Revive project: update Go version & linter

.github/workflows/ci.yml

@@ -8,10 +8,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - uses: utilitywarehouse/actions-go/setup@main
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '^1.20'
+          go-version-file: "go.mod"
       - name: Lint
         uses: magefile/mage-action@v1
         with:
@@ -21,10 +21,10 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: utilitywarehouse/actions-go/setup@main
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '^1.20'
+          go-version-file: "go.mod"
       - name: test
         uses: magefile/mage-action@v1
         with:

.golangci.yml

@@ -1,117 +1,84 @@
-# options for analysis running
+version: "2"
 run:
-  deadline: 20s
   tests: true
-  skip-dirs:
-    - generated
-  skip-files:
-    - ".*\\.pb\\.go"
-  silent: true
-
-# output configuration options
-output:
-  format: colored-line-number
-  print-issued-lines: true
-  print-linter-name: true
-
-# all available settings of specific linters
-linters-settings:
-  errcheck:
-    check-type-assertions: true
-    check-blank: true
-  govet:
-    check-shadowing: false
-    disable:
-      - shadow
-  gofmt:
-    simplify: true
-  goconst:
-    min-len: 3
-    min-occurrences: 3
-  misspell:
-    locale: UK
-    ignore-words:
-      - statuser
-  unused:
-    check-exported: true
-  unparam:
-    algo: cha
-  nakedret:
-    max-func-lines: 30
-  prealloc:
-    simple: true
-    range-loops: true
-    for-loops: true
-
 linters:
   enable:
-    - golint # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes [fast: true]
-    - misspell # Finds commonly misspelled English words in comments [fast: true]
-    - nakedret # Finds naked returns in functions greater than a specified function length [fast: true]
-    - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases [fast: false]
-    - gas # Inspects source code for security problems [fast: false]
-    - structcheck # Finds an unused struct fields [fast: false]
-    - unconvert # Remove unnecessary type conversions [fast: false]
-    - unparam # Reports unused function parameters [fast: false]
-    - goimports # Goimports does everything that gofmt does. Additionally it checks unused imports [fast: true]
-    - lll # Reports long lines [fast: true]
-    - megacheck # 3 sub-linters in one: unused, gosimple and staticcheck [fast: false]
-
+    - gosec
+    - lll
+    - misspell
+    - nakedret
+    - unconvert
+    - unparam
   disable:
-    - staticcheck # (megacheck) Staticcheck is a go vet on steroids, applying a ton of static analysis checks [fast: false]
-    - prealloc # Finds slice declarations that could potentially be preallocated [fast: true]
-    - unused # (megacheck) Checks Go code for unused constants, variables, functions and types [fast: false]
-    - gosimple # (megacheck) Linter for Go source code that specializes in simplifying a code [fast: false]
-    - gofmt # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification [fast: true]
-    - dupl # Tool for code clone detection [fast: true]
-    - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code [fast: false]
-    - depguard # Go linter that checks if package imports are in a list of acceptable packages [fast: false]
-    - varcheck # Finds unused global variables and constants [fast: false]
-    - deadcode # Finds unused code [fast: false]
-    - goconst # Finds repeated strings that could be replaced by a constant [fast: true]
-    - gocyclo # Computes and checks the cyclomatic complexity of functions [fast: true]
-    - maligned # Tool to detect Go structs that would take less memory if their fields were sorted [fast: false]
-
-issues:
-  exclude-use-default: false
-  exclude-rules:
-    - linters:
-        - lll
-      source: "github.com/utilitywarehouse/ordering-platform"
-  exclude:
-    # errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
-    - Error return value of
-      .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv|.*Disconnect).
-      is not checked
-
-    # golint: Exported variables are rarely used and generally reserved for errors which should be self explanitory
-    - exported var \w+ should have comment or be unexported
-
-    # golint: False positive when tests are defined in package 'test'
-    - func name will be used as test\.Test.* by other packages, and that
-      stutters; consider calling this
-
-    # gas: Too many false-positives on 'unsafe' usage
-    - Use of unsafe calls should be audited
-
-    # gas: Too many false-positives for parametrized shell calls
-    - Subprocess launch(ed with variable|ing should be audited)
-
-    # gas: Duplicated errcheck checks
-    - G104
-
-    # gas: Too many issues in popular repos
-    - (Expect directory permissions to be 0750 or less|Expect file permissions
-      to be 0600 or less)
-
-    # gas: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
-    - Potential file inclusion via variable
-
-    # govet: Common false positives
-    - (possible misuse of unsafe.Pointer|should have signature)
-
-    # megacheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
-    - ineffective break statement. Did you mean to break out of the outer loop
-
-    # disable comments
-    - exported [a-z]+ `?[^ ]+ should have comment
+    - depguard
+    - dupl
+    - goconst
+    - gocyclo
+    - prealloc
+    - staticcheck
+    - unused
+  settings:
+    errcheck:
+      check-type-assertions: true
+      check-blank: true
+    goconst:
+      min-len: 3
+      min-occurrences: 3
+    govet:
+      disable:
+        - shadow
+    misspell:
+      locale: UK
+      ignore-rules:
+        - statuser
+    nakedret:
+      max-func-lines: 30
+    prealloc:
+      simple: true
+      range-loops: true
+      for-loops: true
+  exclusions:
+    generated: lax
+    rules:
+      - linters:
+          - lll
+        source: github.com/utilitywarehouse/ordering-platform
+      - path: (.+)\.go$
+        text: Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv|.*Disconnect). is not checked
+      - path: (.+)\.go$
+        text: exported var \w+ should have comment or be unexported
+      - path: (.+)\.go$
+        text: func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
+      - path: (.+)\.go$
+        text: Use of unsafe calls should be audited
+      - path: (.+)\.go$
+        text: Subprocess launch(ed with variable|ing should be audited)
+      - path: (.+)\.go$
+        text: G104
+      - path: (.+)\.go$
+        text: (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+      - path: (.+)\.go$
+        text: Potential file inclusion via variable
+      - path: (.+)\.go$
+        text: (possible misuse of unsafe.Pointer|should have signature)
+      - path: (.+)\.go$
+        text: ineffective break statement. Did you mean to break out of the outer loop
+      - path: (.+)\.go$
+        text: exported [a-z]+ `?[^ ]+ should have comment
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - goimports
+  settings:
+    gofmt:
+      simplify: true
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+      - generated$

go.mod

@@ -1,32 +1,36 @@
 module github.com/utilitywarehouse/patrol
 
-go 1.20
+go 1.25.5
 
 require (
-	github.com/go-git/go-git/v5 v5.4.2
-	github.com/magefile/mage v1.11.0
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/mod v0.12.0
+	github.com/go-git/go-git/v5 v5.16.4
+	github.com/magefile/mage v1.15.0
+	github.com/stretchr/testify v1.11.1
+	golang.org/x/mod v0.31.0
 )
 
 require (
-	github.com/Microsoft/go-winio v0.4.16 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
-	github.com/acomagu/bufpipe v1.0.3 // indirect
+	dario.cat/mergo v1.0.2 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.3.0 // indirect
+	github.com/cloudflare/circl v1.6.2 // indirect
+	github.com/cyphar/filepath-securejoin v0.6.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emirpasic/gods v1.12.0 // indirect
-	github.com/go-git/gcfg v1.5.0 // indirect
-	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.7.0 // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/kevinburke/ssh_config v1.4.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/pjbgf/sha1cd v0.5.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/sergi/go-diff v1.1.0 // indirect
-	github.com/xanzy/ssh-agent v0.3.0 // indirect
-	golang.org/x/crypto v0.13.0 // indirect
-	golang.org/x/net v0.15.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
+	github.com/sergi/go-diff v1.4.0 // indirect
+	github.com/skeema/knownhosts v1.3.2 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )