scorecard/.golangci.yml

---
run:
  concurrency: 6
  timeout: 5m
issues:
  # Maximum issues count per one linter.
  # Set to 0 to disable.
  # Default: 50
  max-issues-per-linter: 0
  # Maximum count of issues with the same text.
  # Set to 0 to disable.
  # Default: 3
  max-same-issues: 0
  new-from-rev: ""
  exclude-rules:
    - path: '(.+)_test\.go'
      linters:
        - err113
        - funlen
        - goconst
        - gocyclo
        - lll
        - wrapcheck
  # probes must register via init
    - path: 'probes/.+/impl.go'
      linters:
        - gochecknoinits
skip-files:
  - cron/data/request.pb.go # autogenerated
linters:
  enable:
    - asciicheck
    - dogsled
    - err113
    - errcheck
    - errname
    - errorlint
    - exhaustive
    - exportloopref
    - forbidigo
    - gci
    - gochecknoinits
    - gocognit
    - goconst
    - gocritic
    - gocyclo
    - godot
    - godox
    - gofmt
    - gofumpt
    - goheader
    - goimports
    # manage use of replace, retract and exclude directives (see https://github.com/ossf/scorecard/pull/3440#issuecomment-1708904830)
    # https://golangci-lint.run/usage/linters/#gomoddirectives
    - gomoddirectives
    - gomodguard
    - goprintffuncname
    - gosec
    - gosimple
    - govet
    - ineffassign
    - lll
    - makezero
    - mirror
    - misspell
    - nakedret
    - nestif
    - nolintlint
    - predeclared
    - staticcheck
    - stylecheck
    - tenv
    - thelper
    - typecheck
    - unconvert
    - unused
    - usestdlibvars
    - whitespace
    - wrapcheck
  disable:
    - exhaustruct # initializing every struct makes tests longer without much benefit (spencerschrock)
    - testpackage # tests don't need their own package (spencerschrock)
  presets:
    - bugs
    - test
linters-settings:
  errcheck:
    check-type-assertions: true
    check-blank: true
  exhaustive:
    # https://golangci-lint.run/usage/linters/#exhaustive
    default-signifies-exhaustive: true
  forbidigo:
    forbid:
      - p: "^fmt\\.Print.*$"
        msg: "Do not commit print statements. Output to stdout interferes with users who redirect JSON results to files."
  govet:
    enable:
      - fieldalignment
  godox:
    keywords:
      - BUG
      - FIXME
      - HACK
  gci:
    sections:
      - standard
      - default
      - prefix(github.com/ossf/scorecard)
  gocritic:
    enabled-checks:
      # Diagnostic
      - appendAssign
      - badCond
      - caseOrder
      - codegenComment
      - commentedOutCode
      - deprecatedComment
      - dupBranchBody
      - dupCase
      - dupSubExpr
      - exitAfterDefer
      - flagName
      - nilValReturn
      - weakCond
      - octalLiteral

      # Performance
      - appendCombine
      - hugeParam
      - rangeExprCopy
      - rangeValCopy

      # Style
      - boolExprSimplify
      - captLocal
      - commentFormatting
      - commentedOutImport
      - defaultCaseOrder
      - docStub
      - elseif
      - emptyFallthrough
      - hexLiteral
      - ifElseChain
      - methodExprCall
      - singleCaseSwitch
      - typeAssertChain
      - typeSwitchVar
      - underef
      - unlabelStmt
      - unlambda

      # Opinionated
      - builtinShadow
      - importShadow
      - initClause
      - nestingReduce
      - paramTypeCombine
      - ptrToRefParam
      - typeUnparen
      - unnecessaryBlock
  nolintlint:
    # `//nolint` should mention specific linter such as `//nolint:my-linter`
    # Overly broad directives can hide unrelated issues
    require-specific: true
  wrapcheck:
    ignorePackageGlobs:
      - github.com/ossf/scorecard/v5/checks/fileparser