linters-settings:
  gci:
    custom-order: true
    sections:
      - standard
      - default
      - prefix(github.com/pomerium)

linters:
  disable-all: true
  enable:
    - asasalint
    - bodyclose
    - copyloopvar
    - dogsled
    - errcheck
    - errorlint
    - gci
    - gocheckcompilerdirectives
    - gofumpt
    - goimports
    - goprintffuncname
    - gosec
    - gosimple
    - govet
    - ineffassign
    - misspell
    - nakedret
    - nolintlint
    - revive
    - staticcheck
    - stylecheck
    - unconvert
    - unused
    - usestdlibvars
    - usetesting

issues:
  # List of regexps of issue texts to exclude, empty list by default.
  # But independently from this option we use default exclude patterns,
  # it can be disabled by `exclude-use-default: false`. To list all
  # excluded by default patterns execute `golangci-lint run --help`
  exclude:
    ## Defaults we want from golangci-lint
    # errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
    - Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
    - empty-block

    # go sec : we want to allow skipping tls auth
    - "TLS InsecureSkipVerify set true."
    - "SA1019"

  exclude-rules:
    # Exclude some linters from running on test files.
    - path: _test\.go$|^tests/|^integration/|^samples/|^internal/testutil/|templates\.go$
      linters:
        - bodyclose
        - errcheck
        - gomnd
        - gosec
        - lll
        - maligned
        - staticcheck
        - unparam
        - unused
        - scopelint
        - gosec
        - gosimple
    - path: internal/identity/oauth/github/github.go
      text: "Potential hardcoded credentials"
      linters:
        - gosec
    - text: "G112:"
      linters:
        - gosec
    - text: "G115:"
      linters:
        - gosec
    - text: "G402: TLS MinVersion too low."
      linters:
        - gosec