Add Staticcheck to Build Pipeline (hashicorp#2421)

Run staticcheck linters on pull requests

Author: kheina

.github/workflows/linting.yml

@@ -0,0 +1,30 @@
+name: "golangci-lint"
+on: ["pull_request"]
+
+jobs:
+  lint:
+    name: "Run Linter"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: '0'
+      - name: Determine Go version
+        id: get-go-version
+        # We use .go-version as our source of truth for current Go
+        # version, because "goenv" can react to it automatically.
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "::set-output name=go-version::$(cat .go-version)"
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: "${{ steps.get-go-version.outputs.go-version }}"
+      - name: Install Dependencies
+        # if we really need to we can update this to run `make tools`
+        # later but its just not necessary to only run linters
+        run: |
+          make golangci-lint
+      - name: Running Linters
+        run: |
+          LINT_DIFF_BRANCH="origin/${GITHUB_BASE_REF}" make lint-diff

.golangci.yml

@@ -0,0 +1,14 @@
+linters:
+  disable-all: true
+  enable:
+    - staticcheck
+    - stylecheck
+
+issues:
+  exclude-rules:
+    - linters:
+        - stylecheck
+      text: "ST1005:"
+    - linters:
+        - stylecheck
+      text: "ST1003:"

Makefile

@@ -7,6 +7,7 @@ TMP_DIR := $(shell mktemp -d)
 REPO_PATH := github.com/hashicorp/boundary
 
 CGO_ENABLED?=0
+GO_PATH = $(shell go env GOPATH)
 
 export GEN_BASEPATH := $(shell pwd)
 
@@ -19,11 +20,21 @@ cli:
 	$(MAKE) --environment-overrides -C internal/cmd/gencli cli
 
 .PHONY: tools
-tools:
+tools: golangci-lint
 	go generate -tags tools tools/tools.go
 	go install github.com/bufbuild/buf/cmd/[email protected]
 	go install github.com/mfridman/[email protected]
 
+# golangci-lint recommends installing the binary directly, instead of using go get
+# See the note: https://golangci-lint.run/usage/install/#install-from-source
+.PHONY: golangci-lint
+golangci-lint:
+	$(eval GOLINT_INSTALLED := $(shell which golangci-lint))
+
+	if [ "$(GOLINT_INSTALLED)" = "" ]; then \
+		sh scripts/install-golangci-lint.sh -b $(GO_PATH)/bin v1.50.1; \
+	fi;
+
 .PHONY: cleangen
 cleangen:
 	@rm -f $(shell  find ${THIS_DIR} -name '*.gen.go' && find ${THIS_DIR} -name '*.pb.go' && find ${THIS_DIR} -name '*.pb.gw.go')
@@ -63,6 +74,17 @@ fmt:
 	grep -L -R "^\/\/ Code generated .* DO NOT EDIT\.$$" --exclude-dir=.git --include="*.go" . | xargs gofumpt -w
 	buf format -w
 
+lint:
+	golangci-lint run --timeout 10m
+
+ifndef LINT_DIFF_BRANCH
+override LINT_DIFF_BRANCH = main
+endif
+
+lint-diff:
+	@echo "Checking for lint compared to $(LINT_DIFF_BRANCH)"
+	golangci-lint run --timeout 10m --new-from-rev=$(LINT_DIFF_BRANCH)
+
 # Set env for all UI targets.
 UI_TARGETS := update-ui-version build-ui build-ui-ifne clean-ui
 # Note the extra .tmp path segment in UI_CLONE_DIR is significant and required.

internal/credential/vault/repository_credential_library.go

@@ -405,7 +405,7 @@ func (pl *listLookupLibrary) toCredentialLibrary() *CredentialLibrary {
 }
 
 // TableName returns the table name for gorm.
-func (_ *listLookupLibrary) TableName() string { return "credential_vault_library_list_lookup" }
+func (*listLookupLibrary) TableName() string { return "credential_vault_library_list_lookup" }
 
 // GetPublicId returns the public id.
 func (pl *listLookupLibrary) GetPublicId() string { return pl.PublicId }

internal/credential/vault/repository_credential_store.go

@@ -320,7 +320,7 @@ func (ps *listLookupStore) toCredentialStore() *CredentialStore {
 }
 
 // TableName returns the table name for gorm.
-func (_ *listLookupStore) TableName() string { return "credential_vault_store_list_lookup" }
+func (*listLookupStore) TableName() string { return "credential_vault_store_list_lookup" }
 
 // GetPublicId returns the public id.
 func (ps *listLookupStore) GetPublicId() string { return ps.PublicId }

internal/db/read_writer.go

@@ -397,9 +397,9 @@ func (rw *Db) DeleteItems(ctx context.Context, deleteItems []any, opt ...Option)
 // you should ensure that any objects written to the db in your TxHandler are retryable, which
 // means that the object may be sent to the db several times (retried), so things like the primary key must
 // be reset before retry
-func (w *Db) DoTx(ctx context.Context, retries uint, backOff Backoff, handler TxHandler) (RetryInfo, error) {
+func (rw *Db) DoTx(ctx context.Context, retries uint, backOff Backoff, handler TxHandler) (RetryInfo, error) {
 	const op = "db.DoTx"
-	if w.underlying == nil {
+	if rw.underlying == nil {
 		return RetryInfo{}, errors.New(ctx, errors.InvalidParameter, op, "missing underlying db")
 	}
 	if backOff == nil {
@@ -415,7 +415,7 @@ func (w *Db) DoTx(ctx context.Context, retries uint, backOff Backoff, handler Tx
 		}
 
 		// step one of this, start a transaction...
-		beginTx, err := dbw.New(w.underlying.wrapped.Load()).Begin(ctx)
+		beginTx, err := dbw.New(rw.underlying.wrapped.Load()).Begin(ctx)
 		if err != nil {
 			return info, wrapError(ctx, err, op)
 		}

internal/iam/principal_role.go

@@ -108,12 +108,12 @@ func (r *UserRole) Clone() any {
 }
 
 // VetForWrite implements db.VetForWrite() interface for user roles.
-func (role *UserRole) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error {
+func (r *UserRole) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error {
 	const op = "iam.(UserRole).VetForWrite"
-	if role.RoleId == "" {
+	if r.RoleId == "" {
 		return errors.New(ctx, errors.InvalidParameter, op, "missing role id")
 	}
-	if role.PrincipalId == "" {
+	if r.PrincipalId == "" {
 		return errors.New(ctx, errors.InvalidParameter, op, "missing user id")
 	}
 	return nil
@@ -185,12 +185,12 @@ func (r *GroupRole) Clone() any {
 }
 
 // VetForWrite implements db.VetForWrite() interface for group roles.
-func (role *GroupRole) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error {
+func (r *GroupRole) VetForWrite(ctx context.Context, _ db.Reader, opType db.OpType, opt ...db.Option) error {
 	const op = "iam.(GroupRole).VetForWrite"
-	if role.RoleId == "" {
+	if r.RoleId == "" {
 		return errors.New(ctx, errors.InvalidParameter, op, "missing role id")
 	}
-	if role.PrincipalId == "" {
+	if r.PrincipalId == "" {
 		return errors.New(ctx, errors.InvalidParameter, op, "missing group id")
 	}
 	return nil
@@ -264,12 +264,12 @@ func (r *ManagedGroupRole) Clone() any {
 }
 
 // VetForWrite implements db.VetForWrite() interface for managed group roles.
-func (role ManagedGroupRole) VetForWrite(ctx context.Context, r db.Reader, opType db.OpType, opt ...db.Option) error {
+func (r ManagedGroupRole) VetForWrite(ctx context.Context, _ db.Reader, opType db.OpType, opt ...db.Option) error {
 	const op = "iam.(ManagedGroupRole).VetForWrite"
-	if role.RoleId == "" {
+	if r.RoleId == "" {
 		return errors.New(ctx, errors.InvalidParameter, op, "missing role id")
 	}
-	if role.PrincipalId == "" {
+	if r.PrincipalId == "" {
 		return errors.New(ctx, errors.InvalidParameter, op, "missing managed group id")
 	}
 	return nil

internal/observability/event/event_observation.go

@@ -55,14 +55,14 @@ func newObservation(fromOperation Op, opt ...Option) (*observation, error) {
 }
 
 // EventType is required for all event types by the eventlogger broker
-func (i *observation) EventType() string { return string(ObservationType) }
+func (o *observation) EventType() string { return string(ObservationType) }
 
-func (i *observation) validate() error {
+func (o *observation) validate() error {
 	const op = "event.(Observation).validate"
-	if i.ID == "" {
+	if o.ID == "" {
 		return fmt.Errorf("%s: missing id: %w", op, ErrInvalidParameter)
 	}
-	if i.Op == "" {
+	if o.Op == "" {
 		return fmt.Errorf("%s: missing operation: %w", op, ErrInvalidParameter)
 	}
 	return nil

internal/session/job_session_cleanup_test.go

@@ -40,6 +40,7 @@ func TestSessionConnectionCleanupJob(t *testing.T) {
 	serversRepo, err := server.NewRepository(rw, rw, kms)
 	require.NoError(err)
 	sessionRepo, err := NewRepository(ctx, rw, rw, kms)
+	require.NoError(err)
 	connectionRepo, err := NewConnectionRepository(ctx, rw, rw, kms)
 	require.NoError(err)
 

internal/session/repository_session_test.go

@@ -1564,6 +1564,7 @@ func TestRepository_deleteTargetFKey(t *testing.T) {
 	kms := kms.TestKms(t, conn, wrapper)
 	ctx := context.Background()
 	repo, err := NewRepository(ctx, rw, rw, kms)
+	require.NoError(t, err)
 	targetRepo, err := target.NewRepository(ctx, rw, rw, kms)
 	require.NoError(t, err)