update to use runtime v1.7.1

.github/workflows/ci.yaml

@@ -18,10 +18,11 @@ on:
       - release-*
 env:
   PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'development' || '' }}
-  GO_VERSION: "1.23"
-  GO_RELEASER_VERSION: "v2.3.2"
-  GO_LANGCI_LINT_VERSION: "v1.61.0"
-  GO_TESTSUM_VERSION: "1.11.0"
+  GO_VERSION: "1.24"
+  GO_RELEASER_VERSION: "v2.8.2"
+  GO_LANGCI_LINT_VERSION: "v2.0.2"
+  GO_TESTSUM_VERSION: "1.12.1"
+  SYFT_VERSION: "v1.13.0"
 
 jobs:
   test:
@@ -36,7 +37,7 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
       -
         name: Build
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -45,7 +46,7 @@ jobs:
           args: build --clean --snapshot --single-target
       -
         name: Lint
-        uses: golangci/golangci-lint-action@v4
+        uses: golangci/golangci-lint-action@v7
         with:
           version: ${{ env.GO_LANGCI_LINT_VERSION }}
           args: --timeout=30m
@@ -100,7 +101,7 @@ jobs:
           eval `ssh-agent`
       -
         name: Push image to GitHub Container Registry
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -143,7 +144,7 @@ jobs:
       - 
         name: Pre-release
         if: github.event_name == 'push'  && startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-rc')
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GH_ROOT_TOKEN }}
           ASERTO_TAP: ${{ secrets.GH_ASERTO_TAP_TOKEN }}
@@ -154,7 +155,7 @@ jobs:
       - 
         name: Release
         if: github.event_name == 'push'  && startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-rc')
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GH_ROOT_TOKEN }}
           ASERTO_TAP: ${{ secrets.GH_ASERTO_TAP_TOKEN }}

.golangci.yaml

@@ -1,147 +1,95 @@
 ---
-# golangci.com configuration
-# https://github.com/golangci/golangci/wiki/Configuration
-
-linters-settings:
-  depguard:
-    list-type: blacklist
-    packages:
-      # logging is allowed only by zerolog
-      - github.com/sirupsen/logrus
-    packages-with-error-message:
-      - github.com/sirupsen/logrus: "logging is allowed only by zerolog"
-  dupl:
-    threshold: 100
-  funlen:
-    lines: 100
-    statements: 80
-  gci:
-    prefix: github.com/golangci/golangci-lint
-  goconst:
-    min-len: 2
-    min-occurrences: 2
-  gocritic:
-    enabled-tags:
-      - diagnostic
-      - experimental
-      - opinionated
-      - performance
-      - style
-    disabled-checks:
-      - dupImport # https://github.com/go-critic/go-critic/issues/845
-      - ifElseChain
-      - octalLiteral
-      - whyNoLint
-      - wrapperFunc
-  gocyclo:
-    min-complexity: 18
-  goimports:
-    prefix: github.com/golangci/golangci-lint
-  golint:
-    min-confidence: 0  
-  govet:
-    shadow: true
-    settings:
-      printf:
-        funcs:
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
-  maligned:
-    suggest-new: true
-  misspell:
-    locale: US
-  nolintlint:
-    allow-unused: false # report any unused nolint directives
-    require-explanation: false # don't require an explanation for nolint directives
-    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+# Configuration
+# https://golangci-lint.run/usage/configuration/
+
+version: "2"
 
 linters:
-  # please, do not use `enable-all`: it's deprecated and will be removed soon.
-  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
-  disable-all: true
-  enable:
-    - asciicheck
-    - bodyclose
-    - dogsled
-    - errcheck    
+  # https://golangci-lint.run/usage/configuration/#linters-configuration
+  default: all
+
+  # explicitly disabled linters
+  disable:
+    - containedctx
+    - contextcheck
+    - cyclop
+    - depguard
+    - errcheck
+    - exhaustruct
     - exhaustive
-    - funlen
-    - gochecknoinits
-    - goconst
-    - gocritic
-    - gocyclo
-    - godot
-    - err113
+    - forbidigo
+    - gochecknoglobals  # no configuration options
+    - nilnil
+    - nlreturn          # redundant with wsl
+    - paralleltest
+    - revive
+    - tagalign
+    - thelper
+    - varnamelen
+    - wrapcheck
+
+  settings:
+    cyclop:
+      max-complexity: 12
+
+    errcheck:
+      exclude-functions:
+        - fmt.Fprint
+        - fmt.Fprintf
+        - fmt.Fprintln
+        - os.Close
+
+    funlen:
+      lines: 80
+      statements: 60
+      ignore-comments: true
+
+    gomoddirectives:
+      replace-allow-list:
+        - github.com/slok/go-http-metrics
+
+    gosec:
+      excludes:
+        - G104  # Errors unhandled
+        - G304  # Potential file inclusion via variable (see https://github.com/golang/go/issues/67002)
+
+    ireturn:
+      allow:
+        - error
+        - empty
+        - stdlib
+        - generic
+        - kong.Resolver
+
+    lll:
+      line-length: 150
+
+    recvcheck:
+      exclusions:
+        - "*.Map"
+
+    tagliatelle:
+      case:
+        rules:
+          json: snake
+          yaml: snake
+
+  exclusions:
+    generated: lax
+
+    # Paths to exclude
+    paths:
+      - internal/pkg/xdg/
+      - pkg/cc/signals/
+      - pkg/cli/editor/
+
+    rules:
+      - path: pkg/cli/cmd/
+        linters:
+          - dupl
+
+formatters:
+  enable:
     - gofmt
+    - gofumpt
     - goimports
-    - goprintffuncname
-    - gosec
-    - gosimple
-    - govet
-    - ineffassign
-    - misspell
-    - nakedret
-    - noctx
-    # - rowserrcheck disabled https://github.com/golangci/golangci-lint/issues/2649.
-    - staticcheck
-    - stylecheck
-    - testpackage
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
-
-  # don't enable:
-    # - dupl
-    # - gochecknoglobals
-    # - gocognit
-    # - godox
-    # - gomnd
-    # - lll
-    # - nestif
-    # - nolintlint # conflict with 1.19 gofmt changes
-    # - prealloc
-    # - revive
-    # - wsl
-    # - whitespace
-
-issues:
-  # List of regexps of issue texts to exclude, empty list by default.
-  # But independently from this option we use default exclude patterns,
-  # it can be disabled by `exclude-use-default: false`. To list all
-  # excluded by default patterns execute `golangci-lint run --help`
-  exclude:
-  - declaration of "(err|ctx)" shadows declaration at
-  - shadow of imported from 'github.com/stretchr/testify/assert' package 'assert'
-  # Excluding configuration per-path, per-linter, per-text and per-source
-  exclude-rules:
-    - path: _test\.go
-      linters:
-      - gomnd
-    # https://github.com/go-critic/go-critic/issues/926
-    - text: "unnecessaryDefer:"
-      linters:
-      - gocritic
-    - text: "unnamedResult:"
-      linters:
-      - gocritic
-    - path: \.resolvers\.go
-      text: "typeDefFirst:"
-      linters:
-      - gocritic
-    - path: \.resolvers\.go
-      text: "paramTypeCombine:"
-      linters:
-      - gocritic
-    - path: \.resolvers\.go
-      text: "hugeParam:"
-      linters:
-      - gocritic
-    - text: "G404"
-      linters:
-      - gosec
-
-run:
-  timeout: 5m

.goreleaser-pre.yml

@@ -15,7 +15,7 @@ before:
 
 builds:
   # https://goreleaser.com/customization/build/
-  - id: build
+  - id: policy
     main: ./cmd/policy
     binary: policy
     goos:
@@ -40,9 +40,10 @@ builds:
 
 archives:
   # https://goreleaser.com/customization/archive/
-  - format: zip
-    builds:
-    - build
+  - format: 
+      - zip
+    ids:
+      - policy
     files:
       - LICENSE
       - README.md

.goreleaser.yml

@@ -15,7 +15,7 @@ before:
 
 builds:
   # https://goreleaser.com/customization/build/
-  - id: build
+  - id: policy
     main: ./cmd/policy
     binary: policy
     goos:
@@ -40,9 +40,10 @@ builds:
 
 archives:
   # https://goreleaser.com/customization/archive/
-  - format: zip
-    builds:
-    - build
+  - formats: 
+      - zip
+    ids:
+      - policy
     files:
       - LICENSE
       - README.md

cmd/policy/build.go

@@ -4,6 +4,7 @@ import (
 	perr "github.com/opcr-io/policy/pkg/errors"
 )
 
+//nolint:lll
 type BuildCmd struct {
 	Tag         string            `name:"tag" short:"t" help:"Name and optionally a tag in the 'name:tag' format, if not provided it will be 'default:latest'"`
 	Path        []string          `arg:"" name:"path" help:"Path to the policy sources." type:"string"`
@@ -27,10 +28,7 @@ type BuildCmd struct {
 }
 
 func (c *BuildCmd) Run(g *Globals) error {
-	v1build := true
-	if c.RegoVersion == "rego.v0" {
-		v1build = false
-	}
+	v1build := c.RegoVersion == "rego.v0"
 
 	err := g.App.Build(
 		c.Tag,
@@ -53,7 +51,7 @@ func (c *BuildCmd) Run(g *Globals) error {
 		v1build,
 	)
 	if err != nil {
-		return perr.BuildFailed.WithError(err)
+		return perr.ErrBuildFailed.WithError(err)
 	}
 
 	<-g.App.Context.Done()

cmd/policy/images.go

@@ -11,10 +11,9 @@ type ImagesCmd struct {
 }
 
 func (c *ImagesCmd) Run(g *Globals) error {
-
 	err := g.App.Images()
 	if err != nil {
-		return errors.ImagesFailed.WithError(err)
+		return errors.ErrImagesFailed.WithError(err)
 	}
 
 	<-g.App.Context.Done()

cmd/policy/inspect.go

@@ -9,7 +9,7 @@ type InspectCmd struct {
 func (c *InspectCmd) Run(g *Globals) error {
 	err := g.App.Inspect(c.Policy)
 	if err != nil {
-		return errors.InspectFailed.WithError(err)
+		return errors.ErrInspectFailed.WithError(err)
 	}
 
 	<-g.App.Context.Done()