chore: Upgrade golangci-lint to v2.8.0 (#5365)

* fix: Upgrading `golangci-lint` to `2.8.0`

* fix: Adding `run-lint-fix` recipe

* fix: Running auto lint fixes

* fix: More involved lint fixes

* chore: Removing disabled lints

* chore: Removing disabled checks for gocritic

* fix: Addressing removal of disabled checks for gocritic

* fix: Addressing errors

* fix: Fixing config methods

* fix: Fixing more pointer semantics

* fix: Adding parsing recursion limit

* fix: Adjusting context usage, as tests were resulting in stack overflows

* fix: Addressing lint

* fix: Making runner pool controller more reliable

* fix: Fixing stack overflow from context

* fix: Fixing parse test

* fix: Avoiding recursive credential resolution

Author: yhakbar

.golangci.yml

@@ -55,15 +55,6 @@ linters:
     - wastedassign
     - wsl_v5
     - zerologlint
-  disable:
-    - depguard
-    - exhaustruct
-    - gocyclo
-    - gosec
-    - nolintlint
-    - recvcheck
-    - varnamelen
-    - wrapcheck
   settings:
     dupl:
       threshold: 120
@@ -80,11 +71,6 @@ linters:
       min-len: 3
       min-occurrences: 5
     gocritic:
-      disabled-checks:
-        - regexpMust
-        - rangeValCopy
-        - appendAssign
-        - hugeParam
       enabled-tags:
         - performance
       disabled-tags:

Makefile

@@ -39,6 +39,10 @@ run-lint:
 	@echo "Linting with feature flags: [$(LINT_TAGS)]"
 	GOFLAGS="-tags=$(LINT_TAGS)" golangci-lint run -v --timeout=10m ./...
 
+run-lint-fix:
+	@echo "Linting with feature flags: [$(LINT_TAGS)]"
+	GOFLAGS="-tags=$(LINT_TAGS)" golangci-lint run -v --timeout=10m --fix ./...
+
 run-strict-lint:
 	golangci-lint run -v --timeout=10m -c .strict.golangci.yml --new-from-rev origin/main ./...
 
@@ -51,4 +55,4 @@ license-check:
 	licensei check --debug
 	licensei header --debug
 
-.PHONY: help fmt fmtcheck install-pre-commit-hook clean run-lint run-strict-lint
+.PHONY: help fmt fmtcheck install-pre-commit-hook clean run-lint run-lint-fix run-strict-lint

internal/awshelper/config.go

@@ -276,19 +276,19 @@ func AssumeIamRole(
 }
 
 // GetAWSCallerIdentity gets the caller identity from AWS
-func GetAWSCallerIdentity(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error) {
-	stsClient := sts.NewFromConfig(cfg)
+func GetAWSCallerIdentity(ctx context.Context, cfg *aws.Config) (*sts.GetCallerIdentityOutput, error) {
+	stsClient := sts.NewFromConfig(*cfg)
 	return stsClient.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
 }
 
 // ValidateAwsConfig validates that the AWS config has valid credentials
-func ValidateAwsConfig(ctx context.Context, cfg aws.Config) error {
+func ValidateAwsConfig(ctx context.Context, cfg *aws.Config) error {
 	_, err := GetAWSCallerIdentity(ctx, cfg)
 	return err
 }
 
 // GetAWSPartition gets the AWS partition from the caller identity
-func GetAWSPartition(ctx context.Context, cfg aws.Config) (string, error) {
+func GetAWSPartition(ctx context.Context, cfg *aws.Config) (string, error) {
 	result, err := GetAWSCallerIdentity(ctx, cfg)
 	if err != nil {
 		return "", err
@@ -310,8 +310,8 @@ func GetAWSPartition(ctx context.Context, cfg aws.Config) (string, error) {
 }
 
 // GetAWSAccountAlias gets the AWS account alias
-func GetAWSAccountAlias(ctx context.Context, cfg aws.Config) (string, error) {
-	iamClient := iam.NewFromConfig(cfg)
+func GetAWSAccountAlias(ctx context.Context, cfg *aws.Config) (string, error) {
+	iamClient := iam.NewFromConfig(*cfg)
 
 	result, err := iamClient.ListAccountAliases(ctx, &iam.ListAccountAliasesInput{})
 	if err != nil {
@@ -326,7 +326,7 @@ func GetAWSAccountAlias(ctx context.Context, cfg aws.Config) (string, error) {
 }
 
 // GetAWSAccountID gets the AWS account ID from the caller identity
-func GetAWSAccountID(ctx context.Context, cfg aws.Config) (string, error) {
+func GetAWSAccountID(ctx context.Context, cfg *aws.Config) (string, error) {
 	result, err := GetAWSCallerIdentity(ctx, cfg)
 	if err != nil {
 		return "", err
@@ -336,7 +336,7 @@ func GetAWSAccountID(ctx context.Context, cfg aws.Config) (string, error) {
 }
 
 // GetAWSIdentityArn gets the AWS identity ARN from the caller identity
-func GetAWSIdentityArn(ctx context.Context, cfg aws.Config) (string, error) {
+func GetAWSIdentityArn(ctx context.Context, cfg *aws.Config) (string, error) {
 	result, err := GetAWSCallerIdentity(ctx, cfg)
 	if err != nil {
 		return "", err
@@ -346,7 +346,7 @@ func GetAWSIdentityArn(ctx context.Context, cfg aws.Config) (string, error) {
 }
 
 // GetAWSUserID gets the AWS user ID from the caller identity
-func GetAWSUserID(ctx context.Context, cfg aws.Config) (string, error) {
+func GetAWSUserID(ctx context.Context, cfg *aws.Config) (string, error) {
 	result, err := GetAWSCallerIdentity(ctx, cfg)
 	if err != nil {
 		return "", err
@@ -369,6 +369,7 @@ func ValidatePublicAccessBlock(output *s3.GetPublicAccessBlockOutput) (bool, err
 		aws.ToBool(config.RestrictPublicBuckets), nil
 }
 
+//nolint:gocritic // hugeParam: intentionally pass by value to avoid recursive credential resolution
 func getWebIdentityCredentialsFromIAMRoleOptions(cfg aws.Config, iamRoleOptions options.IAMRoleOptions) aws.CredentialsProviderFunc {
 	roleSessionName := iamRoleOptions.AssumeRoleSessionName
 	if roleSessionName == "" {
@@ -411,6 +412,7 @@ func getWebIdentityCredentialsFromIAMRoleOptions(cfg aws.Config, iamRoleOptions
 	}
 }
 
+//nolint:gocritic // hugeParam: intentionally pass by value to avoid recursive credential resolution
 func getSTSCredentialsFromIAMRoleOptions(cfg aws.Config, iamRoleOptions options.IAMRoleOptions, externalID string) aws.CredentialsProviderFunc {
 	return func(ctx context.Context) (aws.Credentials, error) {
 		stsClient := sts.NewFromConfig(cfg)

internal/cas/tree_test.go

@@ -215,6 +215,7 @@ func TestLinkTree(t *testing.T) {
 
 				storeDir := helpers.TmpDirWOSymlinks(t)
 				store := cas.NewStore(storeDir)
+
 				return store, ""
 			},
 			treeData: []byte(""),
@@ -232,6 +233,7 @@ func TestLinkTree(t *testing.T) {
 
 				storeDir := helpers.TmpDirWOSymlinks(t)
 				store := cas.NewStore(storeDir)
+
 				return store, ""
 			},
 			treeData: []byte(`100644 blob missing123 README.md`),

internal/cli/app_test.go

@@ -452,15 +452,15 @@ func TestParseTerragruntOptionsFromArgs(t *testing.T) {
 				assert.EqualError(t, actualErr, tc.expectedErr.Error())
 			} else {
 				require.NoError(t, actualErr)
-				assertOptionsEqual(t, *tc.expectedOptions, *actualOptions, "For args %v", tc.args)
+				assertOptionsEqual(t, tc.expectedOptions, actualOptions, "For args %v", tc.args)
 			}
 		})
 	}
 }
 
 // We can't do a direct comparison between TerragruntOptions objects because we can't compare Logger or RunTerragrunt
 // instances. Therefore, we have to manually check everything else.
-func assertOptionsEqual(t *testing.T, expected options.TerragruntOptions, actual options.TerragruntOptions, msgAndArgs ...any) {
+func assertOptionsEqual(t *testing.T, expected *options.TerragruntOptions, actual *options.TerragruntOptions, msgAndArgs ...any) {
 	t.Helper()
 
 	// Normalize path separators for cross-platform compatibility

internal/cli/commands/catalog/tui/keys.go

@@ -80,7 +80,7 @@ type delegateKeyMap struct {
 
 // Additional short help entries. This satisfies the help.KeyMap interface and
 // is entirely optional.
-func (d delegateKeyMap) ShortHelp() []key.Binding {
+func (d delegateKeyMap) ShortHelp() []key.Binding { //nolint:gocritic
 	return []key.Binding{
 		d.choose,
 		d.scaffold,
@@ -89,7 +89,7 @@ func (d delegateKeyMap) ShortHelp() []key.Binding {
 
 // Additional full help entries. This satisfies the help.KeyMap interface and
 // is entirely optional.
-func (d delegateKeyMap) FullHelp() [][]key.Binding {
+func (d delegateKeyMap) FullHelp() [][]key.Binding { //nolint:gocritic
 	return [][]key.Binding{
 		{
 			d.choose,
@@ -143,7 +143,7 @@ type pagerKeyMap struct {
 
 // ShortHelp returns keybindings to be shown in the mini help view. It's part
 // of the key.Map interface.
-func (keys pagerKeyMap) ShortHelp() []key.Binding {
+func (keys pagerKeyMap) ShortHelp() []key.Binding { //nolint:gocritic
 	return []key.Binding{
 		keys.Up,
 		keys.Down,
@@ -158,7 +158,7 @@ func (keys pagerKeyMap) ShortHelp() []key.Binding {
 
 // FullHelp returns keybindings for the expanded help view. It's part of the
 // key.Map interface.
-func (keys pagerKeyMap) FullHelp() [][]key.Binding {
+func (keys pagerKeyMap) FullHelp() [][]key.Binding { //nolint:gocritic
 	return [][]key.Binding{
 		{keys.Up, keys.Down, keys.PageDown, keys.PageUp},                   // first column
 		{keys.Navigation, keys.NavigationBack, keys.Choose, keys.Scaffold}, // second column

internal/cli/commands/catalog/tui/model.go

@@ -117,7 +117,7 @@ func NewModel(l log.Logger, opts *options.TerragruntOptions, svc catalog.Catalog
 }
 
 // Init implements bubbletea.Model.Init
-func (m Model) Init() tea.Cmd {
+func (m Model) Init() tea.Cmd { //nolint:gocritic
 	return tea.Batch(
 		m.buttonBar.Init(),
 	)

internal/cli/commands/catalog/tui/update.go

@@ -18,7 +18,7 @@ import (
 	"github.com/gruntwork-io/terragrunt/pkg/log"
 )
 
-func updateList(msg tea.Msg, m Model) (tea.Model, tea.Cmd) {
+func updateList(msg tea.Msg, m Model) (tea.Model, tea.Cmd) { //nolint:gocritic
 	var (
 		cmd  tea.Cmd
 		cmds []tea.Cmd
@@ -107,7 +107,7 @@ func updateList(msg tea.Msg, m Model) (tea.Model, tea.Cmd) {
 	return m, cmd
 }
 
-func updatePager(msg tea.Msg, m Model) (tea.Model, tea.Cmd) {
+func updatePager(msg tea.Msg, m Model) (tea.Model, tea.Cmd) { //nolint:gocritic
 	var (
 		cmd  tea.Cmd
 		cmds []tea.Cmd
@@ -168,7 +168,7 @@ func updatePager(msg tea.Msg, m Model) (tea.Model, tea.Cmd) {
 }
 
 // Update handles all TUI interactions and implements bubbletea.Model.Update.
-func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
+func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) { //nolint:gocritic
 	switch msg := msg.(type) {
 	case tea.WindowSizeMsg:
 		h, v := appStyle.GetFrameSize()
@@ -229,7 +229,7 @@ func rendererErrCmd(err error) tea.Cmd {
 type scaffoldFinishedMsg struct{ err error }
 
 // Return a tea.Cmd that will scaffold the given module.
-func scaffoldModuleCmd(l log.Logger, m Model, svc catalog.CatalogService, module *module.Module) tea.Cmd {
+func scaffoldModuleCmd(l log.Logger, m Model, svc catalog.CatalogService, module *module.Module) tea.Cmd { //nolint:gocritic
 	return tea.Exec(command.NewScaffold(l, m.terragruntOptions, svc, module), func(err error) tea.Msg {
 		return scaffoldFinishedMsg{err}
 	})

internal/cli/commands/catalog/tui/view.go

@@ -16,7 +16,7 @@ var (
 
 // View is the main view, which just calls the appropriate sub-view and returns a string representation of the TUI
 // based on the application's state.
-func (m Model) View() string {
+func (m Model) View() string { //nolint:gocritic
 	var s string
 
 	switch m.State {
@@ -32,15 +32,15 @@ func (m Model) View() string {
 	return s
 }
 
-func (m Model) listView() string {
+func (m Model) listView() string { //nolint:gocritic
 	return m.List.View()
 }
 
-func (m Model) pagerView() string {
+func (m Model) pagerView() string { //nolint:gocritic
 	return lipgloss.JoinVertical(lipgloss.Left, m.viewport.View(), m.footerView())
 }
 
-func (m Model) footerView() string {
+func (m Model) footerView() string { //nolint:gocritic
 	var percent float64 = 100
 
 	info := infoPositionStyle.Render(fmt.Sprintf("%2.f%%", m.viewport.ScrollPercent()*percent))

internal/cli/commands/find/cli.go

@@ -99,6 +99,7 @@ func NewFlags(l log.Logger, opts *Options, prefix flags.Prefix) clihelper.Flags
 				}
 
 				opts.FilterQueries = append(opts.FilterQueries, "{./**}...")
+
 				return nil
 			},
 		}),