diff --git a/docker/oasis-core-dev/Dockerfile b/docker/oasis-core-dev/Dockerfile index ca738679821..6aba3fa71ba 100644 --- a/docker/oasis-core-dev/Dockerfile +++ b/docker/oasis-core-dev/Dockerfile @@ -6,7 +6,7 @@ ARG GO_NANCY_VERSION=1.0.33 ARG GO_NANCY_CHECKSUM=a4bf5290d41b095c04f941ed5380674770c79d59735e33b1bd07a5cd5fbb135d ARG GO_PROTOC_VERSION=3.6.1 ARG GO_PROTOC_GEN_GO_VERSION=1.21.0 -ARG GOLANGCILINT_VERSION=1.56.1 +ARG GOLANGCILINT_VERSION=1.61.0 ARG GOCOVMERGE_VERSION=b5bfa59ec0adc420475f97f89b58045c721d761c ARG GOFUMPT_VERSION=v0.6.0 ARG GOIMPORTS_VERSION=v0.18.0 diff --git a/go/.golangci.yml b/go/.golangci.yml index 92b2e505d5b..bc47891c8d4 100644 --- a/go/.golangci.yml +++ b/go/.golangci.yml @@ -10,8 +10,9 @@ linters-settings: # https://github.com/securego/gosec#available-rules - G402 - G404 + - G115 # Integer conversion with overflow check; many false positives govet: - check-shadowing: true + shadow: true # Enable once suggested fixes are shown: https://github.com/golangci/golangci-lint/issues/2134 #enable: # - fieldalignment @@ -56,10 +57,9 @@ linters: disable-all: true enable: - bodyclose + - copyloopvar - depguard - errcheck - - exportloopref - - gas - goconst - gocyclo - gofumpt @@ -69,7 +69,6 @@ linters: - gosimple - govet - ineffassign - - megacheck - misspell - revive - rowserrcheck @@ -79,11 +78,6 @@ linters: - unused run: - skip-dirs: - # golang-ci-lint requires that files compile for certain linters - # to run, and Go plugins do not compile unless `-buildmode=plugin` - # is set, which linters do not do. - - oasis-test-runner/scenario/pluginsigner/example_signer_plugin exclude-use-default: false @@ -92,3 +86,8 @@ issues: - EXC0014 # un-exclude revive `exported` which warns about incorrect comments on exported items. exclude: - context-as-argument # revive + exclude-dirs: + # golang-ci-lint requires that files compile for certain linters + # to run, and Go plugins do not compile unless `-buildmode=plugin` + # is set, which linters do not do. + - oasis-test-runner/scenario/pluginsigner/example_signer_plugin diff --git a/go/common/args.go b/go/common/args.go index a9dd5858ef4..25732a4d296 100644 --- a/go/common/args.go +++ b/go/common/args.go @@ -17,8 +17,8 @@ func TrimArgs(osArgs []string) []string { for i, w := range osArgs { if w == argSeparator { - return append([]string{osArgs[0]}, osArgs[i+1:]...) + return append([]string{osArgs[0]}, osArgs[i+1:]...) //nolint:gosec // false G602 out of range } } - return osArgs[0:1] + return osArgs[0:1] //nolint:gosec // false G602 out of range } diff --git a/go/common/grpc/auth/auth_tls.go b/go/common/grpc/auth/auth_tls.go index 54f962bee2d..70a1052f674 100644 --- a/go/common/grpc/auth/auth_tls.go +++ b/go/common/grpc/auth/auth_tls.go @@ -34,7 +34,7 @@ func (auth *PeerCertAuthenticator) AuthFunc(ctx context.Context, _ interface{}) return status.Errorf(codes.PermissionDenied, "grpc: unexpected peer authentication credentials") } if nPeerCerts := len(tlsAuth.State.PeerCertificates); nPeerCerts != 1 { - return status.Errorf(codes.PermissionDenied, fmt.Sprintf("grpc: unexpected number of peer certificates: %d", nPeerCerts)) + return status.Errorf(codes.PermissionDenied, "grpc: unexpected number of peer certificates: %d", nPeerCerts) } peerCert := tlsAuth.State.PeerCertificates[0] subject := accessctl.SubjectFromX509Certificate(peerCert) diff --git a/go/common/grpc/auth/auth_tls_pubkeys.go b/go/common/grpc/auth/auth_tls_pubkeys.go index 5744932ed2e..bd04010c9d2 100644 --- a/go/common/grpc/auth/auth_tls_pubkeys.go +++ b/go/common/grpc/auth/auth_tls_pubkeys.go @@ -35,7 +35,7 @@ func (auth *PeerPubkeyAuthenticator) AuthFunc(ctx context.Context, _ interface{} return status.Errorf(codes.PermissionDenied, "grpc: unexpected peer authentication credentials") } if nPeerCerts := len(tlsAuth.State.PeerCertificates); nPeerCerts != 1 { - return status.Errorf(codes.PermissionDenied, fmt.Sprintf("grpc: unexpected number of peer certificates: %d", nPeerCerts)) + return status.Errorf(codes.PermissionDenied, "grpc: unexpected number of peer certificates: %d", nPeerCerts) } peerCertRaw := tlsAuth.State.PeerCertificates[0].Raw @@ -46,7 +46,7 @@ func (auth *PeerPubkeyAuthenticator) AuthFunc(ctx context.Context, _ interface{} Keys: auth.whitelist, }) if err != nil { - return status.Errorf(codes.PermissionDenied, err.Error()) + return status.Errorf(codes.PermissionDenied, "%s", err.Error()) } return nil diff --git a/go/consensus/cometbft/apps/roothash/transactions.go b/go/consensus/cometbft/apps/roothash/transactions.go index a01267c4013..524f06619ba 100644 --- a/go/consensus/cometbft/apps/roothash/transactions.go +++ b/go/consensus/cometbft/apps/roothash/transactions.go @@ -49,7 +49,6 @@ func (app *rootHashApplication) executorCommit( if ctx.IsCheckOnly() { // Notify subscribers about observed commitments. for _, ec := range cc.Commits { - ec := ec app.ecn.DeliverExecutorCommitment(cc.ID, &ec) } return nil diff --git a/go/oasis-test-runner/scenario/e2e/runtime/keymanager_client.go b/go/oasis-test-runner/scenario/e2e/runtime/keymanager_client.go index ba05a6e4558..cf68e7087b4 100644 --- a/go/oasis-test-runner/scenario/e2e/runtime/keymanager_client.go +++ b/go/oasis-test-runner/scenario/e2e/runtime/keymanager_client.go @@ -115,7 +115,7 @@ func (c *keyManagerRPCClient) fetchPublicKey(ctx context.Context, generation uin if msg == fmt.Sprintf("master secret generation %d not found", generation) { return nil, nil } - return nil, fmt.Errorf(msg) + return nil, fmt.Errorf("%s", msg) } var key secrets.SignedPublicKey @@ -160,7 +160,7 @@ func (c *keyManagerRPCClient) fetchEphemeralPublicKey(ctx context.Context, epoch if msg == fmt.Sprintf("ephemeral secret for epoch %d not found", epoch) { return nil, nil } - return nil, fmt.Errorf(msg) + return nil, fmt.Errorf("%s", msg) } var key secrets.SignedPublicKey diff --git a/go/p2p/rpc/client.go b/go/p2p/rpc/client.go index abb93f44e6d..bd2bba341cb 100644 --- a/go/p2p/rpc/client.go +++ b/go/p2p/rpc/client.go @@ -392,8 +392,6 @@ func (c *client) CallMulti( resultCh := make(chan result, len(peers)) for _, peer := range peers { - peer := peer // Make sure goroutine below operates on the right instance. - pool.Submit(func() { // Abort early in case we are done. select { diff --git a/go/runtime/host/loadbalance/loadbalance.go b/go/runtime/host/loadbalance/loadbalance.go index 6bb1db2901f..bbee436f36b 100644 --- a/go/runtime/host/loadbalance/loadbalance.go +++ b/go/runtime/host/loadbalance/loadbalance.go @@ -90,8 +90,6 @@ func (lb *lbRuntime) Call(ctx context.Context, body *protocol.Body) (*protocol.B } resCh := make(chan *result) for _, rt := range lb.instances { - rt := rt // Make sure goroutine below operates on the right instance. - go func() { rsp, err := rt.Call(ctx, body) resCh <- &result{ @@ -167,9 +165,6 @@ func (lb *lbRuntime) WatchEvents() (<-chan *host.Event, pubsub.ClosableSubscript func (lb *lbRuntime) Start() { lb.startOnce.Do(func() { for idx, rt := range lb.instances { - idx := idx - rt := rt // Make sure goroutine below operates on the right instance. - // Subscribe to runtime events before starting runtime to make sure we don't miss the // started event. evCh, sub := rt.WatchEvents() @@ -227,8 +222,6 @@ func (lb *lbRuntime) Abort(ctx context.Context, force bool) error { // We don't know which instance to abort, so we abort all instances. errCh := make(chan error) for _, rt := range lb.instances { - rt := rt // Make sure goroutine below operates on the right instance. - go func() { errCh <- rt.Abort(ctx, force) }() diff --git a/go/storage/mkvs/debug.go b/go/storage/mkvs/debug.go index eb448a1bccd..e6f954c7046 100644 --- a/go/storage/mkvs/debug.go +++ b/go/storage/mkvs/debug.go @@ -46,6 +46,6 @@ func (t *tree) doDumpLocal(ctx context.Context, w io.Writer, ptr *node.Pointer, fmt.Fprintf(w, "%s- %s -> %v [%v/%s]", prefix, n.Key, value, n.Clean, n.Hash) default: - fmt.Fprintf(w, prefix+"") + fmt.Fprintf(w, "%s", prefix+"") } }