Update expired test fixtures

.github/actions/bootstrap/action.yaml

@@ -4,7 +4,7 @@ inputs:
   go-version:
     description: "Go version to install"
     required: true
-    default: "1.18.x"
+    default: "1.23.x"
   use-go-cache:
     description: "Restore go cache"
     required: true

.golangci.yaml

@@ -1,30 +1,21 @@
-# TODO: enable this when we have coverage on docstring comments
-#issues:
+issues:
+  max-same-issues: 25
+
+  # TODO: enable this when we have coverage on docstring comments
 #  # The list of ids of default excludes to include or disable.
 #  include:
 #    - EXC0002 # disable excluding of issues about comments from golint
 
-linters-settings:
-  funlen:
-    # Checks the number of lines in a function.
-    # If lower than 0, disable the check.
-    # Default: 60
-    lines: 80
-    # Checks the number of statements in a function.
-    # If lower than 0, disable the check.
-    # Default: 40
-    statements: 60
-
 linters:
   # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
   disable-all: true
   enable:
     - asciicheck
     - bodyclose
+    - copyloopvar
     - dogsled
     - dupl
     - errcheck
-    - exportloopref
     - funlen
     - gocognit
     - goconst
@@ -49,24 +40,51 @@ linters:
     - unused
     - whitespace
 
+linters-settings:
+  funlen:
+    # Checks the number of lines in a function.
+    # If lower than 0, disable the check.
+    # Default: 60
+    lines: 70
+    # Checks the number of statements in a function.
+    # If lower than 0, disable the check.
+    # Default: 40
+    statements: 50
+  gocritic:
+    enabled-checks:
+      - deferInLoop
+      - ruleguard
+  gosec:
+    excludes:
+      - G115
+output:
+  uniq-by-line: false
+run:
+  timeout: 10m
+  tests: false
+
 # do not enable...
+#    - deadcode          # The owner seems to have abandoned the linter. Replaced by "unused".
+#    - depguard          # We don't have a configuration for this yet
+#    - goprintffuncname  # does not catch all cases and there are exceptions
+#    - nakedret          # does not catch all cases and should not fail a build
 #    - gochecknoglobals
 #    - gochecknoinits    # this is too aggressive
+#    - rowserrcheck disabled per generics https://github.com/golangci/golangci-lint/issues/2649
 #    - godot
 #    - godox
 #    - goerr113
-#    - golint       # deprecated
-#    - gomnd        # this is too aggressive
-#    - interfacer   # this is a good idea, but is no longer supported and is prone to false positives
-#    - lll          # without a way to specify per-line exception cases, this is not usable
-#    - maligned     # this is an excellent linter, but tricky to optimize and we are not sensitive to memory layout optimizations
+#    - goimports   # we're using gosimports now instead to account for extra whitespaces (see https://github.com/golang/go/issues/20818)
+#    - golint      # deprecated
+#    - gomnd       # this is too aggressive
+#    - interfacer  # this is a good idea, but is no longer supported and is prone to false positives
+#    - lll         # without a way to specify per-line exception cases, this is not usable
+#    - maligned    # this is an excellent linter, but tricky to optimize and we are not sensitive to memory layout optimizations
 #    - nestif
 #    - prealloc     # following this rule isn't consistently a good idea, as it sometimes forces unnecessary allocations that result in less idiomatic code
+#    - rowserrcheck # not in a repo with sql, so this is not useful
 #    - scopelint    # deprecated
+#    - structcheck  # The owner seems to have abandoned the linter. Replaced by "unused".
 #    - testpackage
-#    - wsl          # this doens't have an auto-fixer yet and is pretty noisy (https://github.com/bombsimon/wsl/issues/90)
-#    - varcheck     # deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
-#    - deadcode     # deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
-#    - structcheck  # deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
-#    - rowserrcheck # we're not using sql.Rows at all in the codebase
-#    - depguard     # this requires additional configuration https://github.com/golangci/golangci-lint/issues/3877#issuecomment-1573760321
+#    - varcheck     # The owner seems to have abandoned the linter. Replaced by "unused".
+#    - wsl          # this doens't have an auto-fixer yet and is pretty noisy (https://github.com/bombsimon/wsl/issues/90)

Makefile

@@ -7,18 +7,18 @@ COVER_TOTAL = $(RESULTS_DIR)/unit-coverage-summary.txt
 # Command templates #################################
 LINT_CMD = $(TEMP_DIR)/golangci-lint run --tests=false --timeout=2m --config .golangci.yaml
 GOIMPORTS_CMD = $(TEMP_DIR)/gosimports -local github.com/anchore
-RELEASE_CMD = $(TEMP_DIR)/goreleaser release --rm-dist
-SNAPSHOT_CMD = $(RELEASE_CMD) --skip-publish --snapshot --skip-sign
+RELEASE_CMD = $(TEMP_DIR)/goreleaser release --clean
+SNAPSHOT_CMD = $(RELEASE_CMD) --clean --snapshot --skip=publish --skip=sign
 CHRONICLE_CMD = $(TEMP_DIR)/chronicle
 GLOW_CMD = $(TEMP_DIR)/glow
 
 # Tool versions #################################
 QUILL_VERSION = latest
-GOLANG_CI_VERSION = v1.57.2
+GOLANG_CI_VERSION = v1.61.0
 GOBOUNCER_VERSION = v0.4.0
-GORELEASER_VERSION = v1.17.0
+GORELEASER_VERSION = v2.3.2
 GOSIMPORTS_VERSION = v0.3.8
-CHRONICLE_VERSION = v0.6.0
+CHRONICLE_VERSION = v0.8.0
 GLOW_VERSION := v1.5.0
 
 # Formatting variables #################################
@@ -33,7 +33,7 @@ SUCCESS := $(BOLD)$(GREEN)
 
 # Test variables #################################
 # the quality gate lower threshold for unit test total % coverage (by function statements)
-COVERAGE_THRESHOLD := 45
+COVERAGE_THRESHOLD := 30
 
 ## Build variables #################################
 DIST_DIR = dist
@@ -98,7 +98,7 @@ bootstrap-tools: $(TEMP_DIR)
 	curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $(TEMP_DIR)/ $(CHRONICLE_VERSION)
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(TEMP_DIR)/ $(GOLANG_CI_VERSION)
 	curl -sSfL https://raw.githubusercontent.com/wagoodman/go-bouncer/master/bouncer.sh | sh -s -- -b $(TEMP_DIR)/ $(GOBOUNCER_VERSION)
-	GOBIN="$(realpath $(TEMP_DIR))" go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION)
+	GOBIN="$(realpath $(TEMP_DIR))" go install github.com/goreleaser/goreleaser/v2@$(GORELEASER_VERSION)
 	GOBIN="$(realpath $(TEMP_DIR))" go install github.com/rinchsan/gosimports/cmd/gosimports@$(GOSIMPORTS_VERSION)
 	GOBIN="$(realpath $(TEMP_DIR))" go install github.com/charmbracelet/glow@$(GLOW_VERSION)
 

internal/test/test-fixtures/fixture-chain/intermediate_ca/index

@@ -1 +1 @@
-V	240802160335Z		00	unknown	/CN=quill-test-leaf
+V	270114130949Z		00	unknown	/CN=quill-test-leaf

internal/test/test-fixtures/fixture-chain/root_ca/index

@@ -1,2 +1,2 @@
-V	240802160335Z		00	unknown	/C=US/CN=quill-test-root-ca
-V	240802160335Z		01	unknown	/C=US/CN=quill-test-intermediate-ca
+V	270114130949Z		00	unknown	/C=US/CN=quill-test-root-ca
+V	270114130949Z		01	unknown	/C=US/CN=quill-test-intermediate-ca

internal/test/test-fixtures/fixture-chain/root_ca/index.old

@@ -1 +1 @@
-V	240802160335Z		00	unknown	/C=US/CN=quill-test-root-ca
+V	270114130949Z		00	unknown	/C=US/CN=quill-test-root-ca

internal/test/test-fixtures/fixture-chain/store/00.pem

@@ -1,75 +1,79 @@
 Certificate:
     Data:
-        Version: 1 (0x0)
+        Version: 3 (0x2)
         Serial Number: 0 (0x0)
-    Signature Algorithm: sha256WithRSAEncryption
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, CN=quill-test-intermediate-ca
         Validity
-            Not Before: Apr 30 16:03:35 2022 GMT
-            Not After : Aug  2 16:03:35 2024 GMT
+            Not Before: Oct 11 13:09:49 2024 GMT
+            Not After : Jan 14 13:09:49 2027 GMT
         Subject: CN=quill-test-leaf
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:b8:a3:a2:86:62:09:c3:84:3a:78:cf:7b:3c:4a:
-                    2a:e3:88:ac:93:4e:58:5a:7a:de:fc:d5:11:fe:8d:
-                    74:a7:97:16:ff:1a:5e:0b:6b:6d:68:1d:58:28:e7:
-                    bb:e4:30:91:5b:f0:df:70:e3:b7:64:e0:05:b4:5b:
-                    cf:87:a0:40:ae:88:2e:ff:c1:96:96:9d:ac:12:1e:
-                    bb:63:cf:cd:97:4d:77:e0:9a:c9:d2:e4:fd:93:94:
-                    fc:f3:d1:c3:43:27:6b:d1:8f:52:70:50:98:93:2f:
-                    eb:16:8a:2f:20:4e:a9:0b:06:ca:34:b7:45:c5:de:
-                    42:9b:31:60:a7:16:eb:52:f3:f8:bd:04:c5:eb:c4:
-                    fe:02:ab:38:a9:e6:b5:9b:4c:89:10:1f:ac:c2:80:
-                    1f:76:b8:fb:f5:b0:7a:28:01:a5:c4:8c:bd:5e:b6:
-                    90:f1:60:5f:52:1e:d2:66:71:93:0a:83:04:d9:0e:
-                    39:de:4c:c8:2e:63:4d:cc:a7:ae:5a:3f:f7:67:22:
-                    c0:d4:45:29:98:3f:cf:e1:ae:4e:e4:cf:62:0d:48:
-                    a9:5d:66:a8:f4:cf:e9:67:19:83:85:b0:27:cb:0d:
-                    b8:00:28:49:83:74:19:a5:40:2b:ad:97:c8:af:f5:
-                    9e:76:e9:a3:00:5c:e2:78:ef:a2:80:08:04:4b:42:
-                    da:69
+                    00:c2:38:1b:70:a7:7b:45:eb:e8:f4:13:db:43:5c:
+                    f9:75:d6:4c:3d:a7:9c:33:a5:6f:62:2c:95:26:78:
+                    e3:44:73:09:89:9e:40:ae:64:ef:d2:43:fe:b9:9b:
+                    bb:ad:56:81:2e:3d:1c:78:da:64:b2:76:fe:6c:9c:
+                    85:89:c4:a2:9f:2f:fa:63:85:2e:26:a7:72:52:75:
+                    5b:7b:98:0d:69:c3:cb:54:1b:a1:7b:27:ce:51:b2:
+                    c8:c0:1b:be:91:fa:28:c7:0e:16:a4:75:14:1b:ce:
+                    a3:da:5c:0b:95:b7:f7:86:01:6b:08:8e:5c:88:db:
+                    3d:be:38:03:0f:58:30:9e:2a:45:9e:94:71:f0:07:
+                    96:6d:67:e6:e7:44:e2:f9:53:97:e8:74:a1:c1:1c:
+                    30:c3:45:e6:6a:a7:cb:2c:1c:56:68:76:1c:0c:fa:
+                    e4:e1:ba:e4:6a:c3:de:66:77:3d:3f:70:31:07:85:
+                    9b:50:e7:c1:c8:cb:6d:b6:8e:26:bc:72:05:67:82:
+                    58:69:58:cf:37:32:2f:ea:f5:63:6b:2b:f6:a8:bc:
+                    0d:42:9a:e0:a0:99:2f:ff:b2:e4:7f:44:a8:d3:2a:
+                    6e:d7:8a:ed:b8:89:b4:c0:bc:2c:44:57:4b:1c:ea:
+                    ca:d1:15:ab:44:56:16:6a:cd:e9:ea:2f:5e:99:18:
+                    8b:9d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Key Usage: critical
                 Digital Signature
             X509v3 Extended Key Usage: critical
                 Code Signing
             X509v3 Subject Key Identifier: 
-                B4:E9:5B:CF:BF:9A:C6:CA:61:B9:15:F3:CE:89:51:F6:FD:27:F4:8F
+                BF:2D:67:4C:31:EE:C3:F3:58:38:C6:AF:3F:BA:7E:A8:CB:69:5E:1E
+            X509v3 Authority Key Identifier: 
+                1C:DD:F1:37:6F:0C:65:8B:3B:92:45:35:01:70:C4:93:B5:23:E1:CA
     Signature Algorithm: sha256WithRSAEncryption
-         41:88:e8:63:85:86:19:46:ef:f3:f4:ee:ba:a6:94:8a:e5:90:
-         f5:25:cc:be:34:0c:88:af:83:ca:6c:01:d5:a3:cd:10:6e:70:
-         0b:66:2c:fc:ca:f9:cb:32:c8:9a:39:9c:95:11:85:f6:64:a9:
-         24:49:f3:37:4d:ad:22:e0:32:c5:0a:fe:37:72:da:4f:57:67:
-         43:30:79:63:74:2c:0f:86:3f:20:07:d7:77:c2:a7:2c:79:8b:
-         f7:01:94:cd:a0:97:16:63:a4:52:94:b7:7f:5a:83:1c:2d:40:
-         ed:7e:53:ba:85:e9:fb:6a:91:22:e1:88:51:32:71:4a:77:ae:
-         98:c7:a4:38:01:11:2c:8a:b4:2a:65:05:91:30:67:60:2c:cc:
-         4b:87:b2:e6:3d:b2:d4:2c:14:b4:b2:72:b2:a1:70:3a:48:2c:
-         2b:20:f4:37:ef:fc:26:eb:12:dd:9b:46:66:4e:1e:7d:26:4b:
-         57:b3:7c:da:a8:53:5a:d8:52:5f:e8:82:df:6a:f1:d1:87:8b:
-         24:2c:bd:a8:b7:2c:27:3d:4c:bc:85:ed:f0:1a:40:55:92:e7:
-         de:86:14:38:a5:e6:39:99:7d:0d:a5:c6:ba:5c:a7:b1:3b:8c:
-         01:9f:21:84:d3:7b:ce:80:2c:f0:f8:2f:3a:6d:ca:de:23:ba:
-         75:bf:71:ba
+    Signature Value:
+        c5:81:46:fd:52:ae:b9:49:b9:3e:4c:0a:35:3d:87:d8:49:66:
+        e0:ea:b4:d3:f9:03:75:98:0b:38:e9:d9:3c:f5:77:eb:8d:c2:
+        99:77:86:c8:b3:70:95:89:49:80:12:28:12:e0:eb:ec:1d:86:
+        67:3a:24:62:dc:66:47:61:88:54:e4:26:a0:5a:40:95:b3:bd:
+        f5:af:04:3d:21:da:dd:08:ee:a3:1d:4b:77:ff:96:ce:ed:47:
+        52:63:f5:a7:aa:9e:06:6b:5f:d4:14:88:5f:a4:4c:4a:d3:94:
+        50:dc:32:fd:25:ff:51:7b:f8:db:6a:2a:ce:a8:b8:dd:7e:c9:
+        2e:ac:ea:06:fe:3b:ca:c2:ba:bc:1d:6f:92:b6:f8:52:7c:48:
+        58:ca:35:86:99:65:eb:0a:65:00:8d:1a:c0:61:89:37:06:d8:
+        c7:d8:39:7a:67:fa:4b:f5:ae:a6:d4:f4:38:40:39:0d:c3:30:
+        41:7a:88:7e:b6:d7:ee:ec:f8:99:fa:44:0f:63:b1:e2:d6:b3:
+        9f:ec:7d:cf:12:3d:74:5c:94:2b:d6:5a:3a:eb:81:d5:40:2f:
+        96:6b:88:bc:e1:d0:63:da:fd:7c:ae:21:5a:c5:15:1e:6c:6c:
+        10:80:12:59:52:18:f9:0e:b3:f8:cf:55:4d:8d:b5:13:0f:98:
+        35:18:26:da
 -----BEGIN CERTIFICATE-----
-MIIDCzCCAfMCAQAwDQYJKoZIhvcNAQELBQAwMjELMAkGA1UEBhMCVVMxIzAhBgNV
-BAMMGnF1aWxsLXRlc3QtaW50ZXJtZWRpYXRlLWNhMB4XDTIyMDQzMDE2MDMzNVoX
-DTI0MDgwMjE2MDMzNVowGjEYMBYGA1UEAwwPcXVpbGwtdGVzdC1sZWFmMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKOihmIJw4Q6eM97PEoq44isk05Y
-Wnre/NUR/o10p5cW/xpeC2ttaB1YKOe75DCRW/DfcOO3ZOAFtFvPh6BArogu/8GW
-lp2sEh67Y8/Nl0134JrJ0uT9k5T889HDQydr0Y9ScFCYky/rFoovIE6pCwbKNLdF
-xd5CmzFgpxbrUvP4vQTF68T+Aqs4qea1m0yJEB+swoAfdrj79bB6KAGlxIy9XraQ
-8WBfUh7SZnGTCoME2Q453kzILmNNzKeuWj/3ZyLA1EUpmD/P4a5O5M9iDUipXWao
-9M/pZxmDhbAnyw24AChJg3QZpUArrZfIr/WedumjAFzieO+igAgES0LaaQIDAQAB
-o0kwRzAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYD
-VR0OBBYEFLTpW8+/msbKYbkV886JUfb9J/SPMA0GCSqGSIb3DQEBCwUAA4IBAQBB
-iOhjhYYZRu/z9O66ppSK5ZD1Jcy+NAyIr4PKbAHVo80QbnALZiz8yvnLMsiaOZyV
-EYX2ZKkkSfM3Ta0i4DLFCv43ctpPV2dDMHljdCwPhj8gB9d3wqcseYv3AZTNoJcW
-Y6RSlLd/WoMcLUDtflO6hen7apEi4YhRMnFKd66Yx6Q4AREsirQqZQWRMGdgLMxL
-h7LmPbLULBS0snKyoXA6SCwrIPQ37/wm6xLdm0ZmTh59JktXs3zaqFNa2FJf6ILf
-avHRh4skLL2otywnPUy8he3wGkBVkufehhQ4peY5mX0Npca6XKexO4wBnyGE03vO
-gCzw+C86bcreI7p1v3G6
+MIIDMTCCAhmgAwIBAgIBADANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJVUzEj
+MCEGA1UEAwwacXVpbGwtdGVzdC1pbnRlcm1lZGlhdGUtY2EwHhcNMjQxMDExMTMw
+OTQ5WhcNMjcwMTE0MTMwOTQ5WjAaMRgwFgYDVQQDDA9xdWlsbC10ZXN0LWxlYWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCOBtwp3tF6+j0E9tDXPl1
+1kw9p5wzpW9iLJUmeONEcwmJnkCuZO/SQ/65m7utVoEuPRx42mSydv5snIWJxKKf
+L/pjhS4mp3JSdVt7mA1pw8tUG6F7J85RssjAG76R+ijHDhakdRQbzqPaXAuVt/eG
+AWsIjlyI2z2+OAMPWDCeKkWelHHwB5ZtZ+bnROL5U5fodKHBHDDDReZqp8ssHFZo
+dhwM+uThuuRqw95mdz0/cDEHhZtQ58HIy222jia8cgVnglhpWM83Mi/q9WNrK/ao
+vA1CmuCgmS//suR/RKjTKm7Xiu24ibTAvCxEV0sc6srRFatEVhZqzenqL16ZGIud
+AgMBAAGjajBoMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
+AzAdBgNVHQ4EFgQUvy1nTDHuw/NYOMavP7p+qMtpXh4wHwYDVR0jBBgwFoAUHN3x
+N28MZYs7kkU1AXDEk7Uj4cowDQYJKoZIhvcNAQELBQADggEBAMWBRv1SrrlJuT5M
+CjU9h9hJZuDqtNP5A3WYCzjp2Tz1d+uNwpl3hsizcJWJSYASKBLg6+wdhmc6JGLc
+ZkdhiFTkJqBaQJWzvfWvBD0h2t0I7qMdS3f/ls7tR1Jj9aeqngZrX9QUiF+kTErT
+lFDcMv0l/1F7+NtqKs6ouN1+yS6s6gb+O8rCurwdb5K2+FJ8SFjKNYaZZesKZQCN
+GsBhiTcG2MfYOXpn+kv1rqbU9DhAOQ3DMEF6iH621+7s+Jn6RA9jseLWs5/sfc8S
+PXRclCvWWjrrgdVAL5ZriLzh0GPa/XyuIVrFFR5sbBCAEllSGPkOs/jPVU2NtRMP
+mDUYJto=
 -----END CERTIFICATE-----