use binary with versioning and use //nolint comments

target · Dec 6, 2022 · 72292a9 · 72292a9
1 parent d7e5fe7
commit 72292a9
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 10 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -1,8 +1,3 @@
 linters:
   disable:
     - errcheck
-issues:
-  exclude:
-    - "SA1019: x509.EncryptPEMBlock has been deprecated since Go 1.16 because it shouldn't be used: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext."
-    - "SA1019: x509.DecryptPEMBlock has been deprecated since Go 1.16 because it shouldn't be used: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext."
-    - 'SA6002: argument should be pointer-like to avoid allocations'
diff --git a/Makefile b/Makefile
@@ -59,6 +59,9 @@ $(BIN_DIR)/tools/protoc-gen-go: go.mod
 $(BIN_DIR)/tools/protoc-gen-go-grpc: go.mod
 	GOBIN=$(abspath $(BIN_DIR))/tools go install google.golang.org/grpc/cmd/protoc-gen-go-grpc
 
+$(BIN_DIR)/tools/golangci-lint: golangci-lint.version
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(BIN_DIR)/tools $(shell cat golangci-lint.version)
+
 system.ca.pem:
 	go run ./cmd/goalert gen-cert ca
 system.ca.key:
@@ -142,10 +145,10 @@ check-js: force-yarn generate node_modules
 	yarn run lint
 	yarn workspaces run check
 
-check-go: generate
+check-go: generate $(BIN_DIR)/tools/golangci-lint bin/tools/golangci-lint
 	@go mod tidy
 	# go run ./devtools/ordermigrations -check
-	golangci-lint run  
+	./bin/tools/golangci-lint run
 
 graphql2/mapconfig.go: $(CFGPARAMS) config/config.go graphql2/generated.go devtools/configparams/*
 	(cd ./graphql2 && go run ../devtools/configparams -out mapconfig.go && go run golang.org/x/tools/cmd/goimports -w ./mapconfig.go) || go generate ./graphql2

diff --git a/golangci-lint.version b/golangci-lint.version
@@ -0,0 +1 @@
+v1.50.1
diff --git a/keyring/keys.go b/keyring/keys.go
@@ -16,7 +16,7 @@ func (k Keys) Encrypt(label string, data []byte) ([]byte, error) {
 	if len(k) == 0 {
 		k = Keys{[]byte{}}
 	}
-	//lint:ignore SA1019 TODO migrate off deprecated method; usage is secure for at-rest data
+	//nolint:all SA1019 TODO migrate off deprecated method; usage is secure for at-rest data
 	block, err := x509.EncryptPEMBlock(rand.Reader, label, data, k[0], x509.PEMCipherAES256)
 	if err != nil {
 		return nil, err
@@ -34,7 +34,7 @@ func (k Keys) Decrypt(pemData []byte) (data []byte, n int, err error) {
 	block, _ := pem.Decode(pemData)
 
 	for i, key := range k {
-		//lint:ignore SA1019 TODO migrate off deprecated method; usage is secure for at-rest data
+		//nolint:all SA1019 TODO migrate off deprecated method; usage is secure for at-rest data
 		data, err = x509.DecryptPEMBlock(block, key)
 		if err == nil {
 			return data, i, nil

diff --git a/oncall/activecalculator.go b/oncall/activecalculator.go
@@ -136,7 +136,7 @@ func (act *ActiveCalculator) Process(t int64) int64 {
 
 // Done implements the SubIterator.Done method.
 func (act *ActiveCalculator) Done() {
-	//lint:ignore SA6002 not worth the overhead to avoid the slice-struct allocation
+	//nolint:all SA6002 not worth the overhead to avoid the slice-struct allocation
 	activeCalcValuePool.Put(act.states[:0])
 
 	act.states = nil