From f8e857cd552b18fbddc032e245862d1f5e23b29b Mon Sep 17 00:00:00 2001
From: Dan Lorenc <lorenc.d@gmail.com>
Date: Thu, 26 Sep 2019 14:21:07 -0500
Subject: [PATCH] Enable the "gosec" linter for CI, and fix the one issue in
 our code.

The "issue" is actually a false positive, so it is fixed by adding an annotation.
---
 .golangci.yml                                 | 1 +
 pkg/apis/pipeline/v1alpha1/artifact_bucket.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/.golangci.yml b/.golangci.yml
index 00a4a0f51ed..39eb29cd83c 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -12,3 +12,4 @@ linters:
   - errcheck
   - gofmt
   - goimports
+  - gosec
diff --git a/pkg/apis/pipeline/v1alpha1/artifact_bucket.go b/pkg/apis/pipeline/v1alpha1/artifact_bucket.go
index 99e576f24b4..a45cf702331 100644
--- a/pkg/apis/pipeline/v1alpha1/artifact_bucket.go
+++ b/pkg/apis/pipeline/v1alpha1/artifact_bucket.go
@@ -53,6 +53,9 @@ const (
 	ArtifactStoragePVCType = "pvc"
 )
 
+// For some reason gosec thinks this string has enough entropy to be a potential secret.
+// The nosec comment disables it for this line.
+/* #nosec */
 var secretVolumeMountPath = "/var/bucketsecret"
 
 // ArtifactBucket contains the Storage bucket configuration defined in the