From f025c630ac1f3d59ae84fd878241e67beb76fdce Mon Sep 17 00:00:00 2001 From: Ian Lewis Date: Mon, 26 Jun 2023 10:49:52 +0900 Subject: [PATCH] refactor: Use Go 1.20 (#643) Fixes #589 --------- Signed-off-by: Ian Lewis --- .github/workflows/pre-submit.cli.yml | 2 +- .github/workflows/pre-submit.e2e.yml | 2 +- .github/workflows/pre-submit.lint.yml | 6 +- .github/workflows/release.yml | 2 +- .golangci.yml | 82 +++++++++++++++++++++++++++ go.mod | 2 +- 6 files changed, 89 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pre-submit.cli.yml b/.github/workflows/pre-submit.cli.yml index 3335bc0..947c552 100644 --- a/.github/workflows/pre-submit.cli.yml +++ b/.github/workflows/pre-submit.cli.yml @@ -20,7 +20,7 @@ jobs: - name: setup-go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: "1.18" + go-version-file: "go.mod" - name: Save event name env: diff --git a/.github/workflows/pre-submit.e2e.yml b/.github/workflows/pre-submit.e2e.yml index 5be04cc..7d06584 100644 --- a/.github/workflows/pre-submit.e2e.yml +++ b/.github/workflows/pre-submit.e2e.yml @@ -18,7 +18,7 @@ jobs: - name: setup-go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: "1.18" + go-version-file: "__THIS_REPO__/go.mod" - name: Build verifier at HEAD working-directory: __THIS_REPO__ diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index 187a9a7..0a2a7bd 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -13,10 +13,10 @@ jobs: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: "1.18" + go-version-file: "go.mod" - env: - GOLANGCI_LINT_VERSION: "1.52.2" - GOLANGCI_LINT_CHECKSUM: "c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501" + GOLANGCI_LINT_VERSION: "1.53.2" + GOLANGCI_LINT_CHECKSUM: "2298f73b9bc03b88b91fee06c5d519fc7f9d7f328e2c388615bbd7e85a9d6cae" run: | set -euo pipefail diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4e572ca..8465483 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -51,7 +51,7 @@ jobs: contents: write # For asset uploads. uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: - go-version: 1.18 + go-version-file: "go.mod" config-file: .slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yml compile-builder: true evaluated-envs: "VERSION:${{needs.args.outputs.version}}" diff --git a/.golangci.yml b/.golangci.yml index 50e6040..d9ae8b5 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -81,6 +81,88 @@ linters: # TODO(https://github.com/slsa-framework/slsa-verifier/issues/363): Restore linter # - wrapcheck linters-settings: + depguard: + rules: + global: + files: + - $all + - "!$test" + - "!**/experimental/**" + + # This is an exception for the existing code. + # TODO(#642): Don't allow go-cmp in non-test code. + - "!**/verifiers/internal/gcb/provenance.go" + allow: + - $gostd + + # Approved orgs. + - "github.com/slsa-framework" + - "github.com/in-toto" + - "github.com/sigstore" + - "github.com/secure-systems-lab" + - "github.com/go-openapi" + + # Approved packages. + - "sigs.k8s.io/release-utils/version" + - "github.com/spf13/cobra" # For CLI + - "github.com/docker/go/canonical/json" # For canonical json. + - "github.com/google/go-containerregistry" # For interacting with container registries. + deny: + - pkg: "reflect" + desc: Please don't use reflect package + - pkg: "unsafe" + desc: Please don't use unsafe package + + test: + files: + - "$test" + # - "!**/experimental/**" + # This is an exception for the existing code. + # TODO(#642): Don't allow go-cmp in non-test code. + - "!**/verifiers/internal/gcb/provenance.go" + # NOTE: test code is allowed to use github.com/google/go-cmp (there is no + # deny for it) but non-test code is not. + allow: + - $gostd + + # Approved orgs. + - "github.com/slsa-framework" + - "github.com/in-toto" + - "github.com/sigstore" + - "github.com/secure-systems-lab" + - "github.com/go-openapi" + + # Approved packages. + - "sigs.k8s.io/release-utils/version" + - "github.com/spf13/cobra" # For CLI + - "github.com/docker/go/canonical/json" # For canonical json. + - "github.com/google/go-containerregistry" # For interacting with container registries. + + # Allowed in test code. + - "github.com/google/go-cmp" + deny: + - pkg: "reflect" + desc: Please don't use reflect package + - pkg: "unsafe" + desc: Please don't use unsafe package + + experimental: + files: + - "**/experimental/**/*.go" + allow: + - $gostd + + # Approved orgs. + - "github.com/slsa-framework" + + # Allowed in experimental. + - "github.com/gorilla/mux" + deny: + - pkg: "reflect" + desc: Please don't use reflect package + - pkg: "unsafe" + desc: Please don't use unsafe package + errcheck: check-type-assertions: true check-blank: true diff --git a/go.mod b/go.mod index 6c48223..1480e99 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/slsa-framework/slsa-verifier/v2 -go 1.18 +go 1.20 require ( github.com/docker/go v1.5.1-1