Merge pull request #59 from smallstep/max/lint

update workflows for fmt, lint, and linter fixes

.travis.yml

@@ -1,6 +1,6 @@
 language: go
 go:
-- 1.17.x
+- 1.19.x
 addons:
   apt:
     packages:

Makefile

@@ -20,10 +20,8 @@ all: build lint test
 #########################################
 
 bootstra%:
-	# Using a released version of golangci-lint to take into account custom replacements in their go.mod
-	$Q curl -sSfL https://raw.githubusercontent.com/smallstep/cli/master/make/golangci-install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.39.0
-
-.PHONY: bootstra%
+	$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $$(go env GOPATH)/bin v1.49.0
+	$Q go install golang.org/x/vuln/cmd/govulncheck@latest
 
 #################################################
 # Determine the type of `push` and `version`
@@ -105,12 +103,14 @@ vtest:
 #########################################
 
 fmt:
-	$Q gofmt -l -w $(SRC)
+	$Q goimports -local github.com/golangci/golangci-lint -l -w $(SRC)
 
+lint: SHELL:=/bin/bash
 lint:
-	$Q LOG_LEVEL=error golangci-lint --timeout=30m run
+	$Q LOG_LEVEL=error golangci-lint run --config <(curl -s https://raw.githubusercontent.com/smallstep/workflows/master/.golangci.yml) --timeout=30m
+	$Q govulncheck ./...
 
-.PHONY: lint fmt
+.PHONY: fmt lint
 
 #########################################
 # Install

controller/client.go

@@ -4,7 +4,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@@ -13,6 +12,7 @@ import (
 )
 
 const (
+	//nolint:gosec // path to file
 	serviceAccountToken  = "/var/run/secrets/kubernetes.io/serviceaccount/token"
 	serviceAccountCACert = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
 )
@@ -36,7 +36,7 @@ func (kc *k8sClient) GetRequest(url string) (*http.Request, error) {
 	if !strings.HasPrefix(url, kc.host) {
 		url = fmt.Sprintf("%s/%s", kc.host, url)
 	}
-	req, err := http.NewRequest("GET", url, nil)
+	req, err := http.NewRequest("GET", url, http.NoBody)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (kc *k8sClient) GetRequest(url string) (*http.Request, error) {
 	return req, nil
 }
 
-func (kc *k8sClient) PostRequest(url string, body string, contentType string) (*http.Request, error) {
+func (kc *k8sClient) PostRequest(url, body, contentType string) (*http.Request, error) {
 	if !strings.HasPrefix(url, kc.host) {
 		url = fmt.Sprintf("%s/%s", kc.host, url)
 	}
@@ -67,7 +67,7 @@ func (kc *k8sClient) DeleteRequest(url string) (*http.Request, error) {
 	if !strings.HasPrefix(url, kc.host) {
 		url = fmt.Sprintf("%s/%s", kc.host, url)
 	}
-	req, err := http.NewRequest("DELETE", url, nil)
+	req, err := http.NewRequest("DELETE", url, http.NoBody)
 	if err != nil {
 		return nil, err
 	}
@@ -88,21 +88,21 @@ func (kc *k8sClient) Host() string {
 // NewInClusterK8sClient creates K8sClient if it is inside Kubernetes
 func NewInClusterK8sClient() (Client, error) {
 	host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
-	if len(host) == 0 || len(port) == 0 {
+	if host == "" || port == "" {
 		return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
 	}
-	token, err := ioutil.ReadFile(serviceAccountToken)
+	token, err := os.ReadFile(serviceAccountToken)
 	if err != nil {
 		return nil, err
 	}
-	ca, err := ioutil.ReadFile(serviceAccountCACert)
+	ca, err := os.ReadFile(serviceAccountCACert)
 	if err != nil {
 		return nil, err
 	}
 	certPool := x509.NewCertPool()
 	certPool.AppendCertsFromPEM(ca)
 	transport := &http.Transport{TLSClientConfig: &tls.Config{
-		MinVersion: tls.VersionTLS10,
+		MinVersion: tls.VersionTLS12,
 		RootCAs:    certPool,
 	}}
 	httpClient := &http.Client{Transport: transport, Timeout: time.Nanosecond * 0}