chore(ci): bump golangci-lint version and meet new requirements

.github/workflows/lint.yml

@@ -31,12 +31,15 @@ jobs:
       - name: Lint main module
         uses: golangci/golangci-lint-action@v3
         if: ${{ matrix.app == 'main-module' }}
+        with:
+          version: v1.52
 
       - name: Lint ${{ matrix.app }}
         uses: golangci/golangci-lint-action@v3
         if: ${{ matrix.app != 'main-module' }}
         with:
           working-directory: app/${{ matrix.app }}
+          version: v1.52
 
   lint-protos:
     runs-on: ubuntu-latest

app/artifact-cas/internal/service/status.go

@@ -30,10 +30,10 @@ func NewStatusService(version string) *StatusService {
 	return &StatusService{version: version}
 }
 
-func (s *StatusService) Statusz(ctx context.Context, req *pb.StatuszRequest) (*pb.StatuszResponse, error) {
+func (s *StatusService) Statusz(_ context.Context, _ *pb.StatuszRequest) (*pb.StatuszResponse, error) {
 	return &pb.StatuszResponse{}, nil
 }
 
-func (s *StatusService) Infoz(ctx context.Context, req *pb.InfozRequest) (*pb.InfozResponse, error) {
+func (s *StatusService) Infoz(_ context.Context, _ *pb.InfozRequest) (*pb.InfozResponse, error) {
 	return &pb.InfozResponse{Version: s.version}, nil
 }

app/cli/cmd/output.go

@@ -18,6 +18,7 @@ package cmd
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"os"
 
@@ -65,7 +66,7 @@ func encodeJSONToWriter(v interface{}, w io.Writer) error {
 	encoder := json.NewEncoder(w)
 	encoder.SetIndent("", "   ")
 	if err := encoder.Encode(v); err != nil {
-		return err
+		return fmt.Errorf("failed to encode output: %w", err)
 	}
 
 	return nil

app/cli/cmd/root.go

@@ -85,7 +85,7 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 			return nil
 		},
 		PersistentPostRunE: func(cmd *cobra.Command, args []string) error {
-			return cleanup(logger, actionOpts.CPConnection)
+			return cleanup(actionOpts.CPConnection)
 		},
 	}
 
@@ -167,7 +167,7 @@ func newActionOpts(logger zerolog.Logger, conn *grpc.ClientConn) *action.Actions
 	return &action.ActionsOpts{CPConnection: conn, Logger: logger}
 }
 
-func cleanup(logger zerolog.Logger, conn *grpc.ClientConn) error {
+func cleanup(conn *grpc.ClientConn) error {
 	if conn != nil {
 		if err := conn.Close(); err != nil {
 			return err

app/cli/cmd/workflow_integration_list.go

@@ -54,17 +54,17 @@ func integrationAttachmentListTableOutput(attachments []*action.IntegrationAttac
 	t.AppendHeader(table.Row{"ID", "Kind", "Config", "Attached At", "Workflow"})
 	for _, i := range attachments {
 		wf := i.Workflow
-		int := i.Integration
+		integration := i.Integration
 
-		maps.Copy(i.Config, int.Config)
+		maps.Copy(i.Config, integration.Config)
 		var options []string
 		for k, v := range i.Config {
 			if v == "" {
 				continue
 			}
 			options = append(options, fmt.Sprintf("%s: %v", k, v))
 		}
-		t.AppendRow(table.Row{i.ID, int.Kind, strings.Join(options, "\n"), i.CreatedAt.Format(time.RFC822), wf.NamespacedName()})
+		t.AppendRow(table.Row{i.ID, integration.Kind, strings.Join(options, "\n"), i.CreatedAt.Format(time.RFC822), wf.NamespacedName()})
 		t.AppendSeparator()
 	}
 

app/cli/cmd/workflow_robotaccount_create.go

@@ -32,11 +32,7 @@ func newWorkflowRobotAccountCreateCmd() *cobra.Command {
 				return err
 			}
 
-			if err := encodeOutput([]*action.WorkflowRobotAccountItem{res}, robotAccountListTableOutput); err != nil {
-				return err
-			}
-
-			return nil
+			return encodeOutput([]*action.WorkflowRobotAccountItem{res}, robotAccountListTableOutput)
 		},
 	}
 

app/cli/internal/action/artifact_download.go

@@ -81,7 +81,7 @@ func (a *ArtifactDownload) Run(downloadPath, digest string) error {
 	a.Logger.Info().Str("name", info.Filename).Str("to", downloadPath).Msg("downloading file")
 
 	// render progress bar
-	go renderOperationStatus(ctx, client.ProgressStatus, a.Logger, info.Size)
+	go renderOperationStatus(ctx, client.ProgressStatus, info.Size)
 	defer close(client.ProgressStatus)
 
 	err = client.Download(ctx, w, h.Hex)
@@ -103,7 +103,7 @@ func (a *ArtifactDownload) Run(downloadPath, digest string) error {
 	return nil
 }
 
-func renderOperationStatus(ctx context.Context, progressChan casclient.ProgressStatusChan, output io.Writer, totalSize int64) {
+func renderOperationStatus(ctx context.Context, progressChan casclient.ProgressStatusChan, totalSize int64) {
 	pw := progress.NewWriter()
 	pw.Style().Visibility.ETA = true
 	pw.Style().Visibility.Speed = true

app/cli/internal/action/artifact_upload.go

@@ -60,7 +60,7 @@ func (a *ArtifactUpload) Run(filePath string) (*CASArtifact, error) {
 	}
 
 	// render progress bar
-	go renderOperationStatus(context.Background(), client.ProgressStatus, a.Logger, info.Size())
+	go renderOperationStatus(context.Background(), client.ProgressStatus, info.Size())
 	defer close(client.ProgressStatus)
 
 	res, err := client.Upload(context.Background(), filePath)

app/controlplane/api/controlplane/v1/integrations_config.go

@@ -34,11 +34,9 @@ func (x *IntegrationConfig) Scan(src any) error {
 		return nil
 	}
 	if b, ok := src.([]byte); ok {
-		if err := proto.Unmarshal(b, x); err != nil {
-			return err
-		}
-		return nil
+		return proto.Unmarshal(b, x)
 	}
+
 	return fmt.Errorf("unexpected type %T", src)
 }
 
@@ -52,10 +50,8 @@ func (x *IntegrationAttachmentConfig) Scan(src any) error {
 		return nil
 	}
 	if b, ok := src.([]byte); ok {
-		if err := proto.Unmarshal(b, x); err != nil {
-			return err
-		}
-		return nil
+		return proto.Unmarshal(b, x)
 	}
+
 	return fmt.Errorf("unexpected type %T", src)
 }

app/controlplane/cmd/main.go

@@ -133,7 +133,7 @@ type app struct {
 	runsExpirer *biz.WorkflowRunExpirerUseCase
 }
 
-func filterSensitiveArgs(level log.Level, keyvals ...interface{}) bool {
+func filterSensitiveArgs(_ log.Level, keyvals ...interface{}) bool {
 	for i := 0; i < len(keyvals); i++ {
 		if keyvals[i] == "operation" {
 			switch keyvals[i+1] {

app/controlplane/internal/biz/cascredentials.go

@@ -22,15 +22,13 @@ import (
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/conf"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/jwt"
 	robotaccount "github.com/chainloop-dev/chainloop/internal/robotaccount/cas"
-
-	"github.com/go-kratos/kratos/v2/log"
 )
 
 type CASCredentialsUseCase struct {
 	jwtBuilder *robotaccount.Builder
 }
 
-func NewCASCredentialsUseCase(c *conf.Auth, logger log.Logger) (*CASCredentialsUseCase, error) {
+func NewCASCredentialsUseCase(c *conf.Auth) (*CASCredentialsUseCase, error) {
 	const defaultExpirationTime = 10 * time.Second
 
 	builder, err := robotaccount.NewBuilder(
@@ -46,6 +44,6 @@ func NewCASCredentialsUseCase(c *conf.Auth, logger log.Logger) (*CASCredentialsU
 	return &CASCredentialsUseCase{builder}, nil
 }
 
-func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(ctx context.Context, orgID, secretID string, role robotaccount.Role) (string, error) {
+func (uc *CASCredentialsUseCase) GenerateTemporaryCredentials(_ context.Context, secretID string, role robotaccount.Role) (string, error) {
 	return uc.jwtBuilder.GenerateJWT(secretID, jwt.CASAudience, role)
 }

app/controlplane/internal/integrations/dependencytrack/sbom.go

@@ -93,7 +93,7 @@ const bomUploadPermission = "BOM_UPLOAD"
 const viewPortfolioPermission = "VIEW_PORTFOLIO"
 const projectCreationPermission = "PROJECT_CREATION_UPLOAD"
 
-func (d *Integration) Validate(ctx context.Context) error {
+func (d *Integration) Validate(_ context.Context) error {
 	resp, err := teamPermissionsRequest(d.host, d.apiKey)
 	if err != nil {
 		return err
@@ -148,7 +148,7 @@ func (d *SBOMUploader) Validate(ctx context.Context) error {
 	return nil
 }
 
-func (d *SBOMUploader) Do(ctx context.Context) error {
+func (d *SBOMUploader) Do(_ context.Context) error {
 	// Now we know that we can upload
 	values := map[string]io.Reader{
 		"bom": d.sbom,

app/controlplane/internal/server/grpc.go

@@ -133,7 +133,7 @@ func craftMiddleware(opts *Opts) []middleware.Middleware {
 			// 3 - Make sure its account is fully functional
 			selector.Server(
 				usercontext.CheckUserInAllowList(opts.AuthConfig.AllowList),
-				usercontext.CheckOrgRequirements(opts.OCIRepositoryUseCase, logHelper),
+				usercontext.CheckOrgRequirements(opts.OCIRepositoryUseCase),
 			).Match(requireFullyConfiguredOrgMatcher()).Build(),
 		).Match(requireCurrentUserMatcher()).Build(),
 	)

app/controlplane/internal/service/attestation.go

@@ -202,11 +202,7 @@ func (s *AttestationService) Store(ctx context.Context, req *cpAPI.AttestationSe
 
 				s.log.Infow("msg", "attestation associated", "digest", digest, "runID", req.WorkflowRunId)
 
-				if err := s.wrUseCase.MarkAsFinished(ctx, req.WorkflowRunId, biz.WorkflowRunSuccess, ""); err != nil {
-					return err
-				}
-
-				return nil
+				return s.wrUseCase.MarkAsFinished(ctx, req.WorkflowRunId, biz.WorkflowRunSuccess, "")
 			},
 			b,
 			func(_ error, delay time.Duration) {
@@ -276,7 +272,7 @@ func (s *AttestationService) Cancel(ctx context.Context, req *cpAPI.AttestationS
 
 // There is another endpoint to get credentials via casCredentialsService.Get
 // This one is kept since it leverages robot-accounts in the context of a workflow
-func (s *AttestationService) GetUploadCreds(ctx context.Context, req *cpAPI.AttestationServiceGetUploadCredsRequest) (*cpAPI.AttestationServiceGetUploadCredsResponse, error) {
+func (s *AttestationService) GetUploadCreds(ctx context.Context, _ *cpAPI.AttestationServiceGetUploadCredsRequest) (*cpAPI.AttestationServiceGetUploadCredsResponse, error) {
 	robotAccount := usercontext.CurrentRobotAccount(ctx)
 	if robotAccount == nil {
 		return nil, errors.NotFound("not found", "robot account not found")
@@ -296,7 +292,7 @@ func (s *AttestationService) GetUploadCreds(ctx context.Context, req *cpAPI.Atte
 		return nil, errors.NotFound("not found", "main repository not found")
 	}
 
-	t, err := s.casCredsUseCase.GenerateTemporaryCredentials(ctx, wf.OrgID.String(), repo.SecretName, casJWT.Uploader)
+	t, err := s.casCredsUseCase.GenerateTemporaryCredentials(ctx, repo.SecretName, casJWT.Uploader)
 	if err != nil {
 		return nil, sl.LogAndMaskErr(err, s.log)
 	}

app/controlplane/internal/service/auth.go

@@ -299,7 +299,7 @@ func setOauthCookie(w http.ResponseWriter, name, value string) {
 }
 
 // DeleteAccount deletes an account
-func (svc *AuthService) DeleteAccount(ctx context.Context, req *pb.AuthServiceDeleteAccountRequest) (*pb.AuthServiceDeleteAccountResponse, error) {
+func (svc *AuthService) DeleteAccount(ctx context.Context, _ *pb.AuthServiceDeleteAccountRequest) (*pb.AuthServiceDeleteAccountResponse, error) {
 	user, _, err := loadCurrentUserAndOrg(ctx)
 	if err != nil {
 		return nil, err

app/controlplane/internal/service/cascredential.go

@@ -67,7 +67,7 @@ func (s *CASCredentialsService) Get(ctx context.Context, req *pb.CASCredentialsS
 		return nil, errors.NotFound("not found", "main repository not found")
 	}
 
-	t, err := s.casUC.GenerateTemporaryCredentials(ctx, currentOrg.ID, repo.SecretName, role)
+	t, err := s.casUC.GenerateTemporaryCredentials(ctx, repo.SecretName, role)
 	if err != nil {
 		return nil, sl.LogAndMaskErr(err, s.log)
 	}

app/controlplane/internal/service/integration.go

@@ -67,7 +67,7 @@ func (s *IntegrationsService) AddDependencyTrack(ctx context.Context, req *pb.Ad
 	return &pb.AddDependencyTrackResponse{Result: bizIntegrationToPb(i)}, nil
 }
 
-func (s *IntegrationsService) List(ctx context.Context, req *pb.IntegrationsServiceListRequest) (*pb.IntegrationsServiceListResponse, error) {
+func (s *IntegrationsService) List(ctx context.Context, _ *pb.IntegrationsServiceListRequest) (*pb.IntegrationsServiceListResponse, error) {
 	_, org, err := loadCurrentUserAndOrg(ctx)
 	if err != nil {
 		return nil, err

app/controlplane/internal/service/organization.go

@@ -40,7 +40,7 @@ func NewOrganizationService(uc *biz.MembershipUseCase, opts ...NewOpt) *Organiza
 	}
 }
 
-func (s *OrganizationService) ListMemberships(ctx context.Context, req *pb.OrganizationServiceListMembershipsRequest) (*pb.OrganizationServiceListMembershipsResponse, error) {
+func (s *OrganizationService) ListMemberships(ctx context.Context, _ *pb.OrganizationServiceListMembershipsRequest) (*pb.OrganizationServiceListMembershipsResponse, error) {
 	currentUser, _, err := loadCurrentUserAndOrg(ctx)
 	if err != nil {
 		return nil, err

app/controlplane/internal/service/status.go

@@ -30,10 +30,10 @@ func NewStatusService(logingURL, version string) *StatusService {
 	return &StatusService{loginURL: logingURL, version: version}
 }
 
-func (s *StatusService) Statusz(ctx context.Context, req *pb.StatuszRequest) (*pb.StatuszResponse, error) {
+func (s *StatusService) Statusz(_ context.Context, _ *pb.StatuszRequest) (*pb.StatuszResponse, error) {
 	return &pb.StatuszResponse{}, nil
 }
 
-func (s *StatusService) Infoz(ctx context.Context, req *pb.InfozRequest) (*pb.InfozResponse, error) {
+func (s *StatusService) Infoz(_ context.Context, _ *pb.InfozRequest) (*pb.InfozResponse, error) {
 	return &pb.InfozResponse{LoginUrl: s.loginURL, Version: s.version}, nil
 }

app/controlplane/internal/usercontext/orgrequirements_middleware.go

@@ -21,14 +21,12 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/go-kratos/kratos/v2/log"
-
 	v1 "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/biz"
 	"github.com/go-kratos/kratos/v2/middleware"
 )
 
-func CheckOrgRequirements(uc biz.OCIRepositoryReader, logger *log.Helper) middleware.Middleware {
+func CheckOrgRequirements(uc biz.OCIRepositoryReader) middleware.Middleware {
 	return func(handler middleware.Handler) middleware.Handler {
 		return func(ctx context.Context, req interface{}) (interface{}, error) {
 			org := CurrentOrg(ctx)

internal/attestation/crafter/crafter.go

@@ -315,7 +315,7 @@ func (c *Crafter) ResolveEnvVars(strict bool) error {
 	c.CraftingState.Attestation.EnvVars = outputEnvVars
 
 	if err := persistCraftingState(c.CraftingState, c.statePath); err != nil {
-		return err
+		return fmt.Errorf("failed to persist crafting state: %w", err)
 	}
 
 	return nil

internal/attestation/crafter/materials/oci_image.go

@@ -42,7 +42,7 @@ func NewOCIImageCrafter(schema *schemaapi.CraftingSchema_Material, l *zerolog.Lo
 	return &OCIImageCrafter{craftCommon}, nil
 }
 
-func (i *OCIImageCrafter) Craft(ctx context.Context, imageRef string) (*api.Attestation_Material, error) {
+func (i *OCIImageCrafter) Craft(_ context.Context, imageRef string) (*api.Attestation_Material, error) {
 	i.logger.Debug().Str("name", imageRef).Msg("retrieving container image digest from remote")
 
 	ref, err := name.ParseReference(imageRef)

internal/attestation/crafter/materials/string.go

@@ -39,7 +39,7 @@ func NewStringCrafter(materialSchema *schemaapi.CraftingSchema_Material) (*Strin
 	}, nil
 }
 
-func (i *StringCrafter) Craft(ctx context.Context, value string) (*api.Attestation_Material, error) {
+func (i *StringCrafter) Craft(_ context.Context, value string) (*api.Attestation_Material, error) {
 	return &api.Attestation_Material{
 		AddedAt:      timestamppb.New(time.Now()),
 		MaterialType: i.input.Type,

internal/blobmanager/oci/backend.go

@@ -63,7 +63,7 @@ func NewBackend(repository string, regOpts *RegistryOptions) (*Backend, error) {
 // Exists check that the artifact is already present in the repository and it points to the
 // same image digest, meaning it has not been re-pushed/replaced
 // This method is very naive so signatures will be used in future releases
-func (b *Backend) Exists(ctx context.Context, digest string) (bool, error) {
+func (b *Backend) Exists(_ context.Context, digest string) (bool, error) {
 	if digest == "" {
 		return false, errors.New("digest is empty")
 	}
@@ -89,7 +89,7 @@ func (b *Backend) Exists(ctx context.Context, digest string) (bool, error) {
 	return true, nil
 }
 
-func (b *Backend) Upload(ctx context.Context, r io.Reader, resource *pb.CASResource) error {
+func (b *Backend) Upload(_ context.Context, r io.Reader, resource *pb.CASResource) error {
 	// We need to read the whole content before uploading it to the registry
 	// This is due to the fact that our OCI push implementation does not support streaming/chunks for uncompressed layers
 	// We can not use stream.Layer since it only supports compressed layers, we want to store raw data and set custom mimetypes
@@ -159,7 +159,7 @@ func detectedMediaType(b []byte) types.MediaType {
 	return types.MediaType(strings.Split(http.DetectContentType(b), ";")[0])
 }
 
-func (b *Backend) Describe(ctx context.Context, digest string) (*pb.CASResource, error) {
+func (b *Backend) Describe(_ context.Context, digest string) (*pb.CASResource, error) {
 	if digest == "" {
 		return nil, errors.New("digest is empty")
 	}
@@ -194,7 +194,7 @@ func (b *Backend) Describe(ctx context.Context, digest string) (*pb.CASResource,
 	return &pb.CASResource{Digest: digest, FileName: filename, Size: size}, nil
 }
 
-func (b *Backend) Download(ctx context.Context, w io.Writer, digest string) error {
+func (b *Backend) Download(_ context.Context, w io.Writer, digest string) error {
 	if digest == "" {
 		return errors.New("digest is empty")
 	}

internal/credentials/vault/keyval.go

@@ -97,7 +97,7 @@ func validateClient(kv *vault.KVv2, pathPrefix string) error {
 	}
 
 	if err := kv.DeleteMetadata(ctx, healthCheckSecret); err != nil {
-		return err
+		return fmt.Errorf("deleting health check secret: %w", err)
 	}
 
 	return nil

internal/grpcconn/grpcconn.go

@@ -69,7 +69,7 @@ func newTokenAuth(token string, insecure bool) *tokenAuth {
 }
 
 // Return value is mapped to request headers.
-func (t tokenAuth) GetRequestMetadata(ctx context.Context, _ ...string) (map[string]string, error) {
+func (t tokenAuth) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error) {
 	return map[string]string{
 		"authorization": "Bearer " + t.token,
 	}, nil