Use golangci-lint

.github/workflows/build.yml

@@ -4,61 +4,97 @@
 name: fabric-contract-api-go
 
 on:
-  pull_request:
-    branches:
-    - main
-    - release-*
   workflow_dispatch:
   workflow_call:
 
 jobs:
-  build:
+  license_check:
+    name: License check
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/setup-go@v5
-      with:
-        go-version: '1.20'
-    - uses: actions/setup-node@v4
-      with:
-        node-version: 16
-        registry-url: 'https://npm.pkg.github.com'
-    - uses: actions/checkout@v4
-    - name: install Tools
-      run: |
-        go install honnef.co/go/tools/cmd/staticcheck@latest
-        go install github.com/securego/gosec/v2/cmd/gosec@latest
-        go install github.com/cucumber/godog/cmd/godog@latest
-        go install golang.org/x/tools/cmd/goimports@latest
-        npm install -g license-check-and-add@4.0.5
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 16
+          registry-url: "https://npm.pkg.github.com"
+      - name: install Tools
+        run: |
+          npm install -g license-check-and-add@4.0.5
+      - name: Check Licenses
+        run: license-check-and-add check -f ci/license-config.json
 
-    - name: Vet and lint
-      run: ci/scripts/lint.sh
-
-    - name: Check Licenses
-      run: license-check-and-add check -f ci/license-config.json
-
-    - name: Run tests (excluding fv)
-      run: go test -race $(go list ./... | grep -v functionaltests)
+  tutorial:
+    name: Check tutorial
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - name: Check tutorial contents
+        run: ci/scripts/tutorial-checks.sh
 
-    - name: Run functional tests
-      working-directory: internal/functionaltests
-      run: godog run features/*
+  lint:
+    name: Lint
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - name: Staticcheck
+        run: make staticcheck
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
 
-    - name: Check tutorial contents
-      run: ci/scripts/tutorial-checks.sh
+  unit_test:
+    name: Unit test
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - name: Run tests (excluding fv)
+        run: make unit-test
 
-    - name: Run the integration tests
-      env:
+  functional_test:
+    name: Functional test
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - name: Run functional tests
+        run: make functional-test
+
+  integration_test:
+    name: Integration test
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 16
+          registry-url: "https://npm.pkg.github.com"
+      - name: Run the integration tests
+        env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        docker build . --file integrationtest/Dockerfile --tag hyperledger/fabric-contract-api-go-integrationtest
+        run: |
+          docker build . --file integrationtest/Dockerfile --tag hyperledger/fabric-contract-api-go-integrationtest
 
-        ci/scripts/setup-integration-chaincode.sh
+          ci/scripts/setup-integration-chaincode.sh
 
-        curl -sSL https://raw.githubusercontent.com/hyperledger/fabric/main/scripts/install-fabric.sh | bash -s -- samples binary docker
-        export TEST_NETWORK_DIR=$(pwd)/fabric-samples/test-network
+          curl -sSL https://raw.githubusercontent.com/hyperledger/fabric/main/scripts/install-fabric.sh | bash -s -- samples binary docker
+          export TEST_NETWORK_DIR=$(pwd)/fabric-samples/test-network
 
-        cd ./integrationtest
-        npm ci
+          cd ./integrationtest
+          npm ci
 
-        npx fabric-chaincode-integration run
+          npx fabric-chaincode-integration run

.github/workflows/pull_request.yml

@@ -0,0 +1,22 @@
+name: Pull request
+
+on:
+  pull_request:
+    branches:
+      - main
+      - release-*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yml
+
+  pull-request:
+    needs: build
+    name: Pull request success
+    runs-on: ubuntu-latest
+    steps:
+      - run: "true"

.github/workflows/vulnerability-scan.yml

@@ -13,9 +13,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.22"
+          go-version: stable
           check-latest: true
-      - name: Install govulncheck
-        run: go install golang.org/x/vuln/cmd/govulncheck@latest
       - name: Scan
-        run: govulncheck ./...
+        run: make scan

.golangci.yml

@@ -0,0 +1,23 @@
+# See https://golangci-lint.run/usage/configuration/
+
+run:
+  timeout: 5m
+
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - gocyclo
+    - gofmt
+    - goimports
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - typecheck
+    - unused
+
+linters-settings:
+  gocyclo:
+    min-complexity: 18

Makefile

@@ -0,0 +1,39 @@
+# Copyright the Hyperledger Fabric contributors. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+base_dir := $(patsubst %/,%,$(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
+functional_dir := $(base_dir)/internal/functionaltests
+go_bin_dir := $(shell go env GOPATH)/bin
+
+.PHONY: lint
+lint: staticcheck golangci-lint
+
+.PHONY: staticcheck
+staticcheck:
+	go install honnef.co/go/tools/cmd/staticcheck@latest
+	staticcheck -f stylish './...'
+
+.PHONY: install-golangci-lint
+install-golangci-lint:
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b '$(go_bin_dir)'
+
+$(go_bin_dir)/golangci-lint:
+	$(MAKE) install-golangci-lint
+
+.PHONY: golangci-lint
+golangci-lint: $(go_bin_dir)/golangci-lint
+	golangci-lint run
+
+.PHONY: unit-test
+unit-test:
+	go test -race $$(go list '$(base_dir)/...' | grep -v functionaltests)
+
+.PHONY: functional-test
+functional-test:
+	go install github.com/cucumber/godog/cmd/godog@v0.12
+	cd '$(functional_dir)' && godog run features/*
+
+.PHONY: scan
+scan:
+	go install golang.org/x/vuln/cmd/govulncheck@latest
+	govulncheck '$(base_dir)/...'

ci/license-config.json

@@ -9,7 +9,7 @@
                 "prepend": "// "
             }
         },
-        "^Dockerfile|feature": {
+        "^Dockerfile|feature|^Makefile": {
             "eachLine": {
                 "prepend": "# "
             }

contractapi/contract_chaincode.go

@@ -6,7 +6,6 @@ package contractapi
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"reflect"
@@ -87,11 +86,11 @@ func NewChaincode(contracts ...ContractInterface) (*ContractChaincode, error) {
 	sysC := new(SystemContract)
 	sysC.Name = SystemContractName
 
-	cc.addContract(sysC, ciMethods) // should never error as system contract is good
-
-	err := cc.augmentMetadata()
+	if err := cc.addContract(sysC, ciMethods); err != nil {
+		return nil, err
+	}
 
-	if err != nil {
+	if err := cc.augmentMetadata(); err != nil {
 		return nil, err
 	}
 
@@ -219,9 +218,9 @@ func (cc *ContractChaincode) Invoke(stub shim.ChaincodeStubInterface) peer.Respo
 	} else {
 		var transactionSchema *metadata.TransactionMetadata
 
-		for _, v := range cc.metadata.Contracts[ns].Transactions {
+		for i, v := range cc.metadata.Contracts[ns].Transactions {
 			if v.Name == fn {
-				transactionSchema = &v
+				transactionSchema = &cc.metadata.Contracts[ns].Transactions[i]
 				break
 			}
 		}
@@ -254,7 +253,7 @@ func (cc *ContractChaincode) addContract(contract ContractInterface, excludeFunc
 	}
 
 	if _, ok := cc.contracts[ns]; ok {
-		return fmt.Errorf("Multiple contracts being merged into chaincode with name %s", ns)
+		return fmt.Errorf("multiple contracts being merged into chaincode with name %s", ns)
 	}
 
 	ccn := contractChaincodeContract{}
@@ -335,7 +334,7 @@ func (cc *ContractChaincode) addContract(contract ContractInterface, excludeFunc
 	}
 
 	if len(ccn.functions) == 0 {
-		return fmt.Errorf("Contracts are required to have at least 1 (non-ignored) public method. Contract %s has none. Method names that have been ignored: %s", ns, utils.SliceAsCommaSentence(excludeFuncs))
+		return fmt.Errorf("contracts are required to have at least 1 (non-ignored) public method. Contract %s has none. Method names that have been ignored: %s", ns, utils.SliceAsCommaSentence(excludeFuncs))
 	}
 
 	cc.contracts[ns] = ccn
@@ -390,27 +389,24 @@ func (cc *ContractChaincode) reflectMetadata() metadata.ContractChaincodeMetadat
 func (cc *ContractChaincode) augmentMetadata() error {
 	fileMetadata, err := metadata.ReadMetadataFile()
 
-	if err != nil && !strings.Contains(err.Error(), "Failed to read metadata from file") {
+	if err != nil && !strings.Contains(err.Error(), "failed to read metadata from file") {
 		return err
 	}
 
 	reflectedMetadata := cc.reflectMetadata()
 
 	fileMetadata.Append(reflectedMetadata)
 	err = fileMetadata.CompileSchemas()
-
 	if err != nil {
 		return err
 	}
 
 	err = metadata.ValidateAgainstSchema(fileMetadata)
-
 	if err != nil {
 		return err
 	}
 
 	cc.metadata = fileMetadata
-
 	return nil
 }
 
@@ -441,7 +437,7 @@ func loadChaincodeServerConfig() (*shim.ChaincodeServer, error) {
 
 	tlsProps, err := loadTLSProperties()
 	if err != nil {
-		log.Panicf("Error creating getting TLS properties: %v", err)
+		log.Panicf("error creating getting TLS properties: %v", err)
 	}
 
 	server := &shim.ChaincodeServer{
@@ -466,18 +462,18 @@ func loadTLSProperties() (*shim.TLSProperties, error) {
 	var keyBytes, certBytes, rootBytes []byte
 	var err error
 
-	keyBytes, err = ioutil.ReadFile(key)
+	keyBytes, err = os.ReadFile(key)
 	if err != nil {
 		return nil, fmt.Errorf("error while reading the crypto file: %s", err)
 	}
 
-	certBytes, err = ioutil.ReadFile(cert)
+	certBytes, err = os.ReadFile(cert)
 	if err != nil {
 		return nil, fmt.Errorf("error while reading the crypto file: %s", err)
 	}
 
 	if root != "" {
-		rootBytes, err = ioutil.ReadFile(root)
+		rootBytes, err = os.ReadFile(root)
 		if err != nil {
 			return nil, fmt.Errorf("error while reading the crypto file: %s", err)
 		}