| linters: |
| enable: |
| - depguard |
| - dupword # Checks for duplicate words in the source code. |
| - goimports |
| - gosec |
| - gosimple |
| - govet |
| - importas |
| - ineffassign |
| - misspell |
| - revive |
| - staticcheck |
| - typecheck |
| - unconvert |
| - unused |
| |
| disable: |
| - errcheck |
| |
| run: |
| concurrency: 2 |
| modules-download-mode: vendor |
| |
| skip-dirs: |
| - docs |
| |
| linters-settings: |
| dupword: |
| ignore: |
| - "true" # some tests use this as expected output |
| - "false" # some tests use this as expected output |
| - "root" # for tests using "ls" output with files owned by "root:root" |
| importas: |
| # Do not allow unaliased imports of aliased packages. |
| no-unaliased: true |
| |
| alias: |
| # Enforce alias to prevent it accidentally being used instead of our |
| # own errdefs package (or vice-versa). |
| - pkg: github.com/containerd/containerd/errdefs |
| alias: cerrdefs |
| - pkg: github.com/opencontainers/image-spec/specs-go/v1 |
| alias: ocispec |
| |
| govet: |
| check-shadowing: false |
| depguard: |
| rules: |
| main: |
| deny: |
| - pkg: io/ioutil |
| desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil |
| - pkg: "github.com/stretchr/testify/assert" |
| desc: Use "gotest.tools/v3/assert" instead |
| - pkg: "github.com/stretchr/testify/require" |
| desc: Use "gotest.tools/v3/assert" instead |
| - pkg: "github.com/stretchr/testify/suite" |
| desc: Do not use |
| revive: |
| rules: |
| # FIXME make sure all packages have a description. Currently, there's many packages without. |
| - name: package-comments |
| disabled: true |
| issues: |
| # The default exclusion rules are a bit too permissive, so copying the relevant ones below |
| exclude-use-default: false |
| |
| exclude-rules: |
| # We prefer to use an "exclude-list" so that new "default" exclusions are not |
| # automatically inherited. We can decide whether or not to follow upstream |
| # defaults when updating golang-ci-lint versions. |
| # Unfortunately, this means we have to copy the whole exclusion pattern, as |
| # (unlike the "include" option), the "exclude" option does not take exclusion |
| # ID's. |
| # |
| # These exclusion patterns are copied from the default excluses at: |
| # https://github.com/golangci/golangci-lint/blob/v1.46.2/pkg/config/issues.go#L10-L104 |
| |
| # EXC0001 |
| - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked" |
| linters: |
| - errcheck |
| # EXC0006 |
| - text: "Use of unsafe calls should be audited" |
| linters: |
| - gosec |
| # EXC0007 |
| - text: "Subprocess launch(ed with variable|ing should be audited)" |
| linters: |
| - gosec |
| # EXC0008 |
| # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec) |
| - text: "(G104|G307)" |
| linters: |
| - gosec |
| # EXC0009 |
| - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" |
| linters: |
| - gosec |
| # EXC0010 |
| - text: "Potential file inclusion via variable" |
| linters: |
| - gosec |
| |
| # Looks like the match in "EXC0007" above doesn't catch this one |
| # TODO: consider upstreaming this to golangci-lint's default exclusion rules |
| - text: "G204: Subprocess launched with a potential tainted input or cmd arguments" |
| linters: |
| - gosec |
| # Looks like the match in "EXC0009" above doesn't catch this one |
| # TODO: consider upstreaming this to golangci-lint's default exclusion rules |
| - text: "G306: Expect WriteFile permissions to be 0600 or less" |
| linters: |
| - gosec |
| |
| # Exclude some linters from running on tests files. |
| - path: _test\.go |
| linters: |
| - errcheck |
| - gosec |
| |
| # Suppress golint complaining about generated types in api/types/ |
| - text: "type name will be used as (container|volume)\\.(Container|Volume).* by other packages, and that stutters; consider calling this" |
| path: "api/types/(volume|container)/" |
| linters: |
| - revive |
| # FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272) |
| - text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated" |
| linters: |
| - staticcheck |
| |
| # Maximum issues count per one linter. Set to 0 to disable. Default is 50. |
| max-issues-per-linter: 0 |
| |
| # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. |
| max-same-issues: 0 |