feat: Bump Go version to 1.25

.github/workflows/ci.yaml

@@ -27,12 +27,12 @@ jobs:
           version: v3.12.1
 
       - name: Set Golang
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version: 1.24.2
+          go-version: '^1.25'
 
       - name: Set Golangci-lint
-        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.64.7
+        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.4.0
 
       - name: Set Shellcheck
         run: sudo apt-get -qq update && sudo apt-get install -y shellcheck && shellcheck install-binary.sh

.github/workflows/release.yaml

@@ -35,7 +35,7 @@ jobs:
       - name: Set Golang
         uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version: 1.24.2
+          go-version: '^1.25'
 
       - name: Build
         run: make build

.golangci.yml

@@ -1,66 +1,52 @@
+version: "2"
 linters:
   enable:
     - bodyclose
     - dogsled
     - gocyclo
-    - gofmt
-    - goimports
     - gosec
-    - gosimple
     - govet
     - ineffassign
     - lll
-    - megacheck
     - misspell
     - nakedret
     - revive
     - staticcheck
-    - typecheck
     - unconvert
     - unused
-
   disable:
     - errcheck
-
+  exclusions:
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - path: '(.+)\.go$'
+        text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
+      - path: '(.+)\.go$'
+        text: "Potential file inclusion via variable"
+      - path: '(.+)\.go$'
+        text: "G306: Expect WriteFile permissions to be 0600 or less"
+      - path: '(.+)\.go$'
+        text: "avoid meaningless package names"
+  settings:
+    gocyclo:
+      min-complexity: 18
+    govet:
+      enable:
+      - shadow
+    lll:
+      line-length: 200
+formatters:
+  enable:
+    - gofmt
+    - goimports
 run:
   timeout: 5m
 
-linters-settings:
-  gocyclo:
-    min-complexity: 18
-  govet:
-    check-shadowing: false
-  lll:
-    line-length: 200
-  nakedret:
-    command: nakedret
-    pattern: ^(?P<path>.*?\\.go):(?P<line>\\d+)\\s*(?P<message>.*)$
-
 issues:
-  # The default exclusion rules are a bit too permissive, so copying the relevant ones below
-  exclude-use-default: false
-
-  exclude:
-    - parameter .* always receives
-
-  exclude-rules:
-    # EXC0009
-    - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
-      linters:
-        - gosec
-    # EXC0010
-    - text: "Potential file inclusion via variable"
-      linters:
-        - gosec
-    - path: test # Excludes /test, *_test.go etc.
-      linters:
-        - gosec
-    # Looks like the match in "EXC0009" above doesn't catch this one
-    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
-    - text: "G306: Expect WriteFile permissions to be 0600 or less"
-      linters:
-        - gosec
-
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
   max-issues-per-linter: 0
 

cmd/dt/carvelize/carvelize.go

@@ -101,8 +101,7 @@ func GenerateBundle(chartPath string, opts ...chartutils.Option) error {
 
 	imgPkgPath := filepath.Join(chartPath, ".imgpkg")
 	if !utils.FileExists(imgPkgPath) {
-		err := os.Mkdir(imgPkgPath, os.FileMode(0755))
-		if err != nil {
+		if err = os.Mkdir(imgPkgPath, os.FileMode(0755)); err != nil {
 			return fmt.Errorf("failed to create .imgpkg directory: %w", err)
 		}
 	}
@@ -126,7 +125,7 @@ func GenerateBundle(chartPath string, opts ...chartutils.Option) error {
 	path := filepath.Join(imgPkgPath, "images.yml")
 	err = carvelImagesLock.WriteToPath(path)
 	if err != nil {
-		return fmt.Errorf("Could not write image lock: %v", err)
+		return fmt.Errorf("could not write image lock: %w", err)
 	}
 	l.Infof("Carvel images lock written to %q", path)
 

cmd/dt/dt_test.go

@@ -56,7 +56,7 @@ func execCommand(args ...string) CmdResult {
 	var buffStdout, buffStderr bytes.Buffer
 	code := 0
 
-	cmd := exec.Command(os.Args[0], args...)
+	cmd := exec.Command(os.Args[0], args...) //nolint:gosec
 	cmd.Stdout = &buffStdout
 	cmd.Stderr = &buffStderr
 

cmd/dt/lock/lock.go

@@ -42,18 +42,18 @@ func NewCmd(cfg *config.Config) *cobra.Command {
 
 			chartPath := args[0]
 
-			outputFile, err := getOutputFilename(chartPath)
+			lockFilePath, err := getOutputFilename(chartPath)
 			if err != nil {
 				return fmt.Errorf("failed to obtain Images.lock location: %w", err)
 			}
 			if err := l.ExecuteStep("Generating Images.lock from annotations...", func() error {
-				return Create(chartPath, outputFile, silent.NewLogger(), imagelock.WithPlatforms(platforms),
+				return Create(chartPath, lockFilePath, silent.NewLogger(), imagelock.WithPlatforms(platforms),
 					imagelock.WithAnnotationsKey(cfg.AnnotationsKey),
 					imagelock.WithInsecure(cfg.Insecure))
 			}); err != nil {
-				return l.Failf("Failed to genereate lock: %w", err)
+				return l.Failf("Failed to generate lock: %w", err)
 			}
-			l.Successf("Images.lock file written to %q", outputFile)
+			l.Successf("Images.lock file written to %q", lockFilePath)
 			return nil
 		},
 	}

cmd/dt/lock_test.go

@@ -77,7 +77,7 @@ func (suite *CmdSuite) TestLockCommand() {
 
 			args := []string{"images", "lock", "--insecure", chartDir}
 			res := dt(args...)
-			res.AssertErrorMatch(t, "Failed to genereate lock: failed to write lock")
+			res.AssertErrorMatch(t, "Failed to generate lock: failed to write lock")
 		})
 		t.Run("Handles non-existent chart", func(t *testing.T) {
 			args := []string{"images", "lock", sb.TempFile()}

cmd/dt/push_test.go

@@ -35,15 +35,14 @@ func (suite *CmdSuite) TestPushCommand() {
 
 	t.Run("Handle errors", func(t *testing.T) {
 		t.Run("Handle missing Images.lock", func(t *testing.T) {
-			chartName := "test"
 			scenarioName := "plain-chart"
 			scenarioDir := fmt.Sprintf("../../testdata/scenarios/%s", scenarioName)
 			chartDir := sb.TempFile()
 
 			require.NoError(tu.RenderScenario(scenarioDir, chartDir,
 				map[string]interface{}{
 					"ServerURL": serverURL, "Images": nil,
-					"Name": chartName, "RepositoryURL": serverURL,
+					"Name": "test", "RepositoryURL": serverURL,
 				},
 			))
 			dt("images", "push", chartDir).AssertErrorMatch(t, regexp.MustCompile(`failed to open Images.lock file:.*no such file or directory`))
@@ -52,39 +51,35 @@ func (suite *CmdSuite) TestPushCommand() {
 			dt("images", "push", sb.TempFile()).AssertErrorMatch(t, regexp.MustCompile(`failed to load Helm chart`))
 		})
 		t.Run("Handle malformed Images.lock", func(t *testing.T) {
-			chartName := "test"
 			scenarioName := "plain-chart"
 			scenarioDir := fmt.Sprintf("../../testdata/scenarios/%s", scenarioName)
 			chartDir := sb.TempFile()
 
 			require.NoError(tu.RenderScenario(scenarioDir, chartDir,
 				map[string]interface{}{
 					"ServerURL": serverURL, "Images": nil,
-					"Name": chartName, "RepositoryURL": serverURL,
+					"Name": "test", "RepositoryURL": serverURL,
 				},
 			))
 			require.NoError(os.WriteFile(filepath.Join(chartDir, imagelock.DefaultImagesLockFileName), []byte("malformed lock"), 0644))
 			dt("images", "push", chartDir).AssertErrorMatch(t, regexp.MustCompile(`failed to load Images.lock`))
 		})
 		t.Run("Handle failing to push images", func(t *testing.T) {
-			chartName := "test"
 			scenarioName := "chart1"
-			serverURL := "example.com"
 			scenarioDir := fmt.Sprintf("../../testdata/scenarios/%s", scenarioName)
 			chartDir := sb.TempFile()
 
 			require.NoError(tu.RenderScenario(scenarioDir, chartDir,
 				map[string]interface{}{
 					"ServerURL": serverURL, "Images": nil,
-					"Name": chartName, "RepositoryURL": serverURL,
+					"Name": "test", "RepositoryURL": serverURL,
 				},
 			))
 			dt("images", "push", chartDir).AssertErrorMatch(t, regexp.MustCompile(`(?i)failed to push images`))
 		})
 	})
 	t.Run("Pushing works", func(t *testing.T) {
 		scenarioName := "complete-chart"
-		chartName := "test"
 
 		scenarioDir := fmt.Sprintf("../../testdata/scenarios/%s", scenarioName)
 
@@ -107,20 +102,20 @@ func (suite *CmdSuite) TestPushCommand() {
 		require.NoError(tu.RenderScenario(scenarioDir, chartDir,
 			map[string]interface{}{
 				"ServerURL": serverURL, "Images": images,
-				"Name": chartName, "RepositoryURL": serverURL,
+				"Name": "test", "RepositoryURL": serverURL,
 			},
 		))
 
 		imagesDir := filepath.Join(chartDir, "images")
 		require.NoError(os.MkdirAll(imagesDir, 0755))
 		for _, img := range craneImgs {
-			d, err := img.Digest()
-			if err != nil {
-				t.Fatal(err)
+			d, digestErr := img.Digest()
+			if digestErr != nil {
+				t.Fatal(digestErr)
 			}
 			imgDir := filepath.Join(imagesDir, fmt.Sprintf("%s.layout", d.Hex))
-			if err := crane.SaveOCI(img, imgDir); err != nil {
-				t.Fatal(err)
+			if ociErr := crane.SaveOCI(img, imgDir); ociErr != nil {
+				t.Fatal(ociErr)
 			}
 		}
 

cmd/dt/unwrap/unwrap.go

@@ -411,32 +411,37 @@ func normalizeOCIURL(url string) string {
 }
 
 func pushChart(ctx context.Context, wrap wrapping.Wrap, pushChartURL string, cfg *Config) error {
-	chart := wrap.Chart()
-	chartPath := chart.RootDir()
-	tmpDir, err := cfg.GetTemporaryDirectory()
+	var tmpDir, dir string
+	var err error
+	tmpDir, err = cfg.GetTemporaryDirectory()
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to get temp dir: %w", err)
 	}
-	dir, err := os.MkdirTemp(tmpDir, "chart-*")
 
+	dir, err = os.MkdirTemp(tmpDir, "chart-*")
 	if err != nil {
-		return fmt.Errorf("failed to upload Helm chart: failed to create temp directory: %w", err)
+		return fmt.Errorf("failed to create temp directory: %w", err)
 	}
 
+	chart := wrap.Chart()
+	chartPath := chart.RootDir()
 	tempTarFile := filepath.Join(dir, fmt.Sprintf("%s.tgz", chart.Name()))
-	if err := utils.Tar(chartPath, tempTarFile, utils.TarConfig{
+	if err = utils.Tar(chartPath, tempTarFile, utils.TarConfig{
 		Prefix: chart.Name(),
 	}); err != nil {
 		return fmt.Errorf("failed to untar filename %q: %w", chartPath, err)
 	}
-	d, err := cfg.GetTemporaryDirectory()
+
+	tmpDir, err = cfg.GetTemporaryDirectory()
 	if err != nil {
 		return fmt.Errorf("failed to get temp dir: %w", err)
 	}
-	if err := artifacts.PushChart(tempTarFile, pushChartURL,
-		artifacts.WithInsecure(cfg.Insecure), artifacts.WithPlainHTTP(cfg.UsePlainHTTP),
+
+	if err = artifacts.PushChart(tempTarFile, pushChartURL,
+		artifacts.WithInsecure(cfg.Insecure),
+		artifacts.WithPlainHTTP(cfg.UsePlainHTTP),
 		artifacts.WithRegistryAuth(cfg.Auth.Username, cfg.Auth.Password),
-		artifacts.WithTempDir(d),
+		artifacts.WithTempDir(tmpDir),
 	); err != nil {
 		return err
 	}

cmd/dt/unwrap_test.go

@@ -386,8 +386,8 @@ func (suite *CmdSuite) TestEndToEnd() {
 					"metadata.txt": []byte(metdataFileText),
 				}
 				for fileName, data := range metadataArtifacts {
-					_, err := sb.Write(filepath.Join(metadataDir, fileName), string(data))
-					require.NoError(err)
+					_, writeErr := sb.Write(filepath.Join(metadataDir, fileName), string(data))
+					require.NoError(writeErr)
 				}
 
 				images, err := tu.AddSampleImagesToRegistry(imageName, srcRegistry, tu.WithSignKey(keyFile), tu.WithMetadataDir(metadataDir), tu.WithAuth(contUser, contPass))

cmd/dt/verify/verify.go

@@ -29,7 +29,7 @@ type Config struct {
 // Lock verifies the images in an Images.lock
 func Lock(chartPath string, lockFile string, cfg Config) error {
 	if !utils.FileExists(chartPath) {
-		return fmt.Errorf("Helm chart %q does not exist", chartPath)
+		return fmt.Errorf("chart %q does not exist", chartPath)
 	}
 	fh, err := os.Open(lockFile)
 	if err != nil {
@@ -53,7 +53,7 @@ func Lock(chartPath string, lockFile string, cfg Config) error {
 	}
 
 	if err := calculatedLock.Validate(currentLock.Images); err != nil {
-		return fmt.Errorf("Images.lock does not validate:\n%v", err)
+		return fmt.Errorf("validation failed for Images.lock: %w", err)
 	}
 	return nil
 }
@@ -77,7 +77,7 @@ func NewCmd(cfg *config.Config) *cobra.Command {
 			l := cfg.Logger()
 
 			if !utils.FileExists(chartPath) {
-				return fmt.Errorf("Helm chart %q does not exist", chartPath)
+				return fmt.Errorf("chart %q does not exist", chartPath)
 			}
 
 			if lockFile == "" {

cmd/dt/verify_test.go

@@ -40,7 +40,7 @@ func (suite *CmdSuite) TestVerifyCommand() {
 
 	t.Run("Handle errors", func(t *testing.T) {
 		t.Run("Non-existent Helm chart", func(t *testing.T) {
-			dt("images", "verify", sb.TempFile()).AssertErrorMatch(t, "Helm chart.*does not exist")
+			dt("images", "verify", sb.TempFile()).AssertErrorMatch(t, "chart.*does not exist")
 		})
 		t.Run("Missing Images.lock", func(t *testing.T) {
 			chartName := "test"
@@ -89,8 +89,12 @@ func (suite *CmdSuite) TestVerifyCommand() {
 			)
 			require.NoError(err)
 			require.NoError(os.WriteFile(filepath.Join(chartDir, "Images.lock"), []byte(data), 0644))
-			dt("images", "verify", "--insecure", chartDir).AssertErrorMatch(t, fmt.Sprintf(`.*Images.lock does not validate:
-.*Helm chart "test": image ".*%s": digests do not match:\s*.*- %s\s*\s*\+ %s.*`, images[0].Image, newDigest, oldDigest))
+			dt("images", "verify", "--insecure", chartDir).AssertErrorMatch(t,
+				fmt.Sprintf(
+					`.*validation failed for Images.lock:.*chart "test": image ".*%s": digests do not match:\s*.*- %s\s*\s*\+ %s.*`,
+					images[0].Image, newDigest, oldDigest,
+				),
+			)
 		})
 	})
 	t.Run("Verify Helm chart", func(t *testing.T) {