summaryrefslogtreecommitdiffstats
path: root/.golangci.yml
Commit message (Collapse)AuthorAgeFilesLines
* Fix .golangci.yml (#22868)zeripath2023-02-111-1/+1
| | | | | | | | | When we updated the .golangci.yml for 1.20 we should have used a string as 1.20 is not a valid number. In doing so we need to restore the nolint markings within the pq driver. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor git command package to improve security and maintainability (#22678)wxiaoguang2023-02-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR follows #21535 (and replace #22592) ## Review without space diff https://github.com/go-gitea/gitea/pull/22678/files?diff=split&w=1 ## Purpose of this PR 1. Make git module command completely safe (risky user inputs won't be passed as argument option anymore) 2. Avoid low-level mistakes like https://github.com/go-gitea/gitea/pull/22098#discussion_r1045234918 3. Remove deprecated and dirty `CmdArgCheck` function, hide the `CmdArg` type 4. Simplify code when using git command ## The main idea of this PR * Move the `git.CmdArg` to the `internal` package, then no other package except `git` could use it. Then developers could never do `AddArguments(git.CmdArg(userInput))` any more. * Introduce `git.ToTrustedCmdArgs`, it's for user-provided and already trusted arguments. It's only used in a few cases, for example: use git arguments from config file, help unit test with some arguments. * Introduce `AddOptionValues` and `AddOptionFormat`, they make code more clear and simple: * Before: `AddArguments("-m").AddDynamicArguments(message)` * After: `AddOptionValues("-m", message)` * - * Before: `AddArguments(git.CmdArg(fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email)))` * After: `AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email)` ## FAQ ### Why these changes were not done in #21535 ? #21535 is mainly a search&replace, it did its best to not change too much logic. Making the framework better needs a lot of changes, so this separate PR is needed as the second step. ### The naming of `AddOptionXxx` According to git's manual, the `--xxx` part is called `option`. ### How can it guarantee that `internal.CmdArg` won't be not misused? Go's specification guarantees that. Trying to access other package's internal package causes compilation error. And, `golangci-lint` also denies the git/internal package. Only the `git/command.go` can use it carefully. ### There is still a `ToTrustedCmdArgs`, will it still allow developers to make mistakes and pass untrusted arguments? Generally speaking, no. Because when using `ToTrustedCmdArgs`, the code will be very complex (see the changes for examples). Then developers and reviewers can know that something might be unreasonable. ### Why there was a `CmdArgCheck` and why it's removed? At the moment of #21535, to reduce unnecessary changes, `CmdArgCheck` was introduced as a hacky patch. Now, almost all code could be written as `cmd := NewCommand(); cmd.AddXxx(...)`, then there is no need for `CmdArgCheck` anymore. ### Why many codes for `signArg == ""` is deleted? Because in the old code, `signArg` could never be empty string, it's either `-S[key-id]` or `--no-gpg-sign`. So the `signArg == ""` is just dead code. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* update to build with go1.20 (#22732)techknowlogick2023-02-031-2/+2
| | | | | | | as title --------- Co-authored-by: Lauris BH <lauris@nix.lv>
* Add more packages to denylist (#22412)Jason Song2023-01-121-1/+2
| | | | | | | | | | | | | | | After this, we can remove [`denylist_imports`](https://gitea.com/gitea/gitea-vet/src/branch/master/checks/denylisted-imports.go#L13) in gitea-vet ([gitea-vet/pulls/23](https://gitea.com/gitea/gitea-vet/pulls/23)). ```go deniedImports = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"} ``` However, we needn't keep `gitea.com/gitea/go-crypto` any longer, it's gone and can't be imported again. Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Update go dev dependencies (#22064)silverwind2022-12-081-17/+17
| | | | | `golangci-lint` [deprecated](https://github.com/golangci/golangci-lint/issues/1841) a bunch of linters, removed them.
* Simplify fmt-check (#21458)silverwind2022-10-161-4/+0
| | | | | | | | | `fmt-check` now simply does `fmt` before and relies on `git diff` like other checks like 'tidy-check' already do, so we can remove the argument in the tool that handles printing changed files. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Configure golangci-lint to show all issues (#21106)silverwind2022-09-201-1/+3
| | | | | | | | golangci by default [limits](https://golangci-lint.run/usage/configuration/#issues-configuration) "same issues" to 3 which can be hindering when many issues are present. Change it to always show all issues. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add badge capabilities to users (#20607)techknowlogick2022-08-181-0/+4
| | | | | Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Switch to building with go1.19 (#20695)techknowlogick2022-08-071-2/+2
|
* Add more linters to improve code readability (#19989)Wim2022-06-201-0/+9
| | | | | | | | | | Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability - nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length. - unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions - wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements. - notlintlint - Reports ill-formed or insufficient nolint directives - stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)
* Update go tool dependencies (#19676)silverwind2022-05-101-3/+0
| | | | | | | | | | | * Update go tool dependencies Updated all tool dependencies to latest tags, hoping CI will like it. * fix new lint errors * handle more strings.Title cases * remove lint skip
* Refactor legacy `unknwon/com` package, improve golangci lint (#19284)wxiaoguang2022-04-011-2/+12
| | | | | | | | The main purpose is to refactor the legacy `unknwon/com` package. 1. Remove most imports of `unknwon/com`, only `util/legacy.go` imports the legacy `unknwon/com` 2. Use golangci's depguard to process denied packages 3. Fix some incorrect values in golangci.yml, eg, the version should be quoted string `"1.18"` 4. Use correctly escaped content for `go-import` and `go-source` meta tags 5. Refactor `com.Expand` to our stable (and the same fast) `vars.Expand`, our `vars.Expand` can still return partially rendered content even if the template is not good (eg: key mistach).
* Add 1.18 (#19151)Sasha Melentyev2022-03-211-1/+2
| | | Co-authored-by: 6543 <6543@obermui.de>
* use go1.18 to build gitea (#19099)techknowlogick2022-03-161-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | * use go1.18 to build gitea& update min go version to 1.17 * bump in a few more places * add a few simple tests for isipprivate * update go.mod * update URL to https://go.dev/dl/ * golangci-lint * attempt golangci-lint workaround * change version * bump fumpt version * skip strings.title test * go mod tidy * update tests as some aren't private?? * update tests
* Use `go run` for tool dependencies, require go 1.17 (#18874)silverwind2022-03-151-2/+2
| | | | | | | | | | This ensures the tools only run in the versions we've tested and it also does not polute PATH with those tools so they are truly isolated. This syntax of `go run` requires go 1.17, so the minimum version is set accordingly. Fixes: https://github.com/go-gitea/gitea/issues/18867 Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Reduce CI go module downloads, add make targets (#18708)silverwind2022-02-121-0/+4
| | | | | | | | | | | | | The CI currently downloads all go modules in each pipeline step because go modules reside outside the project directory. Fix this by introducing a volume for the `/go` directory [1] so modules are only downloaded once per pipeline using a new `deps-backend` make target. For completeness, I also included new `deps` and `deps-frontend` targets and the frontend one is also triggered explicitly on CI where needed. [1] https://docs.drone.io/pipeline/kubernetes/examples/language/golang/#dependencies
* format with gofumpt (#18184)65432022-01-201-0/+4
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* chore(lint): use golangci-lint to call revive and misspell checker. (#18145)Bo-Yi Wu2022-01-021-0/+29
| | | | | | replace revive and misspell with golangci-lint Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* Remove unnecessary variable assignments (#17695)Gusted2021-11-181-0/+1
| | | | | | | | | | * Remove unnecessary variable assignments As title * enable ineffassign Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move user follow and openid into models/user/ (#17613)Lunny Xiao2021-11-171-0/+3
| | | | | | | | | | | | | | | | | | | | | | | * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID
* Enable bidichk (#17610)Gusted2021-11-171-0/+1
| | | | | | - https://github.com/breml/bidichk Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Remove `golint` as linter (#17609)Gusted2021-11-111-1/+0
| | | | | | | | | | - Partialy resolvess #17596 - In the newer versions of `golangci-lint`, golint is deprecated and replaced by the `revive` linter. Thus removing the `golint` linter is a good idea, as we're already using the `revive` linter which covers all the current `golint` cases. Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-241-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* Refactor routers directory (#15800)Lunny Xiao2021-06-091-3/+1
| | | | | | | | | | | * refactor routers directory * move func used for web and api to common * make corsHandler a function to prohibit side efects * rm unused func Co-authored-by: 6543 <6543@obermui.de>
* Drop back to use IsAnInteractiveSession for SVC (#15749)zeripath2021-05-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | * Drop back to use IsAnInteractiveSession for SVC There is an apparent permission change problem when using IsWindowsService to determine if the SVC manager should be used. This PR simply drops back to using IsAnInteractiveSession as this does not change behaviour. Fix #15454 Signed-off-by: Andrew Thornton <art27@cantab.net> * Yes staticcheck I know this is deprecated Signed-off-by: Andrew Thornton <art27@cantab.net> * Just leave me alone lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Fix typo in .golangci.yml (#14933)Ikko Ashimine2021-03-091-1/+1
| | | occured -> occurred
* Move macaron to chi (#14293)Lunny Xiao2021-01-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Move webhook type from int to string (#13664)Lunny Xiao2020-12-081-0/+3
| | | | | | | | | | | | | | * Move webhook type from int to string * rename webhook_services * finish refactor * Fix merge * Ignore unnecessary ci Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Introduce go chi web framework as frontend of macaron, so that we can move ↵Lunny Xiao2020-11-131-1/+1
| | | | | | | | | routes from macaron to chi step by step (#7420) * When route cannot be found on chi, go to macaron * Stick chi version to 1.5.0 * Follow router log setting
* Update golangci-lint to version 1.31.0 (#13102)kolaente2020-10-111-0/+6
| | | | | | | This PR updates golangci-lint to the latest version 1.31.0. The upgrade introduced a new check for which I've fixed or disabled most cases. Signed-off-by: kolaente <k@knt.li>
* Add default storage configurations (#12813)Lunny Xiao2020-09-291-0/+3
| | | | Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Improve push update options (#10105)Lunny Xiao2020-02-021-0/+3
| | | | | | | | | | | | | | * Improve push update options * fix test * More refactor and fix lint * fix lint * Fix lint Co-authored-by: Lauris BH <lauris@nix.lv>
* Add API for Issue set Subscription (#8729)65432019-11-021-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add issue subscriber API * subscribers return []user.APIFormat * add comments * more meaningfull description * without "reqToken()" api works ... * should be still secure beause ctx.user has to be there or nothing will hapen * FIX: getIssueWatchers() get only aktive suscriber * add return avter error on right position * Revert "FIX: getIssueWatchers() get only aktive suscriber" This reverts commit 5eca9291858a821981992b0aaa38cef610d84bca. * Update routers/api/v1/repo/issue.go Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * test go linter again * update swagger * GetIssueWatchers -> GetIssueSubscribers part one Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * GetIssueWatchers -> GetIssueSubscribers part two * Revert "test go linter again" This reverts commit bab12356227e44334de113b76f12099de0b8aaa6. * change description for unsubscribe too * golangci-lint timeout avter 5min * move issueSubscription to seperate file * dont create black entitys * use IsWatching until refactoring * Update License Info * better swagger description * Update .golangci.yml because functions moved from issue.go to issue_subscription.go * add IssueWatchList type * batch tasks * use e Engien * add error handling * error should be the last type when returning multiple items * short version * reurn empy UserList instead of nil
* Update golangci to v1.20 (#8432)kolaente2019-10-081-0/+3
| | | | | | | | | | * Update golangci to v1.20 Signed-off-by: kolaente <k@knt.li> * Use the timeout flag instead of deadline, move it to config Signed-off-by: kolaente <k@knt.li>
* Use gitea forked macaron (#7933)Tamal Saha2019-08-231-9/+0
| | | Signed-off-by: Tamal Saha <tamal@appscode.com>
* Update golangci-lint to v1.17.1 (#7848)techknowlogick2019-08-131-0/+3
|
* Add golangci (#6418)kolaente2019-06-121-0/+97