From dd71f0a8663ac6615fdedf3c56f59c55853df858 Mon Sep 17 00:00:00 2001
From: mmetc <92726601+mmetc@users.noreply.github.com>
Date: Tue, 19 Mar 2024 10:48:49 +0100
Subject: [PATCH] CI: bump lint version and update configuration (#2901)

* bump golangci-lint to 1.56

* lint (testifylint)

* update lint configuration

* windows test: remove stale code
---
 .github/workflows/go-tests-windows.yml |  2 +-
 .github/workflows/go-tests.yml         |  2 +-
 .golangci.yml                          | 42 +++++++++++++++-----------
 pkg/acquisition/modules/loki/loki.go   |  2 +-
 pkg/apiserver/alerts_test.go           |  2 +-
 pkg/csplugin/utils_windows.go          |  4 ---
 pkg/exprhelpers/crowdsec_cti_test.go   |  8 ++---
 7 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/go-tests-windows.yml b/.github/workflows/go-tests-windows.yml
index 6629250c5..643cb9b39 100644
--- a/.github/workflows/go-tests-windows.yml
+++ b/.github/workflows/go-tests-windows.yml
@@ -56,7 +56,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v4
       with:
-        version: v1.55
+        version: v1.56
         args: --issues-exit-code=1 --timeout 10m
         only-new-issues: false
         # the cache is already managed above, enabling it here
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index e0603e0de..918cefb26 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -157,7 +157,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v4
       with:
-        version: v1.55
+        version: v1.56
         args: --issues-exit-code=1 --timeout 10m
         only-new-issues: false
         # the cache is already managed above, enabling it here
diff --git a/.golangci.yml b/.golangci.yml
index 396da2141..758327e40 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -4,7 +4,6 @@ run:
   skip-dirs:
     - pkg/time/rate
   skip-files:
-    - pkg/database/ent/generate.go
     - pkg/yamlpatch/merge.go
     - pkg/yamlpatch/merge_test.go
 
@@ -32,17 +31,31 @@ linters-settings:
     # Checks the number of lines in a function.
     # If lower than 0, disable the check.
     # Default: 60
-    lines: -1
+    # lower this after refactoring
+    lines: 437
     # Checks the number of statements in a function.
     # If lower than 0, disable the check.
     # Default: 40
-    statements: -1
+    # lower this after refactoring
+    statements: 122
 
   govet:
     check-shadowing: true
+    enable:
+     - atomicalign
+     - deepequalerrors
+     # TODO: - fieldalignment
+     - findcall
+     - nilness
+     # TODO: - reflectvaluecompare
+     - shadow
+     - sortslice
+     - timeformat
+     - unusedwrite
 
   lll:
-    line-length: 140
+    # lower this after refactoring
+    line-length: 2607
 
   maintidx:
     # raise this after refactoring
@@ -68,10 +81,16 @@ linters-settings:
 
   depguard:
     rules:
-      main:
+      wrap:
         deny:
           - pkg: "github.com/pkg/errors"
             desc: "errors.Wrap() is deprecated in favor of fmt.Errorf()"
+        files:
+          - "!**/pkg/database/*.go"
+          - "!**/pkg/exprhelpers/*.go"
+          - "!**/pkg/acquisition/modules/appsec/appsec.go"
+          - "!**/pkg/acquisition/modules/loki/internal/lokiclient/loki_client.go"
+          - "!**/pkg/apiserver/controllers/v1/errors.go"
       yaml:
         files:
           - "!**/cmd/crowdsec-cli/alerts.go"
@@ -105,7 +124,6 @@ linters-settings:
           - "!**/pkg/appsec/loader.go"
           - "!**/pkg/csplugin/broker.go"
           - "!**/pkg/csplugin/broker_test.go"
-          - "!**/pkg/dumps/bucker_dump.go"
           - "!**/pkg/dumps/bucket_dump.go"
           - "!**/pkg/dumps/parser_dump.go"
           - "!**/pkg/hubtest/coverage.go"
@@ -177,6 +195,7 @@ linters:
     # - importas            # Enforces consistent import aliases
     # - ineffassign         # Detects when assignments to existing variables are not used
     # - interfacebloat      # A linter that checks the number of methods inside an interface.
+    # - lll                 # Reports long lines
     # - logrlint            # Check logr arguments.
     # - maintidx            # maintidx measures the maintainability index of each function.
     # - makezero            # Finds slice declarations with non-zero initial length
@@ -214,7 +233,6 @@ linters:
     - goimports             # In addition to fixing imports, goimports also formats your code in the same style as gofmt.
     - gosec                 # (gas): Inspects source code for security problems
     - inamedparam           # reports interfaces with unnamed method parameters
-    - lll                   # Reports long lines
     - musttag               # enforce field tags in (un)marshaled structs
     - promlinter            # Check Prometheus metrics naming via promlint
     - protogetter           # Reports direct reads from proto message fields when getters should be used
@@ -363,13 +381,3 @@ issues:
     - linters:
         - nonamedreturns
       text: "named return .* with type .* found"
-
-    #
-    # Will fix,  might be trickier
-    #
-
-    # https://github.com/pkg/errors/issues/245
-    - linters:
-        - depguard
-      text: "import 'github.com/pkg/errors' is not allowed .*"
-
diff --git a/pkg/acquisition/modules/loki/loki.go b/pkg/acquisition/modules/loki/loki.go
index 3625c6895..52b87eb95 100644
--- a/pkg/acquisition/modules/loki/loki.go
+++ b/pkg/acquisition/modules/loki/loki.go
@@ -6,13 +6,13 @@ https://grafana.com/docs/loki/latest/api/#get-lokiapiv1tail
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/url"
 	"strconv"
 	"strings"
 	"time"
 
-	"github.com/pkg/errors"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
 	tomb "gopkg.in/tomb.v2"
diff --git a/pkg/apiserver/alerts_test.go b/pkg/apiserver/alerts_test.go
index 536505817..812e33ae1 100644
--- a/pkg/apiserver/alerts_test.go
+++ b/pkg/apiserver/alerts_test.go
@@ -151,7 +151,7 @@ func TestCreateAlertChannels(t *testing.T) {
 		wg.Done()
 	}()
 
-	go lapi.InsertAlertFromFile(t, "./tests/alert_ssh-bf.json")
+	lapi.InsertAlertFromFile(t, "./tests/alert_ssh-bf.json")
 	wg.Wait()
 	assert.Len(t, pd.Alert.Decisions, 1)
 	apiServer.Close()
diff --git a/pkg/csplugin/utils_windows.go b/pkg/csplugin/utils_windows.go
index dfb11aff5..2870a2add 100644
--- a/pkg/csplugin/utils_windows.go
+++ b/pkg/csplugin/utils_windows.go
@@ -100,10 +100,6 @@ func CheckPerms(path string) error {
 		return fmt.Errorf("no DACL found on plugin, meaning fully permissive access on plugin %s", path)
 	}
 
-	if err != nil {
-		return fmt.Errorf("while looking up current user sid: %w", err)
-	}
-
 	rs := reflect.ValueOf(dacl).Elem()
 
 	/*
diff --git a/pkg/exprhelpers/crowdsec_cti_test.go b/pkg/exprhelpers/crowdsec_cti_test.go
index fc3a236c5..84a4b2457 100644
--- a/pkg/exprhelpers/crowdsec_cti_test.go
+++ b/pkg/exprhelpers/crowdsec_cti_test.go
@@ -118,7 +118,7 @@ func TestNillClient(t *testing.T) {
 
 	item, err := CrowdsecCTI("1.2.3.4")
 	assert.Equal(t, err, cticlient.ErrDisabled)
-	assert.Equal(t, item, &cticlient.SmokeItem{})
+	assert.Equal(t, &cticlient.SmokeItem{}, item)
 }
 
 func TestInvalidAuth(t *testing.T) {
@@ -133,7 +133,7 @@ func TestInvalidAuth(t *testing.T) {
 	}))
 
 	item, err := CrowdsecCTI("1.2.3.4")
-	assert.Equal(t, item, &cticlient.SmokeItem{})
+	assert.Equal(t, &cticlient.SmokeItem{}, item)
 	assert.False(t, CTIApiEnabled)
 	assert.Equal(t, err, cticlient.ErrUnauthorized)
 
@@ -143,7 +143,7 @@ func TestInvalidAuth(t *testing.T) {
 	}))
 
 	item, err = CrowdsecCTI("1.2.3.4")
-	assert.Equal(t, item, &cticlient.SmokeItem{})
+	assert.Equal(t, &cticlient.SmokeItem{}, item)
 	assert.False(t, CTIApiEnabled)
 	assert.Equal(t, err, cticlient.ErrDisabled)
 }
@@ -159,7 +159,7 @@ func TestNoKey(t *testing.T) {
 	}))
 
 	item, err := CrowdsecCTI("1.2.3.4")
-	assert.Equal(t, item, &cticlient.SmokeItem{})
+	assert.Equal(t, &cticlient.SmokeItem{}, item)
 	assert.False(t, CTIApiEnabled)
 	assert.Equal(t, err, cticlient.ErrDisabled)
 }