Sign upLogin

dotcloud/docker

View on GitHub
Star
.golangci.yml

Summary

Maintainability
Test Coverage
linters:
  enable:
    - depguard
    - dupword         # Checks for duplicate words in the source code.
    - goimports
    - gosec
    - gosimple
    - govet
    - forbidigo
    - importas
    - ineffassign
    - misspell
    - revive
    - staticcheck
    - typecheck
    - unconvert
    - unused

  disable:
    - errcheck

  run:
    concurrency: 2
    modules-download-mode: vendor

    skip-dirs:
      - docs

linters-settings:
  dupword:
    ignore:
      - "true"    # some tests use this as expected output
      - "false"   # some tests use this as expected output
      - "root"    # for tests using "ls" output with files owned by "root:root"
  forbidigo:
    forbid:
      - pkg: ^sync/atomic$
        p: ^atomic\.(Add|CompareAndSwap|Load|Store|Swap).
        msg: Go 1.19 atomic types should be used instead.
      - pkg: github.com/vishvananda/netlink$
        p: ^netlink\.(Handle\.)?(AddrList|BridgeVlanList|ChainList|ClassList|ConntrackTableList|ConntrackDeleteFilter$|ConntrackDeleteFilters|DevLinkGetDeviceList|DevLinkGetAllPortList|DevlinkGetDeviceParams|FilterList|FouList|GenlFamilyList|GTPPDPList|LinkByName|LinkByAlias|LinkList|LinkSubscribeWithOptions|NeighList$|NeighProxyList|NeighListExecute|NeighSubscribeWithOptions|LinkGetProtinfo|QdiscList|RdmaLinkList|RdmaLinkByName|RdmaLinkDel|RouteList|RouteListFilteredIter|RuleListFiltered$|RouteSubscribeWithOptions|RuleList$|RuleListFiltered|SocketGet|SocketDiagTCPInfo|SocketDiagTCP|SocketDiagUDPInfo|SocketDiagUDP|UnixSocketDiagInfo|UnixSocketDiag|VDPAGetDevConfigList|VDPAGetDevList|VDPAGetMGMTDevList|XfrmPolicyList|XfrmStateList)
        msg: Use internal nlwrap package for EINTR handling.
      - pkg: github.com/docker/docker/internal/nlwrap$
        p: ^nlwrap.Handle.(BridgeVlanList|ChainList|ClassList|ConntrackDeleteFilter$|DevLinkGetDeviceList|DevLinkGetAllPortList|DevlinkGetDeviceParams|FilterList|FouList|GenlFamilyList|GTPPDPList|LinkByAlias|LinkSubscribeWithOptions|NeighList$|NeighProxyList|NeighListExecute|NeighSubscribeWithOptions|LinkGetProtinfo|QdiscList|RdmaLinkList|RdmaLinkByName|RdmaLinkDel|RouteListFilteredIter|RuleListFiltered$|RouteSubscribeWithOptions|RuleList$|RuleListFiltered|SocketGet|SocketDiagTCPInfo|SocketDiagTCP|SocketDiagUDPInfo|SocketDiagUDP|UnixSocketDiagInfo|UnixSocketDiag|VDPAGetDevConfigList|VDPAGetDevList|VDPAGetMGMTDevList)
        msg: Add a wrapper to nlwrap.Handle for EINTR handling and update the list in .golangci.yml.
    analyze-types: true
  importas:
    # Do not allow unaliased imports of aliased packages.
    no-unaliased: true

    alias:
      # Enforce alias to prevent it accidentally being used instead of our
      # own errdefs package (or vice-versa).
      - pkg: github.com/containerd/errdefs
        alias: cerrdefs
      - pkg: github.com/opencontainers/image-spec/specs-go/v1
        alias: ocispec

  govet:
    check-shadowing: false

  gosec:
    excludes:
      - G115 # FIXME temporarily suppress 'G115: integer overflow conversion': it produces many hits, some of which may be false positives, and need to be looked at; see https://github.com/moby/moby/issues/48358

  depguard:
    rules:
      main:
        deny:
          - pkg: io/ioutil
            desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
          - pkg: "github.com/stretchr/testify/assert"
            desc: Use "gotest.tools/v3/assert" instead
          - pkg: "github.com/stretchr/testify/require"
            desc: Use "gotest.tools/v3/assert" instead
          - pkg: "github.com/stretchr/testify/suite"
            desc: Do not use
          - pkg: "github.com/containerd/containerd/errdefs"
            desc: The errdefs package has moved to a separate module, https://github.com/containerd/errdefs
          - pkg: "github.com/containerd/containerd/log"
            desc: The logs package has moved to a separate module, https://github.com/containerd/log
          - pkg: "github.com/containerd/containerd/pkg/userns"
            desc: Use github.com/moby/sys/userns instead.
          - pkg: "github.com/opencontainers/runc/libcontainer/userns"
            desc: Use github.com/moby/sys/userns instead.
          - pkg: "github.com/tonistiigi/fsutil"
            desc: The fsutil module does not have a stable API, so we should not have a direct dependency unless necessary.
  revive:
    rules:
      # FIXME make sure all packages have a description. Currently, there's many packages without.
      - name: package-comments
        disabled: true
issues:
  # The default exclusion rules are a bit too permissive, so copying the relevant ones below
  exclude-use-default: false

  exclude-rules:
    # We prefer to use an "exclude-list" so that new "default" exclusions are not
    # automatically inherited. We can decide whether or not to follow upstream
    # defaults when updating golang-ci-lint versions.
    # Unfortunately, this means we have to copy the whole exclusion pattern, as
    # (unlike the "include" option), the "exclude" option does not take exclusion
    # ID's.
    #
    # These exclusion patterns are copied from the default excludes at:
    # https://github.com/golangci/golangci-lint/blob/v1.46.2/pkg/config/issues.go#L10-L104

    # EXC0001
    - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
      linters:
        - errcheck
    # EXC0006
    - text: "Use of unsafe calls should be audited"
      linters:
        - gosec
    # EXC0007
    - text: "Subprocess launch(ed with variable|ing should be audited)"
      linters:
        - gosec
    # EXC0008
    # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
    - text: "(G104|G307)"
      linters:
        - gosec
    # EXC0009
    - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
      linters:
        - gosec
    # EXC0010
    - text: "Potential file inclusion via variable"
      linters:
        - gosec

    # Looks like the match in "EXC0007" above doesn't catch this one
    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
    - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
      linters:
        - gosec
    # Looks like the match in "EXC0009" above doesn't catch this one
    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
    - text: "G306: Expect WriteFile permissions to be 0600 or less"
      linters:
        - gosec

    # Exclude some linters from running on tests files.
    - path: _test\.go
      linters:
        - errcheck
        - gosec

    # Suppress golint complaining about generated types in api/types/
    - text: "type name will be used as (container|volume)\\.(Container|Volume).* by other packages, and that stutters; consider calling this"
      path: "api/types/(volume|container)/"
      linters:
        - revive
    # FIXME temporarily suppress these (see https://github.com/gotestyourself/gotest.tools/issues/272)
    - text: "SA1019: (assert|cmp|is)\\.ErrorType is deprecated"
      linters:
        - staticcheck

    - text: "ineffectual assignment to ctx"
      source: "ctx[, ].*=.*\\(ctx[,)]"
      linters:
        - ineffassign

    - text: "SA4006: this value of `ctx` is never used"
      source: "ctx[, ].*=.*\\(ctx[,)]"
      linters:
        - staticcheck

  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
  max-issues-per-linter: 0

  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
  max-same-issues: 0