Bump golangci/golangci-lint-action in the github-actions group (#416)

Bumps the github-actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 6 to 7 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-15 06:56:40 +00:00 · 2025-03-31 11:29:39 -07:00 · 2025-03-31 11:29:39 -07:00 · 50b610bb61
commit 50b610bb61
parent ae4b8b8d16
7 changed files with 33 additions and 15 deletions
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -13,6 +13,6 @@ jobs:
          go-version: 1.24.x
      - uses: actions/checkout@v4
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v7
        with:
-          version: v1.64.6
+          version: v2.0.2
--- a/.golangci.yaml
+++ b/.golangci.yaml
@ -1,5 +1,24 @@
+version: "2"
 linters:
-  enable:
-    - gofmt
  disable:
    - errcheck
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
--- a/attest/eventlog.go
+++ b/attest/eventlog.go
@ -27,9 +27,6 @@ import (
 	"sort"
 	"strings"

-	// Ensure hashes are available.
-	_ "crypto/sha256"
-
 	"github.com/google/go-tpm/legacy/tpm2"
 	"github.com/google/go-tpm/tpmutil"
 )
--- a/attest/tpm_other.go
+++ b/attest/tpm_other.go
@ -27,6 +27,6 @@ func probeSystemTPMs() ([]probedTPM, error) {
 	return nil, errUnsupported
 }

-func openTPM(tpm probedTPM) (*TPM, error) {
+func openTPM(probedTPM) (*TPM, error) {
 	return nil, errUnsupported
 }
--- a/attest/win_events.go
+++ b/attest/win_events.go
@ -337,7 +337,7 @@ type microsoftEventHeader struct {
 // not handled. Unlike other events in the TCG log, it is safe to skip
 // unhandled SIPA events, as they are embedded within EventTag structures,
 // and these structures should match the event digest.
-var unknownSIPAEvent = errors.New("unknown event")
+var errUnknownSIPAEvent = errors.New("unknown event")

 func (w *WinEvents) readBooleanInt64Event(header microsoftEventHeader, r *bytes.Reader) error {
 	if header.Size != 8 {
@ -783,7 +783,7 @@ func (w *WinEvents) readSIPAEvent(r *bytes.Reader, pcr int) error {
 			return fmt.Errorf("reading unknown data section of length %d: %w", header.Size, err)
 		}

-		return unknownSIPAEvent
+		return errUnknownSIPAEvent
 	}
 }

@ -800,7 +800,7 @@ func (w *WinEvents) readWinEventBlock(evt *internal.TaggedEventData, pcr int) er

 	for r.Len() > 0 {
 		if err := w.readSIPAEvent(r, pcr); err != nil {
-			if errors.Is(err, unknownSIPAEvent) {
+			if errors.Is(err, errUnknownSIPAEvent) {
 				// Unknown SIPA events are okay as all TCG events are verifiable.
 				continue
 			}
--- a/attest/wrapped_tpm20.go
+++ b/attest/wrapped_tpm20.go
@ -221,7 +221,7 @@ func (t *wrappedTPM20) eks() ([]EK, error) {

 	i, err := t.info()
 	if err != nil {
-		return nil, fmt.Errorf("Retrieving TPM info failed: %v", err)
+		return nil, fmt.Errorf("retrieving TPM info failed: %v", err)
 	}
 	ekPub := &rsa.PublicKey{
 		E: int(pub.RSAParameters.Exponent()),
--- a/attributecert/attributecert.go
+++ b/attributecert/attributecert.go
@ -447,13 +447,14 @@ type PlatformConfigurationV1 struct {
 }

 func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) {
-	if v.Tag == asn1.TagSet {
+	switch v.Tag {
+	case asn1.TagSet:
 		var e pkix.AttributeTypeAndValue
 		if _, err := asn1.Unmarshal(v.Bytes, &e); err != nil {
 			return nil, err
 		}
 		return []pkix.AttributeTypeAndValue{e}, nil
-	} else if v.Tag == asn1.TagOctetString {
+	case asn1.TagOctetString:
 		var attributes []pkix.AttributeTypeAndValue
 		var platformData PlatformDataSequence
 		rest, err := asn1.Unmarshal(v.Bytes, &platformData)
@ -468,8 +469,9 @@ func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) {
 			}
 		}
 		return attributes, nil
+	default:
+		return nil, fmt.Errorf("attributecert: unexpected SAN type %v", v.Tag)
 	}
-	return nil, fmt.Errorf("attributecert: unexpected SAN type %v", v.Tag)
 }

 func parseAttributeCertificate(in *attributeCertificate) (*AttributeCertificate, error) {