Merge branch 'main' into lint-path2

Author: tstromberg

.golangci.yml

@@ -18,6 +18,12 @@ linters-settings:
     min-occurrences: 5
     ignore-tests: true
 
+  gosec:
+    excludes:
+      - G107 # Potential HTTP request made with variable url
+      - G204 # Subprocess launched with function call as argument or cmd arguments
+      - G404 # Use of weak random number generator (math/rand instead of crypto/rand
+
   errorlint:
     # these are still common in Go: for instance, exit errors.
     asserts: false
@@ -29,9 +35,9 @@ linters-settings:
     min-complexity: 8
 
   nolintlint:
-      require-explanation: true
-      allow-unused: false
-      require-specific: true
+    require-explanation: true
+    allow-unused: false
+    require-specific: true
 
   revive:
     ignore-generated-header: true
@@ -108,6 +114,8 @@ linters:
     - gocritic
     - godot
     - gofmt
+    - gofumpt
+    - gosec
     - goheader
     - goimports
     - goprintffuncname
@@ -154,17 +162,12 @@ linters:
   # - nlreturn
   # - testpackage
   # - wsl
-
   # Disabled linters, due to not being relevant to our code base:
   # - maligned
   # - prealloc "For most programs usage of prealloc will be a premature optimization."
-
   # Disabled linters due to bad error messages or bugs
-  # - gofumpt
-  # - gosec
   # - tagliatelle
 
-
 issues:
   # Excluding configuration per-path, per-linter, per-text and per-source
   exclude-rules:

Makefile

@@ -21,7 +21,7 @@ GOLINT_CONFIG:=$(shell dirname $(LINT_ROOT)/.golangci.yml)
 
 lint: out/linters/shellcheck-$(SHELLCHECK_VERSION)-$(LINT_ARCH)/shellcheck out/linters/hadolint-$(HADOLINT_VERSION)-$(LINT_ARCH) out/linters/golangci-lint-$(GOLINT_VERSION)-$(LINT_ARCH)
 	out/linters/golangci-lint-$(GOLINT_VERSION)-$(LINT_ARCH) run
-	out/linters/hadolint-$(HADOLINT_VERSION)-$(LINT_ARCH) -t info $(shell find . -name "*Dockerfile")
+	out/linters/hadolint-$(HADOLINT_VERSION)-$(LINT_ARCH) $(shell find . -name "*Dockerfile")
 	out/linters/shellcheck-$(SHELLCHECK_VERSION)-$(LINT_ARCH)/shellcheck $(shell find . -name "*.sh")
 
 out/linters/shellcheck-$(SHELLCHECK_VERSION)-$(LINT_ARCH)/shellcheck:

lint-install.go

@@ -128,7 +128,7 @@ func updateMakefile(root string, cfg Config, dryRun bool) (string, error) {
 	edits := myers.ComputeEdits("Makefile", string(existing), string(proposed))
 	change := gotextdiff.ToUnified(filepath.Base(dest), filepath.Base(dest), string(existing), edits)
 	if !dryRun {
-		if err := os.WriteFile(dest, proposed, 0755); err != nil {
+		if err := os.WriteFile(dest, proposed, 0o600); err != nil {
 			return "", err
 		}
 	}
@@ -154,7 +154,7 @@ func updateGoLint(root string, dryRun bool) (string, error) {
 	change := gotextdiff.ToUnified(filepath.Base(dest), filepath.Base(dest), string(existing), edits)
 
 	if !dryRun {
-		if err := os.WriteFile(dest, goLintConfig, 0755); err != nil {
+		if err := os.WriteFile(dest, goLintConfig, 0o600); err != nil {
 			return "", err
 		}
 	}
@@ -176,7 +176,6 @@ func goLintCmd(root string, level string) string {
 		},
 		Unsorted: true,
 	})
-
 	if err != nil {
 		klog.Errorf("unable to find go.mod files: %v", err)
 	}
@@ -205,11 +204,12 @@ func shellLintCmd(_ string, level string) string {
 
 // dockerLintCmd returns the appropriate docker lint command for a project.
 func dockerLintCmd(_ string, level string) string {
-	threshold := "info"
+	f := ""
 	if level == "warn" {
-		threshold = "none"
+		f = " --no-fail"
 	}
-	return fmt.Sprintf(`out/linters/hadolint-$(HADOLINT_VERSION)-$(LINT_ARCH) -t %s $(shell find . -name "*Dockerfile")`, threshold)
+
+	return fmt.Sprintf(`out/linters/hadolint-$(HADOLINT_VERSION)-$(LINT_ARCH)%s $(shell find . -name "*Dockerfile")`, f)
 }
 
 // main creates peanut butter & jelly sandwiches with utmost precision.