GO code staticcheck cleanup

Makefile

@@ -23,7 +23,6 @@ else
 	COWSQL_PATH=$(GOPATH)/deps/cowsql
 endif
 
-	# raft
 .PHONY: default
 default: build
 
@@ -56,6 +55,7 @@ incus-migrate:
 
 .PHONY: deps
 deps:
+	# raft
 	@if [ ! -e "$(RAFT_PATH)" ]; then \
 		git clone --depth=1 "https://github.com/cowsql/raft" "$(RAFT_PATH)"; \
 	elif [ -e "$(RAFT_PATH)/.git" ]; then \

cmd/incus/admin_recover.go

@@ -10,7 +10,7 @@ import (
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 
-	"github.com/lxc/incus/v6/client"
+	incus "github.com/lxc/incus/v6/client"
 	cli "github.com/lxc/incus/v6/internal/cmd"
 	"github.com/lxc/incus/v6/internal/i18n"
 	"github.com/lxc/incus/v6/internal/recover"
@@ -241,7 +241,8 @@ func (c *cmdAdminRecover) Run(cmd *cobra.Command, args []string) error {
 	// Send /internal/recover/import request to the daemon.
 	// Don't lint next line with gosimple. It says we should convert reqValidate directly to an RecoverImportPost
 	// because their types are identical. This is less clear and will not work if either type changes in the future.
-	reqImport := recover.ImportPost{ //nolint:gosimple
+	//nolint:all
+	reqImport := recover.ImportPost{ //lint:ignore S1016 for reason above
 		Pools: reqValidate.Pools,
 	}
 

cmd/incus/completion.go

@@ -496,7 +496,6 @@ func (g *cmdGlobal) cmpNetworkForwardConfigs(networkName string, listenAddress s
 }
 
 func (g *cmdGlobal) cmpNetworkForwards(networkName string) ([]string, cobra.ShellCompDirective) {
-	results := []string{}
 	cmpDirectives := cobra.ShellCompDirectiveNoFileComp
 
 	resources, _ := g.ParseServers(networkName)
@@ -516,7 +515,6 @@ func (g *cmdGlobal) cmpNetworkForwards(networkName string) ([]string, cobra.Shel
 }
 
 func (g *cmdGlobal) cmpNetworkLoadBalancers(networkName string) ([]string, cobra.ShellCompDirective) {
-	results := []string{}
 	cmpDirectives := cobra.ShellCompDirectiveNoFileComp
 
 	resources, _ := g.ParseServers(networkName)
@@ -560,7 +558,6 @@ func (g *cmdGlobal) cmpNetworkPeerConfigs(networkName string, peerName string) (
 }
 
 func (g *cmdGlobal) cmpNetworkPeers(networkName string) ([]string, cobra.ShellCompDirective) {
-	results := []string{}
 	cmpDirectives := cobra.ShellCompDirectiveNoFileComp
 
 	resources, _ := g.ParseServers(networkName)
@@ -742,7 +739,6 @@ func (g *cmdGlobal) cmpNetworkZoneRecordConfigs(zoneName string, recordName stri
 }
 
 func (g *cmdGlobal) cmpNetworkZoneRecords(zoneName string) ([]string, cobra.ShellCompDirective) {
-	results := []string{}
 	cmpDirectives := cobra.ShellCompDirectiveNoFileComp
 
 	resources, _ := g.ParseServers(zoneName)

cmd/incus/snapshot.go

@@ -12,7 +12,7 @@ import (
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v2"
 
-	"github.com/lxc/incus/v6/client"
+	incus "github.com/lxc/incus/v6/client"
 	cli "github.com/lxc/incus/v6/internal/cmd"
 	"github.com/lxc/incus/v6/internal/i18n"
 	"github.com/lxc/incus/v6/internal/instance"
@@ -514,8 +514,6 @@ func (c *cmdSnapshotRestore) Run(cmd *cobra.Command, args []string) error {
 type cmdSnapshotShow struct {
 	global   *cmdGlobal
 	snapshot *cmdSnapshot
-
-	flagExpanded bool
 }
 
 func (c *cmdSnapshotShow) Command() *cobra.Command {

cmd/incusd/dev_incus.go

@@ -278,7 +278,7 @@ func hoistReq(f func(*Daemon, instance.Instance, http.ResponseWriter, *http.Requ
 		conn := ucred.GetConnFromContext(r.Context())
 		cred, ok := pidMapper.m[conn.(*net.UnixConn)]
 		if !ok {
-			http.Error(w, pidNotInContainerErr.Error(), http.StatusInternalServerError)
+			http.Error(w, errPidNotInContainer.Error(), http.StatusInternalServerError)
 			return
 		}
 
@@ -390,7 +390,7 @@ func (m *ConnPidMapper) ConnStateHandler(conn net.Conn, state http.ConnState) {
 	}
 }
 
-var pidNotInContainerErr = fmt.Errorf("pid not in container?")
+var errPidNotInContainer = fmt.Errorf("pid not in container?")
 
 func findContainerForPid(pid int32, s *state.State) (instance.Container, error) {
 	/*
@@ -496,5 +496,5 @@ func findContainerForPid(pid int32, s *state.State) (instance.Container, error)
 		}
 	}
 
-	return nil, pidNotInContainerErr
+	return nil, errPidNotInContainer
 }

cmd/incusd/dev_incus_test.go

@@ -169,7 +169,7 @@ func TestHttpRequest(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if !strings.Contains(string(resp), pidNotInContainerErr.Error()) {
+	if !strings.Contains(string(resp), errPidNotInContainer.Error()) {
 		t.Fatal("resp error not expected: ", string(resp))
 	}
 }

cmd/incusd/instance.go

@@ -427,7 +427,9 @@ func instanceCreateAsCopy(s *state.State, opts instanceCreateAsCopyOpts, op *ope
 					"path": "/",
 					"pool": instRootDiskDevice["pool"],
 				}
-			} else { //nolint:staticcheck // (keep the empty branch for the comment)
+				//nolint:all
+				//lint:ignore SA9003 keep the empty branch for the comment
+			} else { //nolint:all
 				// Snapshot has multiple root disk devices, we can't automatically fix this so
 				// leave alone so we don't prevent copy.
 			}

internal/server/cluster/membership.go

@@ -26,10 +26,10 @@ import (
 	"github.com/lxc/incus/v6/shared/util"
 )
 
-// clusterBusyError is returned by dqlite if attempting attempting to join a cluster at the same time as a role-change.
+// errClusterBusy is returned by dqlite if attempting attempting to join a cluster at the same time as a role-change.
 // This error tells us we can retry and probably join the cluster or fail due to something else.
 // The error code here is SQLITE_BUSY.
-var clusterBusyError = fmt.Errorf("A configuration change is already in progress (5)")
+var errClusterBusy = fmt.Errorf("A configuration change is already in progress (5)")
 
 // Bootstrap turns a non-clustered server into the first (and leader)
 // member of a new cluster.
@@ -447,7 +447,7 @@ func Join(state *state.State, gateway *Gateway, networkCert *localtls.CertInfo,
 			return fmt.Errorf("Failed to join cluster: %w", ctx.Err())
 		default:
 			err = client.Add(ctx, info.NodeInfo)
-			if err != nil && err.Error() == clusterBusyError.Error() {
+			if err != nil && err.Error() == errClusterBusy.Error() {
 				// If the cluster is busy with a role change, sleep a second and then keep trying to join.
 				time.Sleep(1 * time.Second)
 				continue
@@ -593,6 +593,8 @@ func NotifyHeartbeat(state *state.State, gateway *Gateway) {
 		// Wait for heartbeat to finish and then release.
 		// Ignore staticcheck "SA2001: empty critical section" because we want to wait for the lock.
 		gateway.HeartbeatLock.Lock()
+		//nolint:all
+		//lint:ignore SA2001 we want to wait for the lock
 		gateway.HeartbeatLock.Unlock() //nolint:staticcheck
 	}
 

internal/server/db/cluster/certificate_projects.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/certificates.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/cluster_groups.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/config.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/devices.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/images.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/instance_profiles.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/instances.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/networks_integrations.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/nodes.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/nodes_cluster_groups.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/operations.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/profiles.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/projects.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/snapshots.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/cluster/warnings.mapper.go

@@ -3,6 +3,7 @@
 package cluster
 
 // The code below was generated by incus-generate - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 	"context"

internal/server/db/generate/file/write.go

@@ -28,6 +28,7 @@ func Reset(path string, imports []string, buildComment string, iface bool) error
 	content := fmt.Sprintf(`%spackage %s
 
 // The code below was generated by %s - DO NOT EDIT!
+//lint:file-ignore U1000,SA4006 Ignore staticcheck
 
 import (
 `, buildComment, os.Getenv("GOPACKAGE"), os.Args[0])

internal/server/response/swagger.go

@@ -1,6 +1,8 @@
 // Package response contains helpers for rendering HTTP responses.
 //
-//nolint:deadcode,unused
+//nolint:all
+//lint:file-ignore U1000 Ignore unused
+
 package response
 
 import (

internal/server/scriptlet/load/load.go

@@ -6,6 +6,7 @@ import (
 	"sync"
 
 	"go.starlark.net/starlark"
+	"go.starlark.net/syntax"
 )
 
 // nameInstancePlacement is the name used in Starlark for the instance placement scriptlet.
@@ -30,7 +31,7 @@ func InstancePlacementCompile(src string) (*starlark.Program, error) {
 	}
 
 	// Parse, resolve, and compile a Starlark source file.
-	_, mod, err := starlark.SourceProgram(nameInstancePlacement, src, isPreDeclared)
+	_, mod, err := starlark.SourceProgramOptions(syntax.LegacyFileOptions(), nameInstancePlacement, src, isPreDeclared)
 	if err != nil {
 		return nil, err
 	}

internal/server/util/http.go

@@ -174,7 +174,7 @@ func CheckTrustState(cert x509.Certificate, trustedCerts map[string]x509.Certifi
 					return false, "" // CRL not signed by CA
 				}
 
-				for _, revoked := range crl.RevokedCertificates {
+				for _, revoked := range crl.RevokedCertificateEntries {
 					if cert.SerialNumber.Cmp(revoked.SerialNumber) == 0 {
 						return false, "" // Certificate is revoked, so not trusted anymore.
 					}

shared/cliconfig/remote.go

@@ -17,7 +17,7 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"golang.org/x/crypto/ssh"
 
-	"github.com/lxc/incus/v6/client"
+	incus "github.com/lxc/incus/v6/client"
 	"github.com/lxc/incus/v6/shared/api"
 	"github.com/lxc/incus/v6/shared/util"
 )
@@ -332,6 +332,8 @@ func (c *Config) getConnectionArgs(name string) (*incus.ConnectionArgs, error) {
 		// Golang has deprecated all methods relating to PEM encryption due to a vulnerability.
 		// However, the weakness does not make PEM unsafe for our purposes as it pertains to password protection on the
 		// key file (client.key is only readable to the user in any case), so we'll ignore deprecation.
+		//nolint:all
+		//lint:ignore SA1019 see above for reason
 		isEncrypted := x509.IsEncryptedPEMBlock(pemKey) //nolint:staticcheck
 		isSSH := pemKey.Type == "OPENSSH PRIVATE KEY"
 		if isEncrypted || isSSH {
@@ -366,6 +368,8 @@ func (c *Config) getConnectionArgs(name string) (*incus.ConnectionArgs, error) {
 					return nil, fmt.Errorf("Unsupported key type: %T", sshKey)
 				}
 			} else {
+				//nolint:all
+				//lint:ignore SA1019 see above for reason
 				derKey, err := x509.DecryptPEMBlock(pemKey, []byte(password)) //nolint:staticcheck
 				if err != nil {
 					return nil, err

test/mini-oidc/main.go

@@ -47,7 +47,7 @@ func main() {
 		},
 	}
 
-	provider, err := op.NewOpenIDProvider(issuer, config, storage, op.WithAllowInsecure())
+	provider, err := op.NewProvider(config, storage, op.StaticIssuer(issuer), op.WithAllowInsecure())
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error: %v\n", err)
 		os.Exit(1)
@@ -93,8 +93,6 @@ func userCodeHandler(storage *storage.Storage, w http.ResponseWriter, r *http.Re
 	}
 
 	fmt.Printf("%s => %s\n", userCode, name)
-
-	return
 }
 
 func username() string {