🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 (#627)

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.40.1 to 1.41.1. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.40.1...v1.41.1) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Azeem Shaikh <azeems@google.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
ossf · Jun 29, 2021 · 5dd7f11 · 5dd7f11
1 parent 6a3337d
commit 5dd7f11
Show file tree

Hide file tree

Showing 13 changed files with 78 additions and 64 deletions.
diff --git a/checks/ci_tests.go b/checks/ci_tests.go
@@ -28,9 +28,10 @@ type ciSystemState int
 
 const (
 	// CheckCITests is the registered name for CITests.
-	CheckCITests               = "CI-Tests"
-	success                    = "success"
-	unknown      ciSystemState = iota
+	CheckCITests                         = "CI-Tests"
+	success                              = "success"
+	ciSuccessPassThreshold               = .75
+	unknown                ciSystemState = iota
 	githubStatuses
 	githubCheckRuns
 )
@@ -92,7 +93,7 @@ func CITests(c *checker.CheckRequest) checker.CheckResult {
 	}
 
 	c.Logf("found CI tests for %d of %d merged PRs", totalTested, totalMerged)
-	return checker.MakeProportionalResult(CheckCITests, totalTested, totalMerged, .75)
+	return checker.MakeProportionalResult(CheckCITests, totalTested, totalMerged, ciSuccessPassThreshold)
 }
 
 // PR has a status marked 'success' and a CI-related context.

diff --git a/checks/code_review.go b/checks/code_review.go
@@ -23,8 +23,11 @@ import (
 	"github.com/ossf/scorecard/checker"
 )
 
-// CheckCodeReview is the registered name for DoesCodeReview.
-const CheckCodeReview = "Code-Review"
+const (
+	// CheckCodeReview is the registered name for DoesCodeReview.
+	CheckCodeReview = "Code-Review"
+	crPassThreshold = .75
+)
 
 // ErrorNoReviews indicates no reviews were found for this repo.
 var ErrorNoReviews = errors.New("no reviews found")
@@ -99,7 +102,7 @@ func GithubCodeReview(c *checker.CheckRequest) checker.CheckResult {
 	if totalReviewed > 0 {
 		c.Logf("github code reviews found")
 	}
-	return checker.MakeProportionalResult(CheckCodeReview, totalReviewed, totalMerged, .75)
+	return checker.MakeProportionalResult(CheckCodeReview, totalReviewed, totalMerged, crPassThreshold)
 }
 
 func IsPrReviewRequired(c *checker.CheckRequest) checker.CheckResult {
@@ -155,7 +158,7 @@ func ProwCodeReview(c *checker.CheckRequest) checker.CheckResult {
 		return checker.MakeInconclusiveResult(CheckCodeReview, ErrorNoReviews)
 	}
 	c.Logf("prow code reviews found")
-	return checker.MakeProportionalResult(CheckCodeReview, totalReviewed, totalMerged, .75)
+	return checker.MakeProportionalResult(CheckCodeReview, totalReviewed, totalMerged, crPassThreshold)
 }
 
 func CommitMessageHints(c *checker.CheckRequest) checker.CheckResult {
@@ -195,5 +198,5 @@ func CommitMessageHints(c *checker.CheckRequest) checker.CheckResult {
 		return checker.MakeInconclusiveResult(CheckCodeReview, ErrorNoReviews)
 	}
 	c.Logf("code reviews found")
-	return checker.MakeProportionalResult(CheckCodeReview, totalReviewed, total, .75)
+	return checker.MakeProportionalResult(CheckCodeReview, totalReviewed, total, crPassThreshold)
 }
diff --git a/checks/frozen_deps.go b/checks/frozen_deps.go
@@ -39,7 +39,7 @@ var ErrEmptyFile = errors.New("file has no content")
 // We only declare the fields we need.
 // Github workflows format: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
 type gitHubActionWorkflowConfig struct {
-	// nolinter
+	// nolint: govet
 	Jobs map[string]struct {
 		Name  string `yaml:"name"`
 		Steps []struct {
@@ -102,7 +102,7 @@ func validateDockerfileDownloads(pathfn string, content []byte,
 		return false, fmt.Errorf("cannot read dockerfile content: %w", err)
 	}
 
-	// nolinter:prealloc
+	// nolint: prealloc
 	var bytes []byte
 
 	// Walk the Dockerfile's AST.

diff --git a/checks/pull_requests.go b/checks/pull_requests.go
@@ -22,8 +22,11 @@ import (
 	"github.com/ossf/scorecard/checker"
 )
 
-// CheckPullRequests is the registered name for PullRequests.
-const CheckPullRequests = "Pull-Requests"
+const (
+	// CheckPullRequests is the registered name for PullRequests.
+	CheckPullRequests         = "Pull-Requests"
+	pullRequestsPassThreshold = .75
+)
 
 //nolint:gochecknoinits
 func init() {
@@ -75,5 +78,5 @@ func PullRequests(c *checker.CheckRequest) checker.CheckResult {
 		}
 	}
 	c.Logf("found PRs for %d out of %d commits", totalWithPrs, total)
-	return checker.MakeProportionalResult(CheckPullRequests, totalWithPrs, total, .75)
+	return checker.MakeProportionalResult(CheckPullRequests, totalWithPrs, total, pullRequestsPassThreshold)
 }
diff --git a/checks/sast.go b/checks/sast.go
@@ -22,8 +22,11 @@ import (
 	"github.com/ossf/scorecard/checker"
 )
 
-// CheckSAST is the registered name for SAST.
-const CheckSAST = "SAST"
+const (
+	// CheckSAST is the registered name for SAST.
+	CheckSAST         = "SAST"
+	sastPassThreshold = .75
+)
 
 var (
 	sastTools = map[string]bool{"github-code-scanning": true, "sonarcloud": true}
@@ -85,7 +88,7 @@ func SASTToolInCheckRuns(c *checker.CheckRequest) checker.CheckResult {
 	if totalTested == 0 {
 		return checker.MakeInconclusiveResult(CheckSAST, ErrorNoMerges)
 	}
-	return checker.MakeProportionalResult(CheckSAST, totalTested, totalMerged, .75)
+	return checker.MakeProportionalResult(CheckSAST, totalTested, totalMerged, sastPassThreshold)
 }
 
 func CodeQLInCheckDefinitions(c *checker.CheckRequest) checker.CheckResult {

diff --git a/checks/shell_download_validate.go b/checks/shell_download_validate.go
@@ -340,7 +340,7 @@ func isGoUnpinnedDownload(cmd []string) bool {
 
 	// `Go install` will automatically look up the
 	// go.mod and go.sum, so we don't flag it.
-	// nolinter
+	// nolint: gomnd
 	if len(cmd) <= 2 {
 		return false
 	}
@@ -361,7 +361,7 @@ func isGoUnpinnedDownload(cmd []string) bool {
 		pkg := cmd[i+1]
 		// Verify pkg = name@hash
 		parts := strings.Split(pkg, "@")
-		// nolinter
+		// nolint: gomnd
 		if len(parts) != 2 {
 			continue
 		}

diff --git a/checks/signed_releases.go b/checks/signed_releases.go
@@ -25,8 +25,9 @@ import (
 
 const (
 	// CheckSignedReleases is the registered name for SignedReleases.
-	CheckSignedReleases = "Signed-Releases"
-	releaseLookBackDays = 5
+	CheckSignedReleases         = "Signed-Releases"
+	releaseLookBackDays         = 5
+	signedReleasesPassThreshold = .8
 )
 
 // ErrorNoReleases indicates no releases were found for this repo.
@@ -85,5 +86,5 @@ func SignedReleases(c *checker.CheckRequest) checker.CheckResult {
 	}
 
 	c.Logf("found signed artifacts for %d out of %d releases", totalSigned, totalReleases)
-	return checker.MakeProportionalResult(CheckSignedReleases, totalSigned, totalReleases, 0.8)
+	return checker.MakeProportionalResult(CheckSignedReleases, totalSigned, totalReleases, signedReleasesPassThreshold)
 }
diff --git a/checks/signed_tags.go b/checks/signed_tags.go
@@ -24,8 +24,9 @@ import (
 
 const (
 	// CheckSignedTags is the registered name for SignedTags.
-	CheckSignedTags = "Signed-Tags"
-	tagLookBack     = 5
+	CheckSignedTags         = "Signed-Tags"
+	tagLookBack             = 5
+	signedTagsPassThreshold = .8
 )
 
 // ErrorNoTags indicates no tags were found for this repo.
@@ -84,5 +85,5 @@ func SignedTags(c *checker.CheckRequest) checker.CheckResult {
 	}
 
 	c.Logf("found %d out of %d verified tags", totalSigned, totalTags)
-	return checker.MakeProportionalResult(CheckSignedTags, totalSigned, totalTags, 0.8)
+	return checker.MakeProportionalResult(CheckSignedTags, totalSigned, totalTags, signedTagsPassThreshold)
 }
diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go
@@ -87,6 +87,7 @@ func (client *Client) InitRepo(owner, repoName string) error {
 }
 
 func (client *Client) GetRepoArchiveReader() (io.ReadCloser, error) {
+	// nolint: gomnd
 	archiveReader, err := os.OpenFile(client.tarball, os.O_RDONLY, 0o644)
 	if err != nil {
 		return archiveReader, fmt.Errorf("os.OpenFile: %w", err)

diff --git a/cron/data/add/main.go b/cron/data/add/main.go
@@ -45,6 +45,7 @@ func main() {
 	if err := data.SortAndAppendTo(&buf, repoURLs, nil); err != nil {
 		panic(err)
 	}
+	// nolint: gomnd
 	projects, err := os.OpenFile(os.Args[1], os.O_WRONLY|os.O_CREATE, 0o644)
 	if err != nil {
 		panic(err)

diff --git a/cron/data/update/main.go b/cron/data/update/main.go
@@ -36,6 +36,7 @@ func main() {
 		panic(err)
 	}
 
+	// nolint: gomnd
 	projects, err := os.OpenFile(os.Args[1], os.O_WRONLY, 0o644)
 	if err != nil {
 		panic(err)

diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	contrib.go.opencensus.io/exporter/stackdriver v0.13.8
 	github.com/bradleyfalzon/ghinstallation v1.1.1
 	github.com/go-git/go-git/v5 v5.4.2
-	github.com/golangci/golangci-lint v1.40.1
+	github.com/golangci/golangci-lint v1.41.1
 	github.com/google/addlicense v0.0.0-20210428195630-6d92264d7170
 	github.com/google/go-cmp v0.5.6
 	github.com/google/go-github/v32 v32.1.0