From 1a75c3a6ec43bf478fd69fdf7fe94ab7f48636c0 Mon Sep 17 00:00:00 2001 From: Fred Date: Sat, 28 Mar 2026 18:22:27 +0000 Subject: [PATCH 1/4] chore: upgrade dependencies and improve code quality - Upgrade Go version in CI workflow to 1.25 and 1.26 - Update actions/checkout and actions/setup-go to v6 - Upgrade codecov-action to v6 - Refactor various functions to use context for better cancellation support - Improve variable naming for clarity - Add verification step in Makefile for Go installation - Update linters and their settings in .golangci.yml --- .github/workflows/build.yml | 8 ++++---- .golangci.yml | 36 ++++++++++++++++++++++++++++-------- Makefile | 35 +++++++++++++++++++++++++++-------- arm_test.go | 3 ++- cmd/serve-repo/logger.go | 2 +- decompress.go | 2 +- github_release.go | 4 ++-- github_source.go | 10 +++++----- gitlab_release.go | 2 +- gitlab_source.go | 14 +++++++------- http_release.go | 4 ++-- http_source.go | 18 +++++++++--------- http_source_test.go | 10 +++++----- mockdata_test.go | 10 +++++----- package.go | 2 +- update.go | 4 ++-- 16 files changed, 102 insertions(+), 62 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ba4c8c0..ad8742b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,16 +13,16 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - go_version: ['1.24'] + go_version: ['1.25', '1.26'] os: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Check out code into the Go module directory - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Go ${{ matrix.go_version }} - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go_version }} check-latest: true @@ -45,7 +45,7 @@ jobs: fi - name: Code coverage with codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v6 with: env_vars: OS,GO files: ./coverage.txt diff --git a/.golangci.yml b/.golangci.yml index 3667084..9933596 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,3 +1,4 @@ +version: "2" linters: enable: - asasalint @@ -8,7 +9,7 @@ linters: - errname - gocheckcompilerdirectives - gosec - - maintidx + # - maintidx - misspell - nilnil - noctx @@ -20,10 +21,29 @@ linters: - unconvert - unparam - usestdlibvars - -linters-settings: - gosec: - excludes: - - G101 # Potential hardcoded credentials - staticcheck: - checks: ["all", "-SA1019"] # "golang.org/x/crypto/openpgp" is deprecated + settings: + gosec: + excludes: + - G101 + staticcheck: + checks: + - all + - -SA1019 + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/Makefile b/Makefile index 404a82c..076ac01 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,11 @@ GOTEST=$(GOCMD) test GOTOOL=$(GOCMD) tool GOGET=$(GOCMD) get GOPATH?=`$(GOCMD) env GOPATH` +GOBIN=$(shell $(GOCMD) env GOBIN) + +ifeq ($(GOBIN),) + GOBIN := $(GOPATH)/bin +endif TESTS=. ./update COVERAGE_FILE=coverage.txt @@ -26,6 +31,20 @@ TOC_PATH=toc.md all: test build +verify: ## Verify go installation +ifeq ($(GOPATH),) + @echo "GOPATH not found, please check your go installation" + exit 1 +endif + +$(GOBIN)/eget: verify + @echo "[*] $@" + GOBIN="$(GOBIN)" $(GOCMD) install -v github.com/zyedidia/eget@v1.3.4 + +$(GOBIN)/golangci-lint-v2: verify $(GOBIN)/eget + @echo "[*] $@" + "$(GOBIN)/eget" golangci/golangci-lint --tag v2.11.4 --asset=tar.gz --upgrade-only --to '$(GOBIN)/golangci-lint-v2' + build: $(GOBUILD) -v ./... @@ -53,17 +72,17 @@ toc: rm ${README}.1 ${README}.2 ${TOC_PATH} .PHONY: lint -lint: +lint: $(GOBIN)/golangci-lint-v2 @echo "[*] $@" - GOOS=darwin golangci-lint run - GOOS=linux golangci-lint run - GOOS=windows golangci-lint run + GOOS=darwin $(GOBIN)/golangci-lint-v2 run + GOOS=linux $(GOBIN)/golangci-lint-v2 run + GOOS=windows $(GOBIN)/golangci-lint-v2 run .PHONY: fix -fix: +fix: $(GOBIN)/golangci-lint-v2 @echo "[*] $@" $(GOCMD) mod tidy $(GOCMD) fix ./... - GOOS=darwin golangci-lint run --fix - GOOS=linux golangci-lint run --fix - GOOS=windows golangci-lint run --fix + GOOS=darwin $(GOBIN)/golangci-lint-v2 --fix + GOOS=linux $(GOBIN)/golangci-lint-v2 --fix + GOOS=windows $(GOBIN)/golangci-lint-v2 --fix diff --git a/arm_test.go b/arm_test.go index ba31ed4..d0a0676 100644 --- a/arm_test.go +++ b/arm_test.go @@ -1,6 +1,7 @@ package selfupdate import ( + "context" "fmt" "os" "os/exec" @@ -36,7 +37,7 @@ func TestGetGOARM(t *testing.T) { t.Run(tc.goOS+" "+tc.goArch+" "+tc.goArm, func(t *testing.T) { tempBinary := t.TempDir() + "/tempBinary-" + tc.goOS + tc.goArch + "v" + tc.goArm buildCmd := fmt.Sprintf("GOOS=%s GOARCH=%s GOARM=%s go build -o %s ./testdata/hello", tc.goOS, tc.goArch, tc.goArm, tempBinary) - cmd := exec.Command("sh", "-c", buildCmd) + cmd := exec.CommandContext(context.TODO(), "sh", "-c", buildCmd) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr err := cmd.Run() diff --git a/cmd/serve-repo/logger.go b/cmd/serve-repo/logger.go index e8ba153..bf45fe2 100644 --- a/cmd/serve-repo/logger.go +++ b/cmd/serve-repo/logger.go @@ -47,7 +47,7 @@ func WithLogging(h http.Handler) http.Handler { duration := time.Since(start) - slog.Info("request completed", + slog.Info("request completed", //nolint:gosec "uri", req.RequestURI, "method", req.Method, "status", responseData.status, // get captured status code diff --git a/decompress.go b/decompress.go index 866249c..8f398ce 100644 --- a/decompress.go +++ b/decompress.go @@ -99,7 +99,7 @@ func gunzip(src io.Reader, cmd, os, arch string) (io.Reader, error) { return nil, fmt.Errorf("%w gzip file: %s", ErrCannotDecompressFile, err) } - name := r.Header.Name + name := r.Name if !matchExecutableName(cmd, os, arch, name) { return nil, fmt.Errorf("%w: expected %q but found %q", ErrExecutableNotFoundInArchive, cmd, name) } diff --git a/github_release.go b/github_release.go index 70b059a..62bbd7c 100644 --- a/github_release.go +++ b/github_release.go @@ -36,8 +36,8 @@ func NewGitHubRelease(from *github.RepositoryRelease) *GitHubRelease { return release } -func (a *GitHubRelease) GetID() int64 { - return a.releaseID +func (r *GitHubRelease) GetID() int64 { + return r.releaseID } func (r *GitHubRelease) GetTagName() string { diff --git a/github_source.go b/github_source.go index 741894b..6ec42e8 100644 --- a/github_source.go +++ b/github_source.go @@ -101,17 +101,17 @@ func (s *GitHubSource) DownloadReleaseAsset(ctx context.Context, rel *Release, a // This is a workaround for the issue that the GitHub API does not support downloading assets from GitHub Proxy services. if useGithubProxy { // Determine download url based on asset id. - var downloadUrl string + var downloadURL string if rel.AssetID == assetID { - downloadUrl = rel.AssetURL + downloadURL = rel.AssetURL } else if rel.ValidationAssetID == assetID { - downloadUrl = rel.ValidationAssetURL + downloadURL = rel.ValidationAssetURL } - if downloadUrl == "" { + if downloadURL == "" { return nil, fmt.Errorf("asset ID %d: %w", assetID, ErrAssetNotFound) } // Download the asset directly from the AssetURL - req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadUrl, http.NoBody) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, http.NoBody) if err != nil { return nil, fmt.Errorf("failed to create download request:%w", err) } diff --git a/gitlab_release.go b/gitlab_release.go index 6e04b8d..092190d 100644 --- a/gitlab_release.go +++ b/gitlab_release.go @@ -76,7 +76,7 @@ type GitLabAsset struct { func NewGitLabAsset(from *gitlab.ReleaseLink) *GitLabAsset { return &GitLabAsset{ - id: int64(from.ID), + id: from.ID, name: from.Name, url: from.URL, } diff --git a/gitlab_source.go b/gitlab_source.go index 48d76f2..5e36d19 100644 --- a/gitlab_source.go +++ b/gitlab_source.go @@ -75,19 +75,19 @@ func (s *GitLabSource) DownloadReleaseAsset(ctx context.Context, rel *Release, a if rel == nil { return nil, ErrInvalidRelease } - var downloadUrl string + var downloadURL string if rel.AssetID == assetID { - downloadUrl = rel.AssetURL + downloadURL = rel.AssetURL } else if rel.ValidationAssetID == assetID { - downloadUrl = rel.ValidationAssetURL + downloadURL = rel.ValidationAssetURL } - if downloadUrl == "" { + if downloadURL == "" { return nil, fmt.Errorf("asset ID %d: %w", assetID, ErrAssetNotFound) } - log.Printf("downloading %q", downloadUrl) + log.Printf("downloading %q", downloadURL) client := http.DefaultClient - req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadUrl, http.NoBody) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, http.NoBody) if err != nil { log.Print(err) return nil, err @@ -95,7 +95,7 @@ func (s *GitLabSource) DownloadReleaseAsset(ctx context.Context, rel *Release, a if s.token != "" { // verify request is from same domain not to leak token - ok, err := canUseTokenForDomain(s.baseURL, downloadUrl) + ok, err := canUseTokenForDomain(s.baseURL, downloadURL) if err != nil { return nil, err } diff --git a/http_release.go b/http_release.go index daedfc1..8531729 100644 --- a/http_release.go +++ b/http_release.go @@ -24,7 +24,7 @@ import ( "time" ) -type HttpAsset struct { +type HttpAsset struct { //nolint:staticcheck ID int64 `yaml:"id"` Name string `yaml:"name"` Size int `yaml:"size"` @@ -49,7 +49,7 @@ func (a *HttpAsset) GetBrowserDownloadURL() string { var _ SourceAsset = &HttpAsset{} -type HttpRelease struct { +type HttpRelease struct { //nolint:staticcheck ID int64 `yaml:"id"` Name string `yaml:"name"` TagName string `yaml:"tag_name"` diff --git a/http_source.go b/http_source.go index 0bb8ad8..76212c0 100644 --- a/http_source.go +++ b/http_source.go @@ -30,14 +30,14 @@ import ( yaml "gopkg.in/yaml.v3" ) -type HttpManifest struct { +type HttpManifest struct { //nolint:staticcheck LastReleaseID int64 `yaml:"last_release_id"` LastAssetID int64 `yaml:"last_asset_id"` Releases []*HttpRelease `yaml:"releases"` } // HttpConfig is an object to pass to NewHttpSource -type HttpConfig struct { +type HttpConfig struct { //nolint:staticcheck // BaseURL is a base URL of your update server. This parameter has NO default value. BaseURL string // HTTP Transport Config @@ -47,14 +47,14 @@ type HttpConfig struct { } // HttpSource is used to load release information from an http repository -type HttpSource struct { +type HttpSource struct { //nolint:staticcheck baseURL string transport *http.Transport headers http.Header } // NewHttpSource creates a new HttpSource from a config object. -func NewHttpSource(config HttpConfig) (*HttpSource, error) { +func NewHttpSource(config HttpConfig) (*HttpSource, error) { //nolint:staticcheck // Validate Base URL. if config.BaseURL == "" { return nil, fmt.Errorf("http base url must be set") @@ -162,13 +162,13 @@ func (s *HttpSource) DownloadReleaseAsset(ctx context.Context, rel *Release, ass } // Determine download url based on asset id. - var downloadUrl string + var downloadURL string if rel.AssetID == assetID { - downloadUrl = rel.AssetURL + downloadURL = rel.AssetURL } else if rel.ValidationAssetID == assetID { - downloadUrl = rel.ValidationAssetURL + downloadURL = rel.ValidationAssetURL } - if downloadUrl == "" { + if downloadURL == "" { return nil, fmt.Errorf("asset ID %d: %w", assetID, ErrAssetNotFound) } @@ -176,7 +176,7 @@ func (s *HttpSource) DownloadReleaseAsset(ctx context.Context, rel *Release, ass client := &http.Client{Transport: s.transport} // Make request. - req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadUrl, http.NoBody) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, http.NoBody) if err != nil { return nil, err } diff --git a/http_source_test.go b/http_source_test.go index d31d632..85baa9d 100644 --- a/http_source_test.go +++ b/http_source_test.go @@ -36,14 +36,14 @@ import ( const httpTestBaseURL = "http://localhost" // Test server for testing http repos. -type HttpRepoTestServer struct { +type HTTPRepoTestServer struct { server *httptest.Server repoURL string } // Setup test server with test data. -func NewHttpRepoTestServer() *HttpRepoTestServer { - s := new(HttpRepoTestServer) +func NewHTTPRepoTestServer() *HTTPRepoTestServer { + s := new(HTTPRepoTestServer) // Setup handlers. mux := http.NewServeMux() @@ -57,7 +57,7 @@ func NewHttpRepoTestServer() *HttpRepoTestServer { } // Stop the HTTP server. -func (s *HttpRepoTestServer) Stop() { +func (s *HTTPRepoTestServer) Stop() { s.server.Close() } @@ -120,7 +120,7 @@ func TestHttpDownloadReleaseAssetWithNilRelease(t *testing.T) { // Verify we're able to list releases and download an asset. func TestHttpListAndDownloadReleaseAsset(t *testing.T) { // Create test HTTP server and start it. - server := NewHttpRepoTestServer() + server := NewHTTPRepoTestServer() // Make HTTP source with our test server. source, err := NewHttpSource(HttpConfig{BaseURL: server.repoURL}) diff --git a/mockdata_test.go b/mockdata_test.go index 1b8ad37..6a36cb5 100644 --- a/mockdata_test.go +++ b/mockdata_test.go @@ -265,7 +265,7 @@ func mockSourceRepository(t *testing.T) *MockSource { t.Errorf("file ID %d not found", asset.GetID()) } hash := sha256.Sum256(file) - checksums.WriteString(fmt.Sprintf("%x %s\n", hash, asset.GetName())) + fmt.Fprintf(checksums, "%x %s\n", hash, asset.GetName()) } id := int64(i*10 + 101) rel.assets = append(rel.assets, &GitHubAsset{ @@ -293,7 +293,7 @@ func mockPGPSourceRepository(t *testing.T) (source *MockSource, PGPKeyRing []byt rel := release.(*GitHubRelease) id := int64(i*10 + 101) - signatureId := id + 1 + signatureID := id + 1 shaSums := source.files[id] // Create SHA256SUMS.asc (by signing SHA256SUMS) @@ -302,12 +302,12 @@ func mockPGPSourceRepository(t *testing.T) (source *MockSource, PGPKeyRing []byt require.NoError(t, err) rel.assets = append(rel.assets, &GitHubAsset{ - id: signatureId, + id: signatureID, name: "checksums.txt.asc", }) - source.files[signatureId] = signature.Bytes() + source.files[signatureID] = signature.Bytes() - t.Logf("file id %d contains PGP signature:\n%s\n", signatureId, string(source.files[signatureId])) + t.Logf("file id %d contains PGP signature:\n%s\n", signatureID, string(source.files[signatureID])) } return diff --git a/package.go b/package.go index a75fc5a..3a28284 100644 --- a/package.go +++ b/package.go @@ -51,7 +51,7 @@ func UpdateSelf(ctx context.Context, current string, repository Repository) (*Re func downloadReleaseAssetFromURL(ctx context.Context, url string) (rc io.ReadCloser, err error) { client := http.DefaultClient - req, err := http.NewRequest(http.MethodGet, url, nil) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) if err != nil { return nil, err } diff --git a/update.go b/update.go index 2f1ce05..4c14c84 100644 --- a/update.go +++ b/update.go @@ -142,9 +142,9 @@ func (up *Updater) validate(ctx context.Context, rel *Release, data []byte) erro return nil } -func (up *Updater) download(ctx context.Context, rel *Release, assetId int64) (data []byte, err error) { +func (up *Updater) download(ctx context.Context, rel *Release, assetID int64) (data []byte, err error) { var reader io.ReadCloser - if reader, err = up.source.DownloadReleaseAsset(ctx, rel, assetId); err == nil { + if reader, err = up.source.DownloadReleaseAsset(ctx, rel, assetID); err == nil { defer func() { _ = reader.Close() }() data, err = io.ReadAll(reader) } From 32a2ef1b251e72ff78ebb7998dff9ce80067adf7 Mon Sep 17 00:00:00 2001 From: Fred Date: Sat, 28 Mar 2026 18:25:55 +0000 Subject: [PATCH 2/4] run go fix --- .github/workflows/build.yml | 6 ++++++ detect_test.go | 1 - internal/resolve_path_windows.go | 5 +++-- log.go | 8 ++++---- repository.go | 2 +- repository_id.go | 2 +- repository_slug.go | 2 +- 7 files changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ad8742b..a93eeff 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,6 +35,12 @@ jobs: - name: Build run: go build -v ./... + - name: golangci-lint + uses: golangci/golangci-lint-action@v9 + with: + version: v2.11.4 + args: --timeout=30m + - name: Test shell: bash run: | diff --git a/detect_test.go b/detect_test.go index a69e063..846835a 100644 --- a/detect_test.go +++ b/detect_test.go @@ -897,7 +897,6 @@ func TestFindReleaseAndAsset(t *testing.T) { } for _, testItem := range testData { - testItem := testItem t.Run(testItem.name, func(t *testing.T) { t.Parallel() diff --git a/internal/resolve_path_windows.go b/internal/resolve_path_windows.go index 68016a0..71c1114 100644 --- a/internal/resolve_path_windows.go +++ b/internal/resolve_path_windows.go @@ -3,10 +3,11 @@ package internal import ( - "golang.org/x/sys/windows" "os" "strings" "syscall" + + "golang.org/x/sys/windows" ) // ResolvePath returns the path of a given filename with all symlinks resolved. @@ -27,7 +28,7 @@ func ResolvePath(filename string) (string, error) { } buf := make([]uint16, bufSize) - n, err := windows.GetFinalPathNameByHandle(handle, &buf[0], uint32(len(buf)), 0) + n, err := windows.GetFinalPathNameByHandle(handle, &buf[0], uint32(len(buf)), 0) //nolint:gosec if err != nil { return "", err } diff --git a/log.go b/log.go index 9c02798..089684c 100644 --- a/log.go +++ b/log.go @@ -11,13 +11,13 @@ func SetLogger(logger Logger) { // Logger interface. Compatible with standard log.Logger type Logger interface { // Print calls Output to print to the standard logger. Arguments are handled in the manner of fmt.Print. - Print(v ...interface{}) + Print(v ...any) // Printf calls Output to print to the standard logger. Arguments are handled in the manner of fmt.Printf. - Printf(format string, v ...interface{}) + Printf(format string, v ...any) } // emptyLogger to discard all logs by default type emptyLogger struct{} -func (l *emptyLogger) Print(v ...interface{}) {} -func (l *emptyLogger) Printf(format string, v ...interface{}) {} +func (l *emptyLogger) Print(v ...any) {} +func (l *emptyLogger) Printf(format string, v ...any) {} diff --git a/repository.go b/repository.go index cdd594a..ee2b637 100644 --- a/repository.go +++ b/repository.go @@ -2,5 +2,5 @@ package selfupdate type Repository interface { GetSlug() (string, string, error) - Get() (interface{}, error) + Get() (any, error) } diff --git a/repository_id.go b/repository_id.go index 0bacf41..a61bdf6 100644 --- a/repository_id.go +++ b/repository_id.go @@ -14,6 +14,6 @@ func (r RepositoryID) GetSlug() (string, string, error) { return "", "", ErrInvalidID } -func (r RepositoryID) Get() (interface{}, error) { +func (r RepositoryID) Get() (any, error) { return int(r), nil } diff --git a/repository_slug.go b/repository_slug.go index 89175df..5343c0b 100644 --- a/repository_slug.go +++ b/repository_slug.go @@ -51,7 +51,7 @@ func (r RepositorySlug) GetSlug() (string, string, error) { return r.owner, r.repo, nil } -func (r RepositorySlug) Get() (interface{}, error) { +func (r RepositorySlug) Get() (any, error) { _, _, err := r.GetSlug() if err != nil { return "", err From dae3e1b5f3b126d93064ad770d97c224819a5f99 Mon Sep 17 00:00:00 2001 From: Fred Date: Sat, 28 Mar 2026 18:34:26 +0000 Subject: [PATCH 3/4] chore: update golangci-lint version and fix Makefile commands --- .github/workflows/build.yml | 2 +- Makefile | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a93eeff..972e558 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - go_version: ['1.25', '1.26'] + go_version: ['1.25'] os: [ubuntu-latest, windows-latest, macos-latest] steps: diff --git a/Makefile b/Makefile index 076ac01..8deb3b7 100644 --- a/Makefile +++ b/Makefile @@ -83,6 +83,6 @@ fix: $(GOBIN)/golangci-lint-v2 @echo "[*] $@" $(GOCMD) mod tidy $(GOCMD) fix ./... - GOOS=darwin $(GOBIN)/golangci-lint-v2 --fix - GOOS=linux $(GOBIN)/golangci-lint-v2 --fix - GOOS=windows $(GOBIN)/golangci-lint-v2 --fix + GOOS=darwin $(GOBIN)/golangci-lint-v2 run --fix + GOOS=linux $(GOBIN)/golangci-lint-v2 run --fix + GOOS=windows $(GOBIN)/golangci-lint-v2 run --fix From 97a564576fe3456c77c3bb57c6a82b73182f1c8b Mon Sep 17 00:00:00 2001 From: Fred Date: Sat, 28 Mar 2026 21:34:04 +0000 Subject: [PATCH 4/4] chore: update golangci-lint settings and remove staticcheck linter suppression --- .golangci.yml | 1 + cmd/serve-repo/logger.go | 2 +- http_release.go | 4 ++-- http_source.go | 8 ++++---- internal/resolve_path_windows.go | 2 +- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 9933596..3384b96 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -29,6 +29,7 @@ linters: checks: - all - -SA1019 + - -ST1003 exclusions: generated: lax presets: diff --git a/cmd/serve-repo/logger.go b/cmd/serve-repo/logger.go index bf45fe2..1d0013f 100644 --- a/cmd/serve-repo/logger.go +++ b/cmd/serve-repo/logger.go @@ -47,7 +47,7 @@ func WithLogging(h http.Handler) http.Handler { duration := time.Since(start) - slog.Info("request completed", //nolint:gosec + slog.Info("request completed", //nolint:gosec // G706: Log injection via taint analysis "uri", req.RequestURI, "method", req.Method, "status", responseData.status, // get captured status code diff --git a/http_release.go b/http_release.go index 8531729..daedfc1 100644 --- a/http_release.go +++ b/http_release.go @@ -24,7 +24,7 @@ import ( "time" ) -type HttpAsset struct { //nolint:staticcheck +type HttpAsset struct { ID int64 `yaml:"id"` Name string `yaml:"name"` Size int `yaml:"size"` @@ -49,7 +49,7 @@ func (a *HttpAsset) GetBrowserDownloadURL() string { var _ SourceAsset = &HttpAsset{} -type HttpRelease struct { //nolint:staticcheck +type HttpRelease struct { ID int64 `yaml:"id"` Name string `yaml:"name"` TagName string `yaml:"tag_name"` diff --git a/http_source.go b/http_source.go index 76212c0..a062a02 100644 --- a/http_source.go +++ b/http_source.go @@ -30,14 +30,14 @@ import ( yaml "gopkg.in/yaml.v3" ) -type HttpManifest struct { //nolint:staticcheck +type HttpManifest struct { LastReleaseID int64 `yaml:"last_release_id"` LastAssetID int64 `yaml:"last_asset_id"` Releases []*HttpRelease `yaml:"releases"` } // HttpConfig is an object to pass to NewHttpSource -type HttpConfig struct { //nolint:staticcheck +type HttpConfig struct { // BaseURL is a base URL of your update server. This parameter has NO default value. BaseURL string // HTTP Transport Config @@ -47,14 +47,14 @@ type HttpConfig struct { //nolint:staticcheck } // HttpSource is used to load release information from an http repository -type HttpSource struct { //nolint:staticcheck +type HttpSource struct { baseURL string transport *http.Transport headers http.Header } // NewHttpSource creates a new HttpSource from a config object. -func NewHttpSource(config HttpConfig) (*HttpSource, error) { //nolint:staticcheck +func NewHttpSource(config HttpConfig) (*HttpSource, error) { // Validate Base URL. if config.BaseURL == "" { return nil, fmt.Errorf("http base url must be set") diff --git a/internal/resolve_path_windows.go b/internal/resolve_path_windows.go index 71c1114..1123808 100644 --- a/internal/resolve_path_windows.go +++ b/internal/resolve_path_windows.go @@ -28,7 +28,7 @@ func ResolvePath(filename string) (string, error) { } buf := make([]uint16, bufSize) - n, err := windows.GetFinalPathNameByHandle(handle, &buf[0], uint32(len(buf)), 0) //nolint:gosec + n, err := windows.GetFinalPathNameByHandle(handle, &buf[0], bufSize, 0) if err != nil { return "", err }