Upgrade golangci-lint (#522)

- Run golangci-lint migrate
- Fix staticcheck lints
- Update CI to use current golangci-lint
- Upgrade actions/checkout, actions/setup-go, and
golangci/golangci-lint-action

Author: mcpherrinm

.github/workflows/checks.yml

@@ -12,25 +12,25 @@ permissions:
 env:
   CGO_ENABLED: 0
   GO_VERSION: stable
-  GOLANGCI_LINT_VERSION: v1.64.5
+  GOLANGCI_LINT_VERSION: v2.6.1
   SHELLCHECK_SCRIPTS: ./*.sh
 jobs:
   go-lint-checks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Run GolangCI-Lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v9
         with:
           version: ${{ env.GOLANGCI_LINT_VERSION }}
   go-mod-checks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Check if go.mod is tidy

.github/workflows/go-cross.yml

@@ -25,9 +25,9 @@ jobs:
           - windows-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
       - name: Build the module

.github/workflows/release.yml

@@ -32,8 +32,8 @@ jobs:
           - linux
           - windows
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
         with:
           check-latest: true
           go-version-file: go.mod
@@ -62,7 +62,7 @@ jobs:
           - pebble
           - pebble-challtestsrv
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Download ${{ matrix.app }} artifacts
         uses: actions/download-artifact@v4
         with:

.golangci.yaml

@@ -1,11 +1,5 @@
-linters-settings:
-  gocyclo:
-    min-complexity: 25
-  misspell:
-    locale: "US"
-
+version: "2"
 linters:
-  disable-all: false
   enable:
     - asasalint
     - asciicheck
@@ -17,7 +11,6 @@ linters:
     - dogsled
     - dupword
     - durationcheck
-    - errcheck
     - errchkjson
     - errorlint
     - forcetypeassert
@@ -26,18 +19,12 @@ linters:
     - gocognit
     - goconst
     - gocyclo
-    - gofmt
-    - gofumpt
     - goheader
-    - goimports
     - gomoddirectives
     - gomodguard
     - goprintffuncname
-    - gosimple
-    - govet
     - importas
     - inamedparam
-    - ineffassign
     - ireturn
     - loggercheck
     - makezero
@@ -51,33 +38,55 @@ linters:
     - predeclared
     - reassign
     - revive
-    - staticcheck
     - tagalign
     - testableexamples
     - testifylint
     - thelper
     - unconvert
     - unparam
-    - unused
     - usestdlibvars
     - usetesting
     - wastedassign
-
+  settings:
+    gocyclo:
+      min-complexity: 25
+    misspell:
+      locale: US
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - path: ca/ca.go
+        text: type name will be used as ca.CAImpl by other packages, and that stutters; consider calling this Impl
+      - path: va/va.go
+        text: type name will be used as va.VAImpl by other packages, and that stutters; consider calling this Impl
+      - path: wfe/wfe.go
+        text: if` block ends with a `return` statement, so drop this `else` and outdent its block
+      - linters:
+          - goconst
+        path: va/va.go
+        text: string `Incorrect validation certificate for %s challenge. ` has \d occurrences, make it a constant
+      - path: (.+)\.go$
+        text: fmt.Sprintf can be replaced with string
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
 issues:
-  exclude-use-default: true
   max-issues-per-linter: 0
   max-same-issues: 0
-  # The following excludes are considered false-positives/known-OK.
-  exclude:
-    - fmt.Sprintf can be replaced with string
-  exclude-rules:
-    - path: ca/ca.go
-      text: 'type name will be used as ca.CAImpl by other packages, and that stutters; consider calling this Impl'
-    - path: va/va.go
-      text: 'type name will be used as va.VAImpl by other packages, and that stutters; consider calling this Impl'
-    - path: wfe/wfe.go
-      text: 'if` block ends with a `return` statement, so drop this `else` and outdent its block'
-    - path: va/va.go
-      linters:
-        - goconst
-      text: 'string `Incorrect validation certificate for %s challenge. ` has \d occurrences, make it a constant'
+formatters:
+  enable:
+    - gofmt
+    - gofumpt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

cmd/pebble-challtestsrv/http.go

@@ -17,7 +17,7 @@ func mustParsePOST(ob interface{}, request *http.Request) error {
 	}
 
 	if string(jsonBody) == "" {
-		return errors.New("Expected JSON POST body, was empty")
+		return errors.New("expected JSON POST body, was empty")
 	}
 
 	return json.Unmarshal(jsonBody, ob)

cmd/pebble-challtestsrv/main.go

@@ -28,7 +28,7 @@ type managementServer struct {
 }
 
 func (srv *managementServer) Run() {
-	srv.log.Printf("Starting management server on %s", srv.Server.Addr)
+	srv.log.Printf("Starting management server on %s", srv.Addr)
 	// Start the HTTP server in its own dedicated Go routine
 	go func() {
 		err := srv.ListenAndServe()

wfe/wfe.go

@@ -1847,17 +1847,17 @@ func (wfe *WebFrontEndImpl) orderForDisplay(
 	// identifiers and authorizations slices and not the slices or the mutations
 	// below could mutate the order in the database, causing data races.
 	result := acme.Order{
-		Status:         order.Order.Status,
-		Error:          order.Order.Error,
-		Expires:        order.Order.Expires,
-		Identifiers:    slices.Clone(order.Order.Identifiers),
-		Profile:        order.Order.Profile,
-		Finalize:       order.Order.Finalize,
-		NotBefore:      order.Order.NotBefore,
-		NotAfter:       order.Order.NotAfter,
-		Authorizations: slices.Clone(order.Order.Authorizations),
-		Certificate:    order.Order.Certificate,
-		Replaces:       order.Order.Replaces,
+		Status:         order.Status,
+		Error:          order.Error,
+		Expires:        order.Expires,
+		Identifiers:    slices.Clone(order.Identifiers),
+		Profile:        order.Profile,
+		Finalize:       order.Finalize,
+		NotBefore:      order.NotBefore,
+		NotAfter:       order.NotAfter,
+		Authorizations: slices.Clone(order.Authorizations),
+		Certificate:    order.Certificate,
+		Replaces:       order.Replaces,
 	}
 
 	// Randomize the order of the order authorization URLs as well as the order's
@@ -2892,11 +2892,12 @@ func (wfe *WebFrontEndImpl) RevokeCert(
 
 	// Handle the revocation request according to how it is authenticated, or if
 	// the authentication type is unknown, error immediately
-	if authType == embeddedKeyID {
+	switch authType {
+	case embeddedKeyID:
 		prob = wfe.revokeCertByKeyID(parsedJWS, request)
-	} else if authType == embeddedJWK {
+	case embeddedJWK:
 		prob = wfe.revokeCertByJWK(parsedJWS, request)
-	} else {
+	default:
 		prob = acme.MalformedProblem("Malformed JWS, no KeyID or embedded JWK")
 	}
 	if prob != nil {