forked from zitadel/zitadel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.golangci.yaml
308 lines (307 loc) · 15.4 KB
/
.golangci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
issues:
new-from-rev: main
# Set to 0 to disable.
max-issues-per-linter: 0
# Set to 0 to disable.
max-same-issues: 0
run:
concurrency: 4
timeout: 10m
go: '1.22'
skip-dirs:
- .artifacts
- .backups
- .codecov
- .github
- .keys
- .vscode
- build
- console
- deploy
- docs
- guides
- internal/api/ui/login/static
- openapi
- proto
- tools
linters:
enable:
# Simple linter to check that your code does not contain non-ASCII identifiers [fast: true, auto-fix: false]
- asciicheck
# checks whether HTTP response body is closed successfully [fast: false, auto-fix: false]
- bodyclose
# check the function whether use a non-inherited context [fast: false, auto-fix: false]
- contextcheck
# Computes and checks the cognitive complexity of functions [fast: true, auto-fix: false]
- gocognit
# Checks Go code for unused constants, variables, functions and types [fast: false, auto-fix: false]
- unused
# Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases [fast: false, auto-fix: false]
- errcheck
# Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`. [fast: false, auto-fix: false]
- errname
# errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13. [fast: false, auto-fix: false]
- errorlint
# check exhaustiveness of enum switch statements [fast: false, auto-fix: false]
- exhaustive
# Gci controls golang package import order and makes it always deterministic. [fast: true, auto-fix: false]
- gci
# Provides diagnostics that check for bugs, performance and style issues. [fast: false, auto-fix: false]
- gocritic
# Linter for Go source code that specializes in simplifying a code [fast: false, auto-fix: false]
- gosimple
# Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string [fast: false, auto-fix: false]
- govet
# Detects when assignments to existing variables are not used [fast: true, auto-fix: false]
- ineffassign
# Finds commonly misspelled English words in comments [fast: true, auto-fix: true]
- misspell
# Finds naked returns in functions greater than a specified function length [fast: true, auto-fix: false]
- nakedret
# Staticcheck is a go vet on steroids, applying a ton of static analysis checks [fast: false, auto-fix: false]
- staticcheck
# Like the front-end of a Go compiler, parses and type-checks Go code [fast: false, auto-fix: false]
- typecheck
# Reports ill-formed or insufficient nolint directives [fast: true, auto-fix: false]
- nolintlint
# Checks for misuse of Sprintf to construct a host with port in a URL.
- nosprintfhostport
# checks whether Err of rows is checked successfully in `sql.Rows` [fast: false, auto-fix: false]
- rowserrcheck
# Checks that sql.Rows and sql.Stmt are closed. [fast: false, auto-fix: false]
- sqlclosecheck
# Remove unnecessary type conversions [fast: false, auto-fix: false]
- unconvert
disable:
# Checks for dangerous unicode character sequences [fast: true, auto-fix: false]
# not needed because github does that out of the box
- bidichk
# containedctx is a linter that detects struct contained context.Context field [fast: true, auto-fix: false]
# using contextcheck which looks more active
- containedctx
# checks function and package cyclomatic complexity [fast: false, auto-fix: false]
# not use because gocognit is used
- cyclop
# The owner seems to have abandoned the linter. Replaced by unused.
# deprecated, replaced by unused
- deadcode
# check declaration order and count of types, constants, variables and functions [fast: true, auto-fix: false]
# FUTURE: IMO it sometimes makes sense to declare consts or types after a func
- decorder
# Go linter that checks if package imports are in a list of acceptable packages [fast: false, auto-fix: false]
# not required because of dependabot
- depguard
# Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) [fast: true, auto-fix: false]
# FUTURE: old code is not compatible
- dogsled
# Tool for code clone detection [fast: true, auto-fix: false]
# FUTURE: old code is not compatible
- dupl
# checks for duplicate words in the source code
# not sure if it makes sense
- dupword
# check for two durations multiplied together [fast: false, auto-fix: false]
# FUTURE: checks for accident `1 * time.Second * time.Second`
- durationcheck
# Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occations, where the check for the returned error can be omitted. [fast: false, auto-fix: false]
# FUTURE: use asap, because we use json alot. nice feature is possiblity to check if err check is required
- errchkjson
# execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
# FUTURE: might find some errors in sql queries
- execinquery
# Checks if all struct's fields are initialized [fast: false, auto-fix: false]
# deprecated
- exhaustivestruct
# Checks if all structure fields are initialized
# Not all fields have to be initialized
- exhaustruct
# checks for pointers to enclosing loop variables [fast: false, auto-fix: false]
# FUTURE: finds bugs hard to find, could occur much later
- exportloopref
# Forbids identifiers [fast: true, auto-fix: false]
# see no reason. allows to define regexp which are not allowed to use
- forbidigo
# finds forced type assertions [fast: true, auto-fix: false]
# not used because we mostly use `_, _ = a.(int)`
- forcetypeassert
# Tool for detection of long functions [fast: true, auto-fix: false]
# not used because it ignores complexity
- funlen
# check that no global variables exist [fast: true, auto-fix: false]
# We use some global variables which is ok IMO
- gochecknoglobals
# Checks that no init functions are present in Go code [fast: true, auto-fix: false]
# we use inits for the database abstraction
- gochecknoinits
# Finds repeated strings that could be replaced by a constant [fast: true, auto-fix: false]
# FUTURE: might be cool to check
- goconst
# Computes and checks the cyclomatic complexity of functions [fast: true, auto-fix: false]
# not used because cyclop also checks complexity of package
- gocyclo
# Check if comments end in a period [fast: true, auto-fix: true]
# FUTURE: checks if comments are written as specified
- godot
# Tool for detection of FIXME, TODO and other comment keywords [fast: true, auto-fix: false]
# FUTURE: maybe makes sense later. IMO some view todos are ok for later tasks.
- godox
# Golang linter to check the errors handling expressions [fast: false, auto-fix: false]
# Not used in favore of errorlint
- goerr113
# Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification [fast: true, auto-fix: true]
# ignored in favor of goimports
- gofmt
# Gofumpt checks whether code was gofumpt-ed. [fast: true, auto-fix: true]
# ignored in favor of goimports
- gofumpt
# Checks is file header matches to pattern [fast: true, auto-fix: false]
# ignored because we don't write licenses as headers
- goheader
# In addition to fixing imports, goimports also formats your code in the same style as gofmt. [fast: true, auto-fix: true]
# ignored in favor of gci
- goimports
#deprecated]: Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes [fast: false, auto-fix: false]
# ignored in favor of goimports
- golint
# An analyzer to detect magic numbers. [fast: true, auto-fix: false]
# FUTURE: not that critical at the moment
- gomnd
# Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod. [fast: true, auto-fix: false]
# FUTURE: not a problem at the moment
- gomoddirectives
# Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations. [fast: true, auto-fix: false]
# FUTURE: maybe interesting because of licenses
- gomodguard
# Checks that printf-like functions are named with `f` at the end [fast: true, auto-fix: false]
# FUTURE: not a problem at the moment
- goprintffuncname
# Inspects source code for security problems [fast: false, auto-fix: false]
# TODO: I think it would be more interesting to integrate into gh code scanning: https://github.com/securego/gosec#integrating-with-code-scanning
- gosec
# An analyzer to analyze expression groups. [fast: true, auto-fix: false]
# I think the groups (vars, consts, imports, ...) we have atm are ok
- grouper
# Checks that your code uses short syntax for if-statements whenever possible [fast: true, auto-fix: false]
# Dont't use its deprecated
- ifshort
# Enforces consistent import aliases [fast: false, auto-fix: false]
# FUTURE: aliasing of imports is more or less consistent
- importas
# A linter that checks the number of methods inside an interface.
# No need at the moment, repository abstraction was removed
- interfacebloat
# A linter that suggests interface types
# Don't use it's archived
- interfacer
# Accept Interfaces, Return Concrete Types [fast: false, auto-fix: false]
# FUTURE: check if no interface is returned
- ireturn
# Reports long lines [fast: true, auto-fix: false]
# FUTURE: would make code more readable
- lll
# Checks key valur pairs for common logger libraries (kitlog,klog,logr,zap).
# FUTURE: useable as soon as we switch logger library
- loggercheck
# maintidx measures the maintainability index of each function. [fast: true, auto-fix: false]
# not used because volume of halstead complexity feels strange as measurement https://en.wikipedia.org/wiki/Halstead_complexity_measures
- maintidx
# Finds slice declarations with non-zero initial length [fast: false, auto-fix: false]
# I would prefer to use https://github.com/alexkohler/prealloc
- makezero
# Reports deeply nested if statements [fast: true, auto-fix: false]
# focus only on if's
- nestif
# Finds the code that returns nil even if it checks that the error is not nil. [fast: false, auto-fix: false]
# FUTURE: check if it is allowed to return nil partially in error catch
- nilerr
# Checks that there is no simultaneous return of `nil` error and an invalid value. [fast: false, auto-fix: false]
# FUTURE: would reduce checks and panics
- nilnil
# nlreturn checks for a new line before return and branch statements to increase code clarity [fast: true, auto-fix: false]
# DISCUSS: IMO the readability of does not always increase using more empty lines
- nlreturn
# noctx finds sending http request without context.Context [fast: false, auto-fix: false]
# only interesting if using http
- noctx
# Reports all names returns
# Named returns are not allowed which IMO reduces readability of code
- nonamedreturns
# detects snake case of variable naming and function name.
# has not been a problem in our code and deprecated
- nosnakecase
# paralleltest detects missing usage of t.Parallel() method in your Go test [fast: true, auto-fix: false]
# FUTURE: will break all of our tests
- paralleltest
# Finds slice declarations that could potentially be preallocated [fast: true, auto-fix: false]
# FUTURE: would improve performance
- prealloc
# find code that shadows one of Go's predeclared identifiers [fast: true, auto-fix: false]
# FUTURE: checks for overwrites
- predeclared
# Check Prometheus metrics naming via promlint [fast: true, auto-fix: false]
# Not interesting at the moment
- promlinter
# Checks that package variables are not reassigned
# FUTURE: checks if vars like Err's are reassigned which might break code
- reassign
# Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint. [fast: false, auto-fix: false]
# Linter aggregator, would allow to use less other linters
- revive
# checks for unpinned variables in go programs
# deprecated
- scopelint
# Finds unused struct fields [fast: false, auto-fix: false]
# deprecated, replaced by unused
- structcheck
# Stylecheck is a replacement for golint [fast: false, auto-fix: false]
# we use goimports
- stylecheck
# Checks the struct tags. [fast: true, auto-fix: false]
# FUTURE: would help for new structs
- tagliatelle
# tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17 [fast: false, auto-fix: false]
# FUTURE: currently are no env vars set
- tenv
# linter checks if examples are testable (have an expected output)
# FUTURE: as soon as examples are added
- testableexamples
# linter that makes you use a separate _test package [fast: true, auto-fix: false]
# don't use because we test some unexported functions
- testpackage
# thelper detects golang test helpers without t.Helper() call and checks the consistency of test helpers [fast: false, auto-fix: false]
# FUTURE: nice to improve test quality
- thelper
# tparallel detects inappropriate usage of t.Parallel() method in your Go test codes [fast: false, auto-fix: false]
# FUTURE: nice to improve test quality
- tparallel
# Reports unused function parameters [fast: false, auto-fix: false]
# DISCUSS: nice idea and would improve code quality, but how to handle false positives?
- unparam
# A linter that detect the possibility to use variables/constants from the Go standard library.
# FUTURE: improves code quality
- usestdlibvars
# Finds unused global variables and constants [fast: false, auto-fix: false]
# deprecated, replaced by unused
- varcheck
# checks that the length of a variable's name matches its scope [fast: false, auto-fix: false]
# I would not use it because it more or less checks if var lenght matches
- varnamelen
# wastedassign finds wasted assignment statements. [fast: false, auto-fix: false]
# FUTURE: would improve code quality (maybe already checked by vet?)
- wastedassign
# Tool for detection of leading and trailing whitespace [fast: true, auto-fix: true]
# Not sure if it improves code readability
- whitespace
# Checks that errors returned from external packages are wrapped [fast: false, auto-fix: false]
# FUTURE: improves UX because all the errors will be ZITADEL errors
- wrapcheck
# Whitespace Linter - Forces you to use empty lines! [fast: true, auto-fix: false]
# FUTURE: improves code quality by allowing and blocking line breaks
- wsl
linters-settings:
gci:
sections:
- standard # Standard section: captures all standard packages.
- default # Default section: contains all imports that could not be matched to another section type.
- prefix(github.com/zitadel/zitadel) # Custom section: groups all imports with the specified Prefix.
custom-order: true