chore(ci): refresh

Signed-off-by: Thomas Fossati <[email protected]>

Author: thomas-fossati

.github/workflows/ci-go-cover.yml

@@ -15,7 +15,7 @@
 # 2. Update README.md to use the new path to badge.svg because the path includes the workflow name.
 
 name: cover ≥82.9%
-on: [push]
+on: [push, pull_request]
 jobs:
 
   # Verify minimum coverage is reached using `go test -short -cover` on latest-ubuntu with default version of Go.
@@ -24,8 +24,11 @@ jobs:
     name: Coverage
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: "1.23.0"
     - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
     - name: Go Coverage
       run: |
         go version

.github/workflows/ci.yml

@@ -1,19 +1,22 @@
 # GitHub Actions - CI for Go to build & test.  See ci-go-cover.yml and linters.yml for code coverage and linters.
 # Taken from: https://github.com/fxamacker/cbor/workflows/ci.yml (thanks!)
 name: ci
-on: [push]
+on: [push, pull_request]
 jobs:
 
   # Test on Ubuntu
   tests:
     name: Test on Ubuntu
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: "1.23.0"
     - name: Checkout code
-      uses: actions/checkout@v1
+      uses: actions/checkout@v4
       with:
         fetch-depth: 1
     - name: Run tests
       run: |
         go version
-        make test
+        make test

.github/workflows/linters.yml

@@ -1,26 +1,21 @@
 # Go Linters - GitHub Actions
 name: linters
-on: [push]
+on: [push, pull_request]
 jobs:
 
   # Check linters on latest-ubuntu with default version of Go.
   lint:
     name: Lint
     runs-on: ubuntu-latest
-    env:
-     GO111MODULE: on
     steps:
-    - name: Setup go
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v3
       with:
-        go-version: "1.19"
+        go-version: "1.23"
     - name: Checkout code
       uses: actions/checkout@v2
     - name: Install golangci-lint
       run: |
         go version
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.48.0
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6
     - name: Run required linters in .golangci.yml plus hard-coded ones here
       run: make -w GOLINT=$(go env GOPATH)/bin/golangci-lint lint
-    - name: Run optional linters (not required to pass)
-      run: make GOLINT=$(go env GOPATH)/bin/golangci-lint lint-extra

.golangci.yml

@@ -1,64 +1,69 @@
 # Do not delete linter settings. Linters like gocritic can be enabled on the command line.
 
-linters-settings:
-  dupl:
-    threshold: 100
-  funlen:
-    lines: 100
-    statements: 50
-  goconst:
-    min-len: 2
-    min-occurrences: 3
-  gocritic:
-    enabled-tags:
-      - diagnostic
-      - experimental
-      - opinionated
-      - performance
-      - style
-    disabled-checks:
-      - dupImport # https://github.com/go-critic/go-critic/issues/845
-      - ifElseChain
-      - octalLiteral
-      - paramTypeCombine
-      - whyNoLint
-      - wrapperFunc    
-  gofmt:
-    simplify: false    
-  goimports:
-  golint:
-    min-confidence: 0
-  govet:
-    check-shadowing: true
-  lll:
-    line-length: 140
-  maligned:
-    suggest-new: true
-  misspell:
-    locale: US
-
-linters:
-  disable-all: true
+formatters:
   enable:
-    - deadcode
-    - errcheck
-    - goconst
-    - gocyclo
     - gofmt
     - goimports
-    - golint
-    - gosec
-    - govet
-    - ineffassign
-    - maligned
-    - misspell
-    - staticcheck
-    - structcheck
-    - typecheck
-    - unconvert
-    - unused
-    - varcheck
+  settings:
+    gofmt:
+      simplify: false
 
+linters:
+  default: none
+  enable:
+    - dupl # style
+    - errcheck # bugs
+    - funlen # complexity
+    - goconst # style
+    - gocritic # metalinter
+    - gocyclo # complexity
+    - gosec # bugs
+    - govet # bugs
+    - ineffassign
+    - lll  # style
+    - misspell # comment
+    - staticcheck # metalinter
+    - unconvert # style
+    - unused # unused
+  exclusions:
+    rules:
+      - path: '(.+)_test\.go'
+        linters:
+          - dupl
+          - funlen
+          - lll
+          - goconst
+  settings:
+    dupl:
+      threshold: 100
+    funlen:
+      lines: 100
+      statements: 50
+    goconst:
+      min-len: 2
+      min-occurrences: 3
+    gocritic:
+      enabled-tags:
+        - diagnostic
+        - experimental
+        - opinionated
+        - performance
+        - style
+      disabled-checks:
+        - dupImport # https://github.com/go-critic/go-critic/issues/845
+        - ifElseChain
+        - octalLiteral
+        - paramTypeCombine
+        - whyNoLint
+        - wrapperFunc
+        - hugeParam
+    govet:
+      enable:
+        - shadow
+    lll:
+      line-length: 140
+    misspell:
+      locale: US
 
 issues:
   # max-issues-per-linter default is 50.  Set to 0 to disable limit.
@@ -72,14 +77,16 @@ issues:
         - goconst
         - dupl
         - gomnd
-        - lll        
+        - lll
     - path: doc\.go
       linters:
         - goimports
         - gomnd
         - lll
+    - path: psatoken_fuzz_test.go
+      linters:
+        # the Fuzz function is only invoked by go-fuzz, therefore golangci will
+        # see it as unused
+        - unused
 
-# golangci.com configuration
-# https://github.com/golangci/golangci/wiki/Configuration
-service:
-  golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly
+version: "2"

auth/tls.go

@@ -19,7 +19,7 @@ func NewTLSTransport(certPaths []string) (*http.Transport, error) {
 	}
 
 	for _, certPath := range certPaths {
-		rawCert, err := os.ReadFile(certPath)
+		rawCert, err := os.ReadFile(certPath) // nolint: gosec
 		if err != nil {
 			return nil, fmt.Errorf("could not read cert: %w", err)
 		}

common/common.go

@@ -43,7 +43,7 @@ func ResolveReference(baseURI, referenceURI string) (string, error) {
 }
 
 func DecodeJSONBody(res *http.Response, j interface{}) error {
-	defer res.Body.Close()
+	defer res.Body.Close() // nolint: errcheck
 
 	return json.NewDecoder(res.Body).Decode(&j)
 }

provisioning/provisioning.go

@@ -128,9 +128,10 @@ func (cfg SubmitConfig) Run(endorsement []byte, mediaType string) error {
 	// see whether the server is handling our request synchronously or not
 	// (sync)
 	if res.StatusCode == http.StatusOK {
-		if j.Status == common.APIStatusSuccess {
+		switch j.Status {
+		case common.APIStatusSuccess:
 			return nil
-		} else if j.Status == common.APIStatusFailed {
+		case common.APIStatusFailed:
 			s := "submission failed"
 			if j.FailureReason != nil {
 				s += fmt.Sprintf(": %s", *j.FailureReason)

verification/challengeresponse.go

@@ -175,7 +175,7 @@ func (cfg *ChallengeResponseConfig) Run() ([]byte, error) {
 	return cfg.ChallengeResponse(evidence, mediaType, sessionURI)
 }
 
-func (cfg ChallengeResponseConfig) wrapEvidenceInCMW(evidence []byte, mt string) ([]byte, string, error) {
+func (cfg ChallengeResponseConfig) wrapEvidenceInCMW(evidence []byte, mt string) ([]byte, string, error) { // nolint: gocritic
 	c, err := cmw.NewMonad(mt, evidence, cmw.Evidence)
 	if err != nil {
 		return nil, "", fmt.Errorf("CMW creation failed: %w", err)
@@ -185,13 +185,13 @@ func (cfg ChallengeResponseConfig) wrapEvidenceInCMW(evidence []byte, mt string)
 	case WrapCBOR:
 		cm, err := c.MarshalCBOR()
 		if err != nil {
-			return nil, "", fmt.Errorf("CMW CBOR marshalling failed: %w", err)
+			return nil, "", fmt.Errorf("CMW CBOR marshaling failed: %w", err)
 		}
 		return cm, "application/vnd.veraison.cmw+cbor", nil
 	case WrapJSON:
 		cm, err := c.MarshalJSON()
 		if err != nil {
-			return nil, "", fmt.Errorf("CMW JSON marshalling failed: %w", err)
+			return nil, "", fmt.Errorf("CMW JSON marshaling failed: %w", err)
 		}
 		return cm, "application/vnd.veraison.cmw+json", nil
 	}

verification/challengeresponse_test.go

@@ -378,7 +378,7 @@ func TestChallengeResponseConfig_ChallengeResponse_sync_ok(t *testing.T) {
 		assert.Equal(t, http.MethodPost, r.Method)
 		assert.Equal(t, "application/vnd.veraison.challenge-response-session+json", r.Header.Get("Accept"))
 		assert.Equal(t, mediaType, r.Header.Get("Content-Type"))
-		defer r.Body.Close()
+		defer r.Body.Close() // nolint: errcheck
 		reqBody, _ := io.ReadAll(r.Body)
 		assert.Equal(t, evidence, reqBody)
 
@@ -883,7 +883,7 @@ func TestChallengeResponseConfig_Run_async_CMWWrap(t *testing.T) {
 		})
 
 		client, teardown := common.NewTestingHTTPClient(h)
-		defer teardown()
+		defer teardown() // nolint: gocritic
 		cfg := ChallengeResponseConfig{
 			Nonce:           testNonce,
 			NewSessionURI:   testNewSessionURI,

verification/discovery.go

@@ -54,7 +54,7 @@ func (cfg *DiscoveryConfig) SetIsInsecure() {
 
 // SetCerts sets the CA certificates to the specified paths
 func (cfg *DiscoveryConfig) SetCerts(paths []string) error {
-	if paths == nil || len(paths) == 0 {
+	if len(paths) == 0 {
 		return errors.New("no CA certificate paths supplied")
 	}
 	cfg.caCerts = paths