diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b0541b8..727550b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,15 +24,15 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@4c3e5362829f0b0bb62ff5f6c938d7f95574c306 #v2.21.1 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@4c3e5362829f0b0bb62ff5f6c938d7f95574c306 #v2.21.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@4c3e5362829f0b0bb62ff5f6c938d7f95574c306 #v2.21.1 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2ef2a46..4a37608 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -22,7 +22,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Docker buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 65dc859..4869c1f 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -12,12 +12,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version: stable - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd #v7.0.0 with: - version: v1.58.1 + version: v2.1.2 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 737eb7a..34cc41b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -37,9 +37,9 @@ jobs: runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version: ${{ matrix.go-version }} @@ -48,4 +48,4 @@ jobs: - name: Upload coverage to Codecov if: ${{ matrix.update-coverage }} - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 + uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 diff --git a/.golangci.yml b/.golangci.yml index d08bcd5..8252e1b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,25 +1,31 @@ +version: "2" linters: enable: - dogsled - dupl - errorlint - - goimports - gosec - misspell - nakedret - - stylecheck - unconvert - unparam - whitespace -issues: - exclude-rules: - # Some cache implementations use md5 hashes for cached filenames. There is - # a slight risk of cache poisoning if an attacker could construct a URL - # with the same hash, but the URL would also need to be allowed by the - # proxy's security settings (host allowlist, URL signature, etc). Changing - # these to a more secure hash algorithm would result in 100% cache misses - # when users upgrade. For now, just leave these alone. - - path: internal/.*cache - linters: gosec - text: G(401|501) + # TODO: fix issues and reenable these checks + disable: + - errcheck + - gosec + - staticcheck + + exclusions: + rules: + # Some cache implementations use md5 hashes for cached filenames. There is + # a slight risk of cache poisoning if an attacker could construct a URL + # with the same hash, but the URL would also need to be allowed by the + # proxy's security settings (host allowlist, URL signature, etc). Changing + # these to a more secure hash algorithm would result in 100% cache misses + # when users upgrade. For now, just leave these alone. + - path: internal/.*cache + linters: + - gosec + text: G(401|501)