ci: bump golangci-lint to v2.4

.github/workflows/ci.yml

@@ -88,9 +88,9 @@ jobs:
         run: |
           echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
 
-      - uses: golangci/golangci-lint-action@v6
+      - uses: golangci/golangci-lint-action@v8
         with:
-          version: v1.64.8
+          version: v2.4
 
   tests:
     name: Tests

.golangci.yml

@@ -1,44 +1,45 @@
+version: "2"
+
 linters:
   enable:
     - staticcheck
     - unconvert
-    - gofmt
-    - goimports
     - ineffassign
-    - vet
+    - govet
     - unused
     - misspell
     - revive
   disable:
     - errcheck
+  exclusions:
+    rules:
+      # We have protoc-generated ttRPC/gRPC code. When adding extra functions
+      # for generated types we want to consistently violate golint's semantic
+      # function name spelling rules, instead of inconsistently doing so only
+      # from automatically generated files. These rules are for that.
+      - path: pkg/adaptation/result.go
+        linters:
+          - golint
+          - revive
+        text: "should be claim"
+      # Differ copies pods and containers with Mutexes for diffing. Should be harmless.
+      - path: plugins/differ/nri-differ.go
+        linters:
+          - govet
+        text: "copylocks: .*protobuf/internal/impl.MessageState.*"
+      # We dot-import ginkgo and gomega in some tests. Silence any related errors.
+      - path: 'pkg/adaptation|pkg/runtime-tools/generate|pkg/net/multiplex'
+        linters:
+          - revive
+        text: "dot-imports:"
+      - linters:
+          - revive
+        text: "package-comments:"
 
-issues:
-  include:
-    - EXC0002
-  exclude-rules:
-    # We have protoc-generated ttRPC/gRPC code. When adding extra functions
-    # for generated types we want to consistently violate golint's semantic
-    # function name spelling rules, instead of inconsistently doing so only
-    # from automatically generated files. These rules are for that.
-    - path: pkg/adaptation/result.go
-      linters:
-        - golint
-        - revive
-      text: "should be claim"
-    # Ignore naming violation in the test suite as well.
-    - path: pkg/adaptation/adaptation_suite_test.go
-      linters:
-        - golint
-        - revive
-      text: "should be strip"
-    # Differ copies pods and containers with Mutexes for diffing. Should be harmless.
-    - path: plugins/differ/nri-differ.go
-      linters:
-        - govet
-      text: "copylocks: .*protobuf/internal/impl.MessageState.*"
-    # We dot-import ginkgo and gomega in some tests. Silence any related errors.
-    - path: 'pkg/adaptation|pkg/runtime-tools/generate|pkg/net/multiplex'
-      text: "dot-imports:"
+formatters:
+  enable:
+    - gofmt
+    - goimports
 
 run:
   timeout: 2m

pkg/adaptation/adaptation.go

@@ -43,7 +43,7 @@ const (
 	DefaultPluginPath = "/opt/nri/plugins"
 	// DefaultSocketPath is the default socket path for external plugins.
 	DefaultSocketPath = api.DefaultSocketPath
-	// PluginConfigDir is the drop-in directory for NRI-launched plugin configuration.
+	// DefaultPluginConfigPath is the drop-in directory for NRI-launched plugin configuration.
 	DefaultPluginConfigPath = "/etc/nri/conf.d"
 )
 
@@ -711,6 +711,7 @@ func (r *Adaptation) finishedPluginSync() {
 	r.syncLock.Unlock()
 }
 
+// PluginSyncBlock is a handle for blocking plugin synchronization.
 type PluginSyncBlock struct {
 	r *Adaptation
 }

pkg/adaptation/api.go

@@ -25,6 +25,8 @@ import (
 //
 
 // Aliased request/response/event types for api/api.proto.
+//
+//nolint:revive // revive thinks the comment is for the exported type below
 type (
 	RegisterPluginRequest    = api.RegisterPluginRequest
 	RegisterPluginResponse   = api.Empty
@@ -134,6 +136,8 @@ const (
 )
 
 // Aliased types for api/optional.go.
+//
+//nolint:revive // revive thinks the comment is for the exported type below
 type (
 	OptionalString   = api.OptionalString
 	OptionalInt      = api.OptionalInt

pkg/adaptation/builtin/plugin.go

@@ -22,12 +22,19 @@ import (
 	"github.com/containerd/nri/pkg/api"
 )
 
+// BuiltinPlugin implements the NRI API and runs in-process
+// within the container runtime.
+//
+//nolint:revive // tautology builtin.Builtin*
 type BuiltinPlugin struct {
 	Base     string
 	Index    string
 	Handlers BuiltinHandlers
 }
 
+// BuiltinHandlers contains request handlers for the builtin plugin.
+//
+//nolint:revive // tautology builtin.Builtin*
 type BuiltinHandlers struct {
 	Configure            func(context.Context, *api.ConfigureRequest) (*api.ConfigureResponse, error)
 	Synchronize          func(context.Context, *api.SynchronizeRequest) (*api.SynchronizeResponse, error)
@@ -48,6 +55,7 @@ type BuiltinHandlers struct {
 	ValidateContainerAdjustment func(context.Context, *api.ValidateContainerAdjustmentRequest) error
 }
 
+// Configure implements PluginService of the NRI API.
 func (b *BuiltinPlugin) Configure(ctx context.Context, req *api.ConfigureRequest) (*api.ConfigureResponse, error) {
 	var (
 		rpl = &api.ConfigureResponse{}
@@ -110,38 +118,44 @@ func (b *BuiltinPlugin) Configure(ctx context.Context, req *api.ConfigureRequest
 	return rpl, err
 }
 
+// Synchronize implements PluginService of the NRI API.
 func (b *BuiltinPlugin) Synchronize(ctx context.Context, req *api.SynchronizeRequest) (*api.SynchronizeResponse, error) {
 	if b.Handlers.Synchronize != nil {
 		return b.Handlers.Synchronize(ctx, req)
 	}
 	return &api.SynchronizeResponse{}, nil
 }
 
+// Shutdown implements PluginService of the NRI API.
 func (b *BuiltinPlugin) Shutdown(context.Context, *api.ShutdownRequest) (*api.ShutdownResponse, error) {
 	return &api.ShutdownResponse{}, nil
 }
 
+// CreateContainer implements PluginService of the NRI API.
 func (b *BuiltinPlugin) CreateContainer(ctx context.Context, req *api.CreateContainerRequest) (*api.CreateContainerResponse, error) {
 	if b.Handlers.CreateContainer != nil {
 		return b.Handlers.CreateContainer(ctx, req)
 	}
 	return &api.CreateContainerResponse{}, nil
 }
 
+// UpdateContainer implements PluginService of the NRI API.
 func (b *BuiltinPlugin) UpdateContainer(ctx context.Context, req *api.UpdateContainerRequest) (*api.UpdateContainerResponse, error) {
 	if b.Handlers.UpdateContainer != nil {
 		return b.Handlers.UpdateContainer(ctx, req)
 	}
 	return &api.UpdateContainerResponse{}, nil
 }
 
+// StopContainer implements PluginService of the NRI API.
 func (b *BuiltinPlugin) StopContainer(ctx context.Context, req *api.StopContainerRequest) (*api.StopContainerResponse, error) {
 	if b.Handlers.StopContainer != nil {
 		return b.Handlers.StopContainer(ctx, req)
 	}
 	return &api.StopContainerResponse{}, nil
 }
 
+// StateChange implements PluginService of the NRI API.
 func (b *BuiltinPlugin) StateChange(ctx context.Context, evt *api.StateChangeEvent) (*api.StateChangeResponse, error) {
 	var err error
 	switch evt.Event {
@@ -182,20 +196,23 @@ func (b *BuiltinPlugin) StateChange(ctx context.Context, evt *api.StateChangeEve
 	return &api.StateChangeResponse{}, err
 }
 
+// UpdatePodSandbox implements PluginService of the NRI API.
 func (b *BuiltinPlugin) UpdatePodSandbox(ctx context.Context, req *api.UpdatePodSandboxRequest) (*api.UpdatePodSandboxResponse, error) {
 	if b.Handlers.UpdatePodSandbox != nil {
 		return b.Handlers.UpdatePodSandbox(ctx, req)
 	}
 	return &api.UpdatePodSandboxResponse{}, nil
 }
 
+// PostUpdatePodSandbox is a handler for the PostUpdatePodSandbox event.
 func (b *BuiltinPlugin) PostUpdatePodSandbox(ctx context.Context, req *api.PostUpdatePodSandboxRequest) error {
 	if b.Handlers.PostUpdatePodSandbox != nil {
 		return b.Handlers.PostUpdatePodSandbox(ctx, req)
 	}
 	return nil
 }
 
+// ValidateContainerAdjustment implements PluginService of the NRI API.
 func (b *BuiltinPlugin) ValidateContainerAdjustment(ctx context.Context, req *api.ValidateContainerAdjustmentRequest) (*api.ValidateContainerAdjustmentResponse, error) {
 	if b.Handlers.ValidateContainerAdjustment != nil {
 		if err := b.Handlers.ValidateContainerAdjustment(ctx, req); err != nil {

pkg/api/adjustment.go

@@ -116,6 +116,7 @@ func (a *ContainerAdjustment) AddHooks(h *Hooks) {
 	}
 }
 
+// AddRlimit records the addition of rlimit (POSIX resource limits) to a container.
 func (a *ContainerAdjustment) AddRlimit(typ string, hard, soft uint64) {
 	a.initRlimits()
 	a.Rlimits = append(a.Rlimits, &POSIXRlimit{

pkg/api/container.go

@@ -18,6 +18,7 @@ package api
 
 import "time"
 
+// GetCreatedAtTime returns the time the container was created at as time.Time.
 func (x *Container) GetCreatedAtTime() time.Time {
 	t := time.Time{}
 	if x != nil {
@@ -26,6 +27,7 @@ func (x *Container) GetCreatedAtTime() time.Time {
 	return t
 }
 
+// GetStartedAtTime returns the time the container was started at as time.Time.
 func (x *Container) GetStartedAtTime() time.Time {
 	t := time.Time{}
 	if x != nil {
@@ -34,6 +36,7 @@ func (x *Container) GetStartedAtTime() time.Time {
 	return t
 }
 
+// GetFinishedAtTime returns the time the container was finished at as time.Time.
 func (x *Container) GetFinishedAtTime() time.Time {
 	t := time.Time{}
 	if x != nil {

pkg/api/event.go

@@ -26,6 +26,7 @@ const (
 	ValidEvents = EventMask((1 << (Event_LAST - 1)) - 1)
 )
 
+//nolint:revive // exported type should have comment
 type (
 	// Define *Request/*Response type aliases for *Event/Empty pairs.
 

pkg/api/ioprio.go

@@ -47,7 +47,7 @@ func (ioprio *LinuxIOPriority) ToOCI() *rspec.LinuxIOPriority {
 	}
 }
 
-// FromOCIIOPrioClass returns the IOPrioClass corresponding the the given
+// FromOCIIOPriorityClass returns the IOPrioClass corresponding the the given
 // OCI IOPriorityClass.
 func FromOCIIOPriorityClass(o rspec.IOPriorityClass) IOPrioClass {
 	return IOPrioClass(IOPrioClass_value[string(o)])

pkg/api/owners.go

@@ -14,6 +14,9 @@
    limitations under the License.
 */
 
+// TODO: Add comments to exported methods and functions.
+//
+//nolint:revive // exported symbols should have comments
 package api
 
 import (

pkg/api/plugin.go

@@ -51,6 +51,7 @@ func CheckPluginIndex(idx string) error {
 	if len(idx) != 2 {
 		return fmt.Errorf("invalid plugin index %q, must be 2 digits", idx)
 	}
+	//nolint:staticcheck // could apply De Morgan's law
 	if !('0' <= idx[0] && idx[0] <= '9') || !('0' <= idx[1] && idx[1] <= '9') {
 		return fmt.Errorf("invalid plugin index %q (not [0-9][0-9])", idx)
 	}

pkg/api/seccomp.go

@@ -20,6 +20,7 @@ import (
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
+// FromOCILinuxSeccomp converts an seccomp configuration from an OCI runtime spec.
 func FromOCILinuxSeccomp(o *rspec.LinuxSeccomp) *LinuxSeccomp {
 	var errno *OptionalUInt32
 	if o.DefaultErrnoRet != nil {
@@ -47,6 +48,7 @@ func FromOCILinuxSeccomp(o *rspec.LinuxSeccomp) *LinuxSeccomp {
 	}
 }
 
+// FromOCILinuxSyscalls converts seccomp syscalls configuration from an OCI runtime spec.
 func FromOCILinuxSyscalls(o []rspec.LinuxSyscall) []*LinuxSyscall {
 	syscalls := make([]*LinuxSyscall, len(o))
 
@@ -67,6 +69,7 @@ func FromOCILinuxSyscalls(o []rspec.LinuxSyscall) []*LinuxSyscall {
 	return syscalls
 }
 
+// FromOCILinuxSeccompArgs converts seccomp syscall args from an OCI runtime spec.
 func FromOCILinuxSeccompArgs(o []rspec.LinuxSeccompArg) []*LinuxSeccompArg {
 	args := make([]*LinuxSeccompArg, len(o))
 
@@ -82,6 +85,7 @@ func FromOCILinuxSeccompArgs(o []rspec.LinuxSeccompArg) []*LinuxSeccompArg {
 	return args
 }
 
+// ToOCILinuxSyscalls converts seccomp syscalls configuration to an OCI runtime spec.
 func ToOCILinuxSyscalls(o []*LinuxSyscall) []rspec.LinuxSyscall {
 	syscalls := make([]rspec.LinuxSyscall, len(o))
 
@@ -103,6 +107,7 @@ func ToOCILinuxSyscalls(o []*LinuxSyscall) []rspec.LinuxSyscall {
 	return syscalls
 }
 
+// ToOCILinuxSeccompArgs converts seccomp syscall args to an OCI runtime spec.
 func ToOCILinuxSeccompArgs(o []*LinuxSeccompArg) []rspec.LinuxSeccompArg {
 	args := make([]rspec.LinuxSeccompArg, len(o))
 

pkg/api/strip.go

@@ -223,7 +223,7 @@ func (c *LinuxCPU) Strip() *LinuxCPU {
 		return nil
 	}
 
-	empty := true
+	empty := true //nolint:staticcheck // could merge conditional assignment below to variable definition
 
 	if c.Shares != nil {
 		empty = false
@@ -262,7 +262,7 @@ func (m *LinuxMemory) Strip() *LinuxMemory {
 		return nil
 	}
 
-	empty := true
+	empty := true //nolint:staticcheck // could merge conditional assignment below to variable definition
 
 	if m.Limit != nil {
 		empty = false

pkg/api/validate.go

@@ -20,22 +20,26 @@ import (
 	"fmt"
 )
 
+// AddPlugin records a plugin for the validation request.
 func (v *ValidateContainerAdjustmentRequest) AddPlugin(name, index string) {
 	v.Plugins = append(v.Plugins, &PluginInstance{
 		Name:  name,
 		Index: index,
 	})
 }
 
+// AddResponse records the container adjustments and updates to validate from a CreateContainerResponse.
 func (v *ValidateContainerAdjustmentRequest) AddResponse(rpl *CreateContainerResponse) {
 	v.Adjust = rpl.Adjust
 	v.Update = rpl.Update
 }
 
+// AddOwners sets the owning plugins for the container adjustment request.
 func (v *ValidateContainerAdjustmentRequest) AddOwners(owners *OwningPlugins) {
 	v.Owners = owners
 }
 
+// ValidationResult returns the validation result as an error (non-nil if rejected).
 func (v *ValidateContainerAdjustmentResponse) ValidationResult(plugin string) error {
 	if !v.Reject {
 		return nil
@@ -49,6 +53,7 @@ func (v *ValidateContainerAdjustmentResponse) ValidationResult(plugin string) er
 	return fmt.Errorf("validator %q rejected container adjustment, reason: %s", plugin, reason)
 }
 
+// GetPluginMap returns a map of plugin name to PluginInstance.
 func (v *ValidateContainerAdjustmentRequest) GetPluginMap() map[string]*PluginInstance {
 	if v == nil {
 		return nil