forked from pomerium/pomerium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.golangci.yml
189 lines (182 loc) · 5.65 KB
/
.golangci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
run:
deadline: 20m
linters-settings:
dupl:
threshold: 100
funlen:
lines: 100
statements: 50
gci:
local-prefixes: github.com/pomerium/pomerium
goconst:
min-len: 2
min-occurrences: 2
gocritic:
enabled-tags:
- diagnostic
- experimental
- opinionated
- performance
- style
disabled-checks:
- dupImport # https://github.com/go-critic/go-critic/issues/845
- ifElseChain
- octalLiteral
- whyNoLint
- wrapperFunc
gocyclo:
min-complexity: 15
goimports:
local-prefixes: github.com/pomerium/pomerium
govet:
check-shadowing: false
lll:
line-length: 160
maligned:
suggest-new: true
misspell:
locale: US
nolintlint:
allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
allow-unused: false # report any unused nolint directives
require-explanation: false # don't require an explanation for nolint directives
require-specific: false # don't require nolint directives to be specific about which linter is being skipped
linters:
disable-all: true
enable:
- bodyclose
- deadcode
- depguard
- dogsled
- errcheck
- gofmt
- goimports
- goprintffuncname
- gosec
- gosimple
- govet
- ineffassign
- lll
- misspell
- nakedret
- nolintlint
- revive
- rowserrcheck
- staticcheck
- structcheck
- stylecheck
- typecheck
- unconvert
- unused
- varcheck
# - asciicheck
# - dupl
# - exhaustive
# - funlen
# - gochecknoglobals
# - gochecknoinits
# - gocognit
# - goconst
# - gocritic
# - gocyclo
# - godot
# - godox
# - goerr113
# - gomnd
# - interfacer
# - maligned
# - nestif
# - noctx
# - prealloc
# - scopelint
# - testpackage
# - whitespace
# - wsl
issues:
exclude-use-default: false
# List of regexps of issue texts to exclude, empty list by default.
# But independently from this option we use default exclude patterns,
# it can be disabled by `exclude-use-default: false`. To list all
# excluded by default patterns execute `golangci-lint run --help`
exclude:
## Defaults we want from golangci-lint
# errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
# golint: False positive when tests are defined in package 'test'
- func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
# govet: Common false positives
- (possible misuse of unsafe.Pointer|should have signature)
# staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
- ineffective break statement. Did you mean to break out of the outer loop
# gosec: Too many false-positives on 'unsafe' usage
- Use of unsafe calls should be audited
# gosec: Too many false-positives for parametrized shell calls
- Subprocess launch(ed with variable|ing should be audited)
# gosec: Duplicated errcheck checks
- G104
# gosec: Too many issues in popular repos
- (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
# gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
- Potential file inclusion via variable
##
## Custom
##
# Mostly harmless buffer writes where we skip error checking
# https://golang.org/pkg/bytes/#Buffer.Write
- "Error return value of `w.Write` is not checked"
- "Error return value of `io.WriteString` is not checked"
- "Error return value of `viper.BindEnv` is not checked"
- "Error return value of `h.Write` is not checked"
- "ExecuteTemplate` is not checked"
# go sec : we want to allow skipping tls auth
- "TLS InsecureSkipVerify set true."
- "goroutine calls T.Fatalf, which must be called in the same goroutine as the test"
# good job Protobuffs!
- "method XXX"
- "SA1019"
# EXC0001 errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv). is not checked
exclude-rules:
# https://github.com/go-critic/go-critic/issues/926
- linters:
- gocritic
text: "unnecessaryDefer:"
# Exclude some linters from running on test files.
- path: _test\.go$|^tests/|^integration/|^samples/|templates\.go$
linters:
- bodyclose
- errcheck
- gomnd
- gosec
- lll
- maligned
- staticcheck
- unparam
- unused
- scopelint
- gosec
- gosimple
# Exclude lll issues for long lines with go:generate
- linters:
- lll
source: "^//go:generate "
# erroneously thinks google api url is a cred
- path: internal/identity/google.go
text: "Potential hardcoded credentials"
linters:
- gosec
# deprecated but every example still uses New
- path: internal/identity/google.go
text: "please use NewService instead"
linters:
- staticcheck
- path: internal/identity/oauth/github/github.go
text: "Potential hardcoded credentials"
linters:
- gosec
- linters: [golint]
text: "should have a package comment"
# golangci.com configuration
# https://github.com/golangci/golangci/wiki/Configuration
service:
golangci-lint-version: 1.34.x # use the fixed version to not introduce new linters unexpectedly