lint cleanly

Signed-off-by: Jason Hall <jason@chainguard.dev>

.golangci.yaml

@@ -1,11 +1,10 @@
 run:
  timeout: 5m
 
- skip-dirs:
+issues:
+ exclude-dirs:
  - internal
  - pkg/registry
-
-issues:
  exclude-rules:
  - path: test # Excludes /test, *_test.go etc.
  linters:
@@ -35,6 +34,8 @@ linters:
 
 linters-settings:
  depguard:
- include-go-root: true
- packages-with-error-message:
- - crypto/sha256: "use crypto.SHA256 instead"
+ rules:
+ main:
+ deny:
+ - pkg: "crypto/sha256"
+ desc: use crypto.SHA256 instead

cmd/crane/cmd/append.go

@@ -45,7 +45,7 @@ If the base image is a Windows base image (i.e., its config.OS is "windows"),
 the contents of the tarballs will be modified to be suitable for a Windows
 container image.`,
  Args: cobra.NoArgs,
- RunE: func(cmd *cobra.Command, args []string) error {
+ RunE: func(cmd *cobra.Command, _ []string) error {
  var base v1.Image
  var err error
 

cmd/crane/cmd/auth.go

@@ -211,7 +211,7 @@ func NewCmdAuthLogin(argv ...string) *cobra.Command {
  Short: "Log in to a registry",
  Example: eg,
  Args: cobra.ExactArgs(1),
- RunE: func(cmd *cobra.Command, args []string) error {
+ RunE: func(_ *cobra.Command, args []string) error {
  reg, err := name.NewRegistry(args[0])
  if err != nil {
  return err
@@ -285,7 +285,7 @@ func NewCmdAuthLogout(argv ...string) *cobra.Command {
  Short: "Log out of a registry",
  Example: eg,
  Args: cobra.ExactArgs(1),
- RunE: func(cmd *cobra.Command, args []string) error {
+ RunE: func(_ *cobra.Command, args []string) error {
  reg, err := name.NewRegistry(args[0])
  if err != nil {
  return err

cmd/crane/cmd/root.go

@@ -56,7 +56,7 @@ func New(use, short string, options []crane.Option) *cobra.Command {
  RunE: func(cmd *cobra.Command, _ []string) error { return cmd.Usage() },
  DisableAutoGenTag: true,
  SilenceUsage: true,
- PersistentPreRun: func(cmd *cobra.Command, args []string) {
+ PersistentPreRun: func(cmd *cobra.Command, _ []string) {
  options = append(options, crane.WithContext(cmd.Context()))
  // TODO(jonjohnsonjr): crane.Verbose option?
  if verbose {

cmd/crane/cmd/validate.go

@@ -33,8 +33,8 @@ func NewCmdValidate(options *[]crane.Option) *cobra.Command {
  validateCmd := &cobra.Command{
  Use: "validate",
  Short: "Validate that an image is well-formed",
- Args: cobra.ExactArgs(0),
- RunE: func(cmd *cobra.Command, args []string) error {
+ Args: cobra.NoArgs,
+ RunE: func(cmd *cobra.Command, _ []string) error {
  if tarballPath != "" {
  img, err := tarball.ImageFromPath(tarballPath, nil)
  if err != nil {

pkg/authn/keychain.go

@@ -84,7 +84,7 @@ func (dk *defaultKeychain) Resolve(target Resource) (Authenticator, error) {
 }
 
 // Resolve implements Keychain.
-func (dk *defaultKeychain) ResolveContext(ctx context.Context, target Resource) (Authenticator, error) {
+func (dk *defaultKeychain) ResolveContext(_ context.Context, target Resource) (Authenticator, error) {
  dk.mu.Lock()
  defer dk.mu.Unlock()
 
@@ -204,7 +204,7 @@ func (w wrapper) Resolve(r Resource) (Authenticator, error) {
  return w.ResolveContext(context.Background(), r)
 }
 
-func (w wrapper) ResolveContext(ctx context.Context, r Resource) (Authenticator, error) {
+func (w wrapper) ResolveContext(_ context.Context, r Resource) (Authenticator, error) {
  u, p, err := w.h.Get(r.RegistryStr())
  if err != nil {
  return Anonymous, nil

pkg/name/ref.go

@@ -44,7 +44,7 @@ func ParseReference(s string, opts ...Option) (Reference, error) {
  if d, err := NewDigest(s, opts...); err == nil {
  return d, nil
  }
- return nil, newErrBadName("could not parse reference: " + s)
+ return nil, newErrBadName("could not parse reference: %s", s)
 }
 
 type stringConst string

pkg/v1/partial/index_test.go

@@ -105,9 +105,7 @@ func TestFindIndexes(t *testing.T) {
  }
 
  // just see if it finds all of the indexes
- matcher := func(desc v1.Descriptor) bool {
- return true
- }
+ matcher := func(v1.Descriptor) bool { return true }
  index := mutate.AppendManifests(base, adds...)
  idxes, err := partial.FindIndexes(index, matcher)
  switch {

pkg/v1/remote/error_roundtrip_test.go

@@ -36,7 +36,7 @@ func TestStatusCodeReturned(t *testing.T) {
  Handler http.Handler
  }{{
  Description: "Only returns teapot status",
- Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ Handler: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.WriteHeader(http.StatusTeapot)
  }),
  }, {

pkg/v1/remote/transport/basic_test.go

@@ -46,9 +46,7 @@ func TestBasicTransport(t *testing.T) {
  defer server.Close()
 
  inner := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  basic := &authn.Basic{Username: username, Password: password}
@@ -96,9 +94,7 @@ func TestBasicTransportRegistryToken(t *testing.T) {
  defer server.Close()
 
  inner := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  client := http.Client{Transport: &basicTransport{inner: inner, auth: tc.auth, target: "gcr.io"}}
@@ -125,9 +121,7 @@ func TestBasicTransportWithEmptyAuthnCred(t *testing.T) {
  defer server.Close()
 
  inner := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  client := http.Client{Transport: &basicTransport{inner: inner, auth: authn.Anonymous, target: "gcr.io"}}

pkg/v1/remote/transport/ping_test.go

@@ -33,12 +33,12 @@ var (
 
 func TestPingNoChallenge(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.WriteHeader(http.StatusOK)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
+ Proxy: func(*http.Request) (*url.URL, error) {
  return url.Parse(server.URL)
  },
  }
@@ -57,15 +57,13 @@ func TestPingNoChallenge(t *testing.T) {
 
 func TestPingBasicChallengeNoParams(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `BASIC`)
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  pr, err := Ping(context.Background(), testRegistry, tprt)
@@ -82,15 +80,13 @@ func TestPingBasicChallengeNoParams(t *testing.T) {
 
 func TestPingBearerChallengeWithParams(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `Bearer realm="http://auth.example.com/token"`)
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  pr, err := Ping(context.Background(), testRegistry, tprt)
@@ -107,16 +103,14 @@ func TestPingBearerChallengeWithParams(t *testing.T) {
 
 func TestPingMultipleChallenges(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Add("WWW-Authenticate", "Negotiate")
  w.Header().Add("WWW-Authenticate", `Basic realm="http://auth.example.com/token"`)
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  pr, err := Ping(context.Background(), testRegistry, tprt)
@@ -133,16 +127,14 @@ func TestPingMultipleChallenges(t *testing.T) {
 
 func TestPingMultipleNotSupportedChallenges(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Add("WWW-Authenticate", "Negotiate")
  w.Header().Add("WWW-Authenticate", "Digest")
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  pr, err := Ping(context.Background(), testRegistry, tprt)
@@ -156,15 +148,13 @@ func TestPingMultipleNotSupportedChallenges(t *testing.T) {
 
 func TestUnsupportedStatus(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `Bearer realm="http://auth.example.com/token`)
  http.Error(w, "Forbidden", http.StatusForbidden)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  pr, err := Ping(context.Background(), testRegistry, tprt)
@@ -206,9 +196,7 @@ func TestPingHttpFallback(t *testing.T) {
  defer server.Close()
 
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  fallbackDelay = 2 * time.Millisecond

pkg/v1/remote/transport/retry_test.go

@@ -145,7 +145,7 @@ func TestRetryDefaults(t *testing.T) {
 func TestTimeoutContext(t *testing.T) {
  tr := NewRetry(http.DefaultTransport)
 
- slowServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ slowServer := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
  // hanging request
  time.Sleep(time.Second * 1)
  }))

pkg/v1/remote/transport/transport_test.go

@@ -35,15 +35,13 @@ var (
 
 func TestTransportNoActionIfTransportIsAlreadyWrapper(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `Bearer realm="http://foo.io"`)
  http.Error(w, "Should not contact the server", http.StatusBadRequest)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  wTprt := &Wrapper{inner: tprt}
@@ -89,15 +87,13 @@ func TestTransportSelectionAnonymous(t *testing.T) {
 
 func TestTransportSelectionBasic(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `Basic`)
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  basic := &authn.Basic{Username: "foo", Password: "bar"}
@@ -121,15 +117,13 @@ func (a *badAuth) Authorization() (*authn.AuthConfig, error) {
 
 func TestTransportBadAuth(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `Bearer realm="http://foo.io"`)
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  if _, err := NewWithContext(context.Background(), testReference.Context().Registry, &badAuth{}, tprt, []string{testReference.Scope(PullScope)}); err == nil {
@@ -167,9 +161,7 @@ func TestTransportSelectionBearer(t *testing.T) {
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  basic := &authn.Basic{Username: "foo", Password: "bar"}
@@ -186,15 +178,13 @@ func TestTransportSelectionBearer(t *testing.T) {
 
 func TestTransportSelectionBearerMissingRealm(t *testing.T) {
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  w.Header().Set("WWW-Authenticate", `Bearer service="gcr.io"`)
  http.Error(w, "Unauthorized", http.StatusUnauthorized)
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  basic := &authn.Basic{Username: "foo", Password: "bar"}
@@ -207,7 +197,7 @@ func TestTransportSelectionBearerMissingRealm(t *testing.T) {
 func TestTransportSelectionBearerAuthError(t *testing.T) {
  request := 0
  server := httptest.NewServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  request++
  switch request {
  case 1:
@@ -219,9 +209,7 @@ func TestTransportSelectionBearerAuthError(t *testing.T) {
  }))
  defer server.Close()
  tprt := &http.Transport{
- Proxy: func(req *http.Request) (*url.URL, error) {
- return url.Parse(server.URL)
- },
+ Proxy: func(*http.Request) (*url.URL, error) { return url.Parse(server.URL) },
  }
 
  basic := &authn.Basic{Username: "foo", Password: "bar"}
@@ -236,7 +224,7 @@ func TestTransportAlwaysTriesHttps(t *testing.T) {
  // This ensures that we try https even for local registries.
  count := 0
  server := httptest.NewTLSServer(
- http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
  count++
  w.Write([]byte(`{"token": "dfskdjhfkhsjdhfkjhsdf"}`))
  }))