More linting coverage (#4213)

scop · haydentherapper · web-flow · commit c03e2a8f883d · 2025-05-30T10:26:07.000-07:00
* Remove explicit staticcheck and unused linter enables They are enabled by default. For consistency, do not list them like others that are enabled by default (for example govet) are not explicitly listed either. Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> * Enable makezero and nilnesserr linters There are no findings from either at the moment, but they serve useful purposes. Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> * Ensure closing of TSA response body, enable bodyclose linter This was flagged by bodyclose. Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> * Vet internal ui.Infof/Warnf uses Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> * Enable usestdlibvars linter, address findings Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> * test: update e2e rekor service count #4213 (review) Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> * Update e2e_test.sh to handle different healthy service totals Rekor has healthchecks for 5 services, Fulcio currently has healthchecks for 3. Signed-off-by: Hayden B <haydentherapper@users.noreply.github.com> --------- Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> Signed-off-by: Hayden B <haydentherapper@users.noreply.github.com> Co-authored-by: Hayden B <haydentherapper@users.noreply.github.com>
diff --git a/.golangci.yml b/.golangci.yml
@@ -19,19 +19,21 @@ run:
 linters:
   enable:
     - asciicheck
+    - bodyclose
     - errorlint
     - forbidigo
     - gocritic
     - gosec
     - importas
+    - makezero
     - misspell
+    - nilnesserr
     - prealloc
     - revive
-    - staticcheck
     - tparallel
     - unconvert
     - unparam
-    - unused
+    - usestdlibvars
     - whitespace
   settings:
     forbidigo:
@@ -45,6 +47,12 @@ linters:
     gosec:
       excludes:
         - G115 # integer overflow conversion int64 -> uint64
+    govet:
+      settings:
+        printf:
+          funcs:
+            - github.com/sigstore/cosign/v2/internal/ui.Infof
+            - github.com/sigstore/cosign/v2/internal/ui.Warnf
   exclusions:
     generated: lax
     presets:
diff --git a/cmd/cosign/cli/attach/attach.go b/cmd/cosign/cli/attach/attach.go
@@ -78,8 +78,7 @@ func attachAttestation(ctx context.Context, remoteOpts []ociremote.Option, signe
 			return err
 		}
 		if _, ok := ref.(name.Digest); !ok {
-			msg := fmt.Sprintf(ui.TagReferenceMessage, imageRef)
-			ui.Warnf(ctx, msg)
+			ui.Warnf(ctx, ui.TagReferenceMessage, imageRef)
 		}
 		digest, err := ociremote.ResolveDigest(ref, remoteOpts...)
 		if err != nil {
diff --git a/cmd/cosign/cli/clean.go b/cmd/cosign/cli/clean.go
@@ -51,7 +51,7 @@ func Clean() *cobra.Command {
 
 func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType options.CleanType, imageRef string, force bool) error {
 	if !force {
-		ui.Warnf(ctx, prompt(cleanType))
+		ui.Warnf(ctx, prompt(cleanType)) //nolint:govet // practically const
 		if err := ui.ConfirmContinue(ctx); err != nil {
 			return err
 		}
diff --git a/cmd/cosign/cli/sign/sign.go b/cmd/cosign/cli/sign/sign.go
@@ -122,8 +122,7 @@ func ParseOCIReference(ctx context.Context, refStr string, opts ...name.Option)
 		return nil, fmt.Errorf("parsing reference: %w", err)
 	}
 	if _, ok := ref.(name.Digest); !ok {
-		msg := fmt.Sprintf(ui.TagReferenceMessage, refStr)
-		ui.Warnf(ctx, msg)
+		ui.Warnf(ctx, ui.TagReferenceMessage, refStr)
 	}
 	return ref, nil
 }
diff --git a/cmd/cosign/cli/verify.go b/cmd/cosign/cli/verify.go
@@ -152,7 +152,7 @@ against the transparency log.`,
 			defer cancel()
 
 			if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure {
-				ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "signature"))
+				ui.Warnf(ctx, ignoreTLogMessage, "signature")
 			}
 
 			return v.Exec(ctx, args)
@@ -256,7 +256,7 @@ against the transparency log.`,
 			defer cancel()
 
 			if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure {
-				ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "attestation"))
+				ui.Warnf(ctx, ignoreTLogMessage, "attestation")
 			}
 
 			return v.Exec(ctx, args)
@@ -363,7 +363,7 @@ The blob may be specified as a path to a file or - for stdin.`,
 			defer cancel()
 
 			if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure {
-				ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "blob"))
+				ui.Warnf(ctx, ignoreTLogMessage, "blob")
 			}
 
 			return verifyBlobCmd.Exec(ctx, args[0])
@@ -444,7 +444,7 @@ The blob may be specified as a path to a file.`,
 			defer cancel()
 
 			if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure {
-				ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "blob attestation"))
+				ui.Warnf(ctx, ignoreTLogMessage, "blob attestation")
 			}
 
 			return v.Exec(ctx, path)
diff --git a/internal/pkg/cosign/tsa/client/client.go b/internal/pkg/cosign/tsa/client/client.go
@@ -130,7 +130,7 @@ func (t *TimestampAuthorityClientImpl) GetTimestampResponse(tsq []byte) ([]byte,
 		client.Transport = tr
 	}
 
-	req, err := http.NewRequest("POST", t.URL, bytes.NewReader(tsq))
+	req, err := http.NewRequest(http.MethodPost, t.URL, bytes.NewReader(tsq))
 	if err != nil {
 		return nil, fmt.Errorf("error creating HTTP request: %w", err)
 	}
@@ -140,7 +140,8 @@ func (t *TimestampAuthorityClientImpl) GetTimestampResponse(tsq []byte) ([]byte,
 	if err != nil {
 		return nil, fmt.Errorf("error making request to timestamp authority: %w", err)
 	}
-	if tsr.StatusCode != 200 && tsr.StatusCode != 201 {
+	defer tsr.Body.Close()
+	if tsr.StatusCode != http.StatusOK && tsr.StatusCode != http.StatusCreated {
 		return nil, fmt.Errorf("request to timestamp authority failed with status code %d", tsr.StatusCode)
 	}
 
diff --git a/pkg/providers/github/github.go b/pkg/providers/github/github.go
@@ -58,7 +58,7 @@ func (ga *githubActions) Enabled(_ context.Context) bool {
 func (ga *githubActions) Provide(ctx context.Context, audience string) (string, error) {
 	url := env.Getenv(env.VariableGitHubRequestURL) + "&audience=" + audience
 
-	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
 		return "", err
 	}
diff --git a/test/e2e_test.sh b/test/e2e_test.sh
@@ -70,8 +70,16 @@ for repo in rekor fulcio; do
     fi
     ${docker_compose} up -d
     echo -n "waiting up to 60 sec for system to start"
+    if [ "$repo" == "fulcio" ]; then
+      healthytotal=3
+    elif [ "$repo" == "rekor" ]; then
+      healthytotal=5
+    else
+      # handle no match in case another service is added
+      healthytotal=0
+    fi
     count=0
-    until [ $(${docker_compose} ps | grep -c "(healthy)") == 3 ];
+    until [ $(${docker_compose} ps | grep -c "(healthy)") == $healthytotal ];
     do
         if [ $count -eq 18 ]; then
            echo "! timeout reached"

Original file line number	Diff line number	Diff line change
`@@ -78,8 +78,7 @@ func attachAttestation(ctx context.Context, remoteOpts []ociremote.Option, signe`
`78`	`78`	`return err`
`79`	`79`	`}`
`80`	`80`	`if _, ok := ref.(name.Digest); !ok {`
`81`		`- msg := fmt.Sprintf(ui.TagReferenceMessage, imageRef)`
`82`		`- ui.Warnf(ctx, msg)`
	`81`	`+ ui.Warnf(ctx, ui.TagReferenceMessage, imageRef)`
`83`	`82`	`}`
`84`	`83`	`digest, err := ociremote.ResolveDigest(ref, remoteOpts...)`
`85`	`84`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ func Clean() *cobra.Command {`
`51`	`51`
`52`	`52`	`func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType options.CleanType, imageRef string, force bool) error {`
`53`	`53`	`if !force {`
`54`		`- ui.Warnf(ctx, prompt(cleanType))`
	`54`	`+ ui.Warnf(ctx, prompt(cleanType)) //nolint:govet // practically const`
`55`	`55`	`if err := ui.ConfirmContinue(ctx); err != nil {`
`56`	`56`	`return err`
`57`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -122,8 +122,7 @@ func ParseOCIReference(ctx context.Context, refStr string, opts ...name.Option)`
`122`	`122`	`return nil, fmt.Errorf("parsing reference: %w", err)`
`123`	`123`	`}`
`124`	`124`	`if _, ok := ref.(name.Digest); !ok {`
`125`		`- msg := fmt.Sprintf(ui.TagReferenceMessage, refStr)`
`126`		`- ui.Warnf(ctx, msg)`
	`125`	`+ ui.Warnf(ctx, ui.TagReferenceMessage, refStr)`
`127`	`126`	`}`
`128`	`127`	`return ref, nil`
`129`	`128`	`}`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ func (t *TimestampAuthorityClientImpl) GetTimestampResponse(tsq []byte) ([]byte,`
`130`	`130`	`client.Transport = tr`
`131`	`131`	`}`
`132`	`132`
`133`		`- req, err := http.NewRequest("POST", t.URL, bytes.NewReader(tsq))`
	`133`	`+ req, err := http.NewRequest(http.MethodPost, t.URL, bytes.NewReader(tsq))`
`134`	`134`	`if err != nil {`
`135`	`135`	`return nil, fmt.Errorf("error creating HTTP request: %w", err)`
`136`	`136`	`}`
`@@ -140,7 +140,8 @@ func (t *TimestampAuthorityClientImpl) GetTimestampResponse(tsq []byte) ([]byte,`
`140`	`140`	`if err != nil {`
`141`	`141`	`return nil, fmt.Errorf("error making request to timestamp authority: %w", err)`
`142`	`142`	`}`
`143`		`- if tsr.StatusCode != 200 && tsr.StatusCode != 201 {`
	`143`	`+ defer tsr.Body.Close()`
	`144`	`+ if tsr.StatusCode != http.StatusOK && tsr.StatusCode != http.StatusCreated {`
`144`	`145`	`return nil, fmt.Errorf("request to timestamp authority failed with status code %d", tsr.StatusCode)`
`145`	`146`	`}`
`146`	`147`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func (ga *githubActions) Enabled(_ context.Context) bool {`
`58`	`58`	`func (ga *githubActions) Provide(ctx context.Context, audience string) (string, error) {`
`59`	`59`	`url := env.Getenv(env.VariableGitHubRequestURL) + "&audience=" + audience`
`60`	`60`
`61`		`- req, err := http.NewRequestWithContext(ctx, "GET", url, nil)`
	`61`	`+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)`
`62`	`62`	`if err != nil {`
`63`	`63`	`return "", err`
`64`	`64`	`}`