zitadel/.golangci.yaml

309 lines
15 KiB
YAML
Raw Normal View History

issues:
new: true
# Set to 0 to disable.
max-issues-per-linter: 0
# Set to 0 to disable.
max-same-issues: 0
run:
concurrency: 2
timeout: 10m
go: '1.19'
skip-dirs:
- .artifacts
- .backups
- .codecov
- .github
- .keys
- .vscode
- build
- console
- deploy
- docs
- guides
- internal/api/ui/login/static
- openapi
- proto
- tools
linters:
enable:
# Simple linter to check that your code does not contain non-ASCII identifiers [fast: true, auto-fix: false]
- asciicheck
# checks whether HTTP response body is closed successfully [fast: false, auto-fix: false]
- bodyclose
# check the function whether use a non-inherited context [fast: false, auto-fix: false]
- contextcheck
# Computes and checks the cognitive complexity of functions [fast: true, auto-fix: false]
- gocognit
# Checks Go code for unused constants, variables, functions and types [fast: false, auto-fix: false]
- unused
# Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases [fast: false, auto-fix: false]
- errcheck
# Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`. [fast: false, auto-fix: false]
- errname
# errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13. [fast: false, auto-fix: false]
- errorlint
# check exhaustiveness of enum switch statements [fast: false, auto-fix: false]
- exhaustive
# Gci controls golang package import order and makes it always deterministic. [fast: true, auto-fix: false]
- gci
# Provides diagnostics that check for bugs, performance and style issues. [fast: false, auto-fix: false]
- gocritic
# Linter for Go source code that specializes in simplifying a code [fast: false, auto-fix: false]
- gosimple
# Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string [fast: false, auto-fix: false]
- govet
# Detects when assignments to existing variables are not used [fast: true, auto-fix: false]
- ineffassign
# Finds commonly misspelled English words in comments [fast: true, auto-fix: true]
- misspell
# Finds naked returns in functions greater than a specified function length [fast: true, auto-fix: false]
- nakedret
# Staticcheck is a go vet on steroids, applying a ton of static analysis checks [fast: false, auto-fix: false]
- staticcheck
# Like the front-end of a Go compiler, parses and type-checks Go code [fast: false, auto-fix: false]
- typecheck
# Reports ill-formed or insufficient nolint directives [fast: true, auto-fix: false]
- nolintlint
# Checks for misuse of Sprintf to construct a host with port in a URL.
- nosprintfhostport
# checks whether Err of rows is checked successfully in `sql.Rows` [fast: false, auto-fix: false]
- rowserrcheck
# Checks that sql.Rows and sql.Stmt are closed. [fast: false, auto-fix: false]
- sqlclosecheck
# Remove unnecessary type conversions [fast: false, auto-fix: false]
- unconvert
disable:
# Checks for dangerous unicode character sequences [fast: true, auto-fix: false]
# not needed because github does that out of the box
- bidichk
# containedctx is a linter that detects struct contained context.Context field [fast: true, auto-fix: false]
# using contextcheck which looks more active
- containedctx
# checks function and package cyclomatic complexity [fast: false, auto-fix: false]
# not use because gocognit is used
- cyclop
# The owner seems to have abandoned the linter. Replaced by unused.
# deprecated, replaced by unused
- deadcode
# check declaration order and count of types, constants, variables and functions [fast: true, auto-fix: false]
# FUTURE: IMO it sometimes makes sense to declare consts or types after a func
- decorder
# Go linter that checks if package imports are in a list of acceptable packages [fast: false, auto-fix: false]
# not required because of dependabot
- depguard
# Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) [fast: true, auto-fix: false]
# FUTURE: old code is not compatible
- dogsled
# Tool for code clone detection [fast: true, auto-fix: false]
# FUTURE: old code is not compatible
- dupl
# checks for duplicate words in the source code
# not sure if it makes sense
- dupword
# check for two durations multiplied together [fast: false, auto-fix: false]
# FUTURE: checks for accident `1 * time.Second * time.Second`
- durationcheck
# Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occations, where the check for the returned error can be omitted. [fast: false, auto-fix: false]
# FUTURE: use asap, because we use json alot. nice feature is possiblity to check if err check is required
- errchkjson
# execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
# FUTURE: might find some errors in sql queries
- execinquery
# Checks if all struct's fields are initialized [fast: false, auto-fix: false]
# deprecated
- exhaustivestruct
# Checks if all structure fields are initialized
# Not all fields have to be initialized
- exhaustruct
# checks for pointers to enclosing loop variables [fast: false, auto-fix: false]
# FUTURE: finds bugs hard to find, could occur much later
- exportloopref
# Forbids identifiers [fast: true, auto-fix: false]
# see no reason. allows to define regexp which are not allowed to use
- forbidigo
# finds forced type assertions [fast: true, auto-fix: false]
# not used because we mostly use `_, _ = a.(int)`
- forcetypeassert
# Tool for detection of long functions [fast: true, auto-fix: false]
# not used because it ignores complexity
- funlen
# check that no global variables exist [fast: true, auto-fix: false]
# We use some global variables which is ok IMO
- gochecknoglobals
# Checks that no init functions are present in Go code [fast: true, auto-fix: false]
# we use inits for the database abstraction
- gochecknoinits
# Finds repeated strings that could be replaced by a constant [fast: true, auto-fix: false]
# FUTURE: might be cool to check
- goconst
# Computes and checks the cyclomatic complexity of functions [fast: true, auto-fix: false]
# not used because cyclop also checks complexity of package
- gocyclo
# Check if comments end in a period [fast: true, auto-fix: true]
# FUTURE: checks if comments are written as specified
- godot
# Tool for detection of FIXME, TODO and other comment keywords [fast: true, auto-fix: false]
# FUTURE: maybe makes sense later. IMO some view todos are ok for later tasks.
- godox
# Golang linter to check the errors handling expressions [fast: false, auto-fix: false]
# Not used in favore of errorlint
- goerr113
# Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification [fast: true, auto-fix: true]
# ignored in favor of goimports
- gofmt
# Gofumpt checks whether code was gofumpt-ed. [fast: true, auto-fix: true]
# ignored in favor of goimports
- gofumpt
# Checks is file header matches to pattern [fast: true, auto-fix: false]
# ignored because we don't write licenses as headers
- goheader
# In addition to fixing imports, goimports also formats your code in the same style as gofmt. [fast: true, auto-fix: true]
# ignored in favor of gci
- goimports
#deprecated]: Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes [fast: false, auto-fix: false]
# ignored in favor of goimports
- golint
# An analyzer to detect magic numbers. [fast: true, auto-fix: false]
# FUTURE: not that critical at the moment
- gomnd
# Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod. [fast: true, auto-fix: false]
# FUTURE: not a problem at the moment
- gomoddirectives
# Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations. [fast: true, auto-fix: false]
# FUTURE: maybe interesting because of licenses
- gomodguard
# Checks that printf-like functions are named with `f` at the end [fast: true, auto-fix: false]
# FUTURE: not a problem at the moment
- goprintffuncname
# Inspects source code for security problems [fast: false, auto-fix: false]
# TODO: I think it would be more interesting to integrate into gh code scanning: https://github.com/securego/gosec#integrating-with-code-scanning
- gosec
# An analyzer to analyze expression groups. [fast: true, auto-fix: false]
# I think the groups (vars, consts, imports, ...) we have atm are ok
- grouper
# Checks that your code uses short syntax for if-statements whenever possible [fast: true, auto-fix: false]
# Dont't use its deprecated
- ifshort
# Enforces consistent import aliases [fast: false, auto-fix: false]
# FUTURE: aliasing of imports is more or less consistent
- importas
# A linter that checks the number of methods inside an interface.
# No need at the moment, repository abstraction was removed
- interfacebloat
# A linter that suggests interface types
# Don't use it's archived
- interfacer
# Accept Interfaces, Return Concrete Types [fast: false, auto-fix: false]
# FUTURE: check if no interface is returned
- ireturn
# Reports long lines [fast: true, auto-fix: false]
# FUTURE: would make code more readable
- lll
# Checks key valur pairs for common logger libraries (kitlog,klog,logr,zap).
# FUTURE: useable as soon as we switch logger library
- loggercheck
# maintidx measures the maintainability index of each function. [fast: true, auto-fix: false]
# not used because volume of halstead complexity feels strange as measurement https://en.wikipedia.org/wiki/Halstead_complexity_measures
- maintidx
# Finds slice declarations with non-zero initial length [fast: false, auto-fix: false]
# I would prefer to use https://github.com/alexkohler/prealloc
- makezero
# Reports deeply nested if statements [fast: true, auto-fix: false]
# focus only on if's
- nestif
# Finds the code that returns nil even if it checks that the error is not nil. [fast: false, auto-fix: false]
# FUTURE: check if it is allowed to return nil partially in error catch
- nilerr
# Checks that there is no simultaneous return of `nil` error and an invalid value. [fast: false, auto-fix: false]
# FUTURE: would reduce checks and panics
- nilnil
# nlreturn checks for a new line before return and branch statements to increase code clarity [fast: true, auto-fix: false]
# DISCUSS: IMO the readability of does not always increase using more empty lines
- nlreturn
# noctx finds sending http request without context.Context [fast: false, auto-fix: false]
# only interesting if using http
- noctx
# Reports all names returns
# Named returns are not allowed which IMO reduces readability of code
- nonamedreturns
# detects snake case of variable naming and function name.
# has not been a problem in our code and deprecated
- nosnakecase
# paralleltest detects missing usage of t.Parallel() method in your Go test [fast: true, auto-fix: false]
# FUTURE: will break all of our tests
- paralleltest
# Finds slice declarations that could potentially be preallocated [fast: true, auto-fix: false]
# FUTURE: would improve performance
- prealloc
# find code that shadows one of Go's predeclared identifiers [fast: true, auto-fix: false]
# FUTURE: checks for overwrites
- predeclared
# Check Prometheus metrics naming via promlint [fast: true, auto-fix: false]
# Not interesting at the moment
- promlinter
# Checks that package variables are not reassigned
# FUTURE: checks if vars like Err's are reassigned which might break code
- reassign
# Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint. [fast: false, auto-fix: false]
# Linter aggregator, would allow to use less other linters
- revive
# checks for unpinned variables in go programs
# deprecated
- scopelint
# Finds unused struct fields [fast: false, auto-fix: false]
# deprecated, replaced by unused
- structcheck
# Stylecheck is a replacement for golint [fast: false, auto-fix: false]
# we use goimports
- stylecheck
# Checks the struct tags. [fast: true, auto-fix: false]
# FUTURE: would help for new structs
- tagliatelle
# tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17 [fast: false, auto-fix: false]
# FUTURE: currently are no env vars set
- tenv
# linter checks if examples are testable (have an expected output)
# FUTURE: as soon as examples are added
- testableexamples
# linter that makes you use a separate _test package [fast: true, auto-fix: false]
# don't use because we test some unexported functions
- testpackage
# thelper detects golang test helpers without t.Helper() call and checks the consistency of test helpers [fast: false, auto-fix: false]
# FUTURE: nice to improve test quality
- thelper
# tparallel detects inappropriate usage of t.Parallel() method in your Go test codes [fast: false, auto-fix: false]
# FUTURE: nice to improve test quality
- tparallel
# Reports unused function parameters [fast: false, auto-fix: false]
# DISCUSS: nice idea and would improve code quality, but how to handle false positives?
- unparam
# A linter that detect the possibility to use variables/constants from the Go standard library.
# FUTURE: improves code quality
- usestdlibvars
# Finds unused global variables and constants [fast: false, auto-fix: false]
# deprecated, replaced by unused
- varcheck
# checks that the length of a variable's name matches its scope [fast: false, auto-fix: false]
# I would not use it because it more or less checks if var lenght matches
- varnamelen
# wastedassign finds wasted assignment statements. [fast: false, auto-fix: false]
# FUTURE: would improve code quality (maybe already checked by vet?)
- wastedassign
# Tool for detection of leading and trailing whitespace [fast: true, auto-fix: true]
# Not sure if it improves code readability
- whitespace
# Checks that errors returned from external packages are wrapped [fast: false, auto-fix: false]
# FUTURE: improves UX because all the errors will be ZITADEL errors
- wrapcheck
# Whitespace Linter - Forces you to use empty lines! [fast: true, auto-fix: false]
# FUTURE: improves code quality by allowing and blocking line breaks
- wsl
linters-settings:
gci:
sections:
- standard # Standard section: captures all standard packages.
- default # Default section: contains all imports that could not be matched to another section type.
- prefix(github.com/zitadel/zitadel) # Custom section: groups all imports with the specified Prefix.
custom-order: true