linters: enable: - depguard - dupword # Checks for duplicate words in the source code. - goimports - gosec - gosimple - govet - importas - ineffassign - misspell - revive - staticcheck - typecheck - unconvert - unused disable: - errcheck run: concurrency: 2 modules-download-mode: vendor skip-dirs: - docs linters-settings: dupword: ignore: - "true" # some tests use this as expected output - "false" # some tests use this as expected output - "root" # for tests using "ls" output with files owned by "root:root" importas: # Do not allow unaliased imports of aliased packages. no-unaliased: true alias: # Enforce alias to prevent it accidentally being used instead of our # own errdefs package (or vice-versa). - pkg: github.com/containerd/containerd/errdefs alias: cerrdefs - pkg: github.com/opencontainers/image-spec/specs-go/v1 alias: ocispec govet: check-shadowing: false depguard: rules: main: deny: - pkg: io/ioutil desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil - pkg: "github.com/stretchr/testify/assert" desc: Use "gotest.tools/v3/assert" instead - pkg: "github.com/stretchr/testify/require" desc: Use "gotest.tools/v3/assert" instead - pkg: "github.com/stretchr/testify/suite" desc: Do not use revive: rules: # FIXME make sure all packages have a description. Currently, there's many packages without. - name: package-comments disabled: true issues: # The default exclusion rules are a bit too permissive, so copying the relevant ones below exclude-use-default: false exclude-rules: # We prefer to use an "exclude-list" so that new "default" exclusions are not # automatically inherited. We can decide whether or not to follow upstream # defaults when updating golang-ci-lint versions. # Unfortunately, this means we have to copy the whole exclusion pattern, as # (unlike the "include" option), the "exclude" option does not take exclusion # ID's. # # These exclusion patterns are copied from the default excluses at: # https://github.com/golangci/golangci-lint/blob/v1.46.2/pkg/config/issues.go#L10-L104 # EXC0001 - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked" linters: - errcheck # EXC0006 - text: "Use of unsafe calls should be audited" linters: - gosec # EXC0007 - text: "Subprocess launch(ed with variable|ing should be audited)" linters: - gosec # EXC0008 # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec) - text: "(G104|G307)" linters: - gosec # EXC0009 - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" linters: - gosec # EXC0010 - text: "Potential file inclusion via variable" linters: - gosec # Looks like the match in "EXC0007" above doesn't catch this one # TODO: consider upstreaming this to golangci-lint's default exclusion rules - text: "G204: Subprocess launched with a potential tainted input or cmd arguments" linters: - gosec # Looks like the match in "EXC0009" above doesn't catch this one # TODO: consider upstreaming this to golangci-lint's default exclusion rules - text: "G306: Expect WriteFile permissions to be 0600 or less" linters: - gosec # Exclude some linters from running on tests files. - path: _test\.go linters: - errcheck - gosec # Suppress golint complaining about generated types in api/types/ - text: "type name will be used as (container|volume)\\.(Container|Volume).* by other packages, and that stutters; consider calling this" path: "api/types/(volume|container)/" linters: - revive # FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272) - text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated" linters: - staticcheck # Maximum issues count per one linter. Set to 0 to disable. Default is 50. max-issues-per-linter: 0 # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. max-same-issues: 0