CI: run codeql in lint.yml (#70)

* CI: run codeql in lint.yml
* disable depguard linter
* silence linter

.github/workflows/lint.yml

@@ -0,0 +1,51 @@
+name: Static Analysis
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+
+jobs:
+  build:
+    name: "golangci-lint + codeql"
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.20.5
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: go, python
+
+    - name: Build
+      run: |
+        make build
+
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v3
+      with:
+        version: v1.53
+        args: --issues-exit-code=1 --timeout 10m
+        only-new-issues: false
+        # the cache is already managed above, enabling it here
+        # gives errors when extracting
+        skip-pkg-cache: true
+        skip-build-cache: true
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/tests.yml

@@ -76,14 +76,3 @@ jobs:
         EOT
         sleep 5
         sudo -E pipenv run pytest ./test/install/with_crowdsec
-
-    - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
-      with:
-        version: v1.51
-        args: --issues-exit-code=1 --timeout 10m
-        only-new-issues: false
-        # the cache is already managed above, enabling it here
-        # gives errors when extracting
-        skip-pkg-cache: true
-        skip-build-cache: true

.golangci.yml

@@ -33,6 +33,7 @@ linters:
     # DEPRECATED by golangi-lint
     #
     - deadcode          # The owner seems to have abandoned the linter.  Replaced by unused.
+    - depguard          # Go linter that checks if package imports are in a list of acceptable packages
     - exhaustivestruct  # The owner seems to have abandoned the linter. Replaced by exhaustruct.
     - golint            # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
     - ifshort           # Checks that your code uses short syntax for if-statements whenever possible
@@ -54,7 +55,6 @@ linters:
     # - containedctx        # containedctx is a linter that detects struct contained context.Context field
     # - contextcheck        # check the function whether use a non-inherited context
     # - decorder            # check declaration order and count of types, constants, variables and functions
-    # - depguard            # Go linter that checks if package imports are in a list of acceptable packages
     # - dogsled             # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     # - durationcheck       # check for two durations multiplied together
     # - errchkjson          # Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occations, where the check for the returned error can be omitted.

pkg/server/logging.go

@@ -114,6 +114,7 @@ const lowerhex = "0123456789abcdef"
 
 func appendQuoted(buf []byte, s string) []byte {
 	var runeTmp [utf8.UTFMax]byte
+	//nolint:wastedassign
 	for width := 0; len(s) > 0; s = s[width:] {
 		r := rune(s[0])
 		width = 1