Skip to content
This repository was archived by the owner on Dec 12, 2025. It is now read-only.

CLOUDP-302068: Add a linter to forbid env var usage#1690

Merged
m1kola merged 2 commits intomongodb:masterfrom
m1kola:env_var_linter
Mar 12, 2025
Merged

CLOUDP-302068: Add a linter to forbid env var usage#1690
m1kola merged 2 commits intomongodb:masterfrom
m1kola:env_var_linter

Conversation

@m1kola
Copy link
Collaborator

@m1kola m1kola commented Mar 12, 2025
edited
Loading

Summary:

We want to avoid spreading the practice of accessing environment variables deep in the call hierarchy. We only want to access env vars in the main package or very close to it.

This commit adds a linter to help us with that. It also adds nolint:forbidigo exceptions into places where we still unfortunately have access. These places ideally need to change with time.

To find remaining undesired places, from repo root you can grep all files for nolint:forbidigo. For example: grep "nolint:forbidigo" -r .

All Submissions:

  • Have you opened an Issue before filing this PR?
  • Have you signed our CLA?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Put closes #XXXX in your comment to auto-close the issue that your PR fixes (if such).

@m1kola
Add a linter to forbid env var usage
ea174d6 
We want to avoid spreading the practice of accessing environment
variables deep in the call hierarchy. We only want to access env
vars in the `main` package or very close to it.

This commit adds a linter to help us with that.
It also adds `nolint:forbidigo` exceptions into places:

* Where we allow access (`main` package)
* Where we still unfortunately have access. These places ideally
  need to change with time.

To find remaining undesired places, from repo root you can `grep`
all files for `nolint:forbidigo` excluding files with `main` package.
For example: `grep "nolint:forbidigo" --exclude main.go -r .`
@m1kola m1kola added the safe-to-test Add this label to PRs from forks to trigger E2E tests label Mar 12, 2025
@m1kola m1kola marked this pull request as ready for review March 12, 2025 02:42
lsierant
lsierant approved these changes Mar 12, 2025
View reviewed changes
Copy link
Collaborator

@lsierant lsierant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

nammn
nammn reviewed Mar 12, 2025
View reviewed changes
Copy link
Collaborator

@nammn nammn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks! One Q

cmd/manager/main.go Outdated
allPresent := true
for _, envVariable := range envVariables {
if _, envSpecified := os.LookupEnv(envVariable); !envSpecified {
if _, envSpecified := os.LookupEnv(envVariable); !envSpecified { // nolint:forbidigo
Copy link
Collaborator

@nammn nammn Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

q: I thought we are fine with all files named main.go to keep the env var usage? If yes, could we exclude the whole file instead of single lines? Or is that on purpose here?

Copy link
Collaborator Author

@m1kola m1kola Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nammn I considered doing this, but as far as I understand it is only possible to exclude whole linter. It is not an issue right now because we only use forbidigo only for env vars right now. But in the future we decide to use forbidigo for something else main.go will become a blind spot for this linter.

What do you think - still worth adding an exception for main.go?

Copy link
Collaborator

@nammn nammn Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its better to skip the whole file for now and in case we add more linters we can revisit this decision.

Copy link
Collaborator Author

@m1kola m1kola Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nammn ok. Let's do that! In ab963fa I reverted // nolint:forbidigo in main.go files and added exceptions to .golangci.yml.

Please take another look.

@m1kola m1kola added safe-to-test Add this label to PRs from forks to trigger E2E tests and removed safe-to-test Add this label to PRs from forks to trigger E2E tests labels Mar 12, 2025
@m1kola m1kola added safe-to-test Add this label to PRs from forks to trigger E2E tests and removed safe-to-test Add this label to PRs from forks to trigger E2E tests labels Mar 12, 2025
@m1kola m1kola requested a review from nammn March 12, 2025 16:02
@m1kola m1kola merged commit bbc7185 into mongodb:master Mar 12, 2025
50 checks passed
@m1kola m1kola deleted the env_var_linter branch March 12, 2025 18:33
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mircea-cosbuc mircea-cosbuc Awaiting requested review from mircea-cosbuc mircea-cosbuc is a code owner

@MaciejKaras MaciejKaras Awaiting requested review from MaciejKaras MaciejKaras is a code owner

@lucian-tosa lucian-tosa Awaiting requested review from lucian-tosa lucian-tosa is a code owner

@fealebenpae fealebenpae Awaiting requested review from fealebenpae fealebenpae is a code owner

3 more reviewers

@lsierant lsierant lsierant approved these changes

@nammn nammn nammn approved these changes

@Julien-Ben Julien-Ben Julien-Ben approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

safe-to-test Add this label to PRs from forks to trigger E2E tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@m1kola @lsierant @nammn @Julien-Ben