ccloud-nodeCIDR-controller/.golangci.yaml at master · sapcc/ccloud-nodeCIDR-controller · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
################################################################################
# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
# Edit Makefile.maker.yaml instead.                                            #
################################################################################

# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company
# SPDX-License-Identifier: Apache-2.0

version: "2"
run:
  modules-download-mode: readonly
  timeout: 3m0s # none by default in v2

formatters:
  enable:
    - gofmt
    - goimports
  settings:
    goimports:
      # Put local imports after 3rd-party packages
      local-prefixes:
        - github.com/sapcc/ccloud-nodeCIDR-controller
  exclusions:
    generated: lax
    paths:
      - third_party$
      - builtin$
      - examples$

issues:
  # '0' disables the following options
  max-issues-per-linter: 0
  max-same-issues: 0

linters:
  # Disable all pre-enabled linters and enable them explicitly so that a newer version does not introduce new linters unexpectedly
  default: none
  enable:
    - bodyclose
    - containedctx
    - copyloopvar
    - dupword
    - durationcheck
    - errcheck
    - errname
    - errorlint
    - exptostd
    - forbidigo
    - ginkgolinter
    - gocheckcompilerdirectives
    - goconst
    - gocritic
    - gomoddirectives
    - gosec
    - govet
    - ineffassign
    - intrange
    - iotamixing
    - modernize
    - nilerr
    - nolintlint
    - nosprintfhostport
    - perfsprint
    - predeclared
    - rowserrcheck
    - sqlclosecheck
    - staticcheck
    - unconvert
    - unparam
    - unused
    - usestdlibvars
    - usetesting
    - whitespace
  settings:
    dupword:
      # Do not choke on SQL statements like `INSERT INTO things (foo, bar, baz) VALUES (TRUE, TRUE, TRUE)`.
      ignore: [ "TRUE", "FALSE", "NULL" ]
    errcheck:
      check-type-assertions: false
      # Report about assignment of errors to blank identifier.
      check-blank: true
      # Do not report about not checking of errors in type assertions.
      # This is not as dangerous as skipping error values because an unchecked type assertion just immediately panics.
      # We disable this because it makes a ton of useless noise esp. in test code.
    forbidigo:
      analyze-types: true # required for pkg:
      forbid:
        # ioutil package has been deprecated: https://github.com/golang/go/issues/42026
        - pattern: ^ioutil\..*$
        # Using http.DefaultServeMux is discouraged because it's a global variable that some packages silently and magically add handlers to (esp. net/http/pprof).
        # Applications wishing to use http.ServeMux should obtain local instances through http.NewServeMux() instead of using the global default instance.
        - pattern: ^http\.DefaultServeMux$
        - pattern: ^http\.Handle(?:Func)?$
        - pkg: ^gopkg\.in/square/go-jose\.v2$
          msg: gopk.in/square/go-jose is archived and has CVEs. Replace it with gopkg.in/go-jose/go-jose.v2
        - pkg: ^github.com/coreos/go-oidc$
          msg: github.com/coreos/go-oidc depends on gopkg.in/square/go-jose which has CVEs. Replace it with github.com/coreos/go-oidc/v3
        - pkg: ^github.com/howeyc/gopass$
          msg: github.com/howeyc/gopass is archived, use golang.org/x/term instead
    goconst:
      min-occurrences: 5
    gocritic:
      enabled-checks:
        - boolExprSimplify
        - builtinShadow
        - emptyStringTest
        - evalOrder
        - httpNoBody
        - importShadow
        - initClause
        - methodExprCall
        - paramTypeCombine
        - preferFilepathJoin
        - ptrToRefParam
        - redundantSprint
        - returnAfterHttpError
        - stringConcatSimplify
        - timeExprSimplify
        - truncateCmp
        - typeAssertChain
        - typeUnparen
        - unnamedResult
        - unnecessaryBlock
        - unnecessaryDefer
        - weakCond
        - yodaStyleExpr
    gomoddirectives:
      replace-allow-list:
        # for go-pmtud
        - github.com/mdlayher/arp
        # for github.com/sapcc/vpa_butler
        - k8s.io/client-go
      toolchain-forbidden: true
      go-version-pattern: 1\.\d+(\.0)?$
    gosec:
      excludes:
        # gosec wants us to set a short ReadHeaderTimeout to avoid Slowloris attacks, but doing so would expose us to Keep-Alive race conditions (see https://iximiuz.com/en/posts/reverse-proxy-http-keep-alive-and-502s/
        - G112
        # if we put a password or token into a serialized payload, guess what, we probably did that on purpose
        - G117
        # this triggers on net/http.Request.ParseForm() and its callers, e.g. net/http.Request.FormValue(), complaining about potential memory exhaustion from unbounded form parsing;
        # but that is incorrect, ParseForm() by default never parses more than 10 MiB for this specific reason
        - G120
        # created file permissions are restricted by umask if necessary
        - G306
        # the following lints cause false-positives in many repositories, should be fixed with the next release. (see https://github.com/securego/gosec/issues/1500)
        - G701
        - G702
        - G703
        - G704
        - G705
        - G706
    govet:
      disable:
        - fieldalignment
      enable-all: true
    nolintlint:
      require-specific: true
    modernize:
      disable:
        # omitzero requires removing omitempty tags in kubernetes api struct types which are nested, which is interpreted by controller-gen and breaks the CRDs.
        - omitzero
    perfsprint:
      # modernize generates nicer fix code
      concat-loop: false
    staticcheck:
      dot-import-whitelist:
        - github.com/majewsky/gg/option
        - github.com/onsi/ginkgo/v2
        - github.com/onsi/gomega
    usestdlibvars:
      http-method: true
      http-status-code: true
      time-weekday: true
      time-month: true
      time-layout: true
      crypto-hash: true
      default-rpc-path: true
      sql-isolation-level: true
      tls-signature-scheme: true
      constant-kind: true
    usetesting:
      os-temp-dir: true
    whitespace:
      # Enforce newlines (or comments) after multi-line function signatures.
      multi-func: true
  exclusions:
    generated: lax
    presets:
      - common-false-positives
      - legacy
      - std-error-handling
    rules:
      - linters:
          - bodyclose
          - revive
        path: _test\.go
      # It is idiomatic Go to reuse the name 'err' with ':=' for subsequent errors.
      # Ref: https://go.dev/doc/effective_go#redeclaration
      - path: (.+)\.go$
        text: declaration of "err" shadows declaration at
      - linters:
          - goconst
        path: (.+)_test\.go
    paths:
      - third_party$
      - builtin$
      - examples$

output:
  formats:
    text:
      # Do not print lines of code with issue.
      print-issued-lines: false