build: setup linting + CI to match server

keratin · Nov 5, 2023 · f054d32 · f054d32
1 parent 19d3a4d
commit f054d32
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 17 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,53 @@
+name: Integration
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  lint:
+    name: Lint
+    runs-on:
+      labels: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+          cache: false
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Require: The version of golangci-lint to use.
+          # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
+          # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
+          version: latest
+          args: --timeout=5m
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+      - run: go version
+      - run: go mod download
+
+      - name: Run tests
+        run: |
+          go test \
+            -race \
+            -covermode=atomic \
+            -coverprofile=coverage.out \
+            ./...
+      - name: Report coverage
+        uses: shogo82148/actions-goveralls@v1
+        with:
+          path-to-profile: coverage.out
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,3 @@
+linters:
+  enable:
+    - gosec
diff --git a/Makefile b/Makefile
@@ -15,3 +15,7 @@ release: test
 	git push
 	git push --tags
 	open https://github.com/$(NAME)/releases/tag/v$(VERSION)
+
+lint:
+	@which golangci-lint > /dev/null || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin
+	golangci-lint run --config .golangci.yml
diff --git a/authn/internal_client.go b/authn/internal_client.go
@@ -170,6 +170,7 @@ func (ic *internalClient) absoluteURL(path string) string {
 }
 
 // unused. this will eventually execute private admin actions.
+// nolint: unused
 func (ic *internalClient) get(path string, dest interface{}) (int, error) {
 	resp, err := http.Get(ic.absoluteURL(path))
 	if err != nil {

diff --git a/authn/internal_client_test.go b/authn/internal_client_test.go
@@ -110,7 +110,7 @@ func TestICGetAccount(t *testing.T) {
 			w.WriteHeader(tc.response.code)
 			//if we're mocking a good request, return the json
 			if tc.response.code == http.StatusOK {
-				w.Write([]byte(`{
+				_, _ = w.Write([]byte(`{
 					"result": {
 						"id": ` + strconv.Itoa(tc.response.id) + `,
 						"username": "` + tc.response.username + `",
@@ -502,7 +502,7 @@ func TestICImportAccount(t *testing.T) {
 			assert.Equal(t, "/accounts/import", r.URL.Path)
 			w.WriteHeader(tc.response.code)
 			if tc.response.code == http.StatusCreated {
-				w.Write([]byte(`{
+				_, _ = w.Write([]byte(`{
 					"result": {
 						"id": ` + strconv.Itoa(tc.response.id) + `
 					}
@@ -762,7 +762,7 @@ func TestICErrorResponses(t *testing.T) {
 
 			w.WriteHeader(tc.response.code)
 			if tc.response.code != http.StatusOK {
-				w.Write([]byte(tc.response.body))
+				_, _ = w.Write([]byte(tc.response.body))
 			}
 		})
 

diff --git a/authn/keychain_cache_test.go b/authn/keychain_cache_test.go
@@ -3,13 +3,12 @@ package authn
 import (
 	"errors"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 
 	jose "gopkg.in/square/go-jose.v2"
 
-	"time"
-
 	"github.com/patrickmn/go-cache"
 )
 
@@ -97,9 +96,11 @@ func TestKeychainCacheTTL(t *testing.T) {
 	// Hacky test because we are screwing with internals
 	keychain_cache.keyCache = cache.New(time.Second, time.Second)
 
-	keychain_cache.Key("kid1")
+	_, err := keychain_cache.Key("kid1")
+	assert.NoError(t, err)
 	assert.Equal(t, 1, mock_provider.hit_count)
-	keychain_cache.Key("kid1")
+	_, err = keychain_cache.Key("kid1")
+	assert.NoError(t, err)
 	assert.Equal(t, 1, mock_provider.hit_count) //Because we cached itached
 
 	// Wait for cache to expire

diff --git a/authn/verifier.go b/authn/verifier.go
@@ -91,17 +91,10 @@ func (verifier *idTokenVerifier) claims(idToken string) (*Claims, error) {
 
 // Verify the claims against the configured values
 func (verifier *idTokenVerifier) verify(claims *Claims) error {
-	var err error
-
 	// Validate rest of the claims
-	err = claims.Validate(jwt.Expected{
+	return claims.Validate(jwt.Expected{
 		Issuer:   verifier.issuerURL.String(),
 		Time:     time.Now(),
 		Audience: verifier.audience,
 	})
-	if err != nil {
-		return err
-	}
-
-	return nil
 }
diff --git a/authn/verifier_test.go b/authn/verifier_test.go
@@ -19,7 +19,7 @@ import (
 
 func TestIDTokenVerifier(t *testing.T) {
 	// the good test key
-	defaultKey, err := rsa.GenerateKey(rand.Reader, 512)
+	defaultKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err)
 	defaultJWK := jose.JSONWebKey{Key: defaultKey, KeyID: "defaultKey"}
 
@@ -105,7 +105,7 @@ func TestIDTokenVerifier(t *testing.T) {
 	})
 
 	t.Run("signed by unknown keypair", func(t *testing.T) {
-		unknownKey, err := rsa.GenerateKey(rand.Reader, 512)
+		unknownKey, err := rsa.GenerateKey(rand.Reader, 2048)
 		require.NoError(t, err)
 		unknownJWK := jose.JSONWebKey{Key: unknownKey, KeyID: "unknownKey"}
 		unknownSigner, err := jose.NewSigner(