diff --git a/.golangci.yaml b/.golangci.yaml index 0bf4d0f02..503be2d12 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -70,6 +70,11 @@ linters: - whitespace - wrapcheck settings: + gosec: + excludes: + - G204 # subprocess with variables is expected for git/opencode CLI wrappers + - G702 # command injection via taint - controlled CLI inputs + - G705 # XSS not applicable to CLI stderr output dupl: # Token threshold for duplication detection # Lower = more sensitive (catches smaller duplicates) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 4a22955c4..c23af1268 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -18,8 +18,8 @@ builds: - arm64 ldflags: - -s -w - - -X github.com/entireio/cli/cmd/entire/cli/buildinfo.Version={{.Version}} - - -X github.com/entireio/cli/cmd/entire/cli/buildinfo.Commit={{.ShortCommit}} + - -X github.com/entireio/cli/cmd/entire/cli/versioninfo.Version={{.Version}} + - -X github.com/entireio/cli/cmd/entire/cli/versioninfo.Commit={{.ShortCommit}} - -X github.com/entireio/cli/cmd/entire/cli/telemetry.PostHogAPIKey={{.Env.POSTHOG_API_KEY}} - -X github.com/entireio/cli/cmd/entire/cli/telemetry.PostHogEndpoint={{.Env.POSTHOG_ENDPOINT}} diff --git a/cmd/entire/cli/checkpoint/checkpoint_test.go b/cmd/entire/cli/checkpoint/checkpoint_test.go index 43284a411..897f6f9cf 100644 --- a/cmd/entire/cli/checkpoint/checkpoint_test.go +++ b/cmd/entire/cli/checkpoint/checkpoint_test.go @@ -14,10 +14,10 @@ import ( "time" "github.com/entireio/cli/cmd/entire/cli/agent" - "github.com/entireio/cli/cmd/entire/cli/buildinfo" "github.com/entireio/cli/cmd/entire/cli/checkpoint/id" "github.com/entireio/cli/cmd/entire/cli/paths" "github.com/entireio/cli/cmd/entire/cli/trailers" + "github.com/entireio/cli/cmd/entire/cli/versioninfo" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/config" @@ -2857,7 +2857,7 @@ func TestCopyMetadataDir_RedactsSecrets(t *testing.T) { } } -// TestWriteCommitted_CLIVersionField verifies that buildinfo.Version is written +// TestWriteCommitted_CLIVersionField verifies that versioninfo.Version is written // to both the root CheckpointSummary and session-level CommittedMetadata. func TestWriteCommitted_CLIVersionField(t *testing.T) { t.Parallel() @@ -2942,8 +2942,8 @@ func TestWriteCommitted_CLIVersionField(t *testing.T) { t.Fatalf("failed to parse root metadata.json: %v", err) } - if summary.CLIVersion != buildinfo.Version { - t.Errorf("CheckpointSummary.CLIVersion = %q, want %q", summary.CLIVersion, buildinfo.Version) + if summary.CLIVersion != versioninfo.Version { + t.Errorf("CheckpointSummary.CLIVersion = %q, want %q", summary.CLIVersion, versioninfo.Version) } // Verify session-level metadata.json (CommittedMetadata) has CLIVersion @@ -2967,8 +2967,8 @@ func TestWriteCommitted_CLIVersionField(t *testing.T) { t.Fatalf("failed to parse session metadata.json: %v", err) } - if sessionMetadata.CLIVersion != buildinfo.Version { - t.Errorf("CommittedMetadata.CLIVersion = %q, want %q", sessionMetadata.CLIVersion, buildinfo.Version) + if sessionMetadata.CLIVersion != versioninfo.Version { + t.Errorf("CommittedMetadata.CLIVersion = %q, want %q", sessionMetadata.CLIVersion, versioninfo.Version) } } diff --git a/cmd/entire/cli/checkpoint/committed.go b/cmd/entire/cli/checkpoint/committed.go index b070e3f90..5edabb335 100644 --- a/cmd/entire/cli/checkpoint/committed.go +++ b/cmd/entire/cli/checkpoint/committed.go @@ -16,13 +16,13 @@ import ( "time" "github.com/entireio/cli/cmd/entire/cli/agent" - "github.com/entireio/cli/cmd/entire/cli/buildinfo" "github.com/entireio/cli/cmd/entire/cli/checkpoint/id" "github.com/entireio/cli/cmd/entire/cli/jsonutil" "github.com/entireio/cli/cmd/entire/cli/logging" "github.com/entireio/cli/cmd/entire/cli/paths" "github.com/entireio/cli/cmd/entire/cli/trailers" "github.com/entireio/cli/cmd/entire/cli/validation" + "github.com/entireio/cli/cmd/entire/cli/versioninfo" "github.com/entireio/cli/redact" "github.com/go-git/go-git/v5" @@ -358,7 +358,7 @@ func (s *GitStore) writeSessionToSubdirectory(opts WriteCommittedOptions, sessio TokenUsage: opts.TokenUsage, InitialAttribution: opts.InitialAttribution, Summary: redactSummary(opts.Summary), - CLIVersion: buildinfo.Version, + CLIVersion: versioninfo.Version, } metadataJSON, err := jsonutil.MarshalIndentWithNewline(sessionMetadata, "", " ") @@ -403,7 +403,7 @@ func (s *GitStore) writeCheckpointSummary(opts WriteCommittedOptions, basePath s summary := CheckpointSummary{ CheckpointID: opts.CheckpointID, - CLIVersion: buildinfo.Version, + CLIVersion: versioninfo.Version, Strategy: opts.Strategy, Branch: opts.Branch, CheckpointsCount: checkpointsCount, @@ -669,22 +669,22 @@ func (s *GitStore) buildCommitMessage(opts WriteCommittedOptions, taskMetadataPa var commitMsg strings.Builder // Subject line is always the checkpoint ID for consistent formatting - commitMsg.WriteString(fmt.Sprintf("Checkpoint: %s\n\n", opts.CheckpointID)) + fmt.Fprintf(&commitMsg, "Checkpoint: %s\n\n", opts.CheckpointID) // Include custom description in body if provided (e.g., task checkpoint details) if opts.CommitSubject != "" { commitMsg.WriteString(opts.CommitSubject + "\n\n") } - commitMsg.WriteString(fmt.Sprintf("%s: %s\n", trailers.SessionTrailerKey, opts.SessionID)) - commitMsg.WriteString(fmt.Sprintf("%s: %s\n", trailers.StrategyTrailerKey, opts.Strategy)) + fmt.Fprintf(&commitMsg, "%s: %s\n", trailers.SessionTrailerKey, opts.SessionID) + fmt.Fprintf(&commitMsg, "%s: %s\n", trailers.StrategyTrailerKey, opts.Strategy) if opts.Agent != "" { - commitMsg.WriteString(fmt.Sprintf("%s: %s\n", trailers.AgentTrailerKey, opts.Agent)) + fmt.Fprintf(&commitMsg, "%s: %s\n", trailers.AgentTrailerKey, opts.Agent) } if opts.EphemeralBranch != "" { - commitMsg.WriteString(fmt.Sprintf("%s: %s\n", trailers.EphemeralBranchTrailerKey, opts.EphemeralBranch)) + fmt.Fprintf(&commitMsg, "%s: %s\n", trailers.EphemeralBranchTrailerKey, opts.EphemeralBranch) } if taskMetadataPath != "" { - commitMsg.WriteString(fmt.Sprintf("%s: %s\n", trailers.MetadataTaskTrailerKey, taskMetadataPath)) + fmt.Fprintf(&commitMsg, "%s: %s\n", trailers.MetadataTaskTrailerKey, taskMetadataPath) } return commitMsg.String() diff --git a/cmd/entire/cli/checkpoint/temporary.go b/cmd/entire/cli/checkpoint/temporary.go index 3ff864901..1674974eb 100644 --- a/cmd/entire/cli/checkpoint/temporary.go +++ b/cmd/entire/cli/checkpoint/temporary.go @@ -647,7 +647,7 @@ func (s *GitStore) ShadowBranchExists(baseCommit, worktreeID string) bool { // persist deletions with packed refs or worktrees. func (s *GitStore) DeleteShadowBranch(baseCommit, worktreeID string) error { shadowBranchName := ShadowBranchNameForCommit(baseCommit, worktreeID) - cmd := exec.CommandContext(context.Background(), "git", "branch", "-D", "--", shadowBranchName) //nolint:gosec // shadowBranchName is constructed from commit hash, not user input + cmd := exec.CommandContext(context.Background(), "git", "branch", "-D", "--", shadowBranchName) if output, err := cmd.CombinedOutput(); err != nil { return fmt.Errorf("failed to delete shadow branch %s: %s: %w", shadowBranchName, strings.TrimSpace(string(output)), err) } diff --git a/cmd/entire/cli/explain.go b/cmd/entire/cli/explain.go index 97aea8d65..be6213bd5 100644 --- a/cmd/entire/cli/explain.go +++ b/cmd/entire/cli/explain.go @@ -1268,9 +1268,10 @@ func formatSessionInfo(session *strategy.Session, sourceRef string, checkpoints // outputWithPager outputs content through a pager if stdout is a terminal and content is long. func outputWithPager(w io.Writer, content string) { // Check if we're writing to stdout and it's a terminal + //nolint:gosec // G115: uintptr->int is safe for fd on 64-bit platforms if f, ok := w.(*os.File); ok && f == os.Stdout && term.IsTerminal(int(f.Fd())) { // Get terminal height - _, height, err := term.GetSize(int(f.Fd())) + _, height, err := term.GetSize(int(f.Fd())) //nolint:gosec // G115: same as above if err != nil { height = 24 // Default fallback } @@ -1285,7 +1286,7 @@ func outputWithPager(w io.Writer, content string) { pager = "less" } - cmd := exec.CommandContext(context.Background(), pager) //nolint:gosec // pager from env is expected + cmd := exec.CommandContext(context.Background(), pager) cmd.Stdin = strings.NewReader(content) cmd.Stdout = f cmd.Stderr = os.Stderr diff --git a/cmd/entire/cli/git_operations.go b/cmd/entire/cli/git_operations.go index f75e018cd..e1801400a 100644 --- a/cmd/entire/cli/git_operations.go +++ b/cmd/entire/cli/git_operations.go @@ -324,7 +324,7 @@ func FetchAndCheckoutRemoteBranch(branchName string) error { defer cancel() refSpec := fmt.Sprintf("+refs/heads/%s:refs/remotes/origin/%s", branchName, branchName) - //nolint:gosec // G204: branchName validated above via git check-ref-format + fetchCmd := exec.CommandContext(ctx, "git", "fetch", "origin", refSpec) if output, err := fetchCmd.CombinedOutput(); err != nil { if ctx.Err() == context.DeadlineExceeded { @@ -367,7 +367,7 @@ func FetchMetadataBranch() error { defer cancel() refSpec := fmt.Sprintf("+refs/heads/%s:refs/remotes/origin/%s", branchName, branchName) - //nolint:gosec // G204: branchName is a constant from paths package + fetchCmd := exec.CommandContext(ctx, "git", "fetch", "origin", refSpec) if output, err := fetchCmd.CombinedOutput(); err != nil { if ctx.Err() == context.DeadlineExceeded { diff --git a/cmd/entire/cli/root.go b/cmd/entire/cli/root.go index 5fedf6ad4..dc7776003 100644 --- a/cmd/entire/cli/root.go +++ b/cmd/entire/cli/root.go @@ -4,9 +4,9 @@ import ( "fmt" "runtime" - "github.com/entireio/cli/cmd/entire/cli/buildinfo" "github.com/entireio/cli/cmd/entire/cli/telemetry" "github.com/entireio/cli/cmd/entire/cli/versioncheck" + "github.com/entireio/cli/cmd/entire/cli/versioninfo" "github.com/spf13/cobra" ) @@ -58,12 +58,12 @@ func NewRootCmd() *cobra.Command { // Use detached tracking (non-blocking) installedAgents := GetAgentsWithHooksInstalled() agentStr := JoinAgentNames(installedAgents) - telemetry.TrackCommandDetached(cmd, settings.Strategy, agentStr, settings.Enabled, buildinfo.Version) + telemetry.TrackCommandDetached(cmd, settings.Strategy, agentStr, settings.Enabled, versioninfo.Version) } // Version check and notification (synchronous with 2s timeout) // Runs AFTER command completes to avoid interfering with interactive modes - versioncheck.CheckAndNotify(cmd.OutOrStdout(), buildinfo.Version) + versioncheck.CheckAndNotify(cmd.OutOrStdout(), versioninfo.Version) }, RunE: func(cmd *cobra.Command, _ []string) error { return cmd.Help() @@ -97,7 +97,7 @@ func newVersionCmd() *cobra.Command { Use: "version", Short: "Show build information", Run: func(_ *cobra.Command, _ []string) { - fmt.Printf("Entire CLI %s (%s)\n", buildinfo.Version, buildinfo.Commit) + fmt.Printf("Entire CLI %s (%s)\n", versioninfo.Version, versioninfo.Commit) fmt.Printf("Go version: %s\n", runtime.Version()) fmt.Printf("OS/Arch: %s/%s\n", runtime.GOOS, runtime.GOARCH) }, diff --git a/cmd/entire/cli/strategy/auto_commit.go b/cmd/entire/cli/strategy/auto_commit.go index 5ee5ced3e..1e575eabc 100644 --- a/cmd/entire/cli/strategy/auto_commit.go +++ b/cmd/entire/cli/strategy/auto_commit.go @@ -13,12 +13,12 @@ import ( "time" "github.com/entireio/cli/cmd/entire/cli/agent" - "github.com/entireio/cli/cmd/entire/cli/buildinfo" "github.com/entireio/cli/cmd/entire/cli/checkpoint" "github.com/entireio/cli/cmd/entire/cli/checkpoint/id" "github.com/entireio/cli/cmd/entire/cli/logging" "github.com/entireio/cli/cmd/entire/cli/paths" "github.com/entireio/cli/cmd/entire/cli/trailers" + "github.com/entireio/cli/cmd/entire/cli/versioninfo" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" @@ -970,7 +970,7 @@ func (s *AutoCommitStrategy) InitializeSession(sessionID string, agentType agent now := time.Now() state := &SessionState{ SessionID: sessionID, - CLIVersion: buildinfo.Version, + CLIVersion: versioninfo.Version, BaseCommit: baseCommit, StartedAt: now, LastInteractionTime: &now, diff --git a/cmd/entire/cli/strategy/common.go b/cmd/entire/cli/strategy/common.go index 70a4497d9..d65ebbf57 100644 --- a/cmd/entire/cli/strategy/common.go +++ b/cmd/entire/cli/strategy/common.go @@ -773,13 +773,13 @@ func checkCanRewind() (bool, string, error) { var msg strings.Builder msg.WriteString("You have uncommitted changes:\n") for _, f := range modified { - msg.WriteString(fmt.Sprintf(" modified: %s\n", f)) + fmt.Fprintf(&msg, " modified: %s\n", f) } for _, f := range added { - msg.WriteString(fmt.Sprintf(" added: %s\n", f)) + fmt.Fprintf(&msg, " added: %s\n", f) } for _, f := range deleted { - msg.WriteString(fmt.Sprintf(" deleted: %s\n", f)) + fmt.Fprintf(&msg, " deleted: %s\n", f) } msg.WriteString("\nPlease commit or stash your changes before rewinding.") @@ -920,15 +920,15 @@ func checkCanRewindWithWarning() (bool, string, error) { stats = fmt.Sprintf("-%d", c.removed) } - msg.WriteString(fmt.Sprintf(" %-10s %s", c.status+":", c.filename)) + fmt.Fprintf(&msg, " %-10s %s", c.status+":", c.filename) if stats != "" { - msg.WriteString(fmt.Sprintf(" (%s)", stats)) + fmt.Fprintf(&msg, " (%s)", stats) } msg.WriteString("\n") } if totalAdded > 0 || totalRemoved > 0 { - msg.WriteString(fmt.Sprintf("\nTotal: +%d/-%d lines\n", totalAdded, totalRemoved)) + fmt.Fprintf(&msg, "\nTotal: +%d/-%d lines\n", totalAdded, totalRemoved) } return true, msg.String(), nil @@ -1178,7 +1178,7 @@ func DeleteBranchCLI(branchName string) error { // git show-ref exits 1 for "not found" and 128+ for fatal errors (corrupt // repo, permissions, not a git directory). Only map exit code 1 to // ErrBranchNotFound; propagate other failures as-is. - check := exec.CommandContext(ctx, "git", "show-ref", "--verify", "--quiet", "refs/heads/"+branchName) //nolint:gosec // branchName comes from internal shadow branch naming + check := exec.CommandContext(ctx, "git", "show-ref", "--verify", "--quiet", "refs/heads/"+branchName) if err := check.Run(); err != nil { var exitErr *exec.ExitError if errors.As(err, &exitErr) && exitErr.ExitCode() == 1 { @@ -1198,7 +1198,7 @@ func DeleteBranchCLI(branchName string) error { // Returns nil if the branch exists, or an error if it does not. func branchExistsCLI(branchName string) error { ctx := context.Background() - cmd := exec.CommandContext(ctx, "git", "show-ref", "--verify", "--quiet", "refs/heads/"+branchName) //nolint:gosec // branchName comes from internal shadow branch naming + cmd := exec.CommandContext(ctx, "git", "show-ref", "--verify", "--quiet", "refs/heads/"+branchName) if err := cmd.Run(); err != nil { return fmt.Errorf("branch %s not found: %w", branchName, err) } @@ -1212,7 +1212,7 @@ func branchExistsCLI(branchName string) error { func HardResetWithProtection(commitHash plumbing.Hash) (shortID string, err error) { ctx := context.Background() hashStr := commitHash.String() - cmd := exec.CommandContext(ctx, "git", "reset", "--hard", hashStr) //nolint:gosec // hashStr is a plumbing.Hash, not user input + cmd := exec.CommandContext(ctx, "git", "reset", "--hard", hashStr) if output, err := cmd.CombinedOutput(); err != nil { return "", fmt.Errorf("reset failed: %s: %w", strings.TrimSpace(string(output)), err) } diff --git a/cmd/entire/cli/strategy/manual_commit_condensation.go b/cmd/entire/cli/strategy/manual_commit_condensation.go index 741f64a8c..8db83a025 100644 --- a/cmd/entire/cli/strategy/manual_commit_condensation.go +++ b/cmd/entire/cli/strategy/manual_commit_condensation.go @@ -684,7 +684,7 @@ func generateContextFromPrompts(prompts []string) []byte { if len(displayPrompt) > 500 { displayPrompt = displayPrompt[:500] + "..." } - buf.WriteString(fmt.Sprintf("### Prompt %d\n\n", i+1)) + fmt.Fprintf(&buf, "### Prompt %d\n\n", i+1) buf.WriteString(displayPrompt) buf.WriteString("\n\n") } diff --git a/cmd/entire/cli/strategy/manual_commit_session.go b/cmd/entire/cli/strategy/manual_commit_session.go index e9e9a6d3a..857ddbb5b 100644 --- a/cmd/entire/cli/strategy/manual_commit_session.go +++ b/cmd/entire/cli/strategy/manual_commit_session.go @@ -6,10 +6,10 @@ import ( "time" "github.com/entireio/cli/cmd/entire/cli/agent" - "github.com/entireio/cli/cmd/entire/cli/buildinfo" "github.com/entireio/cli/cmd/entire/cli/checkpoint" "github.com/entireio/cli/cmd/entire/cli/checkpoint/id" "github.com/entireio/cli/cmd/entire/cli/paths" + "github.com/entireio/cli/cmd/entire/cli/versioninfo" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" @@ -226,7 +226,7 @@ func (s *ManualCommitStrategy) initializeSession(repo *git.Repository, sessionID headHash := head.Hash().String() state := &SessionState{ SessionID: sessionID, - CLIVersion: buildinfo.Version, + CLIVersion: versioninfo.Version, BaseCommit: headHash, AttributionBaseCommit: headHash, WorktreePath: worktreePath, diff --git a/cmd/entire/cli/strategy/phase_wiring_test.go b/cmd/entire/cli/strategy/phase_wiring_test.go index 7e8be5265..881ebfa13 100644 --- a/cmd/entire/cli/strategy/phase_wiring_test.go +++ b/cmd/entire/cli/strategy/phase_wiring_test.go @@ -6,8 +6,8 @@ import ( "testing" "time" - "github.com/entireio/cli/cmd/entire/cli/buildinfo" "github.com/entireio/cli/cmd/entire/cli/session" + "github.com/entireio/cli/cmd/entire/cli/versioninfo" "github.com/go-git/go-git/v5" "github.com/stretchr/testify/assert" @@ -203,7 +203,7 @@ func setupGitRepo(t *testing.T) string { } // TestInitializeSession_SetsCLIVersion verifies that InitializeSession -// persists buildinfo.Version in the session state. +// persists versioninfo.Version in the session state. func TestInitializeSession_SetsCLIVersion(t *testing.T) { dir := setupGitRepo(t) t.Chdir(dir) @@ -217,8 +217,8 @@ func TestInitializeSession_SetsCLIVersion(t *testing.T) { require.NoError(t, err) require.NotNil(t, state) - assert.Equal(t, buildinfo.Version, state.CLIVersion, - "InitializeSession should set CLIVersion to buildinfo.Version") + assert.Equal(t, versioninfo.Version, state.CLIVersion, + "InitializeSession should set CLIVersion to versioninfo.Version") } // writeTestFile is a helper to create a test file with given content. diff --git a/cmd/entire/cli/telemetry/detached_unix.go b/cmd/entire/cli/telemetry/detached_unix.go index d4fc0c93e..b5f724bcd 100644 --- a/cmd/entire/cli/telemetry/detached_unix.go +++ b/cmd/entire/cli/telemetry/detached_unix.go @@ -19,7 +19,6 @@ func spawnDetachedAnalytics(payloadJSON string) { return } - //nolint:gosec // G204: payloadJSON is controlled internally, not user input cmd := exec.CommandContext(context.Background(), executable, "__send_analytics", payloadJSON) // Detach from parent process group so subprocess survives parent exit diff --git a/cmd/entire/cli/trailers/trailers.go b/cmd/entire/cli/trailers/trailers.go index ba56e24b6..c17c724b9 100644 --- a/cmd/entire/cli/trailers/trailers.go +++ b/cmd/entire/cli/trailers/trailers.go @@ -203,9 +203,9 @@ func FormatShadowCommit(message, metadataDir, sessionID string) string { var sb strings.Builder sb.WriteString(message) sb.WriteString("\n\n") - sb.WriteString(fmt.Sprintf("%s: %s\n", MetadataTrailerKey, metadataDir)) - sb.WriteString(fmt.Sprintf("%s: %s\n", SessionTrailerKey, sessionID)) - sb.WriteString(fmt.Sprintf("%s: %s\n", StrategyTrailerKey, "manual-commit")) + fmt.Fprintf(&sb, "%s: %s\n", MetadataTrailerKey, metadataDir) + fmt.Fprintf(&sb, "%s: %s\n", SessionTrailerKey, sessionID) + fmt.Fprintf(&sb, "%s: %s\n", StrategyTrailerKey, "manual-commit") return sb.String() } @@ -215,9 +215,9 @@ func FormatShadowTaskCommit(message, taskMetadataDir, sessionID string) string { var sb strings.Builder sb.WriteString(message) sb.WriteString("\n\n") - sb.WriteString(fmt.Sprintf("%s: %s\n", MetadataTaskTrailerKey, taskMetadataDir)) - sb.WriteString(fmt.Sprintf("%s: %s\n", SessionTrailerKey, sessionID)) - sb.WriteString(fmt.Sprintf("%s: %s\n", StrategyTrailerKey, "manual-commit")) + fmt.Fprintf(&sb, "%s: %s\n", MetadataTaskTrailerKey, taskMetadataDir) + fmt.Fprintf(&sb, "%s: %s\n", SessionTrailerKey, sessionID) + fmt.Fprintf(&sb, "%s: %s\n", StrategyTrailerKey, "manual-commit") return sb.String() } diff --git a/cmd/entire/cli/versioncheck/versioncheck.go b/cmd/entire/cli/versioncheck/versioncheck.go index 11c832c6d..2f71881f1 100644 --- a/cmd/entire/cli/versioncheck/versioncheck.go +++ b/cmd/entire/cli/versioncheck/versioncheck.go @@ -150,6 +150,7 @@ func saveCache(cache *VersionCache) error { } // Rename temp file to final location + //nolint:gosec // G703: filePath is constructed internally, not from user input if err := os.Rename(tmpFile.Name(), filePath); err != nil { return fmt.Errorf("renaming cache file: %w", err) } @@ -174,7 +175,7 @@ func fetchLatestVersion() (string, error) { req.Header.Set("User-Agent", "entire-cli") client := &http.Client{} - resp, err := client.Do(req) + resp, err := client.Do(req) //nolint:gosec // G704: intentional request to GitHub releases API if err != nil { return "", fmt.Errorf("fetching release info: %w", err) } diff --git a/cmd/entire/cli/buildinfo/buildinfo.go b/cmd/entire/cli/versioninfo/versioninfo.go similarity index 83% rename from cmd/entire/cli/buildinfo/buildinfo.go rename to cmd/entire/cli/versioninfo/versioninfo.go index 2921337b8..250f701af 100644 --- a/cmd/entire/cli/buildinfo/buildinfo.go +++ b/cmd/entire/cli/versioninfo/versioninfo.go @@ -1,4 +1,4 @@ -package buildinfo +package versioninfo // Version and Commit are set at build time via ldflags. var ( diff --git a/go.mod b/go.mod index 3aed29571..62aeb82b6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/entireio/cli -go 1.25.6 +go 1.26.0 require ( github.com/charmbracelet/huh v0.8.0 diff --git a/mise-tasks/dev/publish b/mise-tasks/dev/publish index 53949b585..08e1856bb 100755 --- a/mise-tasks/dev/publish +++ b/mise-tasks/dev/publish @@ -9,4 +9,4 @@ echo "NOTE: we're overriding \$GOBIN: $GOBIN" 1>&2 VERSION=$(git describe --tags --always --dirty 2>/dev/null || echo "dev") COMMIT=$(git rev-parse --short HEAD 2>/dev/null || echo "unknown") -go install -ldflags "-X github.com/entireio/cli/cmd/entire/cli/buildinfo.Version=${VERSION} -X github.com/entireio/cli/cmd/entire/cli/buildinfo.Commit=${COMMIT}" ./cmd/entire +go install -ldflags "-X github.com/entireio/cli/cmd/entire/cli/versioninfo.Version=${VERSION} -X github.com/entireio/cli/cmd/entire/cli/versioninfo.Commit=${COMMIT}" ./cmd/entire diff --git a/mise.toml b/mise.toml index 38116a7bb..0f30cdec4 100644 --- a/mise.toml +++ b/mise.toml @@ -1,7 +1,7 @@ [tools] # Please also keep the version aligned in the go.mod file -go = { version = '1.25.6', postinstall = "go install github.com/go-delve/delve/cmd/dlv@latest" } -golangci-lint = '2.8.0' +go = { version = '1.26.0', postinstall = "go install github.com/go-delve/delve/cmd/dlv@latest" } +golangci-lint = '2.10.1' shellcheck = 'latest' [tasks.fmt] @@ -25,7 +25,7 @@ description = "Build the CLI" run = """ VERSION=$(git describe --tags --always --dirty 2>/dev/null || echo "dev") COMMIT=$(git rev-parse --short HEAD 2>/dev/null || echo "unknown") -go build -ldflags "-X github.com/entireio/cli/cmd/entire/cli/buildinfo.Version=${VERSION} -X github.com/entireio/cli/cmd/entire/cli/buildinfo.Commit=${COMMIT}" -o entire ./cmd/entire +go build -ldflags "-X github.com/entireio/cli/cmd/entire/cli/versioninfo.Version=${VERSION} -X github.com/entireio/cli/cmd/entire/cli/versioninfo.Commit=${COMMIT}" -o entire ./cmd/entire """ [tasks."build:all"]