Merge pull request #300 from viveksahu26/fix_lint_errors

implement golangci-lint feature and fix linter Errors

.github/workflows/golangci-lint.yml

@@ -0,0 +1,30 @@
+
+name: golangci-lint
+
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request:
+
+permissions: {}
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: '1.22'
+          check-latest: true
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
+        with:
+          version: v1.59
+          args: --timeout=5m

cmd/compliance.go

@@ -69,7 +69,7 @@ func setupEngineParams(cmd *cobra.Command, args []string) *engine.Params {
 
 	engParams.Basic, _ = cmd.Flags().GetBool("basic")
 	engParams.Detailed, _ = cmd.Flags().GetBool("detailed")
-	engParams.Json, _ = cmd.Flags().GetBool("json")
+	engParams.JSON, _ = cmd.Flags().GetBool("json")
 
 	// engParams.Ntia, _ = cmd.Flags().GetBool("ntia")
 	engParams.Bsi, _ = cmd.Flags().GetBool("bsi")

cmd/dtrackScore.go

@@ -66,10 +66,10 @@ func extractArgs(cmd *cobra.Command, args []string) (*engine.DtParams, error) {
 	basic, _ := cmd.Flags().GetBool("basic")
 	detailed, _ := cmd.Flags().GetBool("detailed")
 
-	params.Url = url
-	params.ApiKey = apiKey
+	params.URL = url
+	params.APIKey = apiKey
 
-	params.Json = json
+	params.JSON = json
 	params.Basic = basic
 	params.Detailed = detailed
 
@@ -80,7 +80,7 @@ func extractArgs(cmd *cobra.Command, args []string) (*engine.DtParams, error) {
 		if err != nil {
 			return nil, err
 		}
-		params.ProjectIds = append(params.ProjectIds, argID)
+		params.ProjectIDs = append(params.ProjectIDs, argID)
 	}
 
 	return params, nil
@@ -90,8 +90,16 @@ func init() {
 	rootCmd.AddCommand(dtrackScoreCmd)
 	dtrackScoreCmd.Flags().StringP("url", "u", "", "dependency track url https://localhost:8080/")
 	dtrackScoreCmd.Flags().StringP("api-key", "k", "", "dependency track api key, requires VIEW_PORTFOLIO for scoring and PORTFOLIO_MANAGEMENT for tagging")
-	dtrackScoreCmd.MarkFlagRequired("url")
-	dtrackScoreCmd.MarkFlagRequired("api-key")
+	err := dtrackScoreCmd.MarkFlagRequired("url")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
+	err = dtrackScoreCmd.MarkFlagRequired("api-key")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
 
 	dtrackScoreCmd.Flags().BoolP("debug", "D", false, "enable debug logging")
 

cmd/generate.go

@@ -23,14 +23,16 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const features_file_name = "features.yaml"
-const features = "features"
+const (
+	featuresFileName = "features.yaml"
+	features         = "features"
+)
 
 // generateCmd represents the generate command
 var generateCmd = &cobra.Command{
 	Use:   "generate",
 	Short: "provides a comprehensive config generate for your sbom to get specific criteria",
-	RunE: func(cmd *cobra.Command, args []string) error {
+	RunE: func(_ *cobra.Command, args []string) error {
 		ctx := logger.WithLogger(context.Background())
 
 		if len(args) > 0 {
@@ -41,14 +43,13 @@ var generateCmd = &cobra.Command{
 			return fmt.Errorf(fmt.Sprintf("arguments missing%s", "list of valid command eg. features"))
 		}
 		return fmt.Errorf(fmt.Sprintf("invalid arguments%s", "list of valid command eg. features"))
-
 	},
 }
 
 func init() {
 	rootCmd.AddCommand(generateCmd)
 }
 
-func generateYaml(ctx context.Context) error {
-	return os.WriteFile(features_file_name, []byte(scorer.DefaultConfig()), 0755)
+func generateYaml(_ context.Context) error {
+	return os.WriteFile(featuresFileName, []byte(scorer.DefaultConfig()), 0o600)
 }

cmd/score.go

@@ -16,6 +16,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"log"
 	"os"
 	"strings"
 
@@ -82,7 +83,7 @@ var scoreCmd = &cobra.Command{
   sbomqs score --category NTIA-minimum-elements --feature sbom_authors samples/sbomqs-spdx-syft.json
 `,
 
-	Args: func(cmd *cobra.Command, args []string) error {
+	Args: func(_ *cobra.Command, args []string) error {
 		if len(args) <= 0 {
 			if len(inFile) <= 0 && len(inDirPath) <= 0 {
 				return fmt.Errorf("provide a path to an sbom file or directory of sbom files")
@@ -168,7 +169,7 @@ func toEngineParams(uCmd *userCmd) *engine.Params {
 		Path:       uCmd.path,
 		Category:   uCmd.category,
 		Features:   uCmd.features,
-		Json:       uCmd.json,
+		JSON:       uCmd.json,
 		Basic:      uCmd.basic,
 		Detailed:   uCmd.detailed,
 		Recurse:    uCmd.recurse,
@@ -212,12 +213,24 @@ func init() {
 	scoreCmd.Flags().BoolP("spdx", "", false, "limit scoring to spdx sboms")
 	scoreCmd.Flags().BoolP("cdx", "", false, "limit scoring to cdx sboms")
 	scoreCmd.MarkFlagsMutuallyExclusive("spdx", "cdx")
-	scoreCmd.Flags().MarkHidden("spdx")
-	scoreCmd.Flags().MarkHidden("cdx")
+	err := scoreCmd.Flags().MarkHidden("spdx")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
+	err = scoreCmd.Flags().MarkHidden("cdx")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
 
 	// Directory Control
 	scoreCmd.Flags().BoolP("recurse", "r", false, "recurse into subdirectories")
-	scoreCmd.Flags().MarkHidden("recurse")
+	err = scoreCmd.Flags().MarkHidden("recurse")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
 
 	// Output Control
 	scoreCmd.Flags().BoolP("json", "j", false, "results in json")
@@ -232,7 +245,24 @@ func init() {
 	scoreCmd.Flags().StringVar(&inDirPath, "dirpath", "", "sbom dir path")
 	scoreCmd.MarkFlagsMutuallyExclusive("filepath", "dirpath")
 	scoreCmd.Flags().StringVar(&reportFormat, "reportFormat", "", "reporting format basic/detailed/json")
-	scoreCmd.Flags().MarkDeprecated("reportFormat", "use --json, --detailed, or --basic instead")
-	scoreCmd.Flags().MarkDeprecated("filepath", "use positional argument instead")
-	scoreCmd.Flags().MarkDeprecated("dirpath", "use positional argument instead")
+	err = scoreCmd.Flags().MarkDeprecated("reportFormat", "use --json, --detailed, or --basic instead")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
+	err = scoreCmd.Flags().MarkDeprecated("filepath", "use positional argument instead")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
+	err = scoreCmd.Flags().MarkDeprecated("dirpath", "use positional argument instead")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
+	err = scoreCmd.Flags().MarkDeprecated("dirpath", "use positional argument instead")
+	if err != nil {
+		// Handle the error appropriately, such as logging it or returning it
+		log.Fatalf("Failed to mark flag as deprecated: %v", err)
+	}
 }

cmd/share.go

@@ -64,5 +64,4 @@ func init() {
 
 	//Debug Control
 	shareCmd.Flags().BoolP("debug", "D", false, "enable debug logging")
-
 }

cmd/version.go

@@ -15,8 +15,6 @@
 package cmd
 
 import (
-	_ "embed"
-
 	version "sigs.k8s.io/release-utils/version"
 )
 

golangci.yml

@@ -0,0 +1,25 @@
+linters:
+  disable-all: true
+  enable:
+    - asciicheck
+    - unused
+    - errcheck
+    - errorlint
+    - gofmt
+    - goimports
+    - gosec
+    - revive
+    - misspell
+    - stylecheck
+    - staticcheck
+    - unconvert
+    - whitespace
+
+linters-settings:
+  unparam:
+    exclude:
+      - 'setIgnore'
+
+run:
+  issues-exit-code: 1
+  timeout: 10m