Add GoSec and GolangCI Lint

im-kulikov · Apr 19, 2021 · b469f4f · b469f4f
1 parent 0b7a2fd
commit b469f4f
Show file tree

Hide file tree

Showing 29 changed files with 553 additions and 101 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -5,6 +5,10 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+
+    env:
+      GO111MODULE: on
+
     strategy:
       matrix:
         go: [ '1.14.x', '1.15.x', '1.16.x' ]
@@ -26,13 +30,12 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-go-${{ matrix.go }}-
 
-    - name: Linter
-      run: |
-        go get -v golang.org/x/lint/golint
-        golint -set_exit_status ./...
+    - name: golangci-lint
+      with: { version: latest }
+      uses: golangci/golangci-lint-action@v2
 
     - name: Tests
-      run: go test -coverprofile=coverage.txt -covermode=atomic ./...
+      run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./...
 
     - name: Upload coverage to Codecov
       uses: codecov/codecov-action@v1

diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,105 @@
+linters:
+  enable-all: true
+  disable:
+    - testpackage
+    - wrapcheck
+    - interfacer
+    - scopelint
+    - maligned
+    - paralleltest
+    - tparallel
+    - exhaustivestruct
+
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 20
+  cyclop:
+    min-complexity: 20
+    max-complexity: 30
+  gci:
+    # put imports beginning with prefix after 3rd-party packages;
+    # only support one prefix
+    # if not set, use goimports.local-prefixes
+    local-prefixes: github.com/im-kulikov/helium
+  dupl:
+    threshold: 100
+  goconst:
+    min-len: 2
+    min-occurrences: 2
+  gomoddirectives:
+    # List of allowed `replace` directives. Default is empty.
+    replace-allow-list:
+      - bou.ke/monkey
+  lll:
+    line-length: 140
+  funlen:
+    lines: 130
+    statements: 70
+  nestif:
+    # minimal complexity of if statements to report
+    min-complexity: 6
+  gocognit:
+    min-complexity: 35
+
+issues:
+  exclude-rules:
+    - path: mock # We avoid warnings about comments for package and public functions in mock package.
+      linters:
+        - golint
+    - path: _test\.go
+      linters:
+        - goconst
+        - scopelint # To avoid warnings in table-driven tests combined with t.Run
+        - gochecknoglobals
+        - funlen
+        - dupl
+        - govet
+        - staticcheck
+        - gocyclo
+        - errcheck
+        - nlreturn
+    - path: slack_incoming_messages\.go
+      linters:
+        - dupl
+    - path: slack_outgoing_messages\.go
+      linters:
+        - dupl
+    - path: job\.go
+      linters:
+        - dupl
+    - path: postgres\.go
+      linters:
+        - errcheck
+    - path: parse_incoming_job\.go
+      linters:
+        - funlen
+        - gocyclo
+  exclude-use-default: false
+  exclude:
+    # golint: Package comment check for every file
+    - should have a package comment, unless
+
+    # govet: Common false positives
+    - (possible misuse of unsafe.Pointer|should have signature)
+
+    # gosec: Too many false-positives on 'unsafe' usage
+    - Use of unsafe calls should be audited
+
+    # gosec: Too many false-positives for parametrized shell calls
+    - Subprocess launch(ed with variable|ing should be audited)
+
+    # gosec: Duplicated errcheck checks
+    - G104
+
+    # gosec: Too many issues in popular repos
+    - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+
+    # gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
+    - Potential file inclusion via variable
+
+    # gochecknoglobals: allow version variable
+    - "`version` is a global variable"