From 25735f874f83c063554ce466dff350db5621b10d Mon Sep 17 00:00:00 2001 From: Michael Fridman Date: Tue, 21 Feb 2023 22:31:23 -0500 Subject: [PATCH 1/7] Add golangci-lint-action and Makefile --- .github/workflows/build.yml | 2 +- .github/workflows/lint.yml | 44 +++++++++++++++++++++++++++++++++++++ Makefile | 14 ++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/lint.yml create mode 100644 Makefile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index efef789e..031422f4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: strategy: fail-fast: false matrix: - go: ["1.18", "1.19", "1.20"] + go: ["1.18.x", "1.19.x", "1.20.x"] steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..fa15146a --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,44 @@ +name: golangci +on: + push: + branches: + - master + - main + pull_request: +jobs: + golangci: + name: lint + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: "1.20.x" + check-latest: true + cache: true + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version + version: v1.51.2 + + # Optional: working directory, useful for monorepos + # working-directory: somedir + + # Optional: golangci-lint command line arguments. + # args: --issues-exit-code=0 + + # Optional: show only new issues if it's a pull request. The default value is `false`. + # only-new-issues: true + + # Optional: if set to true then the all caching functionality will be complete disabled, + # takes precedence over all other caching options. + # skip-cache: true + + # Optional: if set to true then the action don't cache or restore ~/go/pkg. + # skip-pkg-cache: true + + # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. + # skip-build-cache: true diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..61b7a347 --- /dev/null +++ b/Makefile @@ -0,0 +1,14 @@ +GO_TEST_FLAGS ?= -race -count=1 -v -timeout=10m +GO_TEST_EXTRA_ARGS ?= + +.PHONY: lint +lint: tools + @golangci-lint run ./... --fix + +.PHONY: tools +tools: + go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2 + +.PHONY: test +test: + go test $(GO_TEST_FLAGS) $(GO_TEST_EXTRA_ARGS) $$(go list ./... | grep -v -e /cmd -e /test) From 68dc94a01eabd35c8dd5385ccf629da955c47e9b Mon Sep 17 00:00:00 2001 From: Michael Fridman Date: Tue, 21 Feb 2023 22:35:40 -0500 Subject: [PATCH 2/7] Update makefile --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 61b7a347..5a870706 100644 --- a/Makefile +++ b/Makefile @@ -3,11 +3,11 @@ GO_TEST_EXTRA_ARGS ?= .PHONY: lint lint: tools - @golangci-lint run ./... --fix + @golangci-lint run ./... --fix -E gofumpt .PHONY: tools tools: - go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2 + @go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2 .PHONY: test test: From fdd1c364d9272e7f6c3eee23a7dabbefe1c300a9 Mon Sep 17 00:00:00 2001 From: Michael Fridman Date: Tue, 21 Feb 2023 22:46:10 -0500 Subject: [PATCH 3/7] cleanup --- .github/workflows/lint.yml | 1 - Makefile | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fa15146a..89e59524 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -2,7 +2,6 @@ name: golangci on: push: branches: - - master - main pull_request: jobs: diff --git a/Makefile b/Makefile index 5a870706..9d4f90c9 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ GO_TEST_EXTRA_ARGS ?= .PHONY: lint lint: tools - @golangci-lint run ./... --fix -E gofumpt + @golangci-lint run ./... --fix .PHONY: tools tools: From 37f76346e95450edda6dbc45a55d6f40c6befcec Mon Sep 17 00:00:00 2001 From: Christian Banse Date: Wed, 22 Feb 2023 08:56:36 +0100 Subject: [PATCH 4/7] Upgrading CodeQL to v2 --- .github/workflows/codeql-analysis.yml | 60 +++++++++++++-------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5b36162b..e82b45c6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,12 +13,10 @@ name: "CodeQL" on: push: - branches: [ main ] - # pull_request: - # The branches below must be a subset of the branches above - # branches: [ main ] + branches: [main] + pull_request: schedule: - - cron: '31 10 * * 5' + - cron: "31 10 * * 5" jobs: analyze: @@ -32,40 +30,40 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ["go"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + #- run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 From 7acdfa7be3cbdae2c5db42cc62dc26f827a61f93 Mon Sep 17 00:00:00 2001 From: Michael Fridman Date: Wed, 22 Feb 2023 08:00:53 -0500 Subject: [PATCH 5/7] Fix linter and remove makefile --- .github/workflows/build.yml | 7 ------- .github/workflows/lint.yml | 2 +- Makefile | 14 -------------- 3 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 Makefile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 031422f4..f9a2d149 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,13 +13,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: reviewdog/action-staticcheck@v1 - with: - github_token: ${{ secrets.github_token }} - reporter: github-pr-review - filter_mode: nofilter - fail_on_error: true - build: runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 89e59524..55b1a8e1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -21,7 +21,7 @@ jobs: uses: golangci/golangci-lint-action@v3 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v1.51.2 + version: latest # Optional: working directory, useful for monorepos # working-directory: somedir diff --git a/Makefile b/Makefile deleted file mode 100644 index 9d4f90c9..00000000 --- a/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -GO_TEST_FLAGS ?= -race -count=1 -v -timeout=10m -GO_TEST_EXTRA_ARGS ?= - -.PHONY: lint -lint: tools - @golangci-lint run ./... --fix - -.PHONY: tools -tools: - @go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2 - -.PHONY: test -test: - go test $(GO_TEST_FLAGS) $(GO_TEST_EXTRA_ARGS) $$(go list ./... | grep -v -e /cmd -e /test) From 62899ef655fe675c696fbc53841f7aea9a72380a Mon Sep 17 00:00:00 2001 From: Christian Banse Date: Mon, 27 Mar 2023 19:39:05 +0200 Subject: [PATCH 6/7] Fixed linting errors --- .github/workflows/build.yml | 5 ----- example_test.go | 7 +++++-- http_example_test.go | 6 ++++-- request/extractor.go | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f9a2d149..c4398c17 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,11 +8,6 @@ on: types: [opened, synchronize, reopened] jobs: - check: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 build: runs-on: ubuntu-latest strategy: diff --git a/example_test.go b/example_test.go index 58fdea43..a84c7e22 100644 --- a/example_test.go +++ b/example_test.go @@ -38,7 +38,7 @@ func ExampleNewWithClaims_customClaimsType() { jwt.RegisteredClaims } - // Create the claims + // Create claims with multiple fields populated claims := MyCustomClaims{ "bar", jwt.RegisteredClaims{ @@ -53,6 +53,8 @@ func ExampleNewWithClaims_customClaimsType() { }, } + fmt.Printf("foo: %v\n", claims.Foo) + // Create claims while leaving out some of the optional fields claims = MyCustomClaims{ "bar", @@ -67,7 +69,8 @@ func ExampleNewWithClaims_customClaimsType() { ss, err := token.SignedString(mySigningKey) fmt.Printf("%v %v", ss, err) - //Output: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.xVuY2FZ_MRXMIEgVQ7J-TFtaucVFRXUzHm9LmV41goM + //Output: foo: bar + //eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.xVuY2FZ_MRXMIEgVQ7J-TFtaucVFRXUzHm9LmV41goM } // Example creating a token using a custom claims type. The RegisteredClaims is embedded diff --git a/http_example_test.go b/http_example_test.go index 090aa4f7..c09cc367 100644 --- a/http_example_test.go +++ b/http_example_test.go @@ -94,7 +94,8 @@ func Example_getTokenViaHTTP() { // Read the token out of the response body buf := new(bytes.Buffer) - io.Copy(buf, res.Body) + _, err = io.Copy(buf, res.Body) + fatal(err) res.Body.Close() tokenString := strings.TrimSpace(buf.String()) @@ -129,7 +130,8 @@ func Example_useTokenViaHTTP() { // Read the response body buf := new(bytes.Buffer) - io.Copy(buf, res.Body) + _, err = io.Copy(buf, res.Body) + fatal(err) res.Body.Close() fmt.Println(buf.String()) diff --git a/request/extractor.go b/request/extractor.go index 57de8b77..780721b6 100644 --- a/request/extractor.go +++ b/request/extractor.go @@ -38,8 +38,8 @@ func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error) { type ArgumentExtractor []string func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error) { - // Make sure form is parsed - req.ParseMultipartForm(10e6) + // Make sure form is parsed. We are explicitly ignoring errors at this point + _ = req.ParseMultipartForm(10e6) // loop over arg names and return the first one that contains data for _, arg := range e { From a9fe7e6fd42a2c2fbef4fcc1b6e4e690d877ca96 Mon Sep 17 00:00:00 2001 From: Christian Banse Date: Fri, 31 Mar 2023 13:06:53 +0200 Subject: [PATCH 7/7] Fixed one more --- token_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/token_test.go b/token_test.go index 52a00212..3679fa89 100644 --- a/token_test.go +++ b/token_test.go @@ -73,7 +73,7 @@ func BenchmarkToken_SigningString(b *testing.B) { b.ResetTimer() b.ReportAllocs() for i := 0; i < b.N; i++ { - t.SigningString() + _, _ = t.SigningString() } }) }