chore(build): migrate to golangci-lint@v2 and golangci-lint-action@v7

.github/workflows/ci-golang-sbom.yml

@@ -23,9 +23,9 @@ jobs:
         go-version-file: go.mod
 
     - name: Lint
-      uses: golangci/golangci-lint-action@v6
+      uses: golangci/golangci-lint-action@v7
       with:
-        version: v1.63.1
+        version: v2.0.2
         skip-pkg-cache: true
         skip-build-cache: true
         args: --config=./.golangci.yml --verbose

.golangci.yml

@@ -1,33 +1,61 @@
-run:
-  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 10m
-
+version: "2"
 linters:
   enable:
-    - megacheck
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - durationcheck
+    - errchkjson
+    - errorlint
+    - exhaustive
+    - gocheckcompilerdirectives
+    - gochecksumtype
     - gocyclo
-    - gofmt
-    - revive
-    - misspell
     - gosec
-  presets: # groups of linters. See https://golangci-lint.run/usage/linters/
-    - bugs
-    - unused
-  disable: 
-    - golint # deprecated, use 'revive'
-    - scopelint # deprecated, use 'exportloopref'
-    - contextcheck # too many false-positives
-    - noctx # not needed
-
-# all available settings of specific linters
-linters-settings:
-  unparam:
-    # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
-    # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
-    # if it's called for subdir of a project it can't find external interfaces. All text editor integrations
-    # with golangci-lint call it on a directory with the changed file.
-    check-exported: true
-  testifylint:
-    disable:
-      - suite-dont-use-pkg
-
+    - gosmopolitan
+    - loggercheck
+    - makezero
+    - misspell
+    - musttag
+    - nilerr
+    - nilnesserr
+    - protogetter
+    - reassign
+    - recvcheck
+    - revive
+    - rowserrcheck
+    - spancheck
+    - sqlclosecheck
+    - testifylint
+    - unparam
+    - zerologlint
+  disable:
+    - contextcheck
+    - noctx
+  settings:
+    testifylint:
+      disable:
+        - suite-dont-use-pkg
+    unparam:
+      check-exported: true
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

pkg/configuration/configuration_test.go

@@ -43,7 +43,7 @@ func TestRegistrationService(t *testing.T) {
 		// then
 		assert.Equal(t, "prod", regServiceCfg.Environment())
 		assert.Equal(t, "info", regServiceCfg.LogLevel())
-		assert.Equal(t, "", regServiceCfg.RegistrationServiceURL())
+		assert.Empty(t, regServiceCfg.RegistrationServiceURL())
 		assert.Empty(t, regServiceCfg.Analytics().SegmentWriteKey())
 		assert.Empty(t, regServiceCfg.Analytics().DevSpacesSegmentWriteKey())
 		assert.Equal(t, "https://sso.devsandbox.dev/auth/js/keycloak.js", regServiceCfg.Auth().AuthClientLibraryURL())

pkg/log/log.go

@@ -326,15 +326,16 @@ func (kw klogWriter) Write(p []byte) (n int, err error) {
 		klogv2.InfoDepth(OutputCallDepth, string(p))
 		return len(p), nil
 	}
-	if p[0] == 'I' {
+	switch p[0] {
+	case 'I':
 		klogv2.InfoDepth(OutputCallDepth, string(p[DefaultPrefixLength:]))
-	} else if p[0] == 'W' {
+	case 'W':
 		klogv2.WarningDepth(OutputCallDepth, string(p[DefaultPrefixLength:]))
-	} else if p[0] == 'E' {
+	case 'E':
 		klogv2.ErrorDepth(OutputCallDepth, string(p[DefaultPrefixLength:]))
-	} else if p[0] == 'F' {
+	case 'F':
 		klogv2.FatalDepth(OutputCallDepth, string(p[DefaultPrefixLength:]))
-	} else {
+	default:
 		klogv2.InfoDepth(OutputCallDepth, string(p[DefaultPrefixLength:]))
 	}
 	return len(p), nil

pkg/middleware/promhttp_middleware_test.go

@@ -100,7 +100,7 @@ func assertMetricExists(t *testing.T, data []byte, name string, labels map[strin
 			return
 		}
 	}
-	assert.Fail(t, "unable to find metric '%s' with labels '%v'", name, labels)
+	assert.Fail(t, "unable to find metric with labels", "name", name, "labels", labels)
 }
 
 func matchesLabels(x []*prommodel.LabelPair, y map[string]string) bool {

pkg/proxy/handlers/spacelister_get.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	toolchainv1alpha1 "github.com/codeready-toolchain/api/api/v1alpha1"
-	"github.com/codeready-toolchain/registration-service/pkg/context"
 	regsercontext "github.com/codeready-toolchain/registration-service/pkg/context"
 	"github.com/codeready-toolchain/registration-service/pkg/namespaced"
 	"github.com/codeready-toolchain/registration-service/pkg/proxy/metrics"
@@ -82,7 +81,7 @@ func getUserOrPublicViewerSpaceBinding(ctx echo.Context, spaceLister *SpaceListe
 	// if user space binding is not found and PublicViewer is enabled,
 	// retry with PublicViewer's signup
 	if userSpaceBinding == nil {
-		if context.IsPublicViewerEnabled(ctx) {
+		if regsercontext.IsPublicViewerEnabled(ctx) {
 			pvSb, err := getUserSpaceBinding(spaceLister, space, toolchainv1alpha1.KubesawAuthenticatedUsername)
 			if err != nil {
 				ctx.Logger().Errorf("error checking if SpaceBinding is present for user %s and the workspace %s: %v", toolchainv1alpha1.KubesawAuthenticatedUsername, workspaceName, err)
@@ -167,7 +166,7 @@ func GetUserWorkspaceWithBindings(ctx echo.Context, spaceLister *SpaceLister, wo
 	if userBinding == nil {
 		// if PublicViewer is enabled, check if the Space is visibile to PublicViewer
 		// in case usersignup is the KubesawAuthenticatedUsername, then we already checked in the previous step
-		if context.IsPublicViewerEnabled(ctx) && userSignup.CompliantUsername != toolchainv1alpha1.KubesawAuthenticatedUsername {
+		if regsercontext.IsPublicViewerEnabled(ctx) && userSignup.CompliantUsername != toolchainv1alpha1.KubesawAuthenticatedUsername {
 			userBinding = filterUserSpaceBinding(toolchainv1alpha1.KubesawAuthenticatedUsername, allSpaceBindings)
 		}
 
@@ -212,7 +211,7 @@ func getUserSignupAndSpace(ctx echo.Context, spaceLister *SpaceLister, workspace
 	if err != nil {
 		return nil, nil, err
 	}
-	if userSignup == nil && context.IsPublicViewerEnabled(ctx) {
+	if userSignup == nil && regsercontext.IsPublicViewerEnabled(ctx) {
 		userSignup = &signup.Signup{
 			CompliantUsername: toolchainv1alpha1.KubesawAuthenticatedUsername,
 			Name:              toolchainv1alpha1.KubesawAuthenticatedUsername,

pkg/proxy/handlers/spacelister_list_test.go

@@ -95,7 +95,7 @@ func TestListUserWorkspaces(t *testing.T) {
 			require.NoError(t, err)
 			// list workspace case
 			expectedWs := tc.expectedWorkspaces(fakeClient)
-			require.Equal(t, len(expectedWs), len(ww))
+			require.Len(t, ww, len(expectedWs))
 			for i, w := range ww {
 				assert.Equal(t, expectedWs[i].Name, w.Name)
 				assert.Equal(t, expectedWs[i].Status, w.Status)
@@ -233,7 +233,7 @@ func TestHandleSpaceListRequest(t *testing.T) {
 						if tc.expectedWs != nil {
 							expectedWorkspaces = tc.expectedWs(t, fakeClient)
 						}
-						require.Equal(t, len(expectedWorkspaces), len(workspaceList.Items))
+						require.Len(t, workspaceList.Items, len(expectedWorkspaces))
 						for i := range expectedWorkspaces {
 							assert.Equal(t, expectedWorkspaces[i].Name, workspaceList.Items[i].Name)
 							assert.Equal(t, expectedWorkspaces[i].Status, workspaceList.Items[i].Status)

pkg/proxy/proxy.go

@@ -510,7 +510,7 @@ func getWorkspaceContext(req *http.Request) (string, string, error) {
 		segments := strings.Split(path, "/")
 		// there should be at least 4 segments eg. /workspaces/mycoolworkspace/api/clusterroles counts as 4
 		if len(segments) < 4 && len(proxyPluginName) == 0 {
-			return "", "", fmt.Errorf("workspace request path has too few segments '%s'; expected path format: /workspaces/<workspace_name>/api/...", path) // nolint:revive
+			return "", "", fmt.Errorf("workspace request path has too few segments '%s'; expected path format: /workspaces/<workspace_name>/api/...", path) // nolint:revive,staticcheck
 		}
 		// with proxy plugins, the route host is sufficient, and hence do not need api/...
 		if len(segments) < 3 {

pkg/signup/service/signup_service_test.go

@@ -692,8 +692,8 @@ func (s *TestSignupServiceSuite) TestGetSignupNoStatusNotCompleteCondition() {
 		require.Empty(s.T(), response.APIEndpoint)
 		require.Empty(s.T(), response.ClusterName)
 		require.Empty(s.T(), response.ProxyURL)
-		assert.Equal(s.T(), "", response.DefaultUserNamespace)
-		assert.Equal(s.T(), "", response.RHODSMemberURL)
+		assert.Empty(s.T(), response.DefaultUserNamespace)
+		assert.Empty(s.T(), response.RHODSMemberURL)
 	}
 }
 
@@ -1067,7 +1067,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(nil, &gin.Context{})
 			assert.True(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 
 		s.Run("nil request", func() {
@@ -1079,7 +1079,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(nil, &gin.Context{})
 			assert.True(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 
 		s.Run("request missing Recaptcha-Token header", func() {
@@ -1091,7 +1091,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(nil, &gin.Context{Request: &http.Request{}})
 			assert.True(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 
 		s.Run("request Recaptcha-Token header incorrect length", func() {
@@ -1103,7 +1103,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(nil, &gin.Context{Request: &http.Request{Header: http.Header{"Recaptcha-Token": []string{"123", "456"}}}})
 			assert.True(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 
 		s.Run("captcha assessment error", func() {
@@ -1115,7 +1115,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(&FakeCaptchaChecker{result: fmt.Errorf("assessment failed")}, &gin.Context{Request: &http.Request{Header: http.Header{"Recaptcha-Token": []string{"123"}}}})
 			assert.True(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 
 		s.Run("captcha is enabled but the score is too low", func() {
@@ -1141,7 +1141,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(nil, nil)
 			assert.False(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 		s.Run("user's email domain is excluded", func() {
 			s.OverrideApplicationDefault(
@@ -1153,7 +1153,7 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() {
 			isVerificationRequired, score, assessmentID := service.IsPhoneVerificationRequired(nil, &gin.Context{Keys: map[string]interface{}{"email": "joe@redhat.com"}})
 			assert.False(s.T(), isVerificationRequired)
 			assert.InDelta(s.T(), float32(-1), score, 0.01)
-			assert.Equal(s.T(), "", assessmentID)
+			assert.Empty(s.T(), assessmentID)
 		})
 		s.Run("captcha is enabled and the assessment is successful", func() {
 			s.OverrideApplicationDefault(