docker
/
cli


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211
							linters:
  enable:
    - bodyclose
    - copyloopvar   # Detects places where loop variables are copied.
    - depguard
    - dogsled
    - dupword       # Detects duplicate words.
    - durationcheck
    - errchkjson
    - forbidigo
    - gocritic      # Metalinter; detects bugs, performance, and styling issues.
    - gocyclo
    - gofumpt       # Detects whether code was gofumpt-ed.
    - goimports
    - gosec         # Detects security problems.
    - gosimple
    - govet
    - ineffassign
    - misspell      # Detects commonly misspelled English words in comments.
    - nakedret      # Detects uses of naked returns.
    - nilerr        # Detects code that returns nil even if it checks that the error is not nil.
    - nolintlint    # Detects ill-formed or insufficient nolint directives.
    - perfsprint    # Detects fmt.Sprintf uses that can be replaced with a faster alternative.
    - prealloc      # Detects slice declarations that could potentially be pre-allocated.
    - predeclared   # Detects code that shadows one of Go's predeclared identifiers
    - reassign
    - revive        # Metalinter; drop-in replacement for golint.
    - staticcheck
    - stylecheck    # Replacement for golint
    - thelper       # Detects test helpers without t.Helper().
    - tparallel     # Detects inappropriate usage of t.Parallel().
    - typecheck
    - unconvert     # Detects unnecessary type conversions.
    - unparam
    - unused
    - usestdlibvars
    - usetesting    # Reports uses of functions with replacement inside the testing package.
    - wastedassign

  disable:
    - errcheck

run:
  # prevent golangci-lint from deducting the go version to lint for through go.mod,
  # which causes it to fallback to go1.17 semantics.
  #
  # TODO(thaJeztah): update "usetesting" settings to enable go1.24 features once our minimum version is go1.24
  go: "1.23.8"
  timeout: 5m

linters-settings:
  depguard:
    rules:
      main:
        deny:
          - pkg: "github.com/containerd/containerd/errdefs"
            desc: The containerd errdefs package was migrated to a separate module. Use github.com/containerd/errdefs instead.
          - pkg: "github.com/containerd/containerd/log"
            desc: The containerd log package was migrated to a separate module. Use github.com/containerd/log instead.
          - pkg: "github.com/containerd/containerd/pkg/userns"
            desc: Use github.com/moby/sys/userns instead.
          - pkg: "github.com/containerd/containerd/platforms"
            desc: The containerd platforms package was migrated to a separate module. Use github.com/containerd/platforms instead.
          - pkg: "github.com/docker/docker/pkg/system"
            desc: This package should not be used unless strictly necessary.
          - pkg: "github.com/docker/distribution/uuid"
            desc: Use github.com/google/uuid instead.
          - pkg: "io/ioutil"
            desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
  forbidigo:
    forbid:
      - pkg: ^regexp$
        p: ^regexp\.MustCompile
        msg: Use internal/lazyregexp.New instead.
  gocyclo:
    min-complexity: 16
  gosec:
    excludes:
      - G104 # G104: Errors unhandled; (TODO: reduce unhandled errors, or explicitly ignore)
      - G113 # G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772); (only affects go < 1.16.14. and go < 1.17.7)
      - G115 # G115: integer overflow conversion; (TODO: verify these: https://github.com/docker/cli/issues/5584)
      - G306 # G306: Expect WriteFile permissions to be 0600 or less (too restrictive; also flags "0o644" permissions)
      - G307 # G307: Deferring unsafe method "*os.File" on type "Close" (also EXC0008); (TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close")
  govet:
    enable:
      - shadow
    settings:
      shadow:
        strict: true
  lll:
    line-length: 200
  nakedret:
    # Disallow naked returns if func has more lines of code than this setting.
    # Default: 30
    max-func-lines: 0

  revive:
    rules:
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-block
      - name: empty-block
        severity: warning
        disabled: false
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-lines
      - name: empty-lines
        severity: warning
        disabled: false
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#import-shadowing
      - name: import-shadowing
        severity: warning
        disabled: false
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#line-length-limit
      - name: line-length-limit
        severity: warning
        disabled: false
        arguments: [200]
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unused-receiver
      - name: unused-receiver
        severity: warning
        disabled: false
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#use-any
      - name: use-any
        severity: warning
        disabled: false

  usetesting:
    # FIXME(thaJeztah): Disable `os.Chdir()` detections; should be automatically disabled on Go < 1.24; see https://github.com/docker/cli/pull/5835#issuecomment-2665302478
    os-chdir: false
    # FIXME(thaJeztah): Disable `context.Background()` detections; should be automatically disabled on Go < 1.24; see https://github.com/docker/cli/pull/5835#issuecomment-2665302478
    context-background: false
    # FIXME(thaJeztah): Disable `context.TODO()` detections; should be automatically disabled on Go < 1.24; see https://github.com/docker/cli/pull/5835#issuecomment-2665302478
    context-todo: false

issues:
  # The default exclusion rules are a bit too permissive, so copying the relevant ones below
  exclude-use-default: false

  # This option has been defined when Go modules was not existed and when the
  # golangci-lint core was different, this is not something we still recommend.
  exclude-dirs-use-default: false

  exclude:
    - parameter .* always receives

  exclude-files:
    - cli/compose/schema/bindata.go
    - .*generated.*

  exclude-rules:
    # We prefer to use an "exclude-list" so that new "default" exclusions are not
    # automatically inherited. We can decide whether or not to follow upstream
    # defaults when updating golang-ci-lint versions.
    # Unfortunately, this means we have to copy the whole exclusion pattern, as
    # (unlike the "include" option), the "exclude" option does not take exclusion
    # ID's.
    #
    # These exclusion patterns are copied from the default excluses at:
    # https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104
    #
    # The default list of exclusions can be found at:
    # https://golangci-lint.run/usage/false-positives/#default-exclusions

    # EXC0001
    - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
      linters:
        - errcheck
    # EXC0003
    - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this"
      linters:
        - revive
    # EXC0006
    - text: "Use of unsafe calls should be audited"
      linters:
        - gosec
    # EXC0007
    - text: "Subprocess launch(ed with variable|ing should be audited)"
      linters:
        - gosec
    # EXC0009
    - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
      linters:
        - gosec
    # EXC0010
    - text: "Potential file inclusion via variable"
      linters:
        - gosec

    # TODO: make sure all packages have a description. Currently, there's 67 packages without.
    - text: "package-comments: should have a package comment"
      linters:
        - revive

    # Exclude some linters from running on tests files.
    - path: _test\.go
      linters:
        - errcheck
        - gosec
    - text: "ST1000: at least one file in a package should have a package comment"
      linters:
        - stylecheck

    # Allow "err" and "ok" vars to shadow existing declarations, otherwise we get too many false positives.
    - text: '^shadow: declaration of "(err|ok)" shadows declaration'
      linters:
        - govet


  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
  max-issues-per-linter: 0

  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
  max-same-issues: 0