Upgrade GolangCI-Lint to latest version in Analyzers CI templates
The following discussion from gitlab-org/security-products/ci-templates!373 (merged) should be addressed:
-
@philipcunningham started a discussion: (+1 comment)
Problem
The current version of GolangCI-Lint in our CI Templates is v1.50.1, which is outdated. Upgrading to the latest version is necessary for leveraging new linting features and improvements. However, this upgrade introduces breaking changes that affect the Gemnasium build, requiring lint error resolutions prior to the upgrade.
Solution
Update the GolangCI-Lint version in the CI Templates to v1.60.3 and address the linting issues that cause the Gemnasium build to fail. This will ensure our codebase aligns with the latest linting standards and practices.
Suggested Changes in CI File:
To upgrade the GolangCI-Lint version in your CI file, modify the GOLANGCI_LINT_VERSION variable as shown below:
variables:
GO_VERSION: "1.19"
GOLANGCI_LINT_VERSION: "v1.60.3" Ensure to review and fix any new linting issues that arise due to this version upgrade, particularly those affecting the Gemnasium build.
Implementation Plan
-
Fix lint violations with
golangci-lint v1.52.2in the following projects:-
Shared packages -
Category:SAST analyzers -
Category:Secret Detection analyzers -
Category:Dependency Management analyzers
-
-
Upgrade the ci-templates project:-
Update the version of GOLANGCI_LINT_VERSIONfrom v1.50.1 to a more recent version of golangci-lint (for examplev1.60.3). -
Update the .golangci.yml to work with golangci-lint v1.60.3.
-
-
Rerun pipelines for all of the above analyzers, to ensure that the go lint job succeeds. -
Category:SAST analyzers -
Category:Secret Detection analyzers -
Category:Dependency Management analyzers
-