v1.53

.golangci.yml

@@ -18,7 +18,7 @@ linters:
     - nakedret
     - nilerr
     - prealloc
-    # - revive
+    - revive
     - staticcheck
     - typecheck
     - unconvert

Makefile

@@ -151,6 +151,13 @@ install-bats:
 	# Download and install bats
 	curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz && tar -zxvf v${BATS_VERSION}.tar.gz && bash bats-core-${BATS_VERSION}/install.sh ${GITHUB_WORKSPACE}
 
+.PHONY: lint
+lint:
+	# Download and install golangci-lint
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	# Run golangci-lint
+	golangci-lint run --print-issued-lines=false --out-format=colored-line-number --issues-exit-code=0
+
 e2e-dependencies:
 	# Download and install kind
 	curl -L https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64 --output ${GITHUB_WORKSPACE}/bin/kind && chmod +x ${GITHUB_WORKSPACE}/bin/kind

api/v1alpha1/certificatestore_conversion.go

@@ -22,6 +22,6 @@ import (
 )
 
 // Convert_unversioned_CertificateStoreStatus_To_v1alpha1_CertificateStoreStatus is an autogenerated conversion function.
-func Convert_unversioned_CertificateStoreStatus_To_v1alpha1_CertificateStoreStatus(in *unversioned.CertificateStoreStatus, out *CertificateStoreStatus, s conversion.Scope) error {
+func Convert_unversioned_CertificateStoreStatus_To_v1alpha1_CertificateStoreStatus(in *unversioned.CertificateStoreStatus, out *CertificateStoreStatus, s conversion.Scope) error { //nolint:revive // ignore linter for autogenerated code
 	return nil
 }

cmd/ratify/cmd/serve.go

@@ -44,7 +44,7 @@ type serveCmdOptions struct {
 	metricsPort       int
 }
 
-func NewCmdServe(argv ...string) *cobra.Command {
+func NewCmdServe(_ ...string) *cobra.Command {
 	var opts serveCmdOptions
 
 	cmd := &cobra.Command{

cmd/ratify/cmd/verify.go

@@ -41,7 +41,7 @@ type verifyCmdOptions struct {
 	silentMode     bool
 }
 
-func NewCmdVerify(argv ...string) *cobra.Command {
+func NewCmdVerify(_ ...string) *cobra.Command {
 	var opts verifyCmdOptions
 
 	cmd := &cobra.Command{

cmd/ratify/cmd/version.go

@@ -13,7 +13,7 @@ const (
 	versionUse = "version"
 )
 
-func NewCmdVersion(argv ...string) *cobra.Command {
+func NewCmdVersion(_ ...string) *cobra.Command {
 	eg := `  Example - print version:
 ratify version`
 

httpserver/handlers.go

@@ -214,7 +214,7 @@ func sendResponse(results *[]externaldata.Item, systemErr string, w http.Respons
 }
 
 func processTimeout(h ContextHandler, duration time.Duration, isMutation bool) ContextHandler {
-	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
+	return func(handlerContext context.Context, w http.ResponseWriter, r *http.Request) error {
 		ctx, cancel := context.WithTimeout(r.Context(), duration)
 		defer cancel()
 

httpserver/server.go

@@ -166,10 +166,9 @@ func (server *Server) Run(tlsWatcherReady chan struct{}) error {
 			return err
 		}
 		return nil
-	} else {
-		logrus.Info("starting server without TLS")
-		return svr.Serve(lsnr)
 	}
+	logrus.Info("starting server without TLS")
+	return svr.Serve(lsnr)
 }
 
 func (server *Server) register(method, path string, handler ContextHandler) {

pkg/certificateprovider/azurekeyvault/provider.go

@@ -60,12 +60,12 @@ func Create() certificateprovider.CertificateProvider {
 
 // returns an array of certificates based on certificate properties defined in attrib map
 func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string]string) ([]*x509.Certificate, certificateprovider.CertificatesStatus, error) {
-	keyvaultUri := types.GetKeyVaultUri(attrib)
+	keyvaultURI := types.GetKeyVaultURI(attrib)
 	cloudName := types.GetCloudName(attrib)
 	tenantID := types.GetTenantID(attrib)
 	workloadIdentityClientID := types.GetClientID(attrib)
 
-	if keyvaultUri == "" {
+	if keyvaultURI == "" {
 		return nil, nil, fmt.Errorf("keyvaultUri is not set")
 	}
 	if tenantID == "" {
@@ -89,7 +89,7 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string
 		return nil, nil, fmt.Errorf("no keyvault certificate configured")
 	}
 
-	logrus.Debugf("vaultURI %s", keyvaultUri)
+	logrus.Debugf("vaultURI %s", keyvaultURI)
 
 	kvClient, err := initializeKvClient(ctx, azureCloudEnv.KeyVaultEndpoint, tenantID, workloadIdentityClientID)
 	if err != nil {
@@ -101,11 +101,11 @@ func (s *akvCertProvider) GetCertificates(ctx context.Context, attrib map[string
 	lastRefreshed := time.Now().Format(time.RFC3339)
 
 	for _, keyVaultCert := range keyVaultCerts {
-		logrus.Debugf("fetching object from key vault, certName %v,  keyvault %v", keyVaultCert.CertificateName, keyvaultUri)
+		logrus.Debugf("fetching object from key vault, certName %v,  keyvault %v", keyVaultCert.CertificateName, keyvaultURI)
 
 		// fetch the object from Key Vault
 		startTime := time.Now()
-		keyvaultResult, err := getCertificate(ctx, kvClient, keyvaultUri, keyVaultCert)
+		keyvaultResult, err := getCertificate(ctx, kvClient, keyvaultURI, keyVaultCert)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -206,7 +206,7 @@ func parseAzureEnvironment(cloudName string) (*azure.Environment, error) {
 	return &env, err
 }
 
-func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientId string) (*kv.BaseClient, error) {
+func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientID string) (*kv.BaseClient, error) {
 	kvClient := kv.New()
 	kvEndpoint := strings.TrimSuffix(keyVaultEndpoint, "/")
 
@@ -215,7 +215,7 @@ func initializeKvClient(ctx context.Context, keyVaultEndpoint, tenantID, clientI
 		return nil, fmt.Errorf("failed to add user agent to keyvault client, error: %w", err)
 	}
 
-	kvClient.Authorizer, err = getAuthorizerForWorkloadIdentity(ctx, tenantID, clientId, kvEndpoint)
+	kvClient.Authorizer, err = getAuthorizerForWorkloadIdentity(ctx, tenantID, clientID, kvEndpoint)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get authorizer for keyvault client, error: %w", err)
 	}

pkg/certificateprovider/azurekeyvault/types/parameters.go

@@ -23,9 +23,9 @@ import (
 	"gopkg.in/yaml.v3"
 )
 
-// GetKeyVaultUri returns the key vault name
-func GetKeyVaultUri(parameters map[string]string) string {
-	return strings.TrimSpace(parameters[KeyVaultUriParameter])
+// GetKeyVaultURI returns the key vault name
+func GetKeyVaultURI(parameters map[string]string) string {
+	return strings.TrimSpace(parameters[KeyVaultURIParameter])
 }
 
 // GetCloudName returns the cloud name

pkg/certificateprovider/azurekeyvault/types/parameters_test.go

@@ -30,29 +30,29 @@ func TestGetKeyVaultUri(t *testing.T) {
 		{
 			name: "empty",
 			parameters: map[string]string{
-				KeyVaultUriParameter: "",
+				KeyVaultURIParameter: "",
 			},
 			expected: "",
 		},
 		{
 			name: "not empty",
 			parameters: map[string]string{
-				KeyVaultUriParameter: "https://test.vault.azure.net/",
+				KeyVaultURIParameter: "https://test.vault.azure.net/",
 			},
 			expected: "https://test.vault.azure.net/",
 		},
 		{
 			name: "trim spaces",
 			parameters: map[string]string{
-				KeyVaultUriParameter: " https://test.vault.azure.net/ ",
+				KeyVaultURIParameter: " https://test.vault.azure.net/ ",
 			},
 			expected: "https://test.vault.azure.net/",
 		},
 	}
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			actual := GetKeyVaultUri(test.parameters)
+			actual := GetKeyVaultURI(test.parameters)
 			if actual != test.expected {
 				t.Errorf("GetKeyVaultUri() = %v, expected %v", actual, test.expected)
 			}

pkg/certificateprovider/azurekeyvault/types/types.go

@@ -17,8 +17,8 @@ package types
 // This class is based on implementation from  azure secret store csi provider
 // Source: https://github.com/Azure/secrets-store-csi-driver-provider-azure/tree/release-1.4/pkg/provider
 const (
-	// KeyVaultUriParameter is the name of the key vault URI parameter
-	KeyVaultUriParameter = "vaultURI"
+	// KeyVaultURIParameter is the name of the key vault URI parameter
+	KeyVaultURIParameter = "vaultURI"
 	// CloudNameParameter is the name of the cloud name parameter
 	CloudNameParameter = "cloudName"
 	// TenantIDParameter is the name of the tenant ID parameter

pkg/certificateprovider/inline/provider.go

@@ -42,7 +42,7 @@ func Create() certificateprovider.CertificateProvider {
 }
 
 // returns an array of certificates based on certificate properties defined in attrib map
-func (s *inlineCertProvider) GetCertificates(ctx context.Context, attrib map[string]string) ([]*x509.Certificate, certificateprovider.CertificatesStatus, error) {
+func (s *inlineCertProvider) GetCertificates(_ context.Context, attrib map[string]string) ([]*x509.Certificate, certificateprovider.CertificatesStatus, error) {
 	value, ok := attrib[ValueParameter]
 	if !ok {
 		return nil, nil, fmt.Errorf("value parameter is not set")

pkg/common/oras/authprovider/authprovider.go

@@ -89,12 +89,12 @@ func (s *defaultProviderFactory) Create(authProviderConfig AuthProviderConfig) (
 }
 
 // Enabled always returns true for defaultAuthProvider
-func (d *defaultAuthProvider) Enabled(ctx context.Context) bool {
+func (d *defaultAuthProvider) Enabled(_ context.Context) bool {
 	return true
 }
 
 // Provide reads docker config file and returns corresponding credentials from file if exists
-func (d *defaultAuthProvider) Provide(ctx context.Context, artifact string) (AuthConfig, error) {
+func (d *defaultAuthProvider) Provide(_ context.Context, artifact string) (AuthConfig, error) {
 	// load docker config file at default path if config file path not specified
 	var cfg *configfile.ConfigFile
 	if d.configPath == "" {

pkg/common/oras/authprovider/authprovider_test.go

@@ -48,11 +48,11 @@ const (
 
 type TestAuthProvider struct{}
 
-func (ap *TestAuthProvider) Enabled(ctx context.Context) bool {
+func (ap *TestAuthProvider) Enabled(_ context.Context) bool {
 	return true
 }
 
-func (ap *TestAuthProvider) Provide(ctx context.Context, artifact string) (AuthConfig, error) {
+func (ap *TestAuthProvider) Provide(_ context.Context, _ string) (AuthConfig, error) {
 	return AuthConfig{
 		Username: "test",
 		Password: "testpw",

pkg/common/oras/authprovider/authproviderconfig.go

@@ -16,4 +16,4 @@ limitations under the License.
 package authprovider
 
 // AuthProviderConfig represents the configuration of an AuthProvider
-type AuthProviderConfig map[string]interface{}
+type AuthProviderConfig map[string]interface{} //nolint:revive // ignore linter to have unique type name

pkg/common/oras/authprovider/authproviderfactory.go

@@ -24,7 +24,7 @@ import (
 var builtInAuthProviders = make(map[string]AuthProviderFactory)
 
 // AuthProviderFactory is an interface that defines methods to create an AuthProvider
-type AuthProviderFactory interface {
+type AuthProviderFactory interface { //nolint:revive // ignore linter to have unique type name
 	Create(authProviderConfig AuthProviderConfig) (AuthProvider, error)
 }
 
@@ -76,6 +76,6 @@ func CreateAuthProviderFromConfig(authProviderConfig AuthProviderConfig) (AuthPr
 }
 
 // TODO: add validation
-func validateAuthProviderConfig(authProviderConfig AuthProviderConfig) error {
+func validateAuthProviderConfig(_ AuthProviderConfig) error {
 	return nil
 }

pkg/common/oras/authprovider/authproviderfactory_test.go

@@ -22,7 +22,7 @@ import (
 
 type TestAuthProviderFactory struct{}
 
-func (f *TestAuthProviderFactory) Create(authProviderConfig AuthProviderConfig) (AuthProvider, error) {
+func (f *TestAuthProviderFactory) Create(_ AuthProviderConfig) (AuthProvider, error) {
 	return &TestAuthProvider{}, nil
 }
 

pkg/common/oras/authprovider/aws/awsecrbasic.go

@@ -33,7 +33,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-type AwsEcrBasicProviderFactory struct{}
+type AwsEcrBasicProviderFactory struct{} //nolint:revive // ignore linter to have unique type name
 type awsEcrBasicAuthProvider struct {
 	ecrAuthToken EcrAuthToken
 	providerName string
@@ -140,7 +140,7 @@ func (s *AwsEcrBasicProviderFactory) Create(authProviderConfig provider.AuthProv
 }
 
 // Enabled checks for non-empty AWS IAM creds
-func (d *awsEcrBasicAuthProvider) Enabled(ctx context.Context) bool {
+func (d *awsEcrBasicAuthProvider) Enabled(_ context.Context) bool {
 	if d.providerName == "" {
 		logrus.Error("basic ECR providerName was empty")
 		return false

pkg/common/oras/authprovider/azure/azureidentity.go

@@ -100,7 +100,7 @@ func (s *azureManagedIdentityProviderFactory) Create(authProviderConfig provider
 }
 
 // Enabled checks for non empty tenant ID and AAD access token
-func (d *azureManagedIdentityAuthProvider) Enabled(ctx context.Context) bool {
+func (d *azureManagedIdentityAuthProvider) Enabled(_ context.Context) bool {
 	if d.clientID == "" {
 		return false
 	}
@@ -139,10 +139,10 @@ func (d *azureManagedIdentityAuthProvider) Provide(ctx context.Context, artifact
 		logrus.Info("successfully refreshed azure managed identity token")
 	}
 	// add protocol to generate complete URI
-	serverUrl := "https://" + artifactHostName
+	serverURL := "https://" + artifactHostName
 
 	// create registry client and exchange AAD token for registry refresh token
-	refreshTokenClient := containerregistry.NewRefreshTokensClient(serverUrl)
+	refreshTokenClient := containerregistry.NewRefreshTokensClient(serverURL)
 	rt, err := refreshTokenClient.GetFromExchange(ctx, "access_token", artifactHostName, d.tenantID, "", d.identityToken.Token)
 	if err != nil {
 		return provider.AuthConfig{}, fmt.Errorf("failed to get refresh token for container registry by azure managed identity token - %w", err)

pkg/common/oras/authprovider/azure/azureworkloadidentity.go

@@ -32,7 +32,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-type AzureWIProviderFactory struct{}
+type AzureWIProviderFactory struct{} //nolint:revive // ignore linter to have unique type name
 type azureWIAuthProvider struct {
 	aadToken confidential.AuthResult
 	tenantID string
@@ -92,7 +92,7 @@ func (s *AzureWIProviderFactory) Create(authProviderConfig provider.AuthProvider
 }
 
 // Enabled checks for non empty tenant ID and AAD access token
-func (d *azureWIAuthProvider) Enabled(ctx context.Context) bool {
+func (d *azureWIAuthProvider) Enabled(_ context.Context) bool {
 	if d.tenantID == "" || d.clientID == "" {
 		return false
 	}
@@ -128,10 +128,10 @@ func (d *azureWIAuthProvider) Provide(ctx context.Context, artifact string) (pro
 	}
 
 	// add protocol to generate complete URI
-	serverUrl := "https://" + artifactHostName
+	serverURL := "https://" + artifactHostName
 
 	// create registry client and exchange AAD token for registry refresh token
-	refreshTokenClient := containerregistry.NewRefreshTokensClient(serverUrl)
+	refreshTokenClient := containerregistry.NewRefreshTokensClient(serverURL)
 	startTime := time.Now()
 	rt, err := refreshTokenClient.GetFromExchange(context.Background(), "access_token", artifactHostName, d.tenantID, "", d.aadToken.AccessToken)
 	if err != nil {

pkg/common/oras/authprovider/k8secret_authprovider.go

@@ -101,7 +101,7 @@ func (s *k8SecretProviderFactory) Create(authProviderConfig AuthProviderConfig)
 }
 
 // Enabled checks if ratify namespace, config, or cluster client set is nil
-func (d *k8SecretAuthProvider) Enabled(ctx context.Context) bool {
+func (d *k8SecretAuthProvider) Enabled(_ context.Context) bool {
 	if d.ratifyNamespace == "" || d.clusterClientSet == nil {
 		return false
 	}

pkg/common/plugin/args.go

@@ -20,7 +20,7 @@ import (
 	"strings"
 )
 
-type PluginArgs interface {
+type PluginArgs interface { //nolint:revive // ignore linter to have unique type name
 	AsEnviron() []string
 }
 

pkg/common/plugin/download.go

@@ -33,7 +33,7 @@ import (
 	"oras.land/oras-go/v2/registry/remote/auth"
 )
 
-type PluginSource struct {
+type PluginSource struct { //nolint:revive // ignore linter to have unique type name
 	Artifact     string                          `json:"artifact"`
 	AuthProvider authprovider.AuthProviderConfig `json:"authProvider,omitempty"`
 }