Update golangci-lint config, fix lint errors.

.golangci.yml

@@ -0,0 +1,112 @@
+linters:
+  # Please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # Inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint.
+  # Full list of linters - https://golangci-lint.run/usage/linters
+  disable-all: true
+  enable:
+    - bodyclose # https://github.com/timakin/bodyclose
+    # - gomodguard
+    - errcheck # Mandatory. Do not disable.
+    # - gocritic
+    - goimports
+    # - gosec
+    - gosimple
+    - govet
+    # - noctx
+    - nolintlint
+    - ineffassign # Mandatory. Do not disable.
+    - staticcheck # Mandatory. Do not disable.
+    - stylecheck
+    - typecheck
+    - unused
+
+# Other linters:
+#    - dogsled
+#    - dupl
+#    - exportloopref
+#    - exhaustive # e.g. missing cases in switch of type
+#    - funlen
+#    - gochecknoinits
+#    - gocognit
+#    - goconst
+#    - gocyclo
+#    - goerr113
+#    - gofmt
+#    - goprintffuncname
+#    - lll
+#    - misspell
+#    - nakedret
+#    - nlreturn
+#    - prealloc
+#    - revive
+#    - rowserrcheck
+#    - stylecheck
+#    - unconvert
+#    - unparam
+
+linters-settings:
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
+      - whyNoLint # checked by nolintlint linter
+      - hugeParam # TODO(vtopc): configure(80 bytes is probably not so much) and enable.
+      - rangeValCopy # TODO(vtopc): configure(disable for tests) and enable.
+
+  errcheck:
+    # List of functions to exclude from checking, where each entry is a single function to exclude.
+    # See https://github.com/kisielk/errcheck#excluding-functions for details.
+    exclude-functions:
+      - (io.Closer).Close
+      - (io.ReadCloser).Close
+
+  govet:
+    enable-all: true
+    disable:
+     - shadow
+     - fieldalignment
+
+  gomodguard:
+    blocked:
+      # List of blocked modules.
+      # Default: []
+      modules:
+        - github.com/golang/protobuf:
+            recommendations:
+              - google.golang.org/protobuf
+            reason: "see https://developers.google.com/protocol-buffers/docs/reference/go/faq#modules"
+        - github.com/pkg/errors:
+            recommendations:
+              - errors
+              - github.com/mailgun/errors
+            reason: "Deprecated"
+
+  stylecheck:
+    # Select the Go version to target.
+    # Default: 1.13
+    go: "1.19"
+    # https://staticcheck.io/docs/options#checks
+    checks: ["all"]
+
+issues:
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 50
+
+run:
+  # include test files or not, default is true
+  tests: true
+
+  # Timeout for analysis, e.g. 30s, 5m.
+  # Default: 1m
+  timeout: 5m
+
+  skip-dirs:
+    - googleapis

cmd/healthcheck/main.go

@@ -35,6 +35,7 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
+	defer resp.Body.Close()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {

functional_test.go

@@ -26,7 +26,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/mailgun/gubernator/v2"
 	guber "github.com/mailgun/gubernator/v2"
 	"github.com/mailgun/gubernator/v2/cluster"
 	"github.com/mailgun/holster/v4/clock"
@@ -1156,6 +1155,7 @@ func TestGRPCGateway(t *testing.T) {
 	address := cluster.GetRandomPeer(cluster.DataCenterNone).HTTPAddress
 	resp, err := http.DefaultClient.Get("http://" + address + "/v1/HealthCheck")
 	require.NoError(t, err)
+	defer resp.Body.Close()
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 	b, err := io.ReadAll(resp.Body)
 
@@ -1196,12 +1196,12 @@ func TestGRPCGateway(t *testing.T) {
 	//  error.
 	require.NoError(t, json.Unmarshal(b, &r))
 	require.Equal(t, 1, len(r.Responses))
-	assert.Equal(t, gubernator.Status_UNDER_LIMIT, r.Responses[0].Status)
+	assert.Equal(t, guber.Status_UNDER_LIMIT, r.Responses[0].Status)
 }
 
 func TestGetPeerRateLimits(t *testing.T) {
 	ctx := context.Background()
-	peerClient := gubernator.NewPeerClient(gubernator.PeerConfig{
+	peerClient := guber.NewPeerClient(guber.PeerConfig{
 		Info: cluster.GetRandomPeer(cluster.DataCenterNone),
 	})
 
@@ -1213,18 +1213,18 @@ func TestGetPeerRateLimits(t *testing.T) {
 		for _, n := range testCases {
 			t.Run(fmt.Sprintf("Batch size %d", n), func(t *testing.T) {
 				// Build request.
-				req := &gubernator.GetPeerRateLimitsReq{
-					Requests: make([]*gubernator.RateLimitReq, n),
+				req := &guber.GetPeerRateLimitsReq{
+					Requests: make([]*guber.RateLimitReq, n),
 				}
 				for i := 0; i < n; i++ {
-					req.Requests[i] = &gubernator.RateLimitReq{
+					req.Requests[i] = &guber.RateLimitReq{
 						Name:      "Foobar",
 						UniqueKey: fmt.Sprintf("%08x", i),
 						Hits:      0,
 						Limit:     1000 + int64(i),
 						Duration:  1000,
-						Algorithm: gubernator.Algorithm_TOKEN_BUCKET,
-						Behavior:  gubernator.Behavior_BATCHING,
+						Algorithm: guber.Algorithm_TOKEN_BUCKET,
+						Behavior:  guber.Behavior_BATCHING,
 					}
 				}
 

global.go

@@ -38,7 +38,7 @@ type globalManager struct {
 
 func newGlobalManager(conf BehaviorConfig, instance *V1Instance) *globalManager {
 	gm := globalManager{
-		log: instance.log,
+		log:            instance.log,
 		asyncQueue:     make(chan *RateLimitReq, conf.GlobalBatchLimit),
 		broadcastQueue: make(chan *RateLimitReq, conf.GlobalBatchLimit),
 		instance:       instance,

tls.go

@@ -269,7 +269,7 @@ func SetupTLS(conf *TLSConfig) error {
 		}
 
 		// error if neither was provided
-		// nolint:staticcheck // ignoring tlsCert.RootCAs.Subjects is deprecated because cert does not come from SystemCertPool.
+		//nolint:staticcheck // ignoring tlsCert.RootCAs.Subjects is deprecated because cert does not come from SystemCertPool.
 		if len(clientPool.Subjects()) == 0 {
 			return errors.New("client auth enabled, but no CA's provided")
 		}

tls_test.go

@@ -323,18 +323,21 @@ func TestHTTPSClientAuth(t *testing.T) {
 	// Test that a client without a cert can access /v1/HealthCheck at status address
 	resp, err := clientWithoutCert.Do(reqNoClientCertRequired)
 	require.NoError(t, err)
+	defer resp.Body.Close()
 	b, err := io.ReadAll(resp.Body)
 	require.NoError(t, err)
 	assert.Equal(t, `{"status":"healthy","message":"","peer_count":1}`, strings.ReplaceAll(string(b), " ", ""))
 
 	// Verify we get an error when we try to access existing HTTPListenAddress without cert
-	_, err = clientWithoutCert.Do(reqCertRequired)
+	resp2, err := clientWithoutCert.Do(reqCertRequired)
 	assert.Error(t, err)
+	defer resp2.Body.Close()
 
 	// Check that with a valid client cert we can access /v1/HealthCheck at existing HTTPListenAddress
-	resp, err = clientWithCert.Do(reqCertRequired)
+	resp3, err := clientWithCert.Do(reqCertRequired)
 	require.NoError(t, err)
-	b, err = io.ReadAll(resp.Body)
+	defer resp3.Body.Close()
+	b, err = io.ReadAll(resp3.Body)
 	require.NoError(t, err)
 	assert.Equal(t, `{"status":"healthy","message":"","peer_count":1}`, strings.ReplaceAll(string(b), " ", ""))
 }

workers_internal_test.go

@@ -38,7 +38,7 @@ func TestWorkersInternal(t *testing.T) {
 	t.Run("getWorker()", func(t *testing.T) {
 		const concurrency = 32
 		conf := &Config{
-			Workers:   concurrency,
+			Workers: concurrency,
 		}
 		require.NoError(t, conf.SetDefaults())