version: "2"

run:

relative-path-mode: wd

linters:

default: none

enable:

- bodyclose

- dogsled

- dupl

- errorlint

- gocritic

- gocyclo

- gomodguard

- goprintffuncname

- gosec

- govet

- ineffassign

- misspell

- nakedret

- nilerr

- nolintlint

- revive

- rowserrcheck

- staticcheck

- unconvert

- unparam

- unused

- whitespace

settings:

errorlint:

errorf: true

errorf-multi: true

asserts: false

comparison: false

gocritic:

disabled-checks:

- ifElseChain

gosec:

excludes:

# All these excludes have been added on a case-by-cases basis, after reviewing the specific code that triggered them.

# PLEASE DO NOT BLINDLY DISABLE CHECKS TO MAKE YOUR LINTING ERRORS GO AWAY!

#

# G115: Potential integer overflow when converting between integer types

- G115

# G114: Use of net/http serve function that has no support for setting timeouts

- G114

# G112: Potential slowloris attack

- G112

# G204: Subprocess launched with variable

- G204

# G306: Expect WriteFile permissions to be 0600 or less

- G306

# G107: Url provided to HTTP request as taint input

- G107

# G117: Marshaled struct field matches secret pattern (e.g. SessionToken, AccessToken)

- G117

# G118: Goroutine uses context.Background/TODO in shutdown/cleanup handlers

- G118

# G122: Filesystem operation in filepath.WalkDir callback (symlink TOCTOU) -- engine operates on content-addressed data

- G122

# G602: Slice index out of range -- false positive on bounds-checked loops

- G602

# G702: Command injection via taint analysis -- same class as G204

- G702

# G703: Path traversal via taint analysis -- paths from config/env are intentional

- G703

# G704: SSRF via taint analysis -- same class as G107

- G704

govet:

disable:

- lostcancel

enable:

- nilness

staticcheck:

checks:

- "all"

- "-QF1006" # could lift into loop condition

- "-QF1008" # could remove embedded field from selector

- "-QF1012" # could use fmt.Fprintf instead of WriteString(fmt.Sprintf(...))

revive:

rules:

- name: unused-parameter

severity: warning

disabled: true

exclusions:

generated: lax

presets:

- comments

- common-false-positives

- legacy

- std-error-handling

rules:

- linters:

# tests are very repetitive

- dupl

# tests are allowed to do silly things

- gosec

path: _test\.go

- linters:

# example dagger module code might use extra ctx/err in signatures for clarity

- unparam

path: docs/

- linters:

# this is sometimes done for clarity

- unparam

text: .* always receives .*

path: _test\.go

- linters:

- staticcheck

text: "idtools.IdentityMapping"

- linters:

- staticcheck

# ArgsEscaped is a deprecated legacy docker/OCI field that we must

# still read to detect Windows images that rely on it.

text: "SA1019.*ArgsEscaped"

path: util/llbtodagger/

- linters:

- gocyclo

- dupl

- unconvert

- dogsled

- gofmt

- nakedret

- gosec

path: internal/buildkit/

- linters:

- unparam

- nolintlint

- goimports

path: internal/buildkit/

- text: "singleCaseSwitch"

linters:

- gocritic

path: internal/buildkit/

- text: "SA1019"

linters:

- staticcheck

path: internal/buildkit/

- text: "ST.*"

linters:

- staticcheck

path: internal/buildkit/

- text: "QF.*"

linters:

- staticcheck

path: internal/buildkit/

paths:

# these files are already linted in sdk/go

- internal/telemetry

- internal/querybuilder

formatters:

enable:

- gofmt

- goimports

exclusions:

generated: lax

paths:

- internal/telemetry

- internal/querybuilder