forked from mindersec/minder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.golangci.yml
106 lines (100 loc) · 2.82 KB
/
.golangci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# SPDX-FileCopyrightText: Copyright 2023 The Minder Authors
# SPDX-License-Identifier: Apache-2.0
run:
issues-exit-code: 1
timeout: 5m
linters-settings:
lll:
line-length: 130
gocyclo:
min-complexity: 15
gci:
sections:
- standard
- default
- prefix(github.com/mindersec/minder)
revive:
# see https://github.com/mgechev/revive#available-rules for details.
ignore-generated-header: true
severity: warning
errorCode: 0
warningCode: 0
rules:
- name: blank-imports
severity: warning
- name: context-as-argument
- name: context-keys-type
- name: duplicated-imports
- name: error-naming
# - name: error-strings #BDG: This was enabled for months, but it suddenly started working on 3/2/2022.. come to find out we have TONS of error messages starting with capital... disabling for now(ever?)
- name: error-return
- name: exported
severity: error
- name: if-return
# - name: get-return // BDG: We have a lot of API endpoint handlers named like getFoos but write to response vs return... maybe later can figure that out
- name: identical-branches
- name: indent-error-flow
- name: import-shadowing
- name: package-comments
# NOTE: range-val-address and range-val-in-closure are irrelevant in Go 1.22 and later
- name: redefines-builtin-id
- name: struct-tag
- name: unconditional-recursion
- name: unnecessary-stmt
- name: unreachable-code
- name: unused-parameter
- name: unused-receiver
- name: unhandled-error
disabled: true
gosec:
excludes:
- G114 # for the moment we need to use listenandserve that has no support for timeouts
- G404 # use unsafe random generator until logic change is discussed
- G307 # Deferring unsafe method "Close" on type "io.ReadCloser"
- G601 # Irrelevant for Go 1.22 and later, see: https://github.com/securego/gosec/issues/1099
depguard:
rules:
prevent_unmaintained_packages:
list-mode: lax # allow unless explicitely denied
files:
- $all
- "!$test"
deny:
- pkg: "log"
desc: "We should use zerolog instead"
- pkg: io/ioutil
desc: "this is deprecated"
linters:
disable-all: true
enable:
- lll
- exhaustive
- depguard
- goconst
- gocyclo
- gofmt
- gosec
- gci
- unparam
- gosimple
- govet
- ineffassign
- paralleltest
- promlinter
- revive
- staticcheck
- unused
- thelper
- tparallel
issues:
exclude-use-default: false
exclude-rules:
- path: '(.+)_test\.go'
linters:
- lll
output:
formats:
- format: colored-line-number
print-issued-lines: true
print-linter-name: true
sort-results: true