aboutsummaryrefslogtreecommitdiff
path: root/.golangci.yml
AgeCommit message (Collapse)Author
2023-02-11Fix .golangci.yml (#22868)zeripath
When we updated the .golangci.yml for 1.20 we should have used a string as 1.20 is not a valid number. In doing so we need to restore the nolint markings within the pq driver. Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-04Refactor git command package to improve security and maintainability (#22678)wxiaoguang
This PR follows #21535 (and replace #22592) ## Review without space diff https://github.com/go-gitea/gitea/pull/22678/files?diff=split&w=1 ## Purpose of this PR 1. Make git module command completely safe (risky user inputs won't be passed as argument option anymore) 2. Avoid low-level mistakes like https://github.com/go-gitea/gitea/pull/22098#discussion_r1045234918 3. Remove deprecated and dirty `CmdArgCheck` function, hide the `CmdArg` type 4. Simplify code when using git command ## The main idea of this PR * Move the `git.CmdArg` to the `internal` package, then no other package except `git` could use it. Then developers could never do `AddArguments(git.CmdArg(userInput))` any more. * Introduce `git.ToTrustedCmdArgs`, it's for user-provided and already trusted arguments. It's only used in a few cases, for example: use git arguments from config file, help unit test with some arguments. * Introduce `AddOptionValues` and `AddOptionFormat`, they make code more clear and simple: * Before: `AddArguments("-m").AddDynamicArguments(message)` * After: `AddOptionValues("-m", message)` * - * Before: `AddArguments(git.CmdArg(fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email)))` * After: `AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email)` ## FAQ ### Why these changes were not done in #21535 ? #21535 is mainly a search&replace, it did its best to not change too much logic. Making the framework better needs a lot of changes, so this separate PR is needed as the second step. ### The naming of `AddOptionXxx` According to git's manual, the `--xxx` part is called `option`. ### How can it guarantee that `internal.CmdArg` won't be not misused? Go's specification guarantees that. Trying to access other package's internal package causes compilation error. And, `golangci-lint` also denies the git/internal package. Only the `git/command.go` can use it carefully. ### There is still a `ToTrustedCmdArgs`, will it still allow developers to make mistakes and pass untrusted arguments? Generally speaking, no. Because when using `ToTrustedCmdArgs`, the code will be very complex (see the changes for examples). Then developers and reviewers can know that something might be unreasonable. ### Why there was a `CmdArgCheck` and why it's removed? At the moment of #21535, to reduce unnecessary changes, `CmdArgCheck` was introduced as a hacky patch. Now, almost all code could be written as `cmd := NewCommand(); cmd.AddXxx(...)`, then there is no need for `CmdArgCheck` anymore. ### Why many codes for `signArg == ""` is deleted? Because in the old code, `signArg` could never be empty string, it's either `-S[key-id]` or `--no-gpg-sign`. So the `signArg == ""` is just dead code. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-03update to build with go1.20 (#22732)techknowlogick
as title --------- Co-authored-by: Lauris BH <lauris@nix.lv>
2023-01-12Add more packages to denylist (#22412)Jason Song
After this, we can remove [`denylist_imports`](https://gitea.com/gitea/gitea-vet/src/branch/master/checks/denylisted-imports.go#L13) in gitea-vet ([gitea-vet/pulls/23](https://gitea.com/gitea/gitea-vet/pulls/23)). ```go deniedImports = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"} ``` However, we needn't keep `gitea.com/gitea/go-crypto` any longer, it's gone and can't be imported again. Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-12-08Update go dev dependencies (#22064)silverwind
`golangci-lint` [deprecated](https://github.com/golangci/golangci-lint/issues/1841) a bunch of linters, removed them.
2022-10-16Simplify fmt-check (#21458)silverwind
`fmt-check` now simply does `fmt` before and relies on `git diff` like other checks like 'tidy-check' already do, so we can remove the argument in the tool that handles printing changed files. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-20Configure golangci-lint to show all issues (#21106)silverwind
golangci by default [limits](https://golangci-lint.run/usage/configuration/#issues-configuration) "same issues" to 3 which can be hindering when many issues are present. Change it to always show all issues. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-08-18Add badge capabilities to users (#20607)techknowlogick
Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-08-07Switch to building with go1.19 (#20695)techknowlogick
2022-06-20Add more linters to improve code readability (#19989)Wim
Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability - nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length. - unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions - wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements. - notlintlint - Reports ill-formed or insufficient nolint directives - stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)
2022-05-10Update go tool dependencies (#19676)silverwind
* Update go tool dependencies Updated all tool dependencies to latest tags, hoping CI will like it. * fix new lint errors * handle more strings.Title cases * remove lint skip
2022-04-01Refactor legacy `unknwon/com` package, improve golangci lint (#19284)wxiaoguang
The main purpose is to refactor the legacy `unknwon/com` package. 1. Remove most imports of `unknwon/com`, only `util/legacy.go` imports the legacy `unknwon/com` 2. Use golangci's depguard to process denied packages 3. Fix some incorrect values in golangci.yml, eg, the version should be quoted string `"1.18"` 4. Use correctly escaped content for `go-import` and `go-source` meta tags 5. Refactor `com.Expand` to our stable (and the same fast) `vars.Expand`, our `vars.Expand` can still return partially rendered content even if the template is not good (eg: key mistach).
2022-03-21Add 1.18 (#19151)Sasha Melentyev
Co-authored-by: 6543 <6543@obermui.de>
2022-03-16use go1.18 to build gitea (#19099)techknowlogick
* use go1.18 to build gitea& update min go version to 1.17 * bump in a few more places * add a few simple tests for isipprivate * update go.mod * update URL to https://go.dev/dl/ * golangci-lint * attempt golangci-lint workaround * change version * bump fumpt version * skip strings.title test * go mod tidy * update tests as some aren't private?? * update tests
2022-03-15Use `go run` for tool dependencies, require go 1.17 (#18874)silverwind
This ensures the tools only run in the versions we've tested and it also does not polute PATH with those tools so they are truly isolated. This syntax of `go run` requires go 1.17, so the minimum version is set accordingly. Fixes: https://github.com/go-gitea/gitea/issues/18867 Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-02-12Reduce CI go module downloads, add make targets (#18708)silverwind
The CI currently downloads all go modules in each pipeline step because go modules reside outside the project directory. Fix this by introducing a volume for the `/go` directory [1] so modules are only downloaded once per pipeline using a new `deps-backend` make target. For completeness, I also included new `deps` and `deps-frontend` targets and the frontend one is also triggered explicitly on CI where needed. [1] https://docs.drone.io/pipeline/kubernetes/examples/language/golang/#dependencies
2022-01-20format with gofumpt (#18184)6543
* gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
2022-01-02chore(lint): use golangci-lint to call revive and misspell checker. (#18145)Bo-Yi Wu
replace revive and misspell with golangci-lint Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2021-11-18Remove unnecessary variable assignments (#17695)Gusted
* Remove unnecessary variable assignments As title * enable ineffassign Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-17Move user follow and openid into models/user/ (#17613)Lunny Xiao
* Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID
2021-11-17Enable bidichk (#17610)Gusted
- https://github.com/breml/bidichk Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
2021-11-11Remove `golint` as linter (#17609)Gusted
- Partialy resolvess #17596 - In the newer versions of `golangci-lint`, golint is deprecated and replaced by the `revive` linter. Thus removing the `golint` linter is a good idea, as we're already using the `revive` linter which covers all the current `golint` cases. Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-09-24Move login related structs and functions to models/login (#17093)Lunny Xiao
* Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
2021-06-09Refactor routers directory (#15800)Lunny Xiao
* refactor routers directory * move func used for web and api to common * make corsHandler a function to prohibit side efects * rm unused func Co-authored-by: 6543 <6543@obermui.de>
2021-05-07Drop back to use IsAnInteractiveSession for SVC (#15749)zeripath
* Drop back to use IsAnInteractiveSession for SVC There is an apparent permission change problem when using IsWindowsService to determine if the SVC manager should be used. This PR simply drops back to using IsAnInteractiveSession as this does not change behaviour. Fix #15454 Signed-off-by: Andrew Thornton <art27@cantab.net> * Yes staticcheck I know this is deprecated Signed-off-by: Andrew Thornton <art27@cantab.net> * Just leave me alone lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
2021-03-09Fix typo in .golangci.yml (#14933)Ikko Ashimine
occured -> occurred
2021-01-26Move macaron to chi (#14293)Lunny Xiao
Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2020-12-08Move webhook type from int to string (#13664)Lunny Xiao
* Move webhook type from int to string * rename webhook_services * finish refactor * Fix merge * Ignore unnecessary ci Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
2020-11-13Introduce go chi web framework as frontend of macaron, so that we can move ↵Lunny Xiao
routes from macaron to chi step by step (#7420) * When route cannot be found on chi, go to macaron * Stick chi version to 1.5.0 * Follow router log setting
2020-10-11Update golangci-lint to version 1.31.0 (#13102)kolaente
This PR updates golangci-lint to the latest version 1.31.0. The upgrade introduced a new check for which I've fixed or disabled most cases. Signed-off-by: kolaente <k@knt.li>
2020-09-29Add default storage configurations (#12813)Lunny Xiao
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
2020-02-02Improve push update options (#10105)Lunny Xiao
* Improve push update options * fix test * More refactor and fix lint * fix lint * Fix lint Co-authored-by: Lauris BH <lauris@nix.lv>
2019-11-02Add API for Issue set Subscription (#8729)6543
* add issue subscriber API * subscribers return []user.APIFormat * add comments * more meaningfull description * without "reqToken()" api works ... * should be still secure beause ctx.user has to be there or nothing will hapen * FIX: getIssueWatchers() get only aktive suscriber * add return avter error on right position * Revert "FIX: getIssueWatchers() get only aktive suscriber" This reverts commit 5eca9291858a821981992b0aaa38cef610d84bca. * Update routers/api/v1/repo/issue.go Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * test go linter again * update swagger * GetIssueWatchers -> GetIssueSubscribers part one Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * GetIssueWatchers -> GetIssueSubscribers part two * Revert "test go linter again" This reverts commit bab12356227e44334de113b76f12099de0b8aaa6. * change description for unsubscribe too * golangci-lint timeout avter 5min * move issueSubscription to seperate file * dont create black entitys * use IsWatching until refactoring * Update License Info * better swagger description * Update .golangci.yml because functions moved from issue.go to issue_subscription.go * add IssueWatchList type * batch tasks * use e Engien * add error handling * error should be the last type when returning multiple items * short version * reurn empy UserList instead of nil
2019-10-08Update golangci to v1.20 (#8432)kolaente
* Update golangci to v1.20 Signed-off-by: kolaente <k@knt.li> * Use the timeout flag instead of deadline, move it to config Signed-off-by: kolaente <k@knt.li>
2019-08-23Use gitea forked macaron (#7933)Tamal Saha
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-13Update golangci-lint to v1.17.1 (#7848)techknowlogick
2019-06-12Add golangci (#6418)kolaente