From 24100197410499ea99bcbc0331fee7e1de673bfe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 24 Aug 2024 00:29:40 +0000 Subject: [PATCH 1/2] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/test.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6ce1f87..597961b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1a5bcb9..9a84c02 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: go test -race -covermode=atomic -coverprofile=coverage.out ./... - name: coverage - uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.5.0 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} file: coverage.out From aa0d843b6d51086df6da55cd06dff72983ea4d9b Mon Sep 17 00:00:00 2001 From: Kelly Merrick Date: Mon, 26 Aug 2024 14:58:24 -0500 Subject: [PATCH 2/2] chore: update deps, import order, fix linter errors --- .golangci.yml | 108 ++++++++++++++++++++---------------- cmd/vela-npm/main.go | 5 +- internal/npm/plugin.go | 13 +++-- internal/npm/plugin_test.go | 3 +- version/version.go | 5 +- 5 files changed, 75 insertions(+), 59 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 1d15199..4dd8c04 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -8,7 +8,10 @@ # outputs it results from the linters it executes. output: # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number" - format: colored-line-number + formats: + - format: json + path: stderr + - format: colored-line-number # print lines of code with issue, default is true print-issued-lines: true @@ -32,6 +35,18 @@ linters-settings: lines: 160 statements: 70 + # https://github.com/daixiang0/gci + # ensure import order is consistent + # gci write --custom-order -s standard -s default -s blank -s dot -s "prefix(github.com/go-vela)" . + gci: + custom-order: true + sections: + - standard + - default + - blank + - dot + - prefix(github.com/go-vela) + # https://github.com/denis-tingaikin/go-header goheader: template: |- @@ -43,9 +58,9 @@ linters-settings: # https://github.com/golangci/golangci-lint/blob/master/pkg/golinters/nolintlint nolintlint: - allow-unused: false # allow nolint directives that don't address a linting issue - require-explanation: true # require an explanation for nolint directives - require-specific: true # require nolint directives to be specific about which linter is being skipped + allow-unused: false # allow nolint directives that don't address a linting issue + require-explanation: true # require an explanation for nolint directives + require-specific: true # require nolint directives to be specific about which linter is being skipped # This section provides the configuration for which linters # golangci will execute. Several of them were disabled by @@ -56,46 +71,42 @@ linters: # enable a specific set of linters to run enable: - - bidichk # checks for dangerous unicode character sequences - - bodyclose # checks whether HTTP response body is closed successfully - - contextcheck # check the function whether use a non-inherited context - - deadcode # finds unused code - - dupl # code clone detection - - errcheck # checks for unchecked errors - - errorlint # find misuses of errors - - exportloopref # check for exported loop vars - - funlen # detects long functions - - goconst # finds repeated strings that could be replaced by a constant - - gocyclo # computes and checks the cyclomatic complexity of functions - - godot # checks if comments end in a period - - gofmt # checks whether code was gofmt-ed - - goheader # checks is file header matches to pattern - - goimports # fixes imports and formats code in same style as gofmt - - gomoddirectives # manage the use of 'replace', 'retract', and 'excludes' directives in go.mod - - goprintffuncname # checks that printf-like functions are named with f at the end - - gosec # inspects code for security problems - - gosimple # linter that specializes in simplifying a code - - govet # reports suspicious constructs, ex. Printf calls whose arguments don't align with the format string - - ineffassign # detects when assignments to existing variables aren't used - - makezero # finds slice declarations with non-zero initial length - - misspell # finds commonly misspelled English words in comments - - nakedret # finds naked returns in functions greater than a specified function length - - nilerr # finds the code that returns nil even if it checks that the error is not nil - - noctx # noctx finds sending http request without context.Context - - nolintlint # reports ill-formed or insufficient nolint directives - - revive # linter for go - - staticcheck # applies static analysis checks, go vet on steroids - - structcheck # finds unused struct fields - - stylecheck # replacement for golint - - tenv # analyzer that detects using os.Setenv instead of t.Setenv since Go1.17 - - typecheck # parses and type-checks go code, like the front-end of a go compiler - - unconvert # remove unnecessary type conversions - - unparam # reports unused function parameters - - unused # checks for unused constants, variables, functions and types - - varcheck # finds unused global variables and constants - - whitespace # detects leading and trailing whitespace - - wsl # forces code to use empty lines - + - bidichk # checks for dangerous unicode character sequences + - bodyclose # checks whether HTTP response body is closed successfully + - contextcheck # check the function whether use a non-inherited context + - dupl # code clone detection + - errcheck # checks for unchecked errors + - errorlint # find misuses of errors + - exportloopref # check for exported loop vars + - funlen # detects long functions + - gci # consistent import ordering + - goconst # finds repeated strings that could be replaced by a constant + - gocyclo # computes and checks the cyclomatic complexity of functions + - godot # checks if comments end in a period + - gofmt # checks whether code was gofmt-ed + - goheader # checks is file header matches to pattern + - gomoddirectives # manage the use of 'replace', 'retract', and 'excludes' directives in go.mod + - goprintffuncname # checks that printf-like functions are named with f at the end + - gosec # inspects code for security problems + - gosimple # linter that specializes in simplifying a code + - govet # reports suspicious constructs, ex. Printf calls whose arguments don't align with the format string + - ineffassign # detects when assignments to existing variables aren't used + - makezero # finds slice declarations with non-zero initial length + - nakedret # finds naked returns in functions greater than a specified function length + - nilerr # finds the code that returns nil even if it checks that the error is not nil + - noctx # noctx finds sending http request without context.Context + - nolintlint # reports ill-formed or insufficient nolint directives + - revive # linter for go + - staticcheck # applies static analysis checks, go vet on steroids + - stylecheck # replacement for golint + - tenv # analyzer that detects using os.Setenv instead of t.Setenv since Go1.17 + - typecheck # parses and type-checks go code, like the front-end of a go compiler + - unconvert # remove unnecessary type conversions + - unparam # reports unused function parameters + - unused # checks for unused constants, variables, functions and types + - whitespace # detects leading and trailing whitespace + - wsl # forces code to use empty lines + # static list of linters we know golangci can run but we've # chosen to leave disabled for now # - asciicheck - non-critical @@ -111,7 +122,7 @@ linters: # - gci - use goimports # - gochecknoinits - unused # - gochecknoglobals - global variables allowed - # - gocognit - unused complexity metric + # - gocognit - unused complexity metric # - gocritic - style preference # - godox - to be used in the future # - goerr113 - to be used in the future @@ -122,7 +133,7 @@ linters: # - ifshort - use both styles # - ireturn - allow interfaces to be returned # - importas - want flexibility with naming - # - lll - not too concerned about line length + # - lll - not too concerned about line length # - interfacer - archived # - nestif - non-critical # - nilnil - style preference @@ -131,7 +142,7 @@ linters: # - paralleltest - false-positives # - prealloc - don't use # - predeclared - unused - # - promlinter - style preference + # - promlinter - style preference # - rowserrcheck - unused # - scopelint - deprecated - replaced with exportloopref # - sqlclosecheck - unused @@ -143,7 +154,7 @@ linters: # - wrapcheck - style preference # This section provides the configuration for how golangci -# will report the issues it finds. +# will report the issues it finds. issues: # Excluding configuration per-path, per-linter, per-text and per-source exclude-rules: @@ -154,3 +165,4 @@ issues: - funlen - goconst - gocyclo + - wsl diff --git a/cmd/vela-npm/main.go b/cmd/vela-npm/main.go index eaf221c..152054f 100644 --- a/cmd/vela-npm/main.go +++ b/cmd/vela-npm/main.go @@ -8,10 +8,11 @@ import ( "os" "strings" - "github.com/go-vela/vela-npm/internal/npm" - "github.com/go-vela/vela-npm/version" log "github.com/sirupsen/logrus" "github.com/urfave/cli/v2" + + "github.com/go-vela/vela-npm/internal/npm" + "github.com/go-vela/vela-npm/version" ) func main() { diff --git a/internal/npm/plugin.go b/internal/npm/plugin.go index abb5881..7e37aeb 100644 --- a/internal/npm/plugin.go +++ b/internal/npm/plugin.go @@ -11,9 +11,10 @@ import ( "strconv" "strings" - "github.com/go-vela/vela-npm/internal/shell" log "github.com/sirupsen/logrus" "github.com/spf13/afero" + + "github.com/go-vela/vela-npm/internal/shell" ) // Plugin interface. @@ -301,7 +302,9 @@ func (p *plugin) createNpmrc() error { } else { // user username/password auth64 := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", p.config.UserName, p.config.Password))) + auth := fmt.Sprintf("%s_auth=%s", registryString, auth64) + if _, err = f.WriteString(auth + "\n"); err != nil { return fmt.Errorf("failed to write _auth: %w", err) } @@ -418,7 +421,7 @@ func (p *plugin) validatePackageVersion(nodePackage packageJSON) error { } if errResp.ErrorBlock.Code == "ENOTFOUND" { // ENOTFOUND -> not a valid registry - return fmt.Errorf(errResp.ErrorBlock.Summary) + return errors.New(errResp.ErrorBlock.Summary) } else if errResp.ErrorBlock.Code == "E404" { // E404 -> valid registry but package doesn't exist yet... so it's ours to take! // Notify that we are publishing with a novel package name log.Info("Package does not already exist in the registry, publish will claim `" + nodePackage.Name + "`") @@ -426,7 +429,7 @@ func (p *plugin) validatePackageVersion(nodePackage packageJSON) error { return nil } // Unknown error response code - return fmt.Errorf(errResp.ErrorBlock.Summary) + return errors.New(errResp.ErrorBlock.Summary) } var versions []string @@ -473,11 +476,11 @@ func (p *plugin) audit() error { var errResp shell.NPMErrorResponse if err := json.Unmarshal(out, &errResp); (err == nil && errResp != shell.NPMErrorResponse{}) { if errResp.ErrorBlock.Code == "ENOLOCK" { // ENOLOCK -> requires lockfile - return fmt.Errorf(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail) + return errors.New(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail) } else if errResp.ErrorBlock.Code == "ENOAUDIT" { // ENOAUDIT -> valid registry but it doesn't support audits log.Warn(errResp.ErrorBlock.Summary + " Try adding a .npmrc to your project directory or set `audit-level: none`.") } else { // Unknown error response code - return fmt.Errorf(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail) + return errors.New(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail) } } } diff --git a/internal/npm/plugin_test.go b/internal/npm/plugin_test.go index aaf25dd..888dab5 100644 --- a/internal/npm/plugin_test.go +++ b/internal/npm/plugin_test.go @@ -11,9 +11,10 @@ import ( "strings" "testing" - "github.com/go-vela/vela-npm/test" gomock "github.com/golang/mock/gomock" "github.com/spf13/afero" + + "github.com/go-vela/vela-npm/test" ) const npmrcDefaults = "json=true\ncolor=false\nloglevel=silent\nupdate-notifier=false\n" diff --git a/version/version.go b/version/version.go index 3777217..c4f30b0 100644 --- a/version/version.go +++ b/version/version.go @@ -6,11 +6,10 @@ import ( "fmt" "runtime" - "github.com/go-vela/types/version" - "github.com/Masterminds/semver/v3" - "github.com/sirupsen/logrus" + + "github.com/go-vela/types/version" ) var (