golangci-lint update

.github/workflows/lint.yml

@@ -39,7 +39,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v3
       with:
-        version: v1.54
+        version: v1.55
         args: --issues-exit-code=1 --timeout 10m
         only-new-issues: false
         # the cache is already managed above, enabling it here

.golangci.yml

@@ -1,6 +1,14 @@
 # see https://github.com/golangci/golangci-lint/blob/master/.golangci.example.yml
 
 linters-settings:
+  gci:
+    sections:
+     - standard
+     - default
+     - prefix(github.com/crowdsecurity)
+     - prefix(github.com/crowdsecurity/crowdsec)
+     - prefix(github.com/crowdsecurity/cs-firewall-bouncer)
+
   gocyclo:
     min-complexity: 30
 
@@ -16,16 +24,28 @@ linters-settings:
 
   govet:
     check-shadowing: true
+
   lll:
     line-length: 140
+
   misspell:
     locale: US
+
+  nlreturn:
+    block-size: 4
+
   nolintlint:
-    allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
     allow-unused: false # report any unused nolint directives
     require-explanation: false # don't require an explanation for nolint directives
     require-specific: false # don't require nolint directives to be specific about which linter is being skipped
 
+  depguard:
+    rules:
+      main:
+        deny:
+          - pkg: "github.com/pkg/errors"
+            desc: "errors.New() is deprecated in favor of fmt.Errorf()"
+
 linters:
   enable-all: true
   disable:
@@ -47,7 +67,6 @@ linters:
     # Disabled
     #
     - gci               # Gci control golang package import order and make it always deterministic.
-    - depguard          # Go linter that checks if package imports are in a list of acceptable packages
 
     #
     # Enabled
@@ -60,6 +79,7 @@ linters:
     # - containedctx        # containedctx is a linter that detects struct contained context.Context field
     # - contextcheck        # check the function whether use a non-inherited context
     # - decorder            # check declaration order and count of types, constants, variables and functions
+    # - depguard          # Go linter that checks if package imports are in a list of acceptable packages
     # - dogsled             # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     # - durationcheck       # check for two durations multiplied together
     # - errcheck            # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
@@ -71,6 +91,7 @@ linters:
     # - exportloopref       # checks for pointers to enclosing loop variables
     # - forcetypeassert     # finds forced type assertions
     # - funlen              # Tool for detection of long functions
+    # - ginkgolinter        # enforces standards of using ginkgo and gomega
     # - gochecknoinits      # Checks that no init functions are present in Go code
     # - godot               # Check if comments end in a period
     # - gofmt               # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
@@ -164,7 +185,7 @@ linters:
 
 issues:
   max-issues-per-linter: 0
-  max-same-issues: 10
+  max-same-issues: 0
   exclude-rules:
     # `err` is often shadowed, we may continue to do it
     - linters:

cmd/root.go

@@ -18,11 +18,12 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/sync/errgroup"
 
-	"github.com/crowdsecurity/crowdsec/pkg/models"
 	csbouncer "github.com/crowdsecurity/go-cs-bouncer"
 	"github.com/crowdsecurity/go-cs-lib/csdaemon"
 	"github.com/crowdsecurity/go-cs-lib/version"
 
+	"github.com/crowdsecurity/crowdsec/pkg/models"
+
 	"github.com/crowdsecurity/cs-firewall-bouncer/pkg/backend"
 	"github.com/crowdsecurity/cs-firewall-bouncer/pkg/cfg"
 	"github.com/crowdsecurity/cs-firewall-bouncer/pkg/metrics"

pkg/iptables/iptables.go

@@ -28,8 +28,6 @@ type iptables struct {
 }
 
 func NewIPTables(config *cfg.BouncerConfig) (types.Backend, error) {
-	var err error
-
 	ret := &iptables{}
 
 	ipv4Ctx := &ipTablesContext{

pkg/iptables/iptables_context.go

@@ -31,12 +31,10 @@ type ipTablesContext struct {
 }
 
 func (ctx *ipTablesContext) CheckAndCreate() error {
-	var err error
-
 	log.Infof("Checking existing set")
 	/* check if the set already exist */
 	cmd := exec.Command(ctx.ipsetBin, "-L", ctx.SetName)
-	if _, err = cmd.CombinedOutput(); err != nil { // it doesn't exist
+	if _, err := cmd.CombinedOutput(); err != nil { // it doesn't exist
 		if ctx.ipsetContentOnly {
 			/*if we manage ipset content only, error*/
 			log.Errorf("set %s doesn't exist, can't manage content", ctx.SetName)

pkg/pf/pf_context.go

@@ -8,8 +8,9 @@ import (
 
 	log "github.com/sirupsen/logrus"
 
-	"github.com/crowdsecurity/crowdsec/pkg/models"
 	"github.com/crowdsecurity/go-cs-lib/slicetools"
+
+	"github.com/crowdsecurity/crowdsec/pkg/models"
 )
 
 type pfContext struct {