ci(lint) : setup golangci-lint

.github/workflows/build.yaml

@@ -224,6 +224,13 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
+      - name: Setup golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          args: --verbose
+          version: latest
+          skip-pkg-cache: true
+          skip-build-cache: true
       - name: Verify YAML code
         uses: ibiqlik/action-yamllint@v3
       - name: Vendor Go modules

.github/workflows/publish-helm-chart.yaml

@@ -16,22 +16,22 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
         with:
           fetch-depth: 0
       - name: Install Helm
-        uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab #v1.1
+        uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab  # v1.1
         with:
           version: v3.5.0
       - name: Set up python
-        uses: actions/setup-python@0066b88440aa9562be742e2c60ee750fc57d8849 #v2.3.0
+        uses: actions/setup-python@0066b88440aa9562be742e2c60ee750fc57d8849  # v2.3.0
         with:
           python-version: 3.7
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@5f16c27cf7a4fa9c776ff73734df3909b2b65127 #v2.1.0
+        uses: helm/chart-testing-action@5f16c27cf7a4fa9c776ff73734df3909b2b65127  # v2.1.0
       - name: Setup Kubernetes cluster (KIND)
-        uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478 #v1.2.0
+        uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478  # v1.2.0
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
@@ -55,7 +55,7 @@ jobs:
         run: |
           ./cr index -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} -c https://${{ env.GH_OWNER }}.github.io/${{ env.HELM_REP }}/ -i index.yaml
       - name: Push index file
-        uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37 #v1.1.1
+        uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37  # v1.1.1
         env:
           API_TOKEN_GITHUB: ${{ secrets.ORG_REPO_TOKEN }}
         with:

.golangci.yml

@@ -0,0 +1,10 @@
+run:
+  timeout: 5m
+linters:
+  enable:
+    - errorlint
+    - govet
+  disable:
+    - gosimple
+    - ineffassign
+    - staticcheck

cmd/scanner-aqua/main.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"encoding/json"
+	"errors"
 	"log"
 	"os"
 
@@ -73,7 +74,7 @@ func scan(opt options, imageRef string) (report v1alpha1.VulnerabilityReportData
 	if err == nil {
 		return
 	}
-	if err != client.ErrNotFound {
+	if !errors.Is(err, client.ErrNotFound) {
 		return
 	}
 	report, err = cli.NewScanner(opt.version, opt.baseURL, opt.credentials).Scan(imageRef)

itest/matcher/matcher.go

@@ -1,11 +1,11 @@
 package matcher
 
 import (
+	"fmt"
+
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gstruct"
 
-	"fmt"
-
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/aquasecurity/starboard/pkg/kube"
 	"github.com/aquasecurity/starboard/pkg/starboard"

pkg/cmd/get_configauditreports.go

@@ -74,11 +74,11 @@ NAME is the name of a particular Kubernetes resource.
 				WithDefaultOutput(format).
 				ToPrinter()
 			if err != nil {
-				return fmt.Errorf("create printer: %v", err)
+				return fmt.Errorf("create printer: %w", err)
 			}
 
 			if err := printer.PrintObj(report, out); err != nil {
-				return fmt.Errorf("print vulnerability reports: %v", err)
+				return fmt.Errorf("print vulnerability reports: %w", err)
 			}
 
 			return nil

pkg/cmd/get_vulnerabilityreports.go

@@ -68,7 +68,7 @@ NAME is the name of a particular Kubernetes workload.
 			reader := vulnerabilityreport.NewReadWriter(kubeClient)
 			items, err := reader.FindByOwnerInHierarchy(ctx, workload)
 			if err != nil {
-				return fmt.Errorf("list vulnerability reports: %v", err)
+				return fmt.Errorf("list vulnerability reports: %w", err)
 			}
 			if len(items) == 0 {
 				fmt.Fprintf(out, "No reports found in %s namespace.\n", workload.Namespace)

pkg/kube/secrets_test.go

@@ -1,19 +1,18 @@
 package kube_test
 
 import (
+	"testing"
+
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gstruct"
 
-	"testing"
-
 	"github.com/aquasecurity/starboard/pkg/docker"
 	"github.com/aquasecurity/starboard/pkg/kube"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func TestNewImagePullSecret(t *testing.T) {
-
 	t.Run("should construct a new image secret with encoded data", func(t *testing.T) {
 		g := NewGomegaWithT(t)
 
@@ -45,7 +44,6 @@ func TestNewImagePullSecret(t *testing.T) {
 }
 
 func TestMapDockerRegistryServersToAuths(t *testing.T) {
-
 	t.Run("should map Docker registry servers to Docker authentication credentials", func(t *testing.T) {
 		g := NewGomegaWithT(t)
 
@@ -124,7 +122,6 @@ func TestMapDockerRegistryServersToAuths(t *testing.T) {
 }
 
 func TestMapContainerNamesToDockerAuths(t *testing.T) {
-
 	t.Run("should map container images to Docker authentication credentials", func(t *testing.T) {
 		g := NewGomegaWithT(t)
 

pkg/operator/predicate/predicate_test.go

@@ -1,11 +1,11 @@
 package predicate_test
 
 import (
+	"time"
+
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
-	"time"
-
 	"github.com/aquasecurity/starboard/pkg/operator/etc"
 	"github.com/aquasecurity/starboard/pkg/operator/predicate"
 	batchv1 "k8s.io/api/batch/v1"
@@ -17,13 +17,9 @@ import (
 )
 
 var _ = Describe("Predicate", func() {
-
 	Describe("When checking a InstallMode predicate", func() {
-
 		Context("When install mode is SingleNamespace", func() {
-
 			When("and object is in operator namespace", func() {
-
 				It("Should return false", func() {
 					config := etc.Config{
 						Namespace:        "starboard-operator",
@@ -41,13 +37,10 @@ var _ = Describe("Predicate", func() {
 					Expect(instance.Update(event.UpdateEvent{ObjectNew: obj})).To(BeFalse())
 					Expect(instance.Delete(event.DeleteEvent{Object: obj})).To(BeFalse())
 					Expect(instance.Generic(event.GenericEvent{Object: obj})).To(BeFalse())
-
 				})
-
 			})
 
 			When("and object is in target namespace", func() {
-
 				It("Should return true", func() {
 					config := etc.Config{
 						Namespace:        "starboard-operator",
@@ -66,15 +59,11 @@ var _ = Describe("Predicate", func() {
 					Expect(instance.Delete(event.DeleteEvent{Object: obj})).To(BeTrue())
 					Expect(instance.Generic(event.GenericEvent{Object: obj})).To(BeTrue())
 				})
-
 			})
-
 		})
 
 		Context("When install mode is MultiNamespaces", func() {
-
 			When("and object is in target namespace", func() {
-
 				It("Should return true", func() {
 					config := etc.Config{
 						Namespace:        "starboard-operator",
@@ -93,11 +82,9 @@ var _ = Describe("Predicate", func() {
 					Expect(instance.Delete(event.DeleteEvent{Object: obj})).To(BeTrue())
 					Expect(instance.Generic(event.GenericEvent{Object: obj})).To(BeTrue())
 				})
-
 			})
 
 			When("and object is not in target namespace", func() {
-
 				It("Should return false", func() {
 					config := etc.Config{
 						Namespace:        "starboard-operator",
@@ -116,16 +103,12 @@ var _ = Describe("Predicate", func() {
 					Expect(instance.Delete(event.DeleteEvent{Object: obj})).To(BeFalse())
 					Expect(instance.Generic(event.GenericEvent{Object: obj})).To(BeFalse())
 				})
-
 			})
-
 		})
 	})
 
 	Describe("When checking a HasName predicate", func() {
-
 		Context("When object has desired name", func() {
-
 			It("Should return true", func() {
 				instance := predicate.HasName("starboard-polaris-config")
 				obj := &corev1.Pod{
@@ -142,7 +125,6 @@ var _ = Describe("Predicate", func() {
 		})
 
 		Context("When object does not have desired name", func() {
-
 			It("Should return false", func() {
 				instance := predicate.HasName("starboard-conftest-config")
 				obj := &corev1.Pod{
@@ -160,9 +142,7 @@ var _ = Describe("Predicate", func() {
 	})
 
 	Describe("When checking a InNamespace predicate", func() {
-
 		Context("When object is in desired namespace", func() {
-
 			It("Should return true", func() {
 				instance := predicate.InNamespace("starboard-operator")
 				obj := &corev1.Pod{
@@ -176,11 +156,9 @@ var _ = Describe("Predicate", func() {
 				Expect(instance.Delete(event.DeleteEvent{Object: obj})).To(BeTrue())
 				Expect(instance.Generic(event.GenericEvent{Object: obj})).To(BeTrue())
 			})
-
 		})
 
 		Context("When object is not in desired namespace", func() {
-
 			It("Should return false", func() {
 				instance := predicate.InNamespace("starboard-operator")
 				obj := &corev1.Pod{
@@ -194,13 +172,10 @@ var _ = Describe("Predicate", func() {
 				Expect(instance.Delete(event.DeleteEvent{Object: obj})).To(BeFalse())
 				Expect(instance.Generic(event.GenericEvent{Object: obj})).To(BeFalse())
 			})
-
 		})
-
 	})
 
 	Describe("When checking a ManagedByStarboardOperator predicate", func() {
-
 		instance := predicate.ManagedByStarboardOperator
 
 		Context("Where object is managed by Starboard operator", func() {
@@ -254,7 +229,6 @@ var _ = Describe("Predicate", func() {
 	})
 
 	Describe("When checking a PodBeingTerminated predicate", func() {
-
 		instance := predicate.IsBeingTerminated
 		deletionTimestamp := metav1.NewTime(time.Now())
 
@@ -326,7 +300,6 @@ var _ = Describe("Predicate", func() {
 	})
 
 	Describe("When checking a Not predicate", func() {
-
 		Context("Where input predicate returns true", func() {
 			It("Should return false", func() {
 				instance := predicate.Not(predicatex.NewPredicateFuncs(func(_ client.Object) bool {
@@ -339,6 +312,5 @@ var _ = Describe("Predicate", func() {
 				Expect(instance.Generic(event.GenericEvent{})).To(BeFalse())
 			})
 		})
-
 	})
 })

pkg/plugin/conftest/plugin.go

@@ -152,7 +152,7 @@ func (c Config) setResourceLimit(configKey string, k8sResourceList *corev1.Resou
 	if value, found := c.Data[configKey]; found {
 		quantity, err := resource.ParseQuantity(value)
 		if err != nil {
-			return fmt.Errorf("parsing resource definition %s: %s %v", configKey, value, err)
+			return fmt.Errorf("parsing resource definition %s: %s %w", configKey, value, err)
 		}
 
 		(*k8sResourceList)[k8sResourceName] = quantity

pkg/plugin/polaris/plugin.go

@@ -264,7 +264,7 @@ func (c Config) setResourceLimit(configKey string, k8sResourceList *corev1.Resou
 	if value, found := c.Data[configKey]; found {
 		quantity, err := resource.ParseQuantity(value)
 		if err != nil {
-			return fmt.Errorf("parsing resource definition %s: %s %v", configKey, value, err)
+			return fmt.Errorf("parsing resource definition %s: %s %w", configKey, value, err)
 		}
 
 		(*k8sResourceList)[k8sResourceName] = quantity

pkg/plugin/trivy/plugin.go

@@ -151,7 +151,7 @@ func (c Config) setResourceLimit(configKey string, k8sResourceList *corev1.Resou
 	if value, found := c.Data[configKey]; found {
 		quantity, err := resource.ParseQuantity(value)
 		if err != nil {
-			return fmt.Errorf("parsing resource definition %s: %s %v", configKey, value, err)
+			return fmt.Errorf("parsing resource definition %s: %s %w", configKey, value, err)
 		}
 
 		(*k8sResourceList)[k8sResourceName] = quantity

pkg/starboard/plugin.go

@@ -5,11 +5,10 @@ import (
 	"fmt"
 	"strings"
 
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
-
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )