-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy path.golangci.yml
More file actions
182 lines (148 loc) · 5.99 KB
/
Copy path.golangci.yml
File metadata and controls
182 lines (148 loc) · 5.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
version: "2"
run:
timeout: 30m
# CI mode: Fails if go.mod needs updates, ensuring dependencies are properly declared
modules-download-mode: readonly
allow-parallel-runners: true
allow-serial-runners: false
concurrency: 2 # Set to 2 to avoid overwhelming the CI server
issues:
# Don’t cap lint errors per linter—report everything in new code.
max-issues-per-linter: 0
# Don’t limit duplicates by text—if the same error crops up on multiple lines, show them all.
max-same-issues: 0
# Don’t dedupe by line; every instance matters.
uniq-by-line: false
# Only fail on new issues introduced by new PR's.
new: true
# Define the “base” for “new” issues as the merge-base against main.
new-from-merge-base: main
# Also catch anything in new or modified files, even outside the diff hunk.
whole-files: true
# Automatically apply any fixable issues (like gofmt/goimports).
fix: true
linters:
default: none
enable:
# Core correctness & compile checks
- govet # catches suspicious Go constructs
- staticcheck # static analyses (nil‐checks, API misuse, etc.)
- errcheck # ensures you never ignore an error return
- unused # finds dead code we no longer need
- ineffassign # flags assignments that have no effect
# error-handling best practices
- errorlint # flag missing %w wraps
- err113 # enforce correct error-handling patterns
# Terraform‐specific safety & resource handling
- bodyclose # makes sure every HTTP response body is closed
- gosec # scans for security issues (e.g. hardcoded credentials)
# Specifically important for API clients (Microsoft 365 API)
- contextcheck # check whether function uses a non-inherited context
- noctx # finds sending http request without context.Context
- nilnil # checks that there is no simultaneous return of nil error and invalid value
# Quality & style
- gocritic # catches a variety of performance/style bugs
- prealloc # recommends when you can preallocate slices/maps
- misspell # finds typos in comments, docs, & variable names
- gocyclo # warn on high cyclomatic complexity
- wrapcheck # checks that errors from external packages are wrapped
# API/Terraform specific
- musttag # enforce field tags in (un)marshaled structs
- tagliatelle # checks struct tags (important for JSON/XML APIs)
# 3) Per-linter configuration
settings:
nakedret:
max-func-lines: 40
# 4) Issue-filtering (not disabling analysis, just silencing reports)
exclusions:
# skip generated files strictly matching Go’s “Code generated … DO NOT EDIT.”
generated: strict
# warn if any of these exclusions never match
warn-unused: true
# apply standard “false positive” presets
presets:
- comments
- std-error-handling
- common-false-positives
- legacy
# fine-grained rules to drop issues by path, linter, text, or source
rules:
# in test files, silence these noisy checks
- path: _test\.go
linters:
- gocyclo
- errcheck
- dupl
- gosec
# only run “forbidigo” on tests (silence everywhere else)
- path-except: _test\.go
linters:
- forbidigo
# silence known gosec warning in this vendored code
- path: internal/hmac/
text: "weak cryptographic primitive"
linters:
- gosec
# drop staticcheck’s SA9003 messages
- linters:
- staticcheck
text: "SA9003:"
# exclude “lll” warnings on go:generate lines
- linters:
- lll
source: "^//go:generate "
# exclude entire files from reporting (still analyzed)
paths:
- ".*\\.gen\\.go$" # Generated Go files
- ".*_test\\.go$" # Test files (already handled with more specific rules)
- "examples/.*" # Example code for documentation
- "tools/.*" # Build/helper tools
- "scripts/.*" # Scripts for development
- "docs/.*\\.go$" # Documentation generators
# Never exclude these critical paths, even if they match patterns above
paths-except:
- "internal/.*\\.go$" # Core provider logic
formatters:
# Only run the formatters you actually want to auto‐fix in CI
enable:
- gofumpt # strict Go formatting (superset of gofmt)
- goimports # fixes imports (add/remove/sort)
- gci # groups & sorts import blocks
- golines # wraps long lines to a max length (e.g. 120 chars)
# Per‐formatter settings (optional—only if you need to tweak defaults)
settings:
gci:
# customize your import sections order: standard, external, project
sections:
- Standard
- Default
- Prefix(github.com/deploymenttheory)
# Exclude generated or special‐case files from formatting checks
exclusions:
warn-unused: true # error if any of the below rules never match
generated: strict # only skip files with exact “// Code generated … DO NOT EDIT.”
paths:
- ".*\\.gen\\.go$" # ignore any *.gen.go files
- "internal/tools/.*" # ignore codegen tools dir
output:
formats:
# 1) Text format for the Action log
text:
# Send lint results to stderr so the Action log shows them even when piped
path: stderr
# Include the linter name after each issue
print-linter-name: true
# Show the source lines for each issue
print-issued-lines: true
# Keep ANSI colors enabled for readability in the Actions console
colors: true
# 2) SARIF format for GitHub Code Scanning integration
sarif:
path: golangci-lint-report.sarif
# Use relative paths (from the module root) in output
path-mode: ""
sort-order:
- severity
- file
# Show summary statistics at the end of the report
show-stats: true