Add the golangci-lint GitHub action

Initially we enable only the gosec linter and only check G112 because that has been addressed in #6534. Signed-off-by: Richard Wall <richard.wall@venafi.com>
2023-12-06 13:54:29 +00:00 · 2023-12-06 13:54:29 +00:00 · 70cf0d200b
commit 70cf0d200b
parent e7e3e5f4de
2 changed files with 64 additions and 0 deletions
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -0,0 +1,41 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  golangci:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+          # setup-go v4 uses cache automatically, which conflicts with golangci-lint's cache.
+          # See https://github.com/golangci/golangci-lint-action/pull/704
+          cache: false
+      # A workspace file is needed for golangci-lint to check the sub-modules.
+      # https://github.com/golangci/golangci-lint-action/issues/544
+      - run: make go-workspace
+      # Work around missing go:embed file which causes a typecheck error.
+      # https://github.com/golangci/golangci-lint/issues/2912
+      - run: touch test/integration/versionchecker/testdata/test_manifests.tar
+      # To check sub-modules, you need to supply their paths as positional arguments.
+      # This step finds the paths and adds them to a variable which is used
+      # later in the args value.
+      # https://github.com/golangci/golangci-lint/issues/828
+      - name: find-go-modules
+        id: find-go-modules
+        run: |
+          find . -type f -name 'go.mod' -printf '%h/...\n' \
+          | jq -r -R -s 'split("\n")[:-1] | sort | join(" ") | "GO_MODULES=\(.)"' \
+          >> "$GITHUB_OUTPUT"
+      - uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.55.2
+          args: --timeout=30m --config=.golangci.ci.yaml ${{ steps.find-go-modules.outputs.GO_MODULES }}
--- a/.golangci.ci.yaml
+++ b/.golangci.ci.yaml
@ -0,0 +1,23 @@
+# This golangci-lint configuration is for use in CI.
+# It has a non-standard filename so that maintainers can still easily run the
+# full `golangci-lint` suite locally on their laptops.
+# This configuration limits golangci-lint to check only for those issues that
+# have already been fixed. to allow us to incrementally fix the remaining
+# issues.
+# Please contribute small PRs where a new linter is added or a particular
+# exclude is removed in the first commit, wait for golangci-lint-action to
+# report the issues and then fix those issues in a subsequent commit.
+linters:
+  disable-all: true
+  enable:
+    - gosec
+issues:
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gosec
+    # Ignore some of the gosec warnings until we have time to address them.
+    - linters:
+        - gosec
+      text: "G(101|107|204|306|402|404|501|505|601)"