From 0c15227d7a612afed1b1b0d455794d803f156970 Mon Sep 17 00:00:00 2001 From: Shiv Verma Date: Wed, 18 Feb 2026 14:37:20 +0530 Subject: [PATCH] Makefile: fix lint-go with workflow version and project Go toolchain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch updates Makefile to use GOLANGCI_VERSION from ci.yaml (fallback to tools/go.mod) and GOTOOLCHAIN from go.mod when installing so golangci-lint is built with the project’s Go version also adds inline comments to skip gosec and revive lint. Signed-off-by: Shiv Verma --- Makefile | 10 +++++----- cmd/tkn/main.go | 1 + pkg/cmd/version/version.go | 2 ++ pkg/cmd/version/version_test.go | 2 +- pkg/log/log.go | 1 + pkg/log/writer.go | 2 +- pkg/plugins/plugins.go | 1 + pkg/version/version.go | 2 +- pkg/version/version_test.go | 2 +- 9 files changed, 14 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index d09b7452dd..e39f736a4c 100644 --- a/Makefile +++ b/Makefile @@ -12,8 +12,8 @@ M = $(shell printf "\033[34;1m🐱\033[0m") TIMEOUT_UNIT = 5m TIMEOUT_E2E = 20m -# Get golangci_version from tools/go.mod to eliminate the manual bump -GOLANGCI_VERSION = $(shell cat tools/go.mod | grep golangci-lint | awk '{ print $$3 }') +# Get golangci version from workflow to match CI; fallback to tools/go.mod +GOLANGCI_VERSION = $(or $(shell yq '.jobs.linting.steps[] | select(.name == "golangci-lint") | .with.version' .github/workflows/ci.yaml 2>/dev/null),$(shell grep 'golangci/golangci-lint/v2' tools/go.mod | awk '{print $$3}')) YAML_FILES := $(shell find . -type f -regex ".*y[a]ml" -print) @@ -96,14 +96,14 @@ test: test-unit ## run all tests .PHONY: lint lint: lint-go goimports lint-yaml ## run all linters -GOLANGCILINT = $(BIN)/golangci-lint +GOLANGCILINT = $(or $(GOLANGCILINT_BIN),$(BIN)/golangci-lint) $(BIN)/golangci-lint: ; $(info $(M) getting golangci-lint $(GOLANGCI_VERSION)) - cd tools; GOBIN=$(BIN) $(GO) install -mod=mod github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_VERSION) + @mkdir -p $(BIN) + GOTOOLCHAIN=go$$(grep '^go ' go.mod | awk '{print $$2}') GOBIN=$(BIN) $(GO) install -mod=mod github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_VERSION) .PHONY: lint-go lint-go: | $(GOLANGCILINT) ; $(info $(M) running golangci-lint…) @ ## Run golangci-lint $Q $(GOLANGCILINT) run --modules-download-mode=vendor --max-issues-per-linter=0 --max-same-issues=0 --timeout 10m - @rm -f $(GOLANGCILINT) GOIMPORTS = $(BIN)/goimports $(GOIMPORTS): ; $(info $(M) getting goimports ) diff --git a/cmd/tkn/main.go b/cmd/tkn/main.go index 29b5bee5be..021f5cf185 100644 --- a/cmd/tkn/main.go +++ b/cmd/tkn/main.go @@ -39,6 +39,7 @@ func main() { } // if we have found the plugin then sysexec it by replacing current process. + // #nosec G702 -- exCmd is from our plugin discovery path, not user input if err := syscall.Exec(exCmd, append([]string{exCmd}, os.Args[2:]...), os.Environ()); err != nil { fmt.Fprintf(os.Stderr, "Command finished with error: %v", err) os.Exit(127) diff --git a/pkg/cmd/version/version.go b/pkg/cmd/version/version.go index 6ae152f5a1..eb1a88e534 100644 --- a/pkg/cmd/version/version.go +++ b/pkg/cmd/version/version.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive // package name matches stdlib by design package version import ( @@ -216,6 +217,7 @@ func (cli *Client) getRelease(url string) (ghversion GHVersion, err error) { return ghversion, errors.Wrap(err, "failed to fetch the latest version") } + // #nosec G704 -- URL is from our release API, not user-controlled res, err := cli.httpClient.Do(req) defer func() { err := res.Body.Close() diff --git a/pkg/cmd/version/version_test.go b/pkg/cmd/version/version_test.go index c68e2c3e72..e9b9506039 100644 --- a/pkg/cmd/version/version_test.go +++ b/pkg/cmd/version/version_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package version +package version //nolint:revive import ( "context" diff --git a/pkg/log/log.go b/pkg/log/log.go index 7e1f606b71..3924cdb4e2 100644 --- a/pkg/log/log.go +++ b/pkg/log/log.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//nolint:revive // package name matches stdlib by design package log import "k8s.io/apimachinery/pkg/runtime/schema" diff --git a/pkg/log/writer.go b/pkg/log/writer.go index 0e965987ba..598023e3fd 100644 --- a/pkg/log/writer.go +++ b/pkg/log/writer.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package log +package log //nolint:revive import ( "fmt" diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go index e0d41b4801..a2154f786a 100644 --- a/pkg/plugins/plugins.go +++ b/pkg/plugins/plugins.go @@ -71,6 +71,7 @@ func GetAllTknPluginFromPaths() []string { continue } fpath := filepath.Join(path, file.Name()) + // #nosec G703 -- fpath is from filepath.Join with validated path info, err := os.Stat(fpath) if err != nil { continue diff --git a/pkg/version/version.go b/pkg/version/version.go index a6cc24bf97..ea6b7c00dd 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package version +package version //nolint:revive import ( "context" diff --git a/pkg/version/version_test.go b/pkg/version/version_test.go index 8cc74b25ac..54c90727a0 100644 --- a/pkg/version/version_test.go +++ b/pkg/version/version_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package version +package version //nolint:revive import ( "context"