From e52dbdc3e871874544fe87b1d7496aebbbbf34e2 Mon Sep 17 00:00:00 2001
From: Miguel Martinez Trivino <miguel@chainloop.dev>
Date: Mon, 20 Mar 2023 15:58:42 +0100
Subject: [PATCH 1/3] chore(ci): fix linter errors after bumping golang-ci-lint

Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
---
 app/artifact-cas/internal/service/status.go          |  4 ++--
 app/cli/cmd/output.go                                |  3 ++-
 app/cli/cmd/root.go                                  |  4 ++--
 app/cli/cmd/workflow_integration_list.go             |  6 +++---
 app/cli/cmd/workflow_robotaccount_create.go          |  6 +-----
 app/cli/internal/action/artifact_download.go         |  4 ++--
 app/cli/internal/action/artifact_upload.go           |  2 +-
 .../api/controlplane/v1/integrations_config.go       | 12 ++++--------
 app/controlplane/cmd/main.go                         |  2 +-
 app/controlplane/cmd/wire_gen.go                     |  2 +-
 app/controlplane/internal/biz/cascredentials.go      |  6 ++----
 .../internal/integrations/dependencytrack/sbom.go    |  4 ++--
 app/controlplane/internal/server/grpc.go             |  2 +-
 app/controlplane/internal/service/attestation.go     | 10 +++-------
 app/controlplane/internal/service/auth.go            |  2 +-
 app/controlplane/internal/service/cascredential.go   |  2 +-
 app/controlplane/internal/service/integration.go     |  2 +-
 app/controlplane/internal/service/organization.go    |  2 +-
 app/controlplane/internal/service/status.go          |  4 ++--
 .../usercontext/orgrequirements_middleware.go        |  4 +---
 20 files changed, 34 insertions(+), 49 deletions(-)

diff --git a/app/artifact-cas/internal/service/status.go b/app/artifact-cas/internal/service/status.go
index 9b1369393..e185dbf5d 100644
--- a/app/artifact-cas/internal/service/status.go
+++ b/app/artifact-cas/internal/service/status.go
@@ -30,10 +30,10 @@ func NewStatusService(version string) *StatusService {
 	return &StatusService{version: version}
 }
 
-func (s *StatusService) Statusz(ctx context.Context, req *pb.StatuszRequest) (*pb.StatuszResponse, error) {
+func (s *StatusService) Statusz(_ context.Context, _ *pb.StatuszRequest) (*pb.StatuszResponse, error) {
 	return &pb.StatuszResponse{}, nil
 }
 
-func (s *StatusService) Infoz(ctx context.Context, req *pb.InfozRequest) (*pb.InfozResponse, error) {
+func (s *StatusService) Infoz(_ context.Context, _ *pb.InfozRequest) (*pb.InfozResponse, error) {
 	return &pb.InfozResponse{Version: s.version}, nil
 }
diff --git a/app/cli/cmd/output.go b/app/cli/cmd/output.go
index cf976e68d..a104589ce 100644
--- a/app/cli/cmd/output.go
+++ b/app/cli/cmd/output.go
@@ -18,6 +18,7 @@ package cmd
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"os"
 
@@ -65,7 +66,7 @@ func encodeJSONToWriter(v interface{}, w io.Writer) error {
 	encoder := json.NewEncoder(w)
 	encoder.SetIndent("", "   ")
 	if err := encoder.Encode(v); err != nil {
-		return err
+		return fmt.Errorf("failed to encode output: %w", err)
 	}
 
 	return nil
diff --git a/app/cli/cmd/root.go b/app/cli/cmd/root.go
index 4f756ebf9..80d9ed5e9 100644
--- a/app/cli/cmd/root.go
+++ b/app/cli/cmd/root.go
@@ -85,7 +85,7 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 			return nil
 		},
 		PersistentPostRunE: func(cmd *cobra.Command, args []string) error {
-			return cleanup(logger, actionOpts.CPConnection)
+			return cleanup(actionOpts.CPConnection)
 		},
 	}
 
@@ -167,7 +167,7 @@ func newActionOpts(logger zerolog.Logger, conn *grpc.ClientConn) *action.Actions
 	return &action.ActionsOpts{CPConnection: conn, Logger: logger}
 }
 
-func cleanup(logger zerolog.Logger, conn *grpc.ClientConn) error {
+func cleanup(conn *grpc.ClientConn) error {
 	if conn != nil {
 		if err := conn.Close(); err != nil {
 			return err
diff --git a/app/cli/cmd/workflow_integration_list.go b/app/cli/cmd/workflow_integration_list.go
index 71d8576c6..6c857c6ef 100644
--- a/app/cli/cmd/workflow_integration_list.go
+++ b/app/cli/cmd/workflow_integration_list.go
@@ -54,9 +54,9 @@ func integrationAttachmentListTableOutput(attachments []*action.IntegrationAttac
 	t.AppendHeader(table.Row{"ID", "Kind", "Config", "Attached At", "Workflow"})
 	for _, i := range attachments {
 		wf := i.Workflow
-		int := i.Integration
+		integration := i.Integration
 
-		maps.Copy(i.Config, int.Config)
+		maps.Copy(i.Config, integration.Config)
 		var options []string
 		for k, v := range i.Config {
 			if v == "" {
@@ -64,7 +64,7 @@ func integrationAttachmentListTableOutput(attachments []*action.IntegrationAttac
 			}
 			options = append(options, fmt.Sprintf("%s: %v", k, v))
 		}
-		t.AppendRow(table.Row{i.ID, int.Kind, strings.Join(options, "\n"), i.CreatedAt.Format(time.RFC822), wf.NamespacedName()})
+		t.AppendRow(table.Row{i.ID, integration.Kind, strings.Join(options, "\n"), i.CreatedAt.Format(time.RFC822), wf.NamespacedName()})
 		t.AppendSeparator()
 	}
 
diff --git a/app/cli/cmd/workflow_robotaccount_create.go b/app/cli/cmd/workflow_robotaccount_create.go
index 3ccd5ab73..3754c1bd5 100644
--- a/app/cli/cmd/workflow_robotaccount_create.go
+++ b/app/cli/cmd/workflow_robotaccount_create.go
@@ -32,11 +32,7 @@ func newWorkflowRobotAccountCreateCmd() *cobra.Command {
 				return err
 			}
 
-			if err := encodeOutput([]*action.WorkflowRobotAccountItem{res}, robotAccountListTableOutput); err != nil {
-				return err
-			}
-
-			return nil
+			return encodeOutput([]*action.WorkflowRobotAccountItem{res}, robotAccountListTableOutput)
 		},
 	}
 
diff --git a/app/cli/internal/action/artifact_download.go b/app/cli/internal/action/artifact_download.go
index 1ffa78d68..1230bbd38 100644
--- a/app/cli/internal/action/artifact_download.go
+++ b/app/cli/internal/action/artifact_download.go
@@ -81,7 +81,7 @@ func (a *ArtifactDownload) Run(downloadPath, digest string) error {
 	a.Logger.Info().Str("name", info.Filename).Str("to", downloadPath).Msg("downloading file")
 
 	// render progress bar
-	go renderOperationStatus(ctx, client.ProgressStatus, a.Logger, info.Size)
+	go renderOperationStatus(ctx, client.ProgressStatus, info.Size)
 	defer close(client.ProgressStatus)
 
 	err = client.Download(ctx, w, h.Hex)
@@ -103,7 +103,7 @@ func (a *ArtifactDownload) Run(downloadPath, digest string) error {
 	return nil
 }
 
-func renderOperationStatus(ctx context.Context, progressChan casclient.ProgressStatusChan, output io.Writer, totalSize int64) {
+func renderOperationStatus(ctx context.Context, progressChan casclient.ProgressStatusChan, totalSize int64) {
 	pw := progress.NewWriter()
 	pw.Style().Visibility.ETA = true
 	pw.Style().Visibility.Speed = true
diff --git a/app/cli/internal/action/artifact_upload.go b/app/cli/internal/action/artifact_upload.go
index 3af32cc06..fc0786770 100644
--- a/app/cli/internal/action/artifact_upload.go
+++ b/app/cli/internal/action/artifact_upload.go
@@ -60,7 +60,7 @@ func (a *ArtifactUpload) Run(filePath string) (*CASArtifact, error) {
 	}
 
 	// render progress bar
-	go renderOperationStatus(context.Background(), client.ProgressStatus, a.Logger, info.Size())
+	go renderOperationStatus(context.Background(), client.ProgressStatus, info.Size())
 	defer close(client.ProgressStatus)
 
 	res, err := client.Upload(context.Background(), filePath)
diff --git a/app/controlplane/api/controlplane/v1/integrations_config.go b/app/controlplane/api/controlplane/v1/integrations_config.go
index bd34bc5e4..b96ee9826 100644
--- a/app/controlplane/api/controlplane/v1/integrations_config.go
+++ b/app/controlplane/api/controlplane/v1/integrations_config.go
@@ -34,11 +34,9 @@ func (x *IntegrationConfig) Scan(src any) error {
 		return nil
 	}
 	if b, ok := src.([]byte); ok {
-		if err := proto.Unmarshal(b, x); err != nil {
-			return err
-		}
-		return nil
+		return proto.Unmarshal(b, x)
 	}
+
 	return fmt.Errorf("unexpected type %T", src)
 }
 
@@ -52,10 +50,8 @@ func (x *IntegrationAttachmentConfig) Scan(src any) error {
 		return nil
 	}
 	if b, ok := src.([]byte); ok {
-		if err := proto.Unmarshal(b, x); err != nil {
-			return err
-		}
-		return nil
+		return proto.Unmarshal(b, x)
 	}
+
 	return fmt.Errorf("unexpected type %T", src)
 }
diff --git a/app/controlplane/cmd/main.go b/app/controlplane/cmd/main.go
index edad6af2b..87521cb55 100644
--- a/app/controlplane/cmd/main.go
+++ b/app/controlplane/cmd/main.go
@@ -133,7 +133,7 @@ type app struct {
 	runsExpirer *biz.WorkflowRunExpirerUseCase
 }
 
-func filterSensitiveArgs(level log.Level, keyvals ...interface{}) bool {
+func filterSensitiveArgs(_ log.Level, keyvals ...interface{}) bool {
 	for i := 0; i < len(keyvals); i++ {
 		if keyvals[i] == "operation" {
 			switch keyvals[i+1] {
diff --git a/app/controlplane/cmd/wire_gen.go b/app/controlplane/cmd/wire_gen.go
index fa06f2687..2764fce28 100644
--- a/app/controlplane/cmd/wire_gen.go
+++ b/app/controlplane/cmd/wire_gen.go
@@ -80,7 +80,7 @@ func wireApp(confServer *conf.Server, auth *conf.Auth, confData *conf.Data, read
 		Opts:               v,
 	}
 	workflowRunService := service.NewWorkflowRunService(newWorkflowRunServiceOpts)
-	casCredentialsUseCase, err := biz.NewCASCredentialsUseCase(auth, logger)
+	casCredentialsUseCase, err := biz.NewCASCredentialsUseCase(auth)
 	if err != nil {
 		cleanup()
 		return nil, nil, err
diff --git a/app/controlplane/internal/biz/cascredentials.go b/app/controlplane/internal/biz/cascredentials.go
index 7f4137a07..196e8822c 100644
--- a/app/controlplane/internal/biz/cascredentials.go
+++ b/app/controlplane/internal/biz/cascredentials.go
@@ -22,15 +22,13 @@ import (
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/conf"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/jwt"
 	robotaccount "github.com/chainloop-dev/chainloop/internal/robotaccount/cas"
-
-	"github.com/go-kratos/kratos/v2/log"
 )
 
 type CASCredentialsUseCase struct {
 	jwtBuilder *robotaccount.Builder
 }
 
-func NewCASCredentialsUseCase(c *conf.Auth, logger log.Logger) (*CASCredentialsUseCase, error) {
+func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error) {
 	const defaultExpirationTime = 10 * time.Second
 
 	builder, err := robotaccount.NewBuilder(
@@ -46,6 +44,6 @@ func NewCASCredentialsUseCase(c *conf.Auth, logger log.Logger) (*CASCredentialsU
 	return &CASCredentialsUseCase{builder}, nil
 }
 
-func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(ctx context.Context, orgID, secretID string, role robotaccount.Role) (string, error) {
+func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(_ context.Context, secretID string, role robotaccount.Role) (string, error) {
 	return uc.jwtBuilder.GenerateJWT(secretID, jwt.CASAudience, role)
 }
diff --git a/app/controlplane/internal/integrations/dependencytrack/sbom.go b/app/controlplane/internal/integrations/dependencytrack/sbom.go
index fb3c5dbbc..79a69dc24 100644
--- a/app/controlplane/internal/integrations/dependencytrack/sbom.go
+++ b/app/controlplane/internal/integrations/dependencytrack/sbom.go
@@ -93,7 +93,7 @@ const bomUploadPermission = "BOM_UPLOAD"
 const viewPortfolioPermission = "VIEW_PORTFOLIO"
 const projectCreationPermission = "PROJECT_CREATION_UPLOAD"
 
-func (d *Integration) Validate(ctx context.Context) error {
+func (d *Integration) Validate(_ context.Context) error {
 	resp, err := teamPermissionsRequest(d.host, d.apiKey)
 	if err != nil {
 		return err
@@ -148,7 +148,7 @@ func (d *SBOMUploader) Validate(ctx context.Context) error {
 	return nil
 }
 
-func (d *SBOMUploader) Do(ctx context.Context) error {
+func (d *SBOMUploader) Do(_ context.Context) error {
 	// Now we know that we can upload
 	values := map[string]io.Reader{
 		"bom": d.sbom,
diff --git a/app/controlplane/internal/server/grpc.go b/app/controlplane/internal/server/grpc.go
index f70c47216..61c0a8de5 100644
--- a/app/controlplane/internal/server/grpc.go
+++ b/app/controlplane/internal/server/grpc.go
@@ -133,7 +133,7 @@ func craftMiddleware(opts *Opts) []middleware.Middleware {
 			// 3 - Make sure its account is fully functional
 			selector.Server(
 				usercontext.CheckUserInAllowList(opts.AuthConfig.AllowList),
-				usercontext.CheckOrgRequirements(opts.OCIRepositoryUseCase, logHelper),
+				usercontext.CheckOrgRequirements(opts.OCIRepositoryUseCase),
 			).Match(requireFullyConfiguredOrgMatcher()).Build(),
 		).Match(requireCurrentUserMatcher()).Build(),
 	)
diff --git a/app/controlplane/internal/service/attestation.go b/app/controlplane/internal/service/attestation.go
index 9820bf4f2..f172b31ce 100644
--- a/app/controlplane/internal/service/attestation.go
+++ b/app/controlplane/internal/service/attestation.go
@@ -202,11 +202,7 @@ func (s *AttestationService) Store(ctx context.Context, req *cpAPI.AttestationSe
 
 				s.log.Infow("msg", "attestation associated", "digest", digest, "runID", req.WorkflowRunId)
 
-				if err := s.wrUseCase.MarkAsFinished(ctx, req.WorkflowRunId, biz.WorkflowRunSuccess, ""); err != nil {
-					return err
-				}
-
-				return nil
+				return s.wrUseCase.MarkAsFinished(ctx, req.WorkflowRunId, biz.WorkflowRunSuccess, "")
 			},
 			b,
 			func(_ error, delay time.Duration) {
@@ -276,7 +272,7 @@ func (s *AttestationService) Cancel(ctx context.Context, req *cpAPI.AttestationS
 
 // There is another endpoint to get credentials via casCredentialsService.Get
 // This one is kept since it leverages robot-accounts in the context of a workflow
-func (s *AttestationService) GetUploadCreds(ctx context.Context, req *cpAPI.AttestationServiceGetUploadCredsRequest) (*cpAPI.AttestationServiceGetUploadCredsResponse, error) {
+func (s *AttestationService) GetUploadCreds(ctx context.Context, _ *cpAPI.AttestationServiceGetUploadCredsRequest) (*cpAPI.AttestationServiceGetUploadCredsResponse, error) {
 	robotAccount := usercontext.CurrentRobotAccount(ctx)
 	if robotAccount == nil {
 		return nil, errors.NotFound("not found", "robot account not found")
@@ -296,7 +292,7 @@ func (s *AttestationService) GetUploadCreds(ctx context.Context, req *cpAPI.Atte
 		return nil, errors.NotFound("not found", "main repository not found")
 	}
 
-	t, err := s.casCredsUseCase.GenerateTemporaryCredentials(ctx, wf.OrgID.String(), repo.SecretName, casJWT.Uploader)
+	t, err := s.casCredsUseCase.GenerateTemporaryCredentials(ctx, repo.SecretName, casJWT.Uploader)
 	if err != nil {
 		return nil, sl.LogAndMaskErr(err, s.log)
 	}
diff --git a/app/controlplane/internal/service/auth.go b/app/controlplane/internal/service/auth.go
index fffe6e630..6f8970f0b 100644
--- a/app/controlplane/internal/service/auth.go
+++ b/app/controlplane/internal/service/auth.go
@@ -299,7 +299,7 @@ func setOauthCookie(w http.ResponseWriter, name, value string) {
 }
 
 // DeleteAccount deletes an account
-func (svc *AuthService) DeleteAccount(ctx context.Context, req *pb.AuthServiceDeleteAccountRequest) (*pb.AuthServiceDeleteAccountResponse, error) {
+func (svc *AuthService) DeleteAccount(ctx context.Context, _ *pb.AuthServiceDeleteAccountRequest) (*pb.AuthServiceDeleteAccountResponse, error) {
 	user, _, err := loadCurrentUserAndOrg(ctx)
 	if err != nil {
 		return nil, err
diff --git a/app/controlplane/internal/service/cascredential.go b/app/controlplane/internal/service/cascredential.go
index b0c47df5f..56f129e9a 100644
--- a/app/controlplane/internal/service/cascredential.go
+++ b/app/controlplane/internal/service/cascredential.go
@@ -67,7 +67,7 @@ func (s *CASCredentialsService) Get(ctx context.Context, req *pb.CASCredentialsS
 		return nil, errors.NotFound("not found", "main repository not found")
 	}
 
-	t, err := s.casUC.GenerateTemporaryCredentials(ctx, currentOrg.ID, repo.SecretName, role)
+	t, err := s.casUC.GenerateTemporaryCredentials(ctx, repo.SecretName, role)
 	if err != nil {
 		return nil, sl.LogAndMaskErr(err, s.log)
 	}
diff --git a/app/controlplane/internal/service/integration.go b/app/controlplane/internal/service/integration.go
index 182853f47..8f14016b7 100644
--- a/app/controlplane/internal/service/integration.go
+++ b/app/controlplane/internal/service/integration.go
@@ -67,7 +67,7 @@ func (s *IntegrationsService) AddDependencyTrack(ctx context.Context, req *pb.Ad
 	return &pb.AddDependencyTrackResponse{Result: bizIntegrationToPb(i)}, nil
 }
 
-func (s *IntegrationsService) List(ctx context.Context, req *pb.IntegrationsServiceListRequest) (*pb.IntegrationsServiceListResponse, error) {
+func (s *IntegrationsService) List(ctx context.Context, _ *pb.IntegrationsServiceListRequest) (*pb.IntegrationsServiceListResponse, error) {
 	_, org, err := loadCurrentUserAndOrg(ctx)
 	if err != nil {
 		return nil, err
diff --git a/app/controlplane/internal/service/organization.go b/app/controlplane/internal/service/organization.go
index b95a1277a..9c56a726c 100644
--- a/app/controlplane/internal/service/organization.go
+++ b/app/controlplane/internal/service/organization.go
@@ -40,7 +40,7 @@ func NewOrganizationService(uc *biz.MembershipUseCase, opts ...NewOpt) *Organiza
 	}
 }
 
-func (s *OrganizationService) ListMemberships(ctx context.Context, req *pb.OrganizationServiceListMembershipsRequest) (*pb.OrganizationServiceListMembershipsResponse, error) {
+func (s *OrganizationService) ListMemberships(ctx context.Context, _ *pb.OrganizationServiceListMembershipsRequest) (*pb.OrganizationServiceListMembershipsResponse, error) {
 	currentUser, _, err := loadCurrentUserAndOrg(ctx)
 	if err != nil {
 		return nil, err
diff --git a/app/controlplane/internal/service/status.go b/app/controlplane/internal/service/status.go
index 9f8b7b0d3..867604095 100644
--- a/app/controlplane/internal/service/status.go
+++ b/app/controlplane/internal/service/status.go
@@ -30,10 +30,10 @@ func NewStatusService(logingURL, version string) *StatusService {
 	return &StatusService{loginURL: logingURL, version: version}
 }
 
-func (s *StatusService) Statusz(ctx context.Context, req *pb.StatuszRequest) (*pb.StatuszResponse, error) {
+func (s *StatusService) Statusz(_ context.Context, _ *pb.StatuszRequest) (*pb.StatuszResponse, error) {
 	return &pb.StatuszResponse{}, nil
 }
 
-func (s *StatusService) Infoz(ctx context.Context, req *pb.InfozRequest) (*pb.InfozResponse, error) {
+func (s *StatusService) Infoz(_ context.Context, _ *pb.InfozRequest) (*pb.InfozResponse, error) {
 	return &pb.InfozResponse{LoginUrl: s.loginURL, Version: s.version}, nil
 }
diff --git a/app/controlplane/internal/usercontext/orgrequirements_middleware.go b/app/controlplane/internal/usercontext/orgrequirements_middleware.go
index ab9d6d9f0..d63c1af57 100644
--- a/app/controlplane/internal/usercontext/orgrequirements_middleware.go
+++ b/app/controlplane/internal/usercontext/orgrequirements_middleware.go
@@ -21,14 +21,12 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/go-kratos/kratos/v2/log"
-
 	v1 "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/biz"
 	"github.com/go-kratos/kratos/v2/middleware"
 )
 
-func CheckOrgRequirements(uc biz.OCIRepositoryReader, logger *log.Helper) middleware.Middleware {
+func CheckOrgRequirements(uc biz.OCIRepositoryReader) middleware.Middleware {
 	return func(handler middleware.Handler) middleware.Handler {
 		return func(ctx context.Context, req interface{}) (interface{}, error) {
 			org := CurrentOrg(ctx)

From b1b50f3f7b3c9a22229dad0c8cf7cd903027d40d Mon Sep 17 00:00:00 2001
From: Miguel Martinez Trivino <miguel@chainloop.dev>
Date: Mon, 20 Mar 2023 16:01:01 +0100
Subject: [PATCH 2/3] chore(ci): pin golang-cli-lint version

Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
---
 .github/workflows/lint.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 309fddf56..dfdeeeb3a 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -31,12 +31,15 @@ jobs:
       - name: Lint main module
         uses: golangci/golangci-lint-action@v3
         if: ${{ matrix.app == 'main-module' }}
+        with:
+          version: v1.52
 
       - name: Lint ${{ matrix.app }}
         uses: golangci/golangci-lint-action@v3
         if: ${{ matrix.app != 'main-module' }}
         with:
           working-directory: app/${{ matrix.app }}
+          version: v1.52
 
   lint-protos:
     runs-on: ubuntu-latest

From 6e171c63ce82f66a81a5ada7118516eb5b170090 Mon Sep 17 00:00:00 2001
From: Miguel Martinez Trivino <miguel@chainloop.dev>
Date: Mon, 20 Mar 2023 16:09:00 +0100
Subject: [PATCH 3/3] chore(ci): fix golang-cli-lint version

Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
---
 internal/attestation/crafter/crafter.go             | 2 +-
 internal/attestation/crafter/materials/oci_image.go | 2 +-
 internal/attestation/crafter/materials/string.go    | 2 +-
 internal/blobmanager/oci/backend.go                 | 8 ++++----
 internal/credentials/vault/keyval.go                | 2 +-
 internal/grpcconn/grpcconn.go                       | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/internal/attestation/crafter/crafter.go b/internal/attestation/crafter/crafter.go
index d75a863ef..d2ef98358 100644
--- a/internal/attestation/crafter/crafter.go
+++ b/internal/attestation/crafter/crafter.go
@@ -315,7 +315,7 @@ func (c *Crafter) ResolveEnvVars(strict bool) error {
 	c.CraftingState.Attestation.EnvVars = outputEnvVars
 
 	if err := persistCraftingState(c.CraftingState, c.statePath); err != nil {
-		return err
+		return fmt.Errorf("failed to persist crafting state: %w", err)
 	}
 
 	return nil
diff --git a/internal/attestation/crafter/materials/oci_image.go b/internal/attestation/crafter/materials/oci_image.go
index 072f44774..46012f261 100644
--- a/internal/attestation/crafter/materials/oci_image.go
+++ b/internal/attestation/crafter/materials/oci_image.go
@@ -42,7 +42,7 @@ func NewOCIImageCrafter(schema *schemaapi.CraftingSchema_Material, l *zerolog.Lo
 	return &OCIImageCrafter{craftCommon}, nil
 }
 
-func (i *OCIImageCrafter) Craft(ctx context.Context, imageRef string) (*api.Attestation_Material, error) {
+func (i *OCIImageCrafter) Craft(_ context.Context, imageRef string) (*api.Attestation_Material, error) {
 	i.logger.Debug().Str("name", imageRef).Msg("retrieving container image digest from remote")
 
 	ref, err := name.ParseReference(imageRef)
diff --git a/internal/attestation/crafter/materials/string.go b/internal/attestation/crafter/materials/string.go
index 2fd3fd358..cdbae5734 100644
--- a/internal/attestation/crafter/materials/string.go
+++ b/internal/attestation/crafter/materials/string.go
@@ -39,7 +39,7 @@ func NewStringCrafter(materialSchema *schemaapi.CraftingSchema_Material) (*Strin
 	}, nil
 }
 
-func (i *StringCrafter) Craft(ctx context.Context, value string) (*api.Attestation_Material, error) {
+func (i *StringCrafter) Craft(_ context.Context, value string) (*api.Attestation_Material, error) {
 	return &api.Attestation_Material{
 		AddedAt:      timestamppb.New(time.Now()),
 		MaterialType: i.input.Type,
diff --git a/internal/blobmanager/oci/backend.go b/internal/blobmanager/oci/backend.go
index fdcecac75..59836d33e 100644
--- a/internal/blobmanager/oci/backend.go
+++ b/internal/blobmanager/oci/backend.go
@@ -63,7 +63,7 @@ func NewBackend(repository string, regOpts *RegistryOptions) (*Backend, error) {
 // Exists check that the artifact is already present in the repository and it points to the
 // same image digest, meaning it has not been re-pushed/replaced
 // This method is very naive so signatures will be used in future releases
-func (b *Backend) Exists(ctx context.Context, digest string) (bool, error) {
+func (b *Backend) Exists(_ context.Context, digest string) (bool, error) {
 	if digest == "" {
 		return false, errors.New("digest is empty")
 	}
@@ -89,7 +89,7 @@ func (b *Backend) Exists(ctx context.Context, digest string) (bool, error) {
 	return true, nil
 }
 
-func (b *Backend) Upload(ctx context.Context, r io.Reader, resource *pb.CASResource) error {
+func (b *Backend) Upload(_ context.Context, r io.Reader, resource *pb.CASResource) error {
 	// We need to read the whole content before uploading it to the registry
 	// This is due to the fact that our OCI push implementation does not support streaming/chunks for uncompressed layers
 	// We can not use stream.Layer since it only supports compressed layers, we want to store raw data and set custom mimetypes
@@ -159,7 +159,7 @@ func detectedMediaType(b []byte) types.MediaType {
 	return types.MediaType(strings.Split(http.DetectContentType(b), ";")[0])
 }
 
-func (b *Backend) Describe(ctx context.Context, digest string) (*pb.CASResource, error) {
+func (b *Backend) Describe(_ context.Context, digest string) (*pb.CASResource, error) {
 	if digest == "" {
 		return nil, errors.New("digest is empty")
 	}
@@ -194,7 +194,7 @@ func (b *Backend) Describe(ctx context.Context, digest string) (*pb.CASResource,
 	return &pb.CASResource{Digest: digest, FileName: filename, Size: size}, nil
 }
 
-func (b *Backend) Download(ctx context.Context, w io.Writer, digest string) error {
+func (b *Backend) Download(_ context.Context, w io.Writer, digest string) error {
 	if digest == "" {
 		return errors.New("digest is empty")
 	}
diff --git a/internal/credentials/vault/keyval.go b/internal/credentials/vault/keyval.go
index 95e4f6fcd..5cacc3ffd 100644
--- a/internal/credentials/vault/keyval.go
+++ b/internal/credentials/vault/keyval.go
@@ -97,7 +97,7 @@ func validateClient(kv *vault.KVv2, pathPrefix string) error {
 	}
 
 	if err := kv.DeleteMetadata(ctx, healthCheckSecret); err != nil {
-		return err
+		return fmt.Errorf("deleting health check secret: %w", err)
 	}
 
 	return nil
diff --git a/internal/grpcconn/grpcconn.go b/internal/grpcconn/grpcconn.go
index 979df0c78..d71f262f9 100644
--- a/internal/grpcconn/grpcconn.go
+++ b/internal/grpcconn/grpcconn.go
@@ -69,7 +69,7 @@ func newTokenAuth(token string, insecure bool) *tokenAuth {
 }
 
 // Return value is mapped to request headers.
-func (t tokenAuth) GetRequestMetadata(ctx context.Context, _ ...string) (map[string]string, error) {
+func (t tokenAuth) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error) {
 	return map[string]string{
 		"authorization": "Bearer " + t.token,
 	}, nil