chore: update deps, import order, fix linter errors

.github/workflows/codeql-analysis.yml

@@ -39,7 +39,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+      uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+      uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+      uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
         go test -race -covermode=atomic -coverprofile=coverage.out ./...
 
     - name: coverage
-      uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.5.0
+      uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         file: coverage.out

.golangci.yml

@@ -8,7 +8,10 @@
 # outputs it results from the linters it executes.
 output:
   # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: colored-line-number
+  formats:
+    - format: json
+      path: stderr
+    - format: colored-line-number
 
   # print lines of code with issue, default is true
   print-issued-lines: true
@@ -32,6 +35,18 @@ linters-settings:
     lines: 160
     statements: 70
 
+  # https://github.com/daixiang0/gci
+  # ensure import order is consistent
+  # gci write --custom-order -s standard -s default -s blank -s dot -s "prefix(github.com/go-vela)" .
+  gci:
+    custom-order: true
+    sections:
+      - standard
+      - default
+      - blank
+      - dot
+      - prefix(github.com/go-vela)
+
   # https://github.com/denis-tingaikin/go-header
   goheader:
     template: |-
@@ -43,9 +58,9 @@ linters-settings:
 
   # https://github.com/golangci/golangci-lint/blob/master/pkg/golinters/nolintlint
   nolintlint:
-    allow-unused: false           # allow nolint directives that don't address a linting issue
-    require-explanation: true     # require an explanation for nolint directives
-    require-specific: true        # require nolint directives to be specific about which linter is being skipped
+    allow-unused: false # allow nolint directives that don't address a linting issue
+    require-explanation: true # require an explanation for nolint directives
+    require-specific: true # require nolint directives to be specific about which linter is being skipped
 
 # This section provides the configuration for which linters
 # golangci will execute. Several of them were disabled by
@@ -56,46 +71,42 @@ linters:
 
   # enable a specific set of linters to run
   enable:
-    - bidichk             # checks for dangerous unicode character sequences
-    - bodyclose           # checks whether HTTP response body is closed successfully
-    - contextcheck        # check the function whether use a non-inherited context
-    - deadcode            # finds unused code
-    - dupl                # code clone detection
-    - errcheck            # checks for unchecked errors
-    - errorlint           # find misuses of errors
-    - exportloopref       # check for exported loop vars
-    - funlen              # detects long functions
-    - goconst             # finds repeated strings that could be replaced by a constant
-    - gocyclo             # computes and checks the cyclomatic complexity of functions
-    - godot               # checks if comments end in a period
-    - gofmt               # checks whether code was gofmt-ed
-    - goheader            # checks is file header matches to pattern
-    - goimports           # fixes imports and formats code in same style as gofmt
-    - gomoddirectives     # manage the use of 'replace', 'retract', and 'excludes' directives in go.mod
-    - goprintffuncname    # checks that printf-like functions are named with f at the end
-    - gosec               # inspects code for security problems
-    - gosimple            # linter that specializes in simplifying a code
-    - govet               # reports suspicious constructs, ex. Printf calls whose arguments don't align with the format string
-    - ineffassign         # detects when assignments to existing variables aren't used
-    - makezero            # finds slice declarations with non-zero initial length
-    - misspell            # finds commonly misspelled English words in comments
-    - nakedret            # finds naked returns in functions greater than a specified function length
-    - nilerr              # finds the code that returns nil even if it checks that the error is not nil
-    - noctx               # noctx finds sending http request without context.Context
-    - nolintlint          # reports ill-formed or insufficient nolint directives
-    - revive              # linter for go
-    - staticcheck         # applies static analysis checks, go vet on steroids
-    - structcheck         # finds unused struct fields
-    - stylecheck          # replacement for golint
-    - tenv                # analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
-    - typecheck           # parses and type-checks go code, like the front-end of a go compiler
-    - unconvert           # remove unnecessary type conversions
-    - unparam             # reports unused function parameters
-    - unused              # checks for unused constants, variables, functions and types
-    - varcheck            # finds unused global variables and constants
-    - whitespace          # detects leading and trailing whitespace
-    - wsl                 # forces code to use empty lines
-
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - contextcheck # check the function whether use a non-inherited context
+    - dupl # code clone detection
+    - errcheck # checks for unchecked errors
+    - errorlint # find misuses of errors
+    - exportloopref # check for exported loop vars
+    - funlen # detects long functions
+    - gci # consistent import ordering
+    - goconst # finds repeated strings that could be replaced by a constant
+    - gocyclo # computes and checks the cyclomatic complexity of functions
+    - godot # checks if comments end in a period
+    - gofmt # checks whether code was gofmt-ed
+    - goheader # checks is file header matches to pattern
+    - gomoddirectives # manage the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    - goprintffuncname # checks that printf-like functions are named with f at the end
+    - gosec # inspects code for security problems
+    - gosimple # linter that specializes in simplifying a code
+    - govet # reports suspicious constructs, ex. Printf calls whose arguments don't align with the format string
+    - ineffassign # detects when assignments to existing variables aren't used
+    - makezero # finds slice declarations with non-zero initial length
+    - nakedret # finds naked returns in functions greater than a specified function length
+    - nilerr # finds the code that returns nil even if it checks that the error is not nil
+    - noctx # noctx finds sending http request without context.Context
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - revive # linter for go
+    - staticcheck # applies static analysis checks, go vet on steroids
+    - stylecheck # replacement for golint
+    - tenv # analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
+    - typecheck # parses and type-checks go code, like the front-end of a go compiler
+    - unconvert # remove unnecessary type conversions
+    - unparam # reports unused function parameters
+    - unused # checks for unused constants, variables, functions and types
+    - whitespace # detects leading and trailing whitespace
+    - wsl # forces code to use empty lines
+
   # static list of linters we know golangci can run but we've
   # chosen to leave disabled for now
   # - asciicheck          - non-critical
@@ -111,7 +122,7 @@ linters:
   # - gci                 - use goimports
   # - gochecknoinits      - unused
   # - gochecknoglobals    - global variables allowed
-  # - gocognit            - unused complexity metric 
+  # - gocognit            - unused complexity metric
   # - gocritic            - style preference
   # - godox               - to be used in the future
   # - goerr113            - to be used in the future
@@ -122,7 +133,7 @@ linters:
   # - ifshort             - use both styles
   # - ireturn             - allow interfaces to be returned
   # - importas            - want flexibility with naming
-  # - lll                 - not too concerned about line length 
+  # - lll                 - not too concerned about line length
   # - interfacer          - archived
   # - nestif              - non-critical
   # - nilnil              - style preference
@@ -131,7 +142,7 @@ linters:
   # - paralleltest        - false-positives
   # - prealloc            - don't use
   # - predeclared         - unused
-  # - promlinter          - style preference 
+  # - promlinter          - style preference
   # - rowserrcheck        - unused
   # - scopelint           - deprecated - replaced with exportloopref
   # - sqlclosecheck       - unused
@@ -143,7 +154,7 @@ linters:
   # - wrapcheck           - style preference
 
 # This section provides the configuration for how golangci
-# will report the issues it finds. 
+# will report the issues it finds.
 issues:
   # Excluding configuration per-path, per-linter, per-text and per-source
   exclude-rules:
@@ -154,3 +165,4 @@ issues:
         - funlen
         - goconst
         - gocyclo
+        - wsl

cmd/vela-npm/main.go

@@ -8,10 +8,11 @@ import (
 	"os"
 	"strings"
 
-	"github.com/go-vela/vela-npm/internal/npm"
-	"github.com/go-vela/vela-npm/version"
 	log "github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
+
+	"github.com/go-vela/vela-npm/internal/npm"
+	"github.com/go-vela/vela-npm/version"
 )
 
 func main() {

internal/npm/plugin.go

@@ -11,9 +11,10 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/go-vela/vela-npm/internal/shell"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/afero"
+
+	"github.com/go-vela/vela-npm/internal/shell"
 )
 
 // Plugin interface.
@@ -301,7 +302,9 @@ func (p *plugin) createNpmrc() error {
 	} else {
 		// user username/password
 		auth64 := b64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", p.config.UserName, p.config.Password)))
+
 		auth := fmt.Sprintf("%s_auth=%s", registryString, auth64)
+
 		if _, err = f.WriteString(auth + "\n"); err != nil {
 			return fmt.Errorf("failed to write _auth: %w", err)
 		}
@@ -418,15 +421,15 @@ func (p *plugin) validatePackageVersion(nodePackage packageJSON) error {
 		}
 
 		if errResp.ErrorBlock.Code == "ENOTFOUND" { // ENOTFOUND -> not a valid registry
-			return fmt.Errorf(errResp.ErrorBlock.Summary)
+			return errors.New(errResp.ErrorBlock.Summary)
 		} else if errResp.ErrorBlock.Code == "E404" { // E404 -> valid registry but package doesn't exist yet... so it's ours to take!
 			// Notify that we are publishing with a novel package name
 			log.Info("Package does not already exist in the registry, publish will claim `" + nodePackage.Name + "`")
 
 			return nil
 		}
 		// Unknown error response code
-		return fmt.Errorf(errResp.ErrorBlock.Summary)
+		return errors.New(errResp.ErrorBlock.Summary)
 	}
 
 	var versions []string
@@ -473,11 +476,11 @@ func (p *plugin) audit() error {
 		var errResp shell.NPMErrorResponse
 		if err := json.Unmarshal(out, &errResp); (err == nil && errResp != shell.NPMErrorResponse{}) {
 			if errResp.ErrorBlock.Code == "ENOLOCK" { // ENOLOCK -> requires lockfile
-				return fmt.Errorf(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail)
+				return errors.New(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail)
 			} else if errResp.ErrorBlock.Code == "ENOAUDIT" { // ENOAUDIT -> valid registry but it doesn't support audits
 				log.Warn(errResp.ErrorBlock.Summary + " Try adding a .npmrc to your project directory or set `audit-level: none`.")
 			} else { // Unknown error response code
-				return fmt.Errorf(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail)
+				return errors.New(errResp.ErrorBlock.Summary + " " + errResp.ErrorBlock.Detail)
 			}
 		}
 	}

internal/npm/plugin_test.go

@@ -11,9 +11,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/go-vela/vela-npm/test"
 	gomock "github.com/golang/mock/gomock"
 	"github.com/spf13/afero"
+
+	"github.com/go-vela/vela-npm/test"
 )
 
 const npmrcDefaults = "json=true\ncolor=false\nloglevel=silent\nupdate-notifier=false\n"

version/version.go

@@ -6,11 +6,10 @@ import (
 	"fmt"
 	"runtime"
 
-	"github.com/go-vela/types/version"
-
 	"github.com/Masterminds/semver/v3"
-
 	"github.com/sirupsen/logrus"
+
+	"github.com/go-vela/types/version"
 )
 
 var (