upgrade go and dependencies

.github/workflows/after-merge-dependabot.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - name: Fetch dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.6.0
+        uses: dependabot/fetch-metadata@v2
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 

.github/workflows/golangci-lint.yml

@@ -0,0 +1,26 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  # pull-requests: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.22'
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.58

.github/workflows/goreleaser.yml

@@ -2,7 +2,7 @@ name: goreleaser
 
 on:
   push:
-    # not not consider simplec commit
+    # do not consider simple commit
     branches:
       - '!*'
     # consider only release and pre-release tags
@@ -22,21 +22,21 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.21"
+          go-version: "1.22"
 
       - name: cache go modules
         uses: actions/cache@v4
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          key: "${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}"
           restore-keys: |
             ${{ runner.os }}-go-
 
       - name: tests modules
         run: |
           go mod vendor
           if [ ! -z "$(git status --porcelain)" ]; then
-            echo "::error::vendor directory if not synched with go.mod, please run go mod vendor"
+            echo "::error::vendor directory if not synced with go.mod, please run go mod vendor"
             exit 1
           fi
 
@@ -65,7 +65,7 @@ jobs:
         if: success() && startsWith(github.ref, 'refs/tags/')
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           USER: github-actions

.github/workflows/unit-tests.yml

@@ -16,13 +16,13 @@ jobs:
       - name: set up go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.21"
+          go-version: "1.22"
 
       - name: cache go modules
         uses: actions/cache@v4
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          key: "${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}"
           restore-keys: |
             ${{ runner.os }}-go-
 

.golangci.yml

@@ -4,32 +4,25 @@ issues:
     - linters:
         - staticcheck
       text: "SA1019:"
-  max-per-linter: 0
   max-same-issues: 0
 
 linters:
   disable-all: true
   enable:
-    - deadcode
     - errcheck
     - gofmt
     - gosimple
     - ineffassign
     - misspell
     - staticcheck
-    - structcheck
     - unconvert
     - unused
-    - varcheck
-    - vet
+    - govet
     - bodyclose
 
 linters-settings:
-  errcheck:
-    ignore: os:MkdirAll,net/http:Write,fmt:.*,io:Close,io:Copy,github.com/hashicorp/terraform-plugin-sdk/helper/schema:ForceNew|Set|Partial|SetPartial
   gofmt:
     simplify: false
 
 run:
-  deadline: 5m
-  tests: false
+  tests: false

.goreleaser.yml

@@ -41,8 +41,3 @@ checksum:
 signs:
   - artifacts: checksum
     args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
-  #release:
-  # If you want to manually examine the release before its live, uncomment this line:
-#  draft: true
-changelog:
-  skip: true

bin/conver2schema.go

@@ -3,6 +3,8 @@ package main
 import (
 	"code.cloudfoundry.org/credhub-cli/credhub/credentials/generate"
 	"github.com/azer/snakecase"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 	"os"
 	"reflect"
 	"strings"
@@ -56,7 +58,7 @@ func main() {
 			typeName = tField.Type.Elem().Name()
 			tag.IsArray = true
 		}
-		tag.Type = strings.Title(typeName)
+		tag.Type = cases.Title(language.AmericanEnglish).String(typeName)
 		tag.TypeLower = typeName
 		tags = append(tags, tag)
 

credhub/data_source_helper.go

@@ -11,7 +11,7 @@ import (
 func dataSourceReadGeneric(d *schema.ResourceData, meta, v interface{}, onMarshalErr func(interface{}) error) error {
 	client := meta.(*credhub.CredHub)
 	if d.Get("cred_id").(string) == "" && d.Get("name").(string) == "" {
-		return fmt.Errorf("Id or name must be set")
+		return fmt.Errorf("ID or name must be set")
 	}
 	var cred credentials.Credential
 	var err error
@@ -24,8 +24,12 @@ func dataSourceReadGeneric(d *schema.ResourceData, meta, v interface{}, onMarsha
 		return err
 	}
 	d.SetId(cred.Id)
-	d.Set("type", cred.Type)
-	d.Set("name", cred.Name)
+	if err = d.Set("type", cred.Type); err != nil {
+		return err
+	}
+	if err = d.Set("name", cred.Name); err != nil {
+		return err
+	}
 
 	b, err := json.Marshal(cred.Value)
 	if err != nil {

credhub/data_sources.go

@@ -33,8 +33,7 @@ func (GenericDataSource) DataSourceRead(d *schema.ResourceData, meta interface{}
 		}
 		credMap[name] = fmt.Sprint(cred)
 	}
-	d.Set("credential", credMap)
-	return nil
+	return d.Set("credential", credMap)
 }
 
 func (GenericDataSource) DataSourceSchema() map[string]*schema.Schema {
@@ -60,8 +59,7 @@ func (ValueDataSource) DataSourceRead(d *schema.ResourceData, meta interface{})
 	if err != nil {
 		return err
 	}
-	d.Set("value", data)
-	return nil
+	return d.Set("value", data)
 }
 
 func (ValueDataSource) DataSourceSchema() map[string]*schema.Schema {
@@ -90,8 +88,7 @@ func (JsonDataSource) DataSourceRead(d *schema.ResourceData, meta interface{}) e
 	if err != nil {
 		return err
 	}
-	d.Set("json", string(b))
-	return nil
+	return d.Set("json", string(b))
 }
 
 func (JsonDataSource) DataSourceSchema() map[string]*schema.Schema {
@@ -116,8 +113,7 @@ func (PasswordDataSource) DataSourceRead(d *schema.ResourceData, meta interface{
 	if err != nil {
 		return err
 	}
-	d.Set("password", password)
-	return nil
+	return d.Set("password", password)
 }
 
 func (PasswordDataSource) DataSourceSchema() map[string]*schema.Schema {
@@ -136,15 +132,23 @@ type CertificateDataSource struct {
 func (CertificateDataSource) DataSourceRead(d *schema.ResourceData, meta interface{}) error {
 	data := values.Certificate{}
 	err := dataSourceReadGeneric(d, meta, &data, func(credValue interface{}) error {
-		return fmt.Errorf("This is not a certificate credential")
+		return fmt.Errorf("this is not a certificate credential")
 	})
 	if err != nil {
 		return err
 	}
-	d.Set("ca", data.Ca)
-	d.Set("ca_name", data.CaName)
-	d.Set("certificate", data.Certificate)
-	d.Set("private_key", data.PrivateKey)
+	if err = d.Set("ca", data.Ca); err != nil {
+		return err
+	}
+	if err = d.Set("ca_name", data.CaName); err != nil {
+		return err
+	}
+	if err = d.Set("certificate", data.Certificate); err != nil {
+		return err
+	}
+	if err = d.Set("private_key", data.PrivateKey); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -175,13 +179,17 @@ type RSADataSource struct {
 func (RSADataSource) DataSourceRead(d *schema.ResourceData, meta interface{}) error {
 	data := values.RSA{}
 	err := dataSourceReadGeneric(d, meta, &data, func(credValue interface{}) error {
-		return fmt.Errorf("This is not a RSA credential")
+		return fmt.Errorf("this is not a RSA credential")
 	})
 	if err != nil {
 		return err
 	}
-	d.Set("public_key", data.PublicKey)
-	d.Set("private_key", data.PrivateKey)
+	if err = d.Set("public_key", data.PublicKey); err != nil {
+		return err
+	}
+	if err = d.Set("private_key", data.PrivateKey); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -204,13 +212,17 @@ type SSHDataSource struct {
 func (SSHDataSource) DataSourceRead(d *schema.ResourceData, meta interface{}) error {
 	data := values.SSH{}
 	err := dataSourceReadGeneric(d, meta, &data, func(credValue interface{}) error {
-		return fmt.Errorf("This is not a SSH credential")
+		return fmt.Errorf("this is not a SSH credential")
 	})
 	if err != nil {
 		return err
 	}
-	d.Set("public_key", data.PublicKey)
-	d.Set("private_key", data.PrivateKey)
+	if err = d.Set("public_key", data.PublicKey); err != nil {
+		return err
+	}
+	if err = d.Set("private_key", data.PrivateKey); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -233,13 +245,17 @@ type UserDataSource struct {
 func (UserDataSource) DataSourceRead(d *schema.ResourceData, meta interface{}) error {
 	data := values.User{}
 	err := dataSourceReadGeneric(d, meta, &data, func(credValue interface{}) error {
-		return fmt.Errorf("This is not an User credential")
+		return fmt.Errorf("this is not an User credential")
 	})
 	if err != nil {
 		return err
 	}
-	d.Set("username", data.Username)
-	d.Set("password", data.Password)
+	if err = d.Set("username", data.Username); err != nil {
+		return err
+	}
+	if err = d.Set("password", data.Password); err != nil {
+		return err
+	}
 	return nil
 }
 

credhub/extend/extend.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 )
 
@@ -74,7 +73,8 @@ func (p *Permission) UpdatePermission(uuid string, path string, actor string, op
 	if isOlderVersion {
 		return nil, nil
 	}
-	defer io.Copy(ioutil.Discard, resp.Body)
+	//nolint:errcheck
+	defer io.Copy(io.Discard, resp.Body)
 	var response permissions.Permission
 
 	if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
@@ -91,6 +91,5 @@ func (p *Permission) DeletePermission(uuid string) error {
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
-	return nil
+	return resp.Body.Close()
 }

credhub/generate_certificate.go

@@ -6,7 +6,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
 
-var validKeyUsage map[string]bool = map[string]bool{
+var validKeyUsage = map[string]bool{
 	"digital_signature": true,
 	"non_repudiation":   true,
 	"key_encipherment":  true,
@@ -18,7 +18,7 @@ var validKeyUsage map[string]bool = map[string]bool{
 	"decipher_only":     true,
 }
 
-var validExtendKeyUsage map[string]bool = map[string]bool{
+var validExtendKeyUsage = map[string]bool{
 	"client_auth":      true,
 	"server_auth":      true,
 	"code_signing":     true,

credhub/generate_rsa.go

@@ -21,7 +21,7 @@ func (GenerateRSAResource) Create(d *schema.ResourceData, meta interface{}) erro
 	return nil
 }
 
-// '2048', '3072' and '4096'
+// Schema '2048', '3072' and '4096'
 func (GenerateRSAResource) Schema() map[string]*schema.Schema {
 	return map[string]*schema.Schema{
 		"key_length": {

credhub/generic.go

@@ -16,7 +16,7 @@ type CredData struct {
 
 func (d CredData) Check() error {
 	if d.Value == "" && len(d.Json) == 0 && len(d.Credential) == 0 {
-		return fmt.Errorf("data_value, data_json or data_credential has to been set.")
+		return fmt.Errorf("data_value, data_json or data_credential has to been set")
 	}
 	howMany := 0
 	if d.Value != "" {
@@ -29,7 +29,7 @@ func (d CredData) Check() error {
 		howMany++
 	}
 	if howMany > 1 {
-		return fmt.Errorf("Only one of data_value, data_json or data_credential can be set.")
+		return fmt.Errorf("only one of data_value, data_json or data_credential can be set")
 	}
 	return nil
 }
@@ -108,7 +108,7 @@ func (GenericResource) Schema() map[string]*schema.Schema {
 func validateKeyLength(elem interface{}, index string) ([]string, []error) {
 	length := elem.(int)
 	if length != 2048 && length != 3072 && length != 4096 {
-		return make([]string, 0), []error{fmt.Errorf("The provided key length is not supported. Valid values include '2048', '3072' and '4096'.")}
+		return make([]string, 0), []error{fmt.Errorf("the provided key length is not supported, valid values include: '2048', '3072' and '4096'")}
 	}
 	return make([]string, 0), []error{}
 }