mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-04 09:19:39 +02:00
5d60cff21e
* refactor backend, implement encrypted store * refactor in-memory store * wip * wip * wip * add syncer test * fix redis expiry * fix linting issues * fix test by skipping non-config records * fix backoff import * fix init issues * fix query * wait for initial sync before starting directory sync * add type to SyncLatest * add more log messages, fix deadlock in in-memory store, always return server version from SyncLatest * update sync types and tests * add redis tests * skip macos in github actions * add comments to proto * split getBackend into separate methods * handle errors in initVersion * return different error for not found vs other errors in get * use exponential backoff for redis transaction retry * rename raw to result * use context instead of close channel * store type urls as constants in databroker * use timestampb instead of ptypes * fix group merging not waiting * change locked names * update GetAll to return latest record version * add method to grpcutil to get the type url for a protobuf type
193 lines
5.7 KiB
YAML
193 lines
5.7 KiB
YAML
run:
|
|
deadline: 20m
|
|
|
|
linters-settings:
|
|
dupl:
|
|
threshold: 100
|
|
funlen:
|
|
lines: 100
|
|
statements: 50
|
|
gci:
|
|
local-prefixes: github.com/pomerium/pomerium
|
|
goconst:
|
|
min-len: 2
|
|
min-occurrences: 2
|
|
gocritic:
|
|
enabled-tags:
|
|
- diagnostic
|
|
- experimental
|
|
- opinionated
|
|
- performance
|
|
- style
|
|
disabled-checks:
|
|
- dupImport # https://github.com/go-critic/go-critic/issues/845
|
|
- ifElseChain
|
|
- octalLiteral
|
|
- whyNoLint
|
|
- wrapperFunc
|
|
gocyclo:
|
|
min-complexity: 15
|
|
goimports:
|
|
local-prefixes: github.com/pomerium/pomerium
|
|
golint:
|
|
min-confidence: 0
|
|
govet:
|
|
check-shadowing: false
|
|
lll:
|
|
line-length: 160
|
|
maligned:
|
|
suggest-new: true
|
|
misspell:
|
|
locale: US
|
|
nolintlint:
|
|
allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
|
|
allow-unused: false # report any unused nolint directives
|
|
require-explanation: false # don't require an explanation for nolint directives
|
|
require-specific: false # don't require nolint directives to be specific about which linter is being skipped
|
|
|
|
linters:
|
|
disable-all: true
|
|
enable:
|
|
- bodyclose
|
|
- deadcode
|
|
- depguard
|
|
- dogsled
|
|
- errcheck
|
|
- gofmt
|
|
- goimports
|
|
- golint
|
|
- goprintffuncname
|
|
- gosec
|
|
- gosimple
|
|
- govet
|
|
- ineffassign
|
|
- lll
|
|
- misspell
|
|
- nakedret
|
|
- nolintlint
|
|
- rowserrcheck
|
|
- staticcheck
|
|
- structcheck
|
|
- stylecheck
|
|
- typecheck
|
|
- unconvert
|
|
- unused
|
|
- varcheck
|
|
# - asciicheck
|
|
# - dupl
|
|
# - exhaustive
|
|
# - funlen
|
|
# - gochecknoglobals
|
|
# - gochecknoinits
|
|
# - gocognit
|
|
# - goconst
|
|
# - gocritic
|
|
# - gocyclo
|
|
# - godot
|
|
# - godox
|
|
# - goerr113
|
|
# - gomnd
|
|
# - interfacer
|
|
# - maligned
|
|
# - nestif
|
|
# - noctx
|
|
# - prealloc
|
|
# - scopelint
|
|
# - testpackage
|
|
# - whitespace
|
|
# - wsl
|
|
|
|
issues:
|
|
exclude-use-default: false
|
|
# List of regexps of issue texts to exclude, empty list by default.
|
|
# But independently from this option we use default exclude patterns,
|
|
# it can be disabled by `exclude-use-default: false`. To list all
|
|
# excluded by default patterns execute `golangci-lint run --help`
|
|
exclude:
|
|
## Defaults we want from golangci-lint
|
|
# errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
|
|
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
|
|
# golint: False positive when tests are defined in package 'test'
|
|
- func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
|
|
# govet: Common false positives
|
|
- (possible misuse of unsafe.Pointer|should have signature)
|
|
# staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
|
|
- ineffective break statement. Did you mean to break out of the outer loop
|
|
# gosec: Too many false-positives on 'unsafe' usage
|
|
- Use of unsafe calls should be audited
|
|
# gosec: Too many false-positives for parametrized shell calls
|
|
- Subprocess launch(ed with variable|ing should be audited)
|
|
# gosec: Duplicated errcheck checks
|
|
- G104
|
|
# gosec: Too many issues in popular repos
|
|
- (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
|
|
# gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
|
|
- Potential file inclusion via variable
|
|
|
|
##
|
|
## Custom
|
|
##
|
|
# Mostly harmless buffer writes where we skip error checking
|
|
# https://golang.org/pkg/bytes/#Buffer.Write
|
|
- "Error return value of `w.Write` is not checked"
|
|
- "Error return value of `io.WriteString` is not checked"
|
|
- "Error return value of `viper.BindEnv` is not checked"
|
|
- "Error return value of `h.Write` is not checked"
|
|
- "ExecuteTemplate` is not checked"
|
|
|
|
# go sec : we want to allow skipping tls auth
|
|
- "TLS InsecureSkipVerify set true."
|
|
- "goroutine calls T.Fatalf, which must be called in the same goroutine as the test"
|
|
# good job Protobuffs!
|
|
- "method XXX"
|
|
- "SA1019"
|
|
# EXC0001 errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
|
|
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv). is not checked
|
|
|
|
|
|
|
|
exclude-rules:
|
|
# https://github.com/go-critic/go-critic/issues/926
|
|
- linters:
|
|
- gocritic
|
|
text: "unnecessaryDefer:"
|
|
# Exclude some linters from running on test files.
|
|
- path: _test\.go$|^tests/|^integration/|^samples/|templates\.go$
|
|
linters:
|
|
- bodyclose
|
|
- errcheck
|
|
- gomnd
|
|
- gosec
|
|
- lll
|
|
- maligned
|
|
- staticcheck
|
|
- unparam
|
|
- unused
|
|
- scopelint
|
|
- gosec
|
|
- gosimple
|
|
# Exclude lll issues for long lines with go:generate
|
|
- linters:
|
|
- lll
|
|
source: "^//go:generate "
|
|
# erroneously thinks google api url is a cred
|
|
- path: internal/identity/google.go
|
|
text: "Potential hardcoded credentials"
|
|
linters:
|
|
- gosec
|
|
# deprecated but every example still uses New
|
|
- path: internal/identity/google.go
|
|
text: "please use NewService instead"
|
|
linters:
|
|
- staticcheck
|
|
- path: internal/identity/oauth/github/github.go
|
|
text: "Potential hardcoded credentials"
|
|
linters:
|
|
- gosec
|
|
- linters: [golint]
|
|
text: "should have a package comment"
|
|
|
|
# golangci.com configuration
|
|
# https://github.com/golangci/golangci/wiki/Configuration
|
|
service:
|
|
golangci-lint-version: 1.34.x # use the fixed version to not introduce new linters unexpectedly
|