"lint:ignore" comments are ignored by staticcheck

[simonpasquier]

It seems that golangci-lint v1.19.0 ignores //lint:ignore comments. Tested with this very simple program:

package main

import (
        "fmt"
        "time"
)

func main() {
        //lint:ignore SA1004 ignore this!
        time.Sleep(1)
        fmt.Println("hello")
}

golangci-lint v1.19.0 fails with:

main.go:10:13: SA1004: sleeping for 1 nanoseconds is probably a bug. Be explicit if it isn't: time.Sleep(time.Nanosecond) (staticcheck)
        time.Sleep(1)

golangci-lint v1.18.0 succeeds as well as staticcheck 2019.2.3.

System information

1. Version of golangci-lint: golangci-lint has version 1.19.0 built from 27ac4c7 on 2019-09-23T20:40:17Z
2. Config file: N/A
3. Go environment:

go version go1.13 linux/amd64
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/simon/.cache/go-build"
GOENV="/home/simon/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/simon/workspace/"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/simon/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/simon/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/tmp/foo/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build335086001=/tmp/go-build -gno-record-gcc-switches"

4. Verbose output of running:

INFO [config_reader] Config search paths: [./ /tmp/foo /tmp /] 
INFO [lintersdb] Active 10 linters: [deadcode errcheck gosimple govet ineffassign staticcheck structcheck typecheck unused varcheck] 
INFO [lintersdb] Optimized sublinters [staticcheck gosimple unused] into metalinter megacheck 
INFO [loader] Go packages loading at mode 1023 (exports_file|files|imports|name|types|types_info|compiled_files|deps|syntax|types_sizes) took 724.109724ms 
INFO [runner] worker.8 took 21.127µs with stages: typecheck: 17.201µs 
INFO [runner] worker.3 took 94.53µs with stages: varcheck: 81.118µs, structcheck: 8.362µs 
INFO [runner] worker.5 took 40.529µs with stages: deadcode: 33.001µs 
INFO [runner] worker.7 took 148.077µs with stages: ineffassign: 145.627µs 
INFO [runner] worker.2 took 1.143µs               
INFO [runner] worker.4 took 129.961µs with stages: errcheck: 111.743µs 
INFO [runner] worker.6 took 25.834526ms with stages: govet: 25.829686ms 
INFO [runner] worker.1 took 44.510349ms with stages: megacheck: 44.502055ms 
INFO [runner] Workers idle times: #2: 44.358168ms, #3: 44.380638ms, #4: 44.284389ms, #5: 44.373782ms, #6: 18.681965ms, #7: 44.369167ms, #8: 44.390642ms 
INFO [runner] Processors filtering stat (out/in): filename_unadjuster: 1/1, autogenerated_exclude: 1/1, exclude-rules: 1/1, path_shortener: 1/1, cgo: 1/1, source_code: 1/1, path_prettifier: 1/1, uniq_by_line: 1/1, max_per_file_from_linter: 1/1, max_same_issues: 1/1, skip_dirs: 1/1, identifier_marker: 1/1, exclude: 1/1, nolint: 1/1, diff: 1/1, max_from_linter: 1/1, skip_files: 1/1 
INFO [runner] processing took 318.825µs with stages: exclude: 134.356µs, identifier_marker: 57.768µs, autogenerated_exclude: 42.228µs, source_code: 32.72µs, skip_dirs: 17.891µs, nolint: 10.125µs, cgo: 5.393µs, path_prettifier: 4.858µs, uniq_by_line: 3.079µs, filename_unadjuster: 2.773µs, max_same_issues: 2.363µs, max_from_linter: 1.579µs, path_shortener: 1.323µs, skip_files: 740ns, max_per_file_from_linter: 640ns, diff: 619ns, exclude-rules: 370ns 
main.go:10:13: SA1004: sleeping for 1 nanoseconds is probably a bug. Be explicit if it isn't: time.Sleep(time.Nanosecond) (staticcheck)
        time.Sleep(1)
                   ^
INFO File cache stats: 1 entries of total size 129B 
INFO Memory: 9 samples, avg is 121.8MB, max is 136.7MB 
INFO Execution took 774.097404ms                  

[bmhatfield]

Couple notes here, because I just hit this:

1. It's actually intermittent. Locally and in CircleCI this hits about 75% of the time
2. // nolint:staticcheck seems to work as a workaround.

[denisvmedia]

I also faced this problem. Well, a better workaround would be disabling staticcheck at all and running the updated version from the original source.

[jirfag]

I guess we incorrectly configure staticcheck. Contributions are welcome.

[ahmedtalhakhan]

Any progress here? Facing the same issue but do not want to disable the checks completely in the project.

[jsvisa]

Seems it's introduced by #699

[simonpasquier]

From https://golangci-lint.run/usage/false-positives/ + some experiments, you have to do this now:

package main

import (
        "fmt"
        "time"
)

func main() {
       //nolint:staticcheck // SA1004 ignore this!
        time.Sleep(1)
        fmt.Println("hello")
}

[jsvisa]

//nolint:staticcheck // SA1004 ignore this!

@simonpasquier This would be disabling staticcheck at all, not only the SA1004 of staticcheck.

[uhthomas]

@simonpasquier can this be re-opened? I don't believe using //nolint:staticcheck // SA1004 ignore this! resolves this issue as it disables all static checks.

[bconway]

I would also like to see this revisited. I have the following code (or similar) in a few places due to imported protobuf definitions that use the older Go protobuf API version:

//lint:ignore SA1019 // third-party dependency
"github.com/golang/protobuf/proto"

I like to use both staticcheck standalone and golangci-lint, and I don't believe disabling staticcheck entirely for the file is a great workaround. Has there been any determination on why these directives are ignored when staticcheck is called from within golangci-lint?

[NYARAS]

This should work

package main

import (
        "fmt"
        "time"
)

func main() {
      //lint:ignore SA1004 ingore this for now
        time.Sleep(1)
        fmt.Println("hello")
}

[shakefu]

This should work

Against what version? Definitely not working for me.

[uloureiro]

I couldn't get it to work out of the box as well. My need was to ignore a certain directive just in certain files as a whole and neither using //nolint:staticcheck (as this disables everything as others already experienced) nor //lint:file-ignore SA1019 disable warnings for deprecated code (which does not even seem to work) is an option.

The only way I could work around it was by adding the exclude rule I wanted in the .golangci.yaml file in my project.

Here is an example that worked to ignore a single directive in a certain file:

issues:
  exclude-rules:
    - path: path/to/your/file/your_file.go
      linters:
        - staticcheck
      text: SA1019

[aarongable]

This bug is not fixed; can it please be re-opened?

When I run staticcheck standalone against my code, it correctly ignores lines annotated with //lint:ignore ID reason. When I run golangci-lint with staticcheck enabled, it reports those same lines as failures.

The workarounds posted above are incomplete: using the one posted by uloureiro disables the given check for the entire file, not just the single line; the one posted simonpasquier disables all staticcheck checks for that line, not just the single check. The example posted by NYARAS should work, but it does not: that's the whole point of this issue.

Please re-open and investigate why golangci-lint causes staticcheck to not respect its own //lint:ignore directives.

[bconway]

Same, still fails here. @simonpasquier would you mind reopening?

[ldez]

I will try to provide a better overview.

staticcheck is a binary and a set of rules, those rules are grouped in "category": staticcheck, gosimple, stylecheck and unused.

• staticcheck
• stylecheck
• simple
• unused

Inside golangci-lint we use the sets of rules, not the binary.
And all functions are not exported in "staticcheck".

The lint directive is something mainly specific to "staticcheck the binary".

We recommend using the nolint directive that we provide inside golangci-lint.

https://golangci-lint.run/usage/false-positives/

Examples

Exclude the rule globally:

linters:
  disable-all: true
  enable:
    - staticcheck

linters-settings:
  staticcheck:
    checks:
     - all
     - '-SA1019'

Exclude the rule globally for specific method:

linters:
  disable-all: true
  enable:
    - staticcheck

issues:
  exclude:
    - 'SA1019: http.CloseNotifier'

Exclude the rule globally for specific method:

linters:
  disable-all: true
  enable:
    - staticcheck

issues:
  exclude-rules:
    - linters:
        - staticcheck
      text: 'SA1019: http.CloseNotifier'

Exclude the rule in a file for specific method:

linters:
  disable-all: true
  enable:
    - staticcheck

issues:
  exclude-rules:
    - path: ^main.go
      text: 'SA1019: http.CloseNotifier'

Exclude the linter in a file for a specific line:

package main

import (
	"net/http"
)

func main() {
	//nolint:staticcheck // I want to use deprecated method.
	var to http.CloseNotifier
	_ = to
}

[rulisastra]

after my work got delayed by this issue, I finally passed the Jenkins CI/CD build by creating a .golangci.yml file and add this code inside the root directory where go.mod is.

linters:
  enable:
    - misspell
    - typecheck
    - etc...
    
issues:
  exclude:
    - ^G104
  exclude-rules:
    - linters:
        - staticcheck
      text: "SA1019:"

I exclude the path because I want to ignore all .go files inside many sub-folders.
I add SA1019 comment on top of the deprecated method is used. Like this:

        //lint:ignore SA1019 Ignore the deprecation warnings
	ok, err := yourDeprecatedMethod(input)

finally 🚀

[Integralist]

👋🏻 3.5 years later and it looks like this issue isn't going to be reopened :-/

None of the suggestions presented in this issue actually work, here's a screenshot of the last one I tried...

[denisvmedia]

I bet you didn't try my solution: #741 (comment).
If it doesn't work for you, you then need to report it to the original linter author.

[Integralist]

Hi @denisvmedia

I did see your comment but I didn't quite understand it to be honest.

So to clarify, your suggestion is to avoid using staticcheck via golangci-lint and to just use it directly, is that right?

If so then I guess that is possible to do as it looks like null-ls (which I also use) has a builtin for staticcheck https://github.com/jose-elias-alvarez/null-ls.nvim/blob/main/lua/null-ls/builtins/diagnostics/staticcheck.lua

UPDATE:
Well, this was interesting!

So I went and disabled staticcheck via my golangci-lint ~/.golangci.yml and found Neovim was still reporting the error! I then noticed I had staticcheck = true set in my gopls configuration and so I disabled that as well. At this point I was sure that staticcheck wasn't running on my code at all, ok good 👍🏻

Next, I renabled staticcheck via golangci-lint (just to see if maybe any of the code comment solutions for ignoring the error would now suddenly work) but found that golangci-lint didn't seem to be running staticcheck at all.

So I decided to run golangci-lint directly (as opposed to running it via Neovim) and it seems to think staticcheck is an active linter but didn't report any issues? So either there were no issues to report, which I don't believe because of the issue with the code as shown in my screenshot from earlier, or staticcheck just wasn't being run by golangci-lint.

I then ran staticcheck directly and again no issues reported 🤯

So why was Neovim reporting a staticcheck issue when configured via gopls but not via golangci-lint or directly via staticcheck?

I then manually wrote some bad code that I knew staticcheck would fail on, and when running staticcheck directly it would report an issue (👍🏻) but interestingly, when running golangci-lint directly, it again would still not report anything from staticcheck? But it would show part of an issue because of revive (which golangci-lint) is also configured to use...

golangci-lint run -v cmd/fastly/main.go
INFO [config_reader] Config search paths: [./ /Users/integralist/Code/fastly/cli/cmd/fastly /Users/integralist/Code/fastly/cli/cmd /Users/integralist/Code/fastly/cli /Users/integralist/Code/fastly /Users/integralist/Code /Users/integralist /Users /]
INFO [config_reader] Used config file ../../../.golangci.yml
INFO [lintersdb] Active 13 linters: [deadcode errcheck gofumpt goimports gosimple govet ineffassign revive staticcheck structcheck typecheck unused varcheck]
INFO [loader] Go packages loading at mode 575 (files|name|exports_file|deps|imports|types_sizes|compiled_files) took 210.964208ms
WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter. Replaced by unused.
INFO [runner/filename_unadjuster] Pre-built 0 adjustments in 283.542µs
INFO [linters_context/goanalysis] analyzers took 7.57234576s with top 10 stages: buildir: 5.092122546s, fact_deprecated: 496.73529ms, ctrlflow: 422.610334ms, the_only_name: 391.144041ms, printf: 388.46488ms, inspect: 387.551954ms, typedness: 99.860824ms, fact_purity: 99.000764ms, nilness: 93.545121ms, SA5012: 92.681045ms
WARN [linters_context] structcheck is disabled because of generics. You can track the evolution of the generics support by following the https://github.com/golangci/golangci-lint/issues/2649.
INFO [runner] Issues before processing: 5, after processing: 1
INFO [runner] Processors filtering stat (out/in): exclude: 5/5, diff: 1/1, max_same_issues: 1/1, path_shortener: 1/1, fixer: 1/1, filename_unadjuster: 5/5, skip_files: 5/5, autogenerated_exclude: 5/5, identifier_marker: 5/5, sort_results: 1/1, source_code: 1/1, severity-rules: 1/1, path_prefixer: 1/1, cgo: 5/5, skip_dirs: 5/5, exclude-rules: 5/5, nolint: 5/5, uniq_by_line: 1/5, path_prettifier: 5/5, max_per_file_from_linter: 1/1, max_from_linter: 1/1
INFO [runner] processing took 621.582µs with stages: nolint: 311.75µs, exclude-rules: 100.917µs, identifier_marker: 72.542µs, source_code: 46.958µs, autogenerated_exclude: 44.125µs, path_prettifier: 29.959µs, skip_dirs: 8.457µs, max_same_issues: 1.583µs, uniq_by_line: 1.332µs, cgo: 833ns, path_shortener: 792ns, max_from_linter: 542ns, filename_unadjuster: 292ns, exclude: 250ns, max_per_file_from_linter: 250ns, severity-rules: 209ns, sort_results: 209ns, skip_files: 208ns, diff: 166ns, fixer: 166ns, path_prefixer: 42ns
INFO [runner] linters took 3.178269916s with stages: goanalysis_metalinter: 3.177553375s, structcheck: 7.25µs
cmd/fastly/main.go:26:18: empty-block: this block is empty, you can remove it (revive)
	if true == true {
		//
	}
INFO File cache stats: 1 entries of total size 5.2KiB
INFO Memory: 35 samples, avg is 454.8MB, max is 571.3MB
INFO Execution took 3.398907291s

So I was then in this weird situation where running staticcheck (as part of gopls) seemed to be happy to report there was an issue, while staticcheck running via golangci-lint wasn't being run at all, and when running staticcheck directly it would report no issue when it would report an issue when run via gopls.

At this point I checked in the golang repo and noticed this comment, which seems to explain the behaviour...

gopls uses the static check analyzers directly, and does not have or support all the features of the staticcheck binary. It runs the checkers in a very different way and will probably never fully overlap.

I did not know there was a difference between running the binary vs importing its code. So there's likely more to ignoring issues than I first realised due to how staticcheck is being invoked/executed.

Later on in the same Go reported GitHub issue someone stated that yes you can't ignore errors using line directives when importing the staticcheck analyzers and that only works when invoking the staticcheck binary!

So I then installed null-ls' staticcheck and found that again it doesn't report the issue from my screenshot because it's invoking the binary, unlike gopls which imports the staticcheck analyzers and clearly they behave differently. But anything that the staticcheck binary reports as an issue I can ignore using //lint:ignore <CODE> <REASON>.

So for me I'm going to keep staticcheck disabled via gopls and instead I'm going to use null-ls to invoke staticcheck as it seems like golangci-lint wasn't actually invoking staticcheck anyway! Yes I might not be getting as many issues reported when going via the staticcheck binary but in this case the issue reported wasn't a real issue and was annoying me seeing it pop up in my code editors diagnostics and I'd rather be able to control that more granularly via line directives. Also, invoking the staticcheck binary should be enough to catch most issues and keeps things consistent with our CI environment that also invokes the binary.

[lifenjoiner]

Not mentioned above. Here is a quick solution to eliminate the error itself on time.Sleep(1), without making //lint:ignore <CODE> <REASON> work:

time.Sleep(time.Nanosecond)

[sfate]

Solution for deprecated packages without //nolint:staticcheck

I'll leave this for future reference to anyone who's dealing (might be dealing) with deprecated package issues.

TL;DR
Add exclude-rules with specified path of file and linter issuetext (full offense message) to .golangci.yml.

Details

Previously we were dealing with deprecated crypto/openpgp package like that:

//nolint:staticcheck
import "golang.org/x/crypto/openpgp"

Which does not work anymore for golangci-lint and it provides no clear details:

path/to/file.go:3: directive `//nolint:staticcheck` is unused for linter "staticcheck" (nolintlint)
                //nolint:staticcheck
                ^
make: *** [golangci-lintint] Error 1

Removing //nolint:staticcheck directive brings up origins of the issue with deprecated package:

path/to/file.go:3:2: SA1019: "golang.org/x/crypto/openpgp" is deprecated: this package is unmaintained except for security fixes. New applications should consider a more focused, modern alternative to OpenPGP for their specific task. If you are required to interoperate with OpenPGP systems and need a maintained package, consider a community fork. See https://golang.org/issue/44226. (staticcheck)
        "golang.org/x/crypto/openpgp"
        ^
make: *** [golangci-lintint] Error 1

Solution

The only viable solution to achieve disabling this check is to add exclude-rules to .golangci.yml:
(I strongly suggest to use full check text to avoid unexpected ignores further)

issues:
  exclude-rules:
    - path: path/to/file.go
      text: 'SA1019: "golang.org/x/crypto/openpgp" is deprecated: this package is unmaintained except for security fixes. New applications should consider a more focused, modern alternative to OpenPGP for their specific task. If you are required to interoperate with OpenPGP systems and need a maintained package, consider a community fork. See https://golang.org/issue/44226.'

[ldez]

I already provided all the information here: #741 (comment)

---

This issue was about lint directives, those directives are not supported by golangci-lint because they are something specific to "staticcheck the binary".

Golangci-lint provides nolint directives: https://golangci-lint.run/usage/false-positives/#nolint-directive

---

This issue was closed by the original author because he found a solution (the usage of nolint directives).

---

About the deprecated packages:

Without `nolint` directive on the imports

package main

import (
	"fmt"

	"golang.org/x/crypto/openpgp"
)

func main() {
	fmt.Println(openpgp.SignatureType)
}

$ golangci-lint version 
golangci-lint has version 1.55.2 built with go1.21.3 from e3c2265f on 2023-11-03T12:59:25Z
$ golangci-lint run --no-config --enable-all=false --enable=staticcheck
main.go:6:2: SA1019: "golang.org/x/crypto/openpgp" is deprecated: this package is unmaintained except for security fixes. New applications should consider a more focused, modern alternative to OpenPGP for their specific task. If you are required to interoperate with OpenPGP systems and need a maintained package, consider a community fork. See https://golang.org/issue/44226. (staticcheck)
        "golang.org/x/crypto/openpgp"
        ^

With `nolint` directive on the imports

package main

//nolint:staticcheck
import (
	"fmt"

	"golang.org/x/crypto/openpgp"
)

func main() {
	fmt.Println(openpgp.SignatureType)
}

$ golangci-lint version 
golangci-lint has version 1.55.2 built with go1.21.3 from e3c2265f on 2023-11-03T12:59:25Z
$ golangci-lint run --no-config --enable-all=false --enable=staticcheck
$

As you can see the directive nolint works to handle this problem.

[gluax]

@ldez ah my bad, that linked comment didn't make it clear to me that the comment functionality was fixed. It seemed as if it was only fixed from editing a yaml file.