107 lines
2.8 KiB
YAML
107 lines
2.8 KiB
YAML
version: "2"
|
|
run:
|
|
tests: true
|
|
build-tags:
|
|
- mage
|
|
linters:
|
|
enable:
|
|
- asasalint
|
|
- asciicheck
|
|
- bidichk
|
|
- bodyclose
|
|
- contextcheck
|
|
- err113
|
|
- errchkjson
|
|
- errorlint
|
|
- exhaustive
|
|
- gocheckcompilerdirectives
|
|
- gochecksumtype
|
|
- gocritic
|
|
- gocyclo
|
|
- goheader
|
|
- gosec
|
|
- gosmopolitan
|
|
- loggercheck
|
|
- makezero
|
|
- misspell
|
|
- nilerr
|
|
- nilnesserr
|
|
- noctx
|
|
- protogetter
|
|
- reassign
|
|
- recvcheck
|
|
- revive
|
|
- rowserrcheck
|
|
- testifylint
|
|
- unparam
|
|
disable:
|
|
- durationcheck
|
|
- goconst
|
|
- musttag
|
|
settings:
|
|
goheader:
|
|
template-path: code-header-template.txt
|
|
exclusions:
|
|
generated: lax
|
|
presets:
|
|
- comments
|
|
- common-false-positives
|
|
- legacy
|
|
- std-error-handling
|
|
rules:
|
|
# Tests compose dynamic error messages and exercise edge cases — let
|
|
# them. Mirrors the parent repo's _test.go carve-outs.
|
|
- linters:
|
|
- err113
|
|
- errorlint
|
|
- gocyclo
|
|
path: _test\.go
|
|
- linters:
|
|
- gocritic
|
|
text: 'commentFormatting: put a space between `//` and comment text'
|
|
# The veans CLI uses fmt.Errorf and output.New/Wrap intentionally —
|
|
# err113's "no dynamic errors" rule isn't a fit for user-facing CLI
|
|
# errors that are routinely templated with parameters.
|
|
- linters:
|
|
- err113
|
|
path: ".*"
|
|
text: 'do not define dynamic errors, use wrapped static errors instead:'
|
|
# mage build tooling is internal — gosec subprocess flags don't apply.
|
|
- linters:
|
|
- err113
|
|
- gosec
|
|
path: magefile.go
|
|
# term.ReadPassword takes int(*os.File.Fd()) — canonical Go idiom.
|
|
- linters:
|
|
- gosec
|
|
text: 'G115: integer overflow conversion uintptr -> int'
|
|
# Password / AccessToken / RefreshToken are intentional API model
|
|
# fields, mirroring the parent repo's exclusion.
|
|
- linters:
|
|
- gosec
|
|
text: 'G117:'
|
|
# veans is an HTTP CLI: G704 (SSRF) and G705 (XSS via Fprintf to a
|
|
# terminal) are categorically false positives for this codebase.
|
|
- linters:
|
|
- gosec
|
|
text: 'G70[45]:'
|
|
# E2E helpers run subprocesses with controlled inputs (git, the
|
|
# built veans binary). G204 (subprocess) and G703 (path traversal)
|
|
# don't apply to test infrastructure.
|
|
- linters:
|
|
- gosec
|
|
path: e2e/
|
|
text: 'G(204|306|703):'
|
|
# .veans.yml + agent hook config files are committed to the repo
|
|
# and intentionally world-readable; 0o644 is correct.
|
|
- linters:
|
|
- gosec
|
|
path: internal/(config|bootstrap)/.*\.go
|
|
text: 'G306:'
|
|
formatters:
|
|
enable:
|
|
- gofmt
|
|
- goimports
|
|
exclusions:
|
|
generated: lax
|