fix golangci-lint warnings

sapcc · Sep 3, 2024 · 5e432b6 · 5e432b6
1 parent ad2b39a
commit 5e432b6
Show file tree

Hide file tree

Showing 10 changed files with 27 additions and 21 deletions.
diff --git a/cmd/git-cert-shim/main.go b/cmd/git-cert-shim/main.go
@@ -21,7 +21,7 @@ import (
 	"flag"
 	"fmt"
 	"net/http"
-	_ "net/http/pprof"
+	_ "net/http/pprof" //nolint:gosec
 	"os"
 	"time"
 

diff --git a/controllers/git_controller.go b/controllers/git_controller.go
@@ -18,6 +18,7 @@ package controllers
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"path/filepath"
 	"strings"
@@ -150,7 +151,7 @@ func (g *GitController) checkCertificate(cert *certificate.Certificate) error {
 	// If the certmanager.certificate is not ready, we abort here and check again later.
 	// Once it is ready, the secret contains the tls certificate and private key.
 	if !isCertificateReady(c) {
-		return fmt.Errorf("certificate not (yet) ready. re-adding to queue")
+		return errors.New("certificate not (yet) ready. re-adding to queue")
 	}
 
 	tlsSecret, err := k8sutils.GetSecret(ctx, g.client, g.ControllerOptions.Namespace, cert.GetSecretName())
@@ -182,20 +183,20 @@ func (g *GitController) checkCertificate(cert *certificate.Certificate) error {
 		g.mtx.Lock()
 		defer g.mtx.Unlock()
 
-		certFileName := filepath.Join(cert.OutFolder, fmt.Sprintf("%s.pem", cert.CommonName))
+		certFileName := filepath.Join(cert.OutFolder, cert.CommonName+".pem")
 		certFileName = strings.ReplaceAll(certFileName, "*", "wildcard")
 		if err := util.WriteToFileIfNotEmpty(certFileName, certByte); err != nil {
 			return err
 		}
 
-		keyFileName := filepath.Join(cert.OutFolder, fmt.Sprintf("%s-key.pem", cert.CommonName))
+		keyFileName := filepath.Join(cert.OutFolder, cert.CommonName+"-key.pem")
 		keyFileName = strings.ReplaceAll(keyFileName, "*", "wildcard")
 		if err := util.WriteToFileIfNotEmpty(keyFileName, keyByte); err != nil {
 			return err
 		}
 
 		err = g.repositorySyncer.AddFilesAndCommit(
-			fmt.Sprintf("added certificate for %s", cert.CommonName), certFileName, keyFileName,
+			"added certificate for "+cert.CommonName, certFileName, keyFileName,
 		)
 		if err != nil {
 			return err

diff --git a/pkg/certificate/certificate.go b/pkg/certificate/certificate.go
@@ -25,7 +25,7 @@ func (c *Certificate) GetName() string {
 }
 
 func (c *Certificate) GetSecretName() string {
-	return fmt.Sprintf("tls-%s", c.GetName())
+	return "tls-" + c.GetName()
 }
 
 func ReadCertificateConfig(filePath string) ([]*Certificate, error) {

diff --git a/pkg/certificate/secret.go b/pkg/certificate/secret.go
@@ -13,20 +13,21 @@ const (
 	tlsKey = "tls.key"
 )
 
-func ExtractCAAndCertificateAndPrivateKeyFromSecret(tlsSecret *corev1.Secret) ([]byte, []byte, []byte, error) {
+func ExtractCAAndCertificateAndPrivateKeyFromSecret(tlsSecret *corev1.Secret) (ca, cert, key []byte, err error) {
+	//nolint:gosimple
 	if tlsSecret.Data == nil || len(tlsSecret.Data) == 0 {
 		return nil, nil, nil, errors.New("secret is empty")
 	}
 
 	// Optional.
-	ca, _ := tlsSecret.Data[caCrt]
+	ca = tlsSecret.Data[caCrt]
 
 	cert, ok := tlsSecret.Data[tlsCrt]
 	if !ok {
 		return nil, nil, nil, fmt.Errorf("%s missing in secret data", tlsCrt)
 	}
 
-	key, ok := tlsSecret.Data[tlsKey]
+	key, ok = tlsSecret.Data[tlsKey]
 	if !ok {
 		return nil, nil, nil, fmt.Errorf("%s missing in secret data", tlsKey)
 	}

diff --git a/pkg/git/exec.go b/pkg/git/exec.go
@@ -45,12 +45,12 @@ func newCommand(cmd string, defaultArgs ...string) (*command, error) {
 		timeout:     10 * time.Minute,
 		defaultArgs: defaultArgs,
 	}
-	return c, c.verify()
+	return c, c.verify() //nolint:gocritic
 }
 
 // Run starts the command, waits until it finished and returns stdOut or an error containing the stdError message.
 func (c *command) run(args ...string) (string, error) {
-	cmd := exec.Command(c.cmd, append(c.defaultArgs, args...)...)
+	cmd := exec.Command(c.cmd, append(c.defaultArgs, args...)...) //nolint:gosec
 
 	if v, ok := os.LookupEnv("DEBUG"); ok && v == "true" {
 		fmt.Println("running: ", cmd.String())
@@ -78,7 +78,7 @@ func (c *command) run(args ...string) (string, error) {
 			fmt.Println("failed to kill command: ", err.Error())
 			return strings.TrimSpace(stdOut.String()), err
 		}
-		return "", fmt.Errorf("command timed out after %s: %s\n", time.Since(start).String(), cmd.String())
+		return "", fmt.Errorf("command timed out after %s: %s", time.Since(start).String(), cmd.String())
 	case err := <-done:
 		if stdErr.Len() > 0 {
 			fmt.Println("Output:", strings.TrimSpace(stdErr.String()))

diff --git a/pkg/git/git.go b/pkg/git/git.go
@@ -64,8 +64,11 @@ func (g *Git) GetRemoteHEADCommitHash() (string, error) {
 
 // PullRebase pulls and rebases.
 func (g *Git) PullRebase() error {
-	g.run("rebase", "--abort")
-	_, err := g.run(
+	_, err := g.run("rebase", "--abort")
+	if err != nil {
+		return errors.Wrap(err, "git rebase --abort failed")
+	}
+	_, err = g.run(
 		"-c", fmt.Sprintf(`user.name="%s"`, g.AuthorName),
 		"-c", fmt.Sprintf(`user.email="%s"`, g.AuthorEmail),
 		"pull",

diff --git a/pkg/git/options.go b/pkg/git/options.go
@@ -12,7 +12,7 @@ import (
 
 const (
 	gitRemoteURLEnvVarkey      = "GIT_REMOTE_URL"
-	gitTokenEnvVarKey          = "GIT_API_TOKEN"
+	gitTokenEnvVarKey          = "GIT_API_TOKEN" //nolint:gosec
 	gitSSHPrivkeyFileEnvVarKey = "GIT_SSH_PRIVKEY_FILE"
 )
 

diff --git a/pkg/git/syncer.go b/pkg/git/syncer.go
@@ -123,6 +123,7 @@ func (r *RepositorySyncer) syncWithRetry() error {
 	defer r.mtx.Unlock()
 
 	err := retry.OnError(retry.DefaultBackoff,
+		//nolint:gocritic
 		func(err error) bool {
 			// Retry the sync, if a git pull --rebase can help.
 			return isErrFailedToPushSomeRefs(err)

diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -30,7 +30,7 @@ func EnsureDir(path string, isEnsureEmptyDir bool) error {
 	if isEnsureEmptyDir {
 		p := path
 		if !strings.HasSuffix(p, "/") {
-			p = p + "/"
+			p += "/"
 		}
 		if err := os.RemoveAll(p); os.IsNotExist(err) {
 			return err

diff --git a/pkg/vault/client.go b/pkg/vault/client.go
@@ -73,7 +73,7 @@ func NewClientIfSelected(opts Options) (*Client, error) {
 		return nil, err
 	}
 
-	//authenticate once immediately to check correctness of credentials
+	// authenticate once immediately to check correctness of credentials
 	c := &Client{client: client, Options: opts, authValidUntil: time.Now().Add(-1 * time.Hour)}
 	err = c.authenticateIfNecessary()
 	if err != nil {
@@ -86,12 +86,12 @@ func (c *Client) authenticateIfNecessary() error {
 	c.authMutex.Lock()
 	defer c.authMutex.Unlock()
 
-	//use existing token if possible
+	// use existing token if possible
 	if c.authValidUntil.After(time.Now()) {
 		return nil
 	}
 
-	//perform approle authentication
+	// perform approle authentication
 	resp, err := c.client.Logical().Write("auth/approle/login", map[string]interface{}{
 		"role_id":   c.Options.authRoleID,
 		"secret_id": c.Options.authSecretID,
@@ -123,14 +123,14 @@ func (c *Client) UpdateCertificate(data CertificateData) error {
 		"private-key": string(data.KeyBytes),
 	}
 
-	//we only want to write the secret and therefore produce a new version when actually necessary
+	// we only want to write the secret and therefore produce a new version when actually necessary
 	secret, err := c.client.Logical().Read(fullSecretPath)
 	if err != nil {
 		return err
 	}
 	needsWrite := false
 	if secret == nil {
-		needsWrite = true //secret does not exist yet
+		needsWrite = true // secret does not exist yet
 	} else {
 		needsWrite = !reflect.DeepEqual(secret.Data["data"], payload)
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,7 +21,7 @@ import ( @@
     	"flag"
     	"fmt"
     	"net/http"
-    	_ "net/http/pprof"
+    	_ "net/http/pprof" //nolint:gosec
     	"os"
     	"time"
@@ Expand Down @@