resolve security vulnerabilities and improve workflows (#281)

* upgrade go version, resolve security vulnerabilities and improve workflows

* remove windows tests

* simplify security pipeline

* upgrade to go1.24.9

* update workflows go version

* fix lint

* remove wrong, unnecessary and failing code

* go mod tidy

* lowercase workflow names

* matching name

* dont make pipelines run twice

Author: giornetta

.github/workflows/lint.yml

@@ -1,23 +1,24 @@
-on: [push, pull_request]
-name: Lint
+on:
+  push:
+    branches: [master]
+  pull_request:
+name: lint
+
 jobs:
-  test:
-    strategy:
-      matrix:
-        go-version: [1.20.x, 1.21.x]
-        os: [ubuntu-latest]
-    runs-on: ${{ matrix.os }}
+  lint:
+    runs-on: ubuntu-latest
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v5
+
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v6
       with:
-        go-version: ${{ matrix.go-version }}
-    - name: Checkout code
-      uses: actions/checkout@v2
-    - name: setup env
-      run: |
-        echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
-        echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
-      shell: bash
-    - name: lint
-      uses: Jerome1337/golint-action@v1.0.2
+        go-version: ${{ vars.GO_VERSION || '1.24.9' }}
+        cache: true
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v8
+      with:
+        version: latest
+        args: --timeout=5m

.github/workflows/security.yml

@@ -0,0 +1,18 @@
+on:
+  push:
+    branches: [master]
+  pull_request:
+name: security
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v5
+
+    - name: Run govulncheck
+      uses: golang/govulncheck-action@v1
+      with:
+        go-version-input: ${{ vars.GO_VERSION || '1.24.9' }}
+        go-package: ./...

.github/workflows/test.yml

@@ -1,21 +1,42 @@
-on: [push, pull_request]
-name: Test
+on:
+  push:
+    branches: [master]
+  pull_request:
+name: test
+
 jobs:
   test:
-    strategy:
-      matrix:
-        go-version: [1.20.x, 1.21.x, 1.22.x]
-        os: [ubuntu-latest, windows-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v5
+
     - name: Install Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v6
       with:
-        go-version: ${{ matrix.go-version }}
-    - name: Checkout code
-      uses: actions/checkout@v2
-    - name: Test
-      run: go test ./...
-    - name: Ensure correctly formatted
-      if: runner.os == 'Linux'
-      run: test -z "$(gofmt -l $(find . -type f -name '*.go'))"
+        go-version: ${{ vars.GO_VERSION || '1.24.9' }}
+        cache: true
+
+    - name: Verify dependencies
+      run: |
+        go mod download
+        go mod verify
+
+    - name: Check go.mod and go.sum are tidy
+      run: |
+        go mod tidy
+        git diff --exit-code go.mod go.sum
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Run tests
+      run: go test -v -race ./...
+
+    - name: Check formatting
+      run: |
+        if [ -n "$(gofmt -l .)" ]; then
+          echo "The following files are not formatted:"
+          gofmt -l .
+          exit 1
+        fi

.golangci.yml

@@ -0,0 +1,46 @@
+# golangci-lint v2 configuration
+# See https://golangci-lint.run/docs/configuration/ for full options
+
+version: "2"
+
+linters:
+  enable:
+    - errcheck
+    - govet
+    - misspell
+    - revive
+
+  settings:
+    errcheck:
+      # Don't check error returns for these functions
+      exclude-functions:
+        - (*net/http.Response.Body).Close
+        - (net/http.ResponseWriter).Write
+
+    revive:
+      rules:
+        # Disable overly strict rules
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+        - name: unexported-return
+          disabled: true
+
+  exclusions:
+    # Enable predefined exclusion presets
+    presets:
+      - std-error-handling
+      - common-false-positives
+
+    # Custom exclusion rules
+    rules:
+      # Exclude errcheck for deferred Close() calls
+      - linters:
+          - errcheck
+        text: Error return value of.*\.Close.* is not checked
+
+formatters:
+  enable:
+    - gofmt
+    - goimports

disk_image.go

@@ -7,8 +7,6 @@ import (
 	"fmt"
 	"strings"
 	"time"
-
-	"golang.org/x/mod/semver"
 )
 
 // DiskImage represents a serialized structure
@@ -162,33 +160,6 @@ func (c *Client) GetDiskImageByName(name string) (*DiskImage, error) {
 	return nil, errors.New("diskimage not found")
 }
 
-// GetMostRecentDistro finds the highest version of a specified distro
-func (c *Client) GetMostRecentDistro(name string) (*DiskImage, error) {
-	resp, err := c.ListDiskImages()
-	if err != nil {
-		return nil, decodeError(err)
-	}
-
-	var highestVersionDistro *DiskImage
-
-	for _, diskimage := range resp {
-		if strings.Contains(diskimage.Name, name) {
-			if highestVersionDistro == nil {
-				highestVersionDistro = &diskimage
-			} else {
-				if semver.Compare(highestVersionDistro.Version, diskimage.Version) < 0 {
-					highestVersionDistro = &diskimage
-				}
-			}
-		}
-	}
-	if highestVersionDistro == nil {
-		return nil, fmt.Errorf("%s image not found", name)
-	}
-
-	return highestVersionDistro, nil
-}
-
 // CreateDiskImage creates a new disk image entry and returns a pre-signed URL for uploading
 func (c *Client) CreateDiskImage(params *CreateDiskImageParams) (*CreateDiskImageResponse, error) {
 	url := "/v2/disk_images"

disk_image_test.go

@@ -6,14 +6,6 @@ import (
 	"time"
 )
 
-func TestClienterDiskImage(t *testing.T) {
-	var c Clienter
-
-	c, _ = NewClient("foo", "NYC1")
-	c, _ = NewFakeClient()
-	_, _ = c.ListDiskImages()
-}
-
 func TestGetDiskImage(t *testing.T) {
 	client, server, _ := NewClientForTesting(map[string]string{
 		"/v2/disk_images/b82168fe-66f6-4b38-a3b8-5283542d5475": `{
@@ -201,20 +193,3 @@ func TestGetDiskImageByName(t *testing.T) {
 		t.Errorf("Expected %s, got %s", "329d473e-f110-4852-b2fa-fe65aa6bff4a", got.ID)
 	}
 }
-
-func TestGetMostRecentDistro(t *testing.T) {
-	client, server, _ := NewClientForTesting(map[string]string{
-		"/v2/disk_images": `[{ "ID": "329d473e-f110-4852-b2fa-fe65aa6bff4a", "Name": "ubuntu-bionic", "Version": "18.04", "State": "available", "Distribution": "ubuntu", "Description": "", "Label": "bionic" }, { "ID": "77bea4dd-bfd4-492c-823d-f92eb6dd962d", "Name": "ubuntu-focal", "Version": "20.04", "State": "available", "Distribution": "ubuntu", "Description": "", "Label": "focal" }]`,
-	})
-	defer server.Close()
-
-	got, err := client.GetMostRecentDistro("ubuntu")
-	if err != nil {
-		t.Errorf("Request returned an error: %s", err)
-		return
-	}
-
-	if got.Name != "ubuntu-focal" {
-		t.Errorf("Expected %s, got %s", "ubuntu-focal", got.Name)
-	}
-}

errors.go

@@ -1060,7 +1060,7 @@ func decodeError(err error) error {
 			err := errors.New(msg.String())
 			return KubernetesClusterInvalidNameError.wrap(err)
 		default:
-			err := fmt.Errorf(fmt.Sprintf("Unknown error response - status: %s, code: %d, reason: %s", errorData.Status, errorData.Code, errorData.Reason))
+			err := fmt.Errorf("unknown error response - status: %s, code: %d, reason: %s", errorData.Status, errorData.Code, errorData.Reason)
 			return CommonError.wrap(err)
 		}
 	}

fake_client_test.go

@@ -10,10 +10,12 @@ import (
 func TestClienter(t *testing.T) {
 	var c Clienter
 
-	c, _ = NewClient("foo", "NYC1")
-	c, _ = NewFakeClient()
-	_, _ = c.ListAllInstances()
-	c.ListIPs()
+	c, err := NewClient("foo", "NYC1")
+	if err != nil {
+		t.Fail()
+	}
+
+	_ = c
 }
 
 // TestIPs is a test for the IPs method.
@@ -60,7 +62,11 @@ func TestInstances(t *testing.T) {
 		Count:    1,
 		Hostname: "foo.example.com",
 	}
-	client.CreateInstance(config)
+	_, err := client.CreateInstance(config)
+	if err != nil {
+		t.Errorf("Request returned an error: %s", err)
+		return
+	}
 
 	results, err := client.ListInstances(1, 10)
 	if err != nil {

go.mod

@@ -1,6 +1,6 @@
 module github.com/civo/civogo
 
-go 1.20
+go 1.24.9
 
 require (
 	github.com/google/go-querystring v1.1.0
@@ -16,9 +16,8 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	golang.org/x/mod v0.17.0
-	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect