Skip to content

Commit

Permalink
🌱 bump project minimum Go version to go1.21 (ossf#3661)
Browse files Browse the repository at this point in the history
* upgrade go.mod to 1.21

Signed-off-by: Spencer Schrock <[email protected]>

* use slices from stdlib

Signed-off-by: Spencer Schrock <[email protected]>

* use max/min builtins

Signed-off-by: Spencer Schrock <[email protected]>

* multierrors

possibly spin this off into its own PR

Signed-off-by: Spencer Schrock <[email protected]>

* dont call rand.Seed

As of Go 1.20, the generator is seeded randomly at startup.
https://pkg.go.dev/math/rand#Seed

Signed-off-by: Spencer Schrock <[email protected]>

* update minimum Go version in documentation

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
  • Loading branch information
spencerschrock authored Nov 13, 2023
1 parent 6dffe65 commit a4ee314
Show file tree
Hide file tree
Showing 18 changed files with 77 additions and 49 deletions.
4 changes: 0 additions & 4 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,6 @@ linters-settings:
errcheck:
check-type-assertions: true
check-blank: true
errorlint:
# TODO remove this when project migrates to golang 1.20
# https://golangci-lint.run/usage/linters/#errorlint
errorf-multi: false
exhaustive:
# https://golangci-lint.run/usage/linters/#exhaustive
default-signifies-exhaustive: true
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ You must install these tools:
1. [`git`](https://help.github.com/articles/set-up-git/): For source control

1. [`go`](https://golang.org/doc/install): You need go version
[v1.19](https://golang.org/dl/) or higher.
[v1.21](https://golang.org/dl/) or higher.

1. [`docker`](https://docs.docker.com/engine/install/): `v18.9` or higher.

Expand Down
4 changes: 2 additions & 2 deletions checker/check_result.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ func CreateProportionalScore(success, total int) int {
return 0
}

return int(math.Min(float64(MaxResultScore*success/total), float64(MaxResultScore)))
return min(MaxResultScore*success/total, MaxResultScore)
}

// CreateProportionalScoreWeighted creates the proportional score
Expand Down Expand Up @@ -141,7 +141,7 @@ func CreateProportionalScoreWeighted(scores ...ProportionalScoreWeighted) (int,
return MaxResultScore, nil
}

return int(math.Min(float64(MaxResultScore*ws/wt), float64(MaxResultScore))), nil
return min(MaxResultScore*ws/wt, MaxResultScore), nil
}

// AggregateScores adds up all scores
Expand Down
3 changes: 1 addition & 2 deletions checks/evaluation/code_review.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ package evaluation

import (
"fmt"
"math"

"github.com/ossf/scorecard/v4/checker"
sce "github.com/ossf/scorecard/v4/errors"
Expand Down Expand Up @@ -74,7 +73,7 @@ func CodeReview(name string, dl checker.DetailLogger, r *checker.CodeReviewData)
return checker.CreateProportionalScoreResult(
name,
fmt.Sprintf("found %d unreviewed changesets out of %d", nUnreviewedChanges, nChanges),
int(math.Max(float64(nChanges-nUnreviewedChanges), 0)),
max(nChanges-nUnreviewedChanges, 0),
nChanges,
)
}
Expand Down
2 changes: 1 addition & 1 deletion checks/raw/shell_download_validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ import (
"path"
"path/filepath"
"regexp"
"slices"
"strings"

"golang.org/x/exp/slices"
"mvdan.cc/sh/v3/syntax"

"github.com/ossf/scorecard/v4/checker"
Expand Down
2 changes: 1 addition & 1 deletion clients/githubrepo/branches.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ package githubrepo
import (
"context"
"fmt"
"slices"
"strings"
"sync"

"github.com/google/go-github/v53/github"
"github.com/shurcooL/githubv4"
"golang.org/x/exp/slices"

"github.com/ossf/scorecard/v4/clients"
"github.com/ossf/scorecard/v4/clients/githubrepo/internal/fnmatch"
Expand Down
8 changes: 4 additions & 4 deletions clients/githubrepo/tarball.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func (handler *tarballHandler) getTarball() error {
defer repoFile.Close()
if _, err := io.Copy(repoFile, resp.Body); err != nil {
// This can happen if the incoming tarball is corrupted/server gateway times out.
return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err)
return fmt.Errorf("%w io.Copy: %w", errTarballNotFound, err)
}

handler.tempDir = tempDir
Expand All @@ -169,7 +169,7 @@ func (handler *tarballHandler) extractTarball() error {
}
gz, err := gzip.NewReader(in)
if err != nil {
return fmt.Errorf("%w: gzip.NewReader %v %v", errTarballCorrupted, handler.tempTarFile, err)
return fmt.Errorf("%w: gzip.NewReader %v %w", errTarballCorrupted, handler.tempTarFile, err)
}
tr := tar.NewReader(gz)
for {
Expand All @@ -178,7 +178,7 @@ func (handler *tarballHandler) extractTarball() error {
break
}
if err != nil {
return fmt.Errorf("%w tarReader.Next: %v", errTarballCorrupted, err)
return fmt.Errorf("%w tarReader.Next: %w", errTarballCorrupted, err)
}

switch header.Typeflag {
Expand Down Expand Up @@ -217,7 +217,7 @@ func (handler *tarballHandler) extractTarball() error {
// Potential for DoS vulnerability via decompression bomb.
// Since such an attack will only impact a single shard, ignoring this for now.
if _, err := io.Copy(outFile, tr); err != nil {
return fmt.Errorf("%w io.Copy: %v", errTarballCorrupted, err)
return fmt.Errorf("%w io.Copy: %w", errTarballCorrupted, err)
}
outFile.Close()
handler.files = append(handler.files,
Expand Down
14 changes: 7 additions & 7 deletions clients/gitlabrepo/tarball.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func (handler *tarballHandler) getTarball() error {
}
repoFile, err := os.CreateTemp(tempDir, repoFilename)
if err != nil {
return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err)
return fmt.Errorf("%w io.Copy: %w", errTarballNotFound, err)
}
defer repoFile.Close()
err = handler.apiFunction(url, tempDir, repoFile)
Expand Down Expand Up @@ -188,18 +188,18 @@ func (handler *tarballHandler) apiFunction(url, tempDir string, repoFile *os.Fil
req.Header.Set("PRIVATE-TOKEN", os.Getenv("GITLAB_AUTH_TOKEN"))
resp, err := http.DefaultClient.Do(req)
if err != nil {
return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err)
return fmt.Errorf("%w io.Copy: %w", errTarballNotFound, err)
}
defer resp.Body.Close()

// Handler 400/404 errors.
switch resp.StatusCode {
case http.StatusNotFound, http.StatusBadRequest:
return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err)
return fmt.Errorf("%w io.Copy: %w", errTarballNotFound, err)
}
if _, err := io.Copy(repoFile, resp.Body); err != nil {
// If the incoming tarball is corrupted or the server times out.
return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err)
return fmt.Errorf("%w io.Copy: %w", errTarballNotFound, err)
}
return nil
}
Expand All @@ -212,7 +212,7 @@ func (handler *tarballHandler) extractTarball() error {
}
gz, err := gzip.NewReader(in)
if err != nil {
return fmt.Errorf("%w: gzip.NewReader %v %v", errTarballCorrupted, handler.tempTarFile, err)
return fmt.Errorf("%w: gzip.NewReader %v %w", errTarballCorrupted, handler.tempTarFile, err)
}
tr := tar.NewReader(gz)
for {
Expand All @@ -221,7 +221,7 @@ func (handler *tarballHandler) extractTarball() error {
break
}
if err != nil {
return fmt.Errorf("%w tarReader.Next: %v", errTarballCorrupted, err)
return fmt.Errorf("%w tarReader.Next: %w", errTarballCorrupted, err)
}

switch header.Typeflag {
Expand Down Expand Up @@ -260,7 +260,7 @@ func (handler *tarballHandler) extractTarball() error {
// Potential for DoS vulnerability via decompression bomb.
// Since such an attack will only impact a single shard, ignoring this for now.
if _, err := io.Copy(outFile, tr); err != nil {
return fmt.Errorf("%w io.Copy: %v", errTarballCorrupted, err)
return fmt.Errorf("%w io.Copy: %w", errTarballCorrupted, err)
}
outFile.Close()
handler.files = append(handler.files,
Expand Down
3 changes: 1 addition & 2 deletions cmd/internal/nuget/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,9 @@ import (
"io"
"net/http"
"regexp"
"slices"
"strings"

"golang.org/x/exp/slices"

pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
sce "github.com/ossf/scorecard/v4/errors"
)
Expand Down
2 changes: 1 addition & 1 deletion cmd/internal/nuget/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ import (
"io"
"net/http"
"os"
"slices"
"strings"
"testing"

"github.com/golang/mock/gomock"
"golang.org/x/exp/slices"

pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager"
)
Expand Down
2 changes: 1 addition & 1 deletion cmd/internal/scdiff/app/stats.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ import (
"fmt"
"io"
"os"
"slices"
"strings"
"text/tabwriter"

"github.com/spf13/cobra"
"golang.org/x/exp/slices"

"github.com/ossf/scorecard/v4/checker"
"github.com/ossf/scorecard/v4/pkg"
Expand Down
2 changes: 1 addition & 1 deletion cron/data/blob.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ func ParseBlobFilename(key string) (time.Time, string, error) {
objectName := key[len(filePrefixFormat):]
t, err := time.Parse(filePrefixFormat, prefix)
if err != nil {
return t, "", fmt.Errorf("%w: %v", errParseBlobName, err)
return t, "", fmt.Errorf("%w: %w", errParseBlobName, err)
}
return t, objectName, nil
}
2 changes: 0 additions & 2 deletions cron/internal/shuffle/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
"math/rand"
"os"
"strconv"
"time"

"github.com/ossf/scorecard/v4/cron/data"
)
Expand Down Expand Up @@ -56,7 +55,6 @@ func main() {
repoURLs = append(repoURLs, repo)
}

rand.Seed(time.Now().UnixNano())
rand.Shuffle(len(repoURLs), func(i, j int) {
repoURLs[i], repoURLs[j] = repoURLs[j], repoURLs[i]
})
Expand Down
4 changes: 2 additions & 2 deletions finding/probe/probe.go
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ func parseFromYAML(content []byte) (*yamlProbe, error) {

err := yaml.Unmarshal(content, &r)
if err != nil {
return nil, fmt.Errorf("%w: %v", errInvalid, err)
return nil, fmt.Errorf("%w: %w", errInvalid, err)
}
return &r, nil
}
Expand All @@ -151,7 +151,7 @@ func parseFromYAML(content []byte) (*yamlProbe, error) {
func (r *RemediationEffort) UnmarshalYAML(n *yaml.Node) error {
var str string
if err := n.Decode(&str); err != nil {
return fmt.Errorf("%w: %v", errInvalid, err)
return fmt.Errorf("%w: %w", errInvalid, err)
}

// nolint:goconst
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/ossf/scorecard/v4

go 1.19
go 1.21

require (
cloud.google.com/go/bigquery v1.57.1
Expand Down Expand Up @@ -174,7 +174,7 @@ require (
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.13.0
golang.org/x/sync v0.4.0 // indirect
Expand Down
Loading

0 comments on commit a4ee314

Please sign in to comment.