feat: added pre-commit

Signed-off-by: Bruno Bressi <[email protected]>

.golangci.yaml

@@ -0,0 +1,159 @@
+linters-settings:
+  depguard:
+    # new configuration
+    rules:
+      logger:
+        deny:
+          # logging is allowed only by logutils.Log,
+          # logrus is allowed to use only in logutils package.
+          - pkg: "github.com/sirupsen/logrus"
+            desc: logging is allowed only by logutils.Log
+  dupl:
+    threshold: 100
+  funlen:
+    lines: -1 # the number of lines (code + empty lines) is not a right metric and leads to code without empty line or one-liner.
+    statements: 50
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - ifElseChain
+      - octalLiteral
+      - whyNoLint
+  gocyclo:
+    min-complexity: 15
+  gofmt:
+    rewrite-rules:
+      - pattern: 'interface{}'
+        replacement: 'any'
+  goimports:
+    local-prefixes: github.com/golangci/golangci-lint
+  gomnd:
+    # don't include the "operation" and "assign"
+    checks:
+      - argument
+      - case
+      - condition
+      - return
+    ignored-numbers:
+      - '0'
+      - '1'
+      - '2'
+      - '3'
+    ignored-functions:
+      - strings.SplitN
+
+  govet:
+    check-shadowing: true
+    settings:
+      printf:
+        funcs:
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
+          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
+  lll:
+    line-length: 140
+  misspell:
+    locale: US
+  nolintlint:
+    allow-unused: false # report any unused nolint directives
+    require-explanation: false # don't require an explanation for nolint directives
+    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+  revive:
+    rules:
+      - name: unexported-return
+        disabled: true
+      - name: unused-parameter
+
+linters:
+  disable-all: true
+  enable:
+    - bodyclose
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - exportloopref
+    - funlen
+    - gocheckcompilerdirectives
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+    - gomnd
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - nakedret
+    - noctx
+    - nolintlint
+    - revive
+    - staticcheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - whitespace
+
+  # don't enable:
+  # - asciicheck
+  # - scopelint
+  # - gochecknoglobals
+  # - gocognit
+  # - godot
+  # - godox
+  # - goerr113
+  # - interfacer
+  # - lll
+  # - maligned
+  # - nestif
+  # - prealloc
+  # - stylecheck
+  # - testpackage
+  # - wsl
+
+issues:
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - gomnd
+
+    - path: pkg/golinters/errcheck.go
+      text: "SA1019: errCfg.Exclude is deprecated: use ExcludeFunctions instead"
+    - path: pkg/commands/run.go
+      text: "SA1019: lsc.Errcheck.Exclude is deprecated: use ExcludeFunctions instead"
+    - path: pkg/commands/run.go
+      text: "SA1019: e.cfg.Run.Deadline is deprecated: Deadline exists for historical compatibility and should not be used."
+
+    - path: pkg/golinters/gofumpt.go
+      text: "SA1019: settings.LangVersion is deprecated: use the global `run.go` instead."
+    - path: pkg/golinters/staticcheck_common.go
+      text: "SA1019: settings.GoVersion is deprecated: use the global `run.go` instead."
+    - path: pkg/lint/lintersdb/manager.go
+      text: "SA1019: (.+).(GoVersion|LangVersion) is deprecated: use the global `run.go` instead."
+    - path: pkg/golinters/unused.go
+      text: "rangeValCopy: each iteration copies 160 bytes \\(consider pointers or indexing\\)"
+    - path: test/(fix|linters)_test.go
+      text: "string `gocritic.go` has 3 occurrences, make it a constant"
+
+run:
+  timeout: 5m
+  skip-dirs:
+    - 'test' # framework files
+  skip-files:
+    - '.*_test.go$' # test files

.pre-commit-config.yaml

@@ -0,0 +1,12 @@
+repos:
+  - repo: https://github.com/tekwizely/pre-commit-golang
+    rev: v1.0.0-rc.1
+    hooks:
+      - id: go-mod-tidy-repo
+      - id: go-test-repo-mod
+        args: [ -race, -count=1, -short ]
+      - id: go-vet-repo-mod
+      - id: go-fumpt-repo
+        args: [ -l, -w ]
+      - id: golangci-lint-repo-mod
+        args: [ --config, .golangci.yaml, --, --fix ]

main.go

@@ -9,6 +9,7 @@ import (
 	"os"
 	"os/signal"
 	"syscall"
+	"time"
 
 	"github.com/eumel8/cosignwebhook/webhook"
 	log "github.com/gookit/slog"
@@ -53,16 +54,21 @@ func main() {
 
 	certs, err := tls.LoadX509KeyPair(tlscert, tlskey)
 	if err != nil {
-		log.Errorf("Failed to load key pair: ", err)
+		log.Errorf("Failed to load key pair: %v", err)
 	}
 
 	server := &http.Server{
-		Addr:      fmt.Sprintf(":%v", port),
-		TLSConfig: &tls.Config{Certificates: []tls.Certificate{certs}},
+		Addr: fmt.Sprintf(":%v", port),
+		TLSConfig: &tls.Config{
+			Certificates: []tls.Certificate{certs},
+			MinVersion:   tls.VersionTLS12,
+		},
+		ReadHeaderTimeout: 5 * time.Second,
 	}
 
 	mserver := &http.Server{
-		Addr: fmt.Sprintf(":%v", mport),
+		Addr:              fmt.Sprintf(":%v", mport),
+		ReadHeaderTimeout: 5 * time.Second,
 	}
 
 	// define http server and server handler
@@ -96,6 +102,6 @@ func main() {
 	<-signalChan
 
 	log.Info("Got shutdown signal, shutting down webhook server gracefully...")
-	server.Shutdown(context.Background())
-	mserver.Shutdown(context.Background())
+	_ = server.Shutdown(context.Background())
+	_ = mserver.Shutdown(context.Background())
 }

test/framework/client.go

@@ -3,14 +3,15 @@ package framework
 import (
 	"context"
 	"fmt"
+	"os"
+	"testing"
+	"time"
+
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
-	"os"
-	"testing"
-	"time"
 )
 
 // Framework is a helper struct for testing
@@ -61,13 +62,11 @@ func (f *Framework) Cleanup(t testing.TB) {
 // cleanupDeployments removes all deployments from the testing namespace
 // if they exist
 func (f *Framework) cleanupDeployments(t testing.TB) {
-
 	t.Logf("cleaning up deployments")
 	deployments, err := f.k8s.AppsV1().Deployments("test-cases").List(context.Background(), metav1.ListOptions{})
 	if err != nil {
 		f.Cleanup(t)
 		t.Fatal(err)
-
 	}
 	for _, d := range deployments.Items {
 		err = f.k8s.AppsV1().Deployments("test-cases").Delete(context.Background(), d.Name, metav1.DeleteOptions{})
@@ -100,7 +99,6 @@ func (f *Framework) cleanupDeployments(t testing.TB) {
 
 // cleanupSecrets removes all secrets from the testing namespace
 func (f *Framework) cleanupSecrets(t testing.TB) {
-
 	t.Logf("cleaning up secrets")
 	secrets, err := f.k8s.CoreV1().Secrets("test-cases").List(context.Background(), metav1.ListOptions{})
 	if err != nil {
@@ -130,13 +128,11 @@ func (f *Framework) CreateDeployment(t testing.TB, d appsv1.Deployment) {
 
 // WaitForDeployment waits until the deployment is ready
 func (f *Framework) WaitForDeployment(t *testing.T, d appsv1.Deployment) {
-
 	t.Logf("waiting for deployment %s to be ready", d.Name)
 	// wait until the deployment is ready
 	w, err := f.k8s.AppsV1().Deployments(d.Namespace).Watch(context.Background(), metav1.ListOptions{
 		FieldSelector: fmt.Sprintf("metadata.name=%s", d.Name),
 	})
-
 	if err != nil {
 		f.Cleanup(t)
 		t.Fatal(err)
@@ -180,7 +176,6 @@ func (f *Framework) CreateSecret(t *testing.T, secret corev1.Secret) {
 
 // AssertDeploymentFailed asserts that the deployment cannot start
 func (f *Framework) AssertDeploymentFailed(t *testing.T, d appsv1.Deployment) {
-
 	t.Logf("waiting for deployment %s to fail", d.Name)
 
 	// watch for replicasets of the deployment
@@ -222,7 +217,6 @@ func (f *Framework) AssertDeploymentFailed(t *testing.T, d appsv1.Deployment) {
 
 // AssertEventForPod asserts that a PodVerified event is created
 func (f *Framework) AssertEventForPod(t *testing.T, reason string, p corev1.Pod) {
-
 	t.Logf("waiting for %s event to be created for pod %s", reason, p.Name)
 
 	// watch for events of deployment's namespace and check if the podverified event is created

test/framework/cosign.go

@@ -2,15 +2,15 @@ package framework
 
 import (
 	"fmt"
-	"github.com/sigstore/cosign/v2/cmd/cosign/cli"
 	"os"
 	"regexp"
 	"testing"
+
+	"github.com/sigstore/cosign/v2/cmd/cosign/cli"
 )
 
 // cleanupKeys removes all keypair files from the testing directory
 func cleanupKeys(t testing.TB) {
-
 	t.Logf("cleaning up keypair files")
 	files, err := os.ReadDir(".")
 	if err != nil {

test/main_test.go

@@ -6,6 +6,9 @@ import (
 
 // TestPassingDeployments tests deployments that should pass signature verification
 func TestPassingDeployments(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping E2E test in short mode")
+	}
 
 	testFuncs := map[string]func(t *testing.T){
 		"OneContainerSinglePubKeyEnvRef":            testOneContainerSinglePubKeyEnvRef,
@@ -25,6 +28,9 @@ func TestPassingDeployments(t *testing.T) {
 
 // TestFailingDeployments tests deployments that should fail signature verification
 func TestFailingDeployments(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping E2E test in short mode")
+	}
 
 	testFuncs := map[string]func(t *testing.T){
 		"OneContainerSinglePubKeyMalformedEnvRef":  testOneContainerSinglePubKeyMalformedEnvRef,