build(deps): bump golangci/golangci-lint-action from 6.5.2 to 7.0.0

.github/workflows/prbuild.yaml

@@ -27,10 +27,10 @@ jobs:
       with:
         persist-credentials: false
     - name: golangci-lint
-      uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2
+      uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0
       with:
-        version: v1.64.5
-        args: --build-tags=e2e,conformance,gcp,oidc,none --out-format=colored-line-number
+        version: v2.0.2
+        args: --build-tags=e2e,conformance,gcp,oidc,none
   codespell:
     name: Codespell
     runs-on: ubuntu-latest

.golangci.yml

@@ -1,118 +1,137 @@
-run:
-  timeout: 10m
-
+version: "2"
 linters:
   enable:
-  - bodyclose
-  - gofumpt
-  - goimports
-  - gci
-  - importas
-  - revive
-  - gosec
-  - misspell
-  - unconvert
-  - unparam
-  - goheader
-  - gocritic
-  - forbidigo
-  - testifylint
-  - ginkgolinter
-
-linters-settings:
-  misspell:
-    ignore-words:
-    - clas
-    - cancelled
-    locale: US
-  unparam:
-    check-exported: false
-  goheader:
-    template-path: ./hack/license-template.txt
-  forbidigo:
-    forbid:
-      - http.DefaultTransport
-  revive:
+    - bodyclose
+    - forbidigo
+    - ginkgolinter
+    - gocritic
+    - goheader
+    - gosec
+    - importas
+    - misspell
+    - revive
+    - testifylint
+    - unconvert
+    - unparam
+  settings:
+    forbidigo:
+      forbid:
+        - pattern: http.DefaultTransport
+    ginkgolinter:
+      forbid-focus-container: true
+    goheader:
+      template-path: ./hack/license-template.txt
+    importas:
+      alias:
+        - pkg: github.com/projectcontour/contour/apis/projectcontour/(v\w+)
+          alias: contour_${1}
+        - pkg: sigs.k8s.io/gateway-api/apis/(v\w+)
+          alias: gatewayapi_${1}
+        - pkg: k8s.io.*/apis?/(\w+)/(v\w+)
+          alias: ${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/config/(\w+)/(v\w+)
+          alias: envoy_config_${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/service/(\w+)/(v\w+)
+          alias: envoy_service_${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/filters/(\w+)/(\w+)/(v\w+)
+          alias: envoy_filter_${1}_${2}_${3}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/(\w+)/(v\w+)
+          alias: envoy_transport_socket_${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/compression/(\w+)/(\w+)/(v\w+)
+          alias: envoy_compression_${1}_${2}_${3}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/(\w+)/(v\w+)
+          alias: envoy_access_logger_${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/(\w+)/(v\w+)
+          alias: envoy_formatter_${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/(\w+)/(v\w+)
+          alias: envoy_upstream_${1}_${2}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/type/(v\w+)
+          alias: envoy_type_${1}
+        - pkg: github.com/envoyproxy/go-control-plane/envoy/type/matcher/(v\w+)
+          alias: envoy_matcher_${1}
+      no-unaliased: true
+    misspell:
+      locale: US
+      ignore-rules:
+        - clas
+        - cancelled
+    revive:
+      rules:
+        - name: blank-imports
+        - name: context-as-argument
+        - name: context-keys-type
+        - name: dot-imports
+        - name: empty-block
+        - name: error-naming
+        - name: error-return
+        - name: error-strings
+        - name: errorf
+        - name: exported
+        - name: increment-decrement
+        - name: indent-error-flow
+        - name: package-comments
+        - name: range
+        - name: receiver-naming
+        - name: redefines-builtin-id
+        - name: superfluous-else
+        - name: time-naming
+        - name: unexported-return
+        - name: unreachable-code
+        - name: unused-parameter
+        - name: use-any
+        - name: var-declaration
+        - name: var-naming
+    testifylint:
+      enable-all: true
+    unparam:
+      check-exported: false
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
     rules:
-    - name: blank-imports
-    - name: context-as-argument
-    - name: context-keys-type
-    - name: dot-imports
-    - name: empty-block
-    - name: error-naming
-    - name: error-return
-    - name: error-strings
-    - name: errorf
-    - name: exported
-    - name: increment-decrement
-    - name: indent-error-flow
-    - name: package-comments
-    - name: range
-    - name: receiver-naming
-    - name: redefines-builtin-id
-    - name: superfluous-else
-    - name: time-naming
-    - name: unexported-return
-    - name: unreachable-code
-    - name: unused-parameter
-    - name: use-any
-    - name: var-declaration
-    - name: var-naming
-  testifylint:
-    enable-all: true
-  ginkgolinter:
-    forbid-focus-container: true
-  gofumpt:
-    extra-rules: true
-  gci:
-    custom-order: true
-    sections:
-    - standard
-    - default
-    - prefix(github.com/projectcontour/contour)
-  importas:
-    no-unaliased: true
-    alias:
-    - pkg: github.com/projectcontour/contour/apis/projectcontour/(v\w+)
-      alias: contour_${1}
-    - pkg: sigs.k8s.io/gateway-api/apis/(v\w+)
-      alias: gatewayapi_${1}
-    - pkg: k8s.io.*/apis?/(\w+)/(v\w+)
-      alias: ${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/config/(\w+)/(v\w+)
-      alias: envoy_config_${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/service/(\w+)/(v\w+)
-      alias: envoy_service_${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/filters/(\w+)/(\w+)/(v\w+)
-      alias: envoy_filter_${1}_${2}_${3}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/(\w+)/(v\w+)
-      alias: envoy_transport_socket_${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/compression/(\w+)/(\w+)/(v\w+)
-      alias: envoy_compression_${1}_${2}_${3}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/(\w+)/(v\w+)
-      alias: envoy_access_logger_${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/(\w+)/(v\w+)
-      alias: envoy_formatter_${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/(\w+)/(v\w+)
-      alias: envoy_upstream_${1}_${2}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/type/(v\w+)
-      alias: envoy_type_${1}
-    - pkg: github.com/envoyproxy/go-control-plane/envoy/type/matcher/(v\w+)
-      alias: envoy_matcher_${1}
-
+      - linters:
+          - unparam
+        text: always receives
+      - linters:
+          - bodyclose
+        path: test/e2e
+      - linters:
+          - revive
+        path: test/e2e
+        text: should not use dot imports
+      - linters:
+          - testifylint
+        path: test/e2e
+        text: require must only be used in the goroutine running the test function
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
 issues:
   max-issues-per-linter: 0
   max-same-issues: 0
-  exclude-rules:
-  - linters: ["unparam"]
-    text: "always receives"
-  - path: zz_generated
-    linters: ["goimports"]
-  - path: test/e2e
-    linters: ["bodyclose"]
-  - path: test/e2e
-    linters: ["revive"]
-    text: "should not use dot imports"
-  - path: test/e2e
-    linters: ["testifylint"]
-    text: "require must only be used in the goroutine running the test function"
+formatters:
+  enable:
+    - gci
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/projectcontour/contour)
+      custom-order: true
+    gofumpt:
+      extra-rules: true
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+      - zz_generated

cmd/contour/cli.go

@@ -73,7 +73,7 @@
 	switch {
 	case c.CAFile != "" || c.ClientCert != "" || c.ClientKey != "":
 		// If one of the three TLS commands is not empty, they all must be not empty
-		if !(c.CAFile != "" && c.ClientCert != "" && c.ClientKey != "") {
+		if c.CAFile == "" || c.ClientCert == "" || c.ClientKey == "" {
 			kingpin.Fatalf("you must supply all three TLS parameters - --cafile, --cert-file, --key-file, or none of them")
 		}
 		// Load the client certificates from disk

cmd/contour/contour_test.go

@@ -25,7 +25,7 @@ import (
 func assertOptionFlagsAreSorted(t *testing.T, cmd *kingpin.CmdClause) {
 	var flags []string
 
-	for _, v := range cmd.Model().FlagGroupModel.Flags {
+	for _, v := range cmd.Model().Flags {
 		flags = append(flags, v.Name)
 	}
 	assert.Truef(t, sort.StringsAreSorted(flags), "the flags for subcommand %q aren't sorted: %v", cmd.Model().Name, flags)

cmd/contour/serve.go

@@ -924,7 +924,7 @@
 		ServeMux:    http.ServeMux{},
 	}
 
-	metricsvc.ServeMux.Handle("/metrics", metrics.Handler(registry))
+	metricsvc.Handle("/metrics", metrics.Handler(registry))
 
 	if metricsConfig.TLS != nil {
 		metricsvc.Cert = metricsConfig.TLS.CertFile
@@ -934,8 +934,8 @@
 
 	if healthConfig.Address == metricsConfig.Address && healthConfig.Port == metricsConfig.Port {
 		h := health.Handler(s.coreClient)
-		metricsvc.ServeMux.Handle("/health", h)
-		metricsvc.ServeMux.Handle("/healthz", h)
+		metricsvc.Handle("/health", h)
+		metricsvc.Handle("/healthz", h)
 	}
 
 	return s.mgr.Add(metricsvc)
@@ -952,8 +952,8 @@
 		}
 
 		h := health.Handler(s.coreClient)
-		healthsvc.ServeMux.Handle("/health", h)
-		healthsvc.ServeMux.Handle("/healthz", h)
+		healthsvc.Handle("/health", h)
+		healthsvc.Handle("/healthz", h)
 
 		return s.mgr.Add(healthsvc)
 	}

cmd/contour/serve_test.go

@@ -112,15 +112,15 @@ func TestGetDAGBuilder(t *testing.T) {
 		commonAssertions(t, got)
 
 		httpProxyProcessor := mustGetHTTPProxyProcessor(t, got)
-		assert.EqualValues(t, policy.RequestHeadersPolicy.Set, httpProxyProcessor.RequestHeadersPolicy.Set)
+		assert.Equal(t, policy.RequestHeadersPolicy.Set, httpProxyProcessor.RequestHeadersPolicy.Set)
 		assert.ElementsMatch(t, policy.RequestHeadersPolicy.Remove, httpProxyProcessor.RequestHeadersPolicy.Remove)
-		assert.EqualValues(t, policy.ResponseHeadersPolicy.Set, httpProxyProcessor.ResponseHeadersPolicy.Set)
+		assert.Equal(t, policy.ResponseHeadersPolicy.Set, httpProxyProcessor.ResponseHeadersPolicy.Set)
 		assert.ElementsMatch(t, policy.ResponseHeadersPolicy.Remove, httpProxyProcessor.ResponseHeadersPolicy.Remove)
 
 		ingressProcessor := mustGetIngressProcessor(t, got)
-		assert.EqualValues(t, map[string]string(nil), ingressProcessor.RequestHeadersPolicy.Set)
+		assert.Equal(t, map[string]string(nil), ingressProcessor.RequestHeadersPolicy.Set)
 		assert.ElementsMatch(t, map[string]string(nil), ingressProcessor.RequestHeadersPolicy.Remove)
-		assert.EqualValues(t, map[string]string(nil), ingressProcessor.ResponseHeadersPolicy.Set)
+		assert.Equal(t, map[string]string(nil), ingressProcessor.ResponseHeadersPolicy.Set)
 		assert.ElementsMatch(t, map[string]string(nil), ingressProcessor.ResponseHeadersPolicy.Remove)
 	})
 
@@ -140,13 +140,13 @@ func TestGetDAGBuilder(t *testing.T) {
 		})
 
 		iProcessor := mustGetIngressProcessor(t, got)
-		assert.EqualValues(t, iProcessor.GlobalCircuitBreakerDefaults, &g)
+		assert.Equal(t, iProcessor.GlobalCircuitBreakerDefaults, &g)
 
 		hProcessor := mustGetHTTPProxyProcessor(t, got)
-		assert.EqualValues(t, hProcessor.GlobalCircuitBreakerDefaults, &g)
+		assert.Equal(t, hProcessor.GlobalCircuitBreakerDefaults, &g)
 
 		gProcessor := mustGetGatewayAPIProcessor(t, got)
-		assert.EqualValues(t, gProcessor.GlobalCircuitBreakerDefaults, &g)
+		assert.Equal(t, gProcessor.GlobalCircuitBreakerDefaults, &g)
 	})
 
 	t.Run("request and response headers policy specified for ingress", func(t *testing.T) {
@@ -179,9 +179,9 @@ func TestGetDAGBuilder(t *testing.T) {
 		commonAssertions(t, got)
 
 		ingressProcessor := mustGetIngressProcessor(t, got)
-		assert.EqualValues(t, policy.RequestHeadersPolicy.Set, ingressProcessor.RequestHeadersPolicy.Set)
+		assert.Equal(t, policy.RequestHeadersPolicy.Set, ingressProcessor.RequestHeadersPolicy.Set)
 		assert.ElementsMatch(t, policy.RequestHeadersPolicy.Remove, ingressProcessor.RequestHeadersPolicy.Remove)
-		assert.EqualValues(t, policy.ResponseHeadersPolicy.Set, ingressProcessor.ResponseHeadersPolicy.Set)
+		assert.Equal(t, policy.ResponseHeadersPolicy.Set, ingressProcessor.ResponseHeadersPolicy.Set)
 		assert.ElementsMatch(t, policy.ResponseHeadersPolicy.Remove, ingressProcessor.ResponseHeadersPolicy.Remove)
 	})
 
@@ -197,7 +197,7 @@ func TestGetDAGBuilder(t *testing.T) {
 			ingressClassNames: ingressClassNames,
 		})
 		commonAssertions(t, got)
-		assert.EqualValues(t, ingressClassNames, got.Source.IngressClassNames)
+		assert.Equal(t, ingressClassNames, got.Source.IngressClassNames)
 	})
 
 	t.Run("multiple comma-separated ingress classes specified", func(t *testing.T) {
@@ -212,7 +212,7 @@ func TestGetDAGBuilder(t *testing.T) {
 			ingressClassNames: ingressClassNames,
 		})
 		commonAssertions(t, got)
-		assert.EqualValues(t, ingressClassNames, got.Source.IngressClassNames)
+		assert.Equal(t, ingressClassNames, got.Source.IngressClassNames)
 	})
 
 	// TODO(3453): test additional properties of the DAG builder (processor fields, cache fields, Gateway tests (requires a client fake))

cmd/contour/servecontext.go

@@ -234,8 +234,8 @@ func verifyTLSFlags(contourXDSTLS *contour_v1alpha1.TLS) error {
 	if contourXDSTLS.CAFile == "" && contourXDSTLS.CertFile == "" && contourXDSTLS.KeyFile == "" {
 		return errors.New("no TLS parameters and --insecure not supplied. You must supply one or the other")
 	}
-	// If one of the three TLS commands is not empty, they all must be not empty
-	if !(contourXDSTLS.CAFile != "" && contourXDSTLS.CertFile != "" && contourXDSTLS.KeyFile != "") {
+	// If one of the three TLS flags is not empty, they all must be not empty
+	if contourXDSTLS.CAFile == "" || contourXDSTLS.CertFile == "" || contourXDSTLS.KeyFile == "" {
 		return errors.New("you must supply all three TLS parameters - --contour-cafile, --contour-cert-file, --contour-key-file, or none of them")
 	}
 

hack/golangci-lint

@@ -1,3 +1,3 @@
 #! /usr/bin/env bash
 
-go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.5 "$@"
+go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.0.2 "$@"