diff --git a/.env.tools b/.env.tools index 38155bd..a256ddc 100644 --- a/.env.tools +++ b/.env.tools @@ -1,2 +1 @@ -export TOOLS_BUILDNUMBER=20241108.3 - +export TOOLS_BUILDNUMBER=20250415.2 diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 3dc6364..bf6dbcc 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -8,36 +8,28 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.23' - cache: false - - name: Check formatting - uses: Jerome1337/gofmt-action@v1.0.5 - with: - gofmt-path: './' - gofmt-flags: '-l -d' - - name: Check imports - uses: DarthBenro008/goimports-check-action@v0.2.0 - with: - root-path: './' - - name: go vet - run: | - go vet ./... - - name: Lint checks - uses: golangci/golangci-lint-action@v6 - with: - # Require: The version of golangci-lint to use. - # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. - # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. - version: v1.60 - - name: Install Task + + - name: Setup go-task uses: arduino/setup-task@v2 with: version: 3.x repo-token: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/setup-go@v5 + with: + go-version: '1.24.x' + cache: false + + - name: Install Go quality tools and configure for private go dependencies + run: | + go install golang.org/x/tools/cmd/goimports@v0.1.7 + go install github.com/axw/gocov/gocov@v1.1.0 + go install github.com/jstemmer/go-junit-report/v2@v2.1.0 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.64.2 + - name: Build and Test run: | - task build + task precommit + git diff task test:unit diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml index c8e96ca..1b001de 100644 --- a/.github/workflows/vulncheck.yml +++ b/.github/workflows/vulncheck.yml @@ -16,15 +16,20 @@ jobs: name: Analysis runs-on: ubuntu-latest steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 + - uses: actions/checkout@v4 + + - name: Setup go-task + uses: arduino/setup-task@v2 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/setup-go@v5 with: - go-version: 1.24.2 - cached: false - - name: Run govulncheck + go-version: '1.24.x' + cache: false + + - name: Vulnerability check run: | - # suppressed until we can upgrade to go1.24 - echo go run golang.org/x/vuln/cmd/govulncheck@latest -show verbose ./... - shell: bash + task vulncheck + diff --git a/.golangci.yml b/.golangci.yml index 710f631..3cd28c8 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -2,6 +2,12 @@ linters-settings: funlen: lines: 350 statements: 135 + depguard: + list-type: blacklist + packages: + # logging is allowed only by logutils.Log, logrus + # is allowed to use only in logutils package + - github.com/sirupsen/logrus dupl: threshold: 100 errorlint: @@ -86,6 +92,9 @@ linters-settings: goimports: local-prefixes: github.com/golangci/golangci-lint govet: + enable-all: true + disable: + - fieldalignment settings: printf: funcs: @@ -95,6 +104,8 @@ linters-settings: - Fatalf lll: line-length: 500 + maligned: + suggest-new: true misspell: locale: UK @@ -107,9 +118,14 @@ linters-settings: # goconst - see ticket #3097 # goerr113 - disabled see https://github.com/Djarvur/go-err113/issues/10 # gofumpt - not useful - confusing messages -# gomnd - see ticket #3116 -# govet - see ticket #3117 # nilreturn onwardis not yet evaluated... +# maligned - this guards against performance issues due to accessing +# mis-aligned structs. We don't have direct evidence of this being a +# real problem for us. We use a lot of generated code in our hot +# paths anyway (we have no control over there layout). Until we get +# direct evidence this is hurting us, we prefer our stucts layed out +# logically and don't want to have to nolint tag everything. +# # misspell - expected UK spelling with misspell, but customer facing text needs to be US. # tagalign - suppress until we can get a golang code formatter that will fix this (cosmetic) # @@ -130,9 +146,7 @@ linters: - err113 - errchkjson - errname - - execinquery - exhaustruct - - exportloopref - forbidigo - forcetypeassert # DONT re-enable funlen please @@ -146,7 +160,6 @@ linters: - godox - gofumpt - gomoddirectives - - gomnd - gosec - gosimple - inamedparam @@ -192,12 +205,6 @@ run: - golangcilint issues: - exclude-dirs: - - api - - azb2c - exclude-files: - - service/b2cpoliciesv1/b2cpolicies.go - - service/tenanciesv1/users_store.go exclude-rules: - text: "weak cryptographic primitive" linters: diff --git a/azblob/download.go b/azblob/download.go index 7c7587f..0e18aa5 100644 --- a/azblob/download.go +++ b/azblob/download.go @@ -119,7 +119,7 @@ func (azp *Storer) Reader( return nil, metadataErr } if parseErr := readerResponseMetadata(resp, metaData); parseErr != nil { - return nil, err + return nil, parseErr } } diff --git a/go.mod b/go.mod index 6cad5f4..a711957 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/datatrails/go-datatrails-common -go 1.23.0 +go 1.24 require ( github.com/Azure/azure-sdk-for-go v68.0.0+incompatible