spiffe · azdagron · Jan 31, 2025 · Jan 31, 2025
@@ -2,8 +2,6 @@ name: PR Build
 on:
   pull_request: {}
   workflow_dispatch: {}
-env:
-  GO_VERSION: 1.21
 jobs:
   lint-linux:
     runs-on: ubuntu-latest
@@ -15,7 +13,7 @@ jobs:
         with:
           cache: true
           cache-dependency-path: v2/go.sum
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: v2/go.mod
       - name: Lint
         run: make lint
 
@@ -29,7 +27,7 @@ jobs:
         with:
           cache: true
           cache-dependency-path: v2/go.sum
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: v2/go.mod
       - name: Test
         run: make test
 
@@ -46,7 +44,7 @@ jobs:
         with:
           cache: true
           cache-dependency-path: v2/go.sum
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: v2/go.mod
       - name: Install msys2
         uses: msys2/setup-msys2@v2
         with:
@@ -73,7 +71,7 @@ jobs:
         with:
           cache: true
           cache-dependency-path: v2/go.sum
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: v2/go.mod
       - name: Install msys2
         uses: msys2/setup-msys2@v2
         with:

@@ -72,7 +72,7 @@ protoc_gen_go_grpc_base_dir := $(build_dir)/protoc-gen-go-grpc
 protoc_gen_go_grpc_dir := $(protoc_gen_go_grpc_base_dir)/$(protoc_gen_go_grpc_version)-go$(go_version)
 protoc_gen_go_grpc_bin := $(protoc_gen_go_grpc_dir)/protoc-gen-go-grpc
 
-golangci_lint_version = v1.57.2
+golangci_lint_version = v1.63.4
 golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version)
 golangci_lint_bin = $(golangci_lint_dir)/golangci-lint
 

@@ -10,7 +10,7 @@ linters:
     - gosec
     - misspell
     - nakedret
-    - exportloopref
+    - copyloopvar
     - unconvert
     - unparam
     - whitespace

@@ -77,7 +77,6 @@ func TestLoad(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.tf.filePath, func(t *testing.T) {
 			bundle, err := jwtbundle.Load(td, testCase.tf.filePath)
 			if testCase.err != "" {
@@ -113,7 +112,6 @@ func TestRead(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.tf.filePath, func(t *testing.T) {
 			// we expect the Open call to fail in some cases
 			file, _ := os.Open(testCase.tf.filePath)
@@ -153,7 +151,6 @@ func TestParse(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.tf.filePath, func(t *testing.T) {
 			// we expect the ReadFile call to fail in some cases
 			bundleBytes, _ := os.ReadFile(testCase.tf.filePath)
@@ -306,7 +303,6 @@ func TestEqual(t *testing.T) {
 			expectEqual: false,
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			require.Equal(t, tt.expectEqual, tt.a.Equal(tt.b))
 		})

@@ -73,7 +73,6 @@ func TestLoad(t *testing.T) {
 	testCases[0].err = "spiffebundle: unable to read SPIFFE bundle: open testdata/does-not-exist.json: " + errstrings.FileNotFound
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.filePath, func(t *testing.T) {
 			bundle, err := spiffebundle.Load(td, testCase.filePath)
 			checkBundleProperties(t, err, testCase, bundle)
@@ -85,7 +84,6 @@ func TestRead(t *testing.T) {
 	testCases[0].err = "spiffebundle: unable to read: invalid argument"
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.filePath, func(t *testing.T) {
 			// we expect the Open call to fail in some cases
 			file, _ := os.Open(testCase.filePath)
@@ -101,7 +99,6 @@ func TestParse(t *testing.T) {
 	testCases[0].err = "spiffebundle: unable to parse JWKS: unexpected end of JSON input"
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.filePath, func(t *testing.T) {
 			// we expect the ReadFile call to fail in some cases
 			bundleBytes, _ := os.ReadFile(testCase.filePath)
@@ -447,7 +444,6 @@ func TestEqual(t *testing.T) {
 			expectEqual: false,
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			require.Equal(t, tt.expectEqual, tt.a.Equal(tt.b))
 		})

@@ -113,7 +113,6 @@ func TestParse(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			fileBytes, err := os.ReadFile(test.path)
 			require.NoError(t, err)
@@ -157,7 +156,6 @@ func TestParseRaw(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			certsBytes := loadRawCertificates(t, test.path)
 			bundle, err := x509bundle.ParseRaw(td, certsBytes)
@@ -297,7 +295,6 @@ func TestEqual(t *testing.T) {
 			expectEqual: false,
 		},
 	} {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			require.Equal(t, tt.expectEqual, tt.a.Equal(tt.b))
 		})

@@ -118,7 +118,6 @@ func TestHandler(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			writer.Reset()
 

@@ -1,6 +1,6 @@
 module github.com/spiffe/go-spiffe/v2
 
-go 1.21
+go 1.22.11
 
 require (
 	github.com/Microsoft/go-winio v0.6.2

@@ -248,8 +248,6 @@ func TestListenAndDial(t *testing.T) {
 	tests = append(tests, listenAndDialCasesOS()...)
 
 	for _, test := range tests {
-		test := test
-
 		if test.defaultWlAPIAddr != "" {
 			require.NoError(t, os.Setenv("SPIFFE_ENDPOINT_SOCKET", test.defaultWlAPIAddr))
 		} else {

@@ -307,7 +307,6 @@ func TestGetCertificate(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			getCertificateCalls := 0
 			tracer := hookedTracer(
@@ -361,7 +360,6 @@ func TestGetClientCertificate(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			getCertificateCalls := 0
 			tracer := hookedTracer(
@@ -427,7 +425,6 @@ func TestVerifyPeerCertificate(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			verifyPeerCertificate := tlsconfig.VerifyPeerCertificate(testCase.bundle, testCase.authorizer)
 			require.NotNil(t, verifyPeerCertificate)
@@ -500,7 +497,6 @@ func TestWrapVerifyPeerCertificate(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			verifyPeerCertificate := tlsconfig.WrapVerifyPeerCertificate(testCase.wrapped, testCase.bundle, testCase.authorizer)
 			require.NotNil(t, verifyPeerCertificate)
@@ -567,7 +563,6 @@ func TestTLSHandshake(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			testConnection(t, testCase.serverConfig, testCase.clientConfig, testCase.serverErr, testCase.clientErr)
 		})
@@ -647,7 +642,6 @@ func TestMTLSHandshake(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			testConnection(t, testCase.serverConfig, testCase.clientConfig, testCase.serverErr, testCase.clientErr)
 		})
@@ -722,7 +716,6 @@ func TestMTLSWebHandshake(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			testConnection(t, testCase.serverConfig, testCase.clientConfig, testCase.serverErr, testCase.clientErr)
 		})

@@ -251,7 +251,6 @@ func TestParseAndValidate(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			// Generate token
 			token := testCase.generateToken(t)
@@ -405,7 +404,6 @@ func TestParseInsecure(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase
 		t.Run(testCase.name, func(t *testing.T) {
 			// Create token
 			token := testCase.generateToken(t)

@@ -181,7 +181,6 @@ func TestParse(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			certBytes, err := os.ReadFile(test.certsPath)
 			require.NoError(t, err)
@@ -251,7 +250,6 @@ func TestMarshal(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			s, err := x509svid.Load(test.certsPath, test.keyPath)
 			require.NoError(t, err)
@@ -322,7 +320,6 @@ func TestMarshalRaw(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			s, err := x509svid.Load(test.certsPath, test.keyPath)
 			require.NoError(t, err)
@@ -389,7 +386,6 @@ func TestParseRaw(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			svid, err := x509svid.ParseRaw(test.rawCerts, test.rawKey)
 			if test.expErrContains != "" {

@@ -127,7 +127,6 @@ func TestVerify(t *testing.T) {
 	}
 
 	for _, testCase := range testCases {
-		testCase := testCase // alias loop var as it is used in the closure
 		t.Run(testCase.name, func(t *testing.T) {
 			_, verifiedChains, err := x509svid.Verify(testCase.chain, testCase.bundle, testCase.opts...)
 			if testCase.err != "" {