google · gmlewis · Sep 8, 2023 · Aug 26, 2023 · Aug 27, 2023 · Aug 27, 2023
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -9,15 +9,14 @@ jobs:
   lint:
     strategy:
       matrix:
-        go-version: [1.x]
         platform: [ubuntu-latest]
 
         # golangci-lint will only process a single module, so we need to call it
         # separately for each module in the repo.  We dont lint example/newreposecretwithlibsodium
         # since that needs libsodium to run.
         working-directory:
           - ""
-          # - example  # Fails with "no go files to analyze"
+          - example
           - scrape
           - update-urls
     runs-on: ${{ matrix.platform }}

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,34 +1,39 @@
+run:
+  build-tags:
+    - integration
 linters:
-  # TODO: fix errors so that all of the linters below pass.
-  # The linters that are commented out, as well as those explicitly disabled,
-  # are currently failing.  We should fix those failures or define exclusion
-  # rules, and then enable those linters.
   enable:
     - dogsled
     - dupl
     - gofmt
     - goimports
-  # - gosec
+    - gosec
     - misspell
     - nakedret
     - stylecheck
-  # - unconvert
-  # - unparam
+    - unconvert
+    - unparam
     - whitespace
-  disable:
-    - errcheck
-    - gosimple
-    - staticcheck
-    - ineffassign
-    - unused
+linters-settings:
+  gosec:
+    excludes:
+      # performance issue: see https://github.com/golangci/golangci-lint/issues/4039
+      # and https://github.com/securego/gosec/issues/1007
+      - G602
 issues:
-  exclude:
-    - composites
   exclude-rules:
-  - linters:
-    - dogsled
-    text:  "declaration has 3 blank identifiers"
-    path: _test\.go
-  - linters:
-    - dupl
-    path: _test\.go
+    - linters:
+        - dupl
+        - unparam
+        - gosec
+        - dogsled
+      path: _test\.go
+
+    # We need to pass nil Context in order to test DoBare erroring on nil ctx.
+    - linters: [ staticcheck ]
+      text: 'SA1012: do not pass a nil Context'
+      path: _test\.go
+
+    # We need to use sha1 for validating signatures
+    - linters: [ gosec ]
+      text: 'G505: Blocklisted import crypto/sha1: weak cryptographic primitive'
diff --git a/example/basicauth/main.go b/example/basicauth/main.go
@@ -32,7 +32,7 @@ func main() {
 	username, _ := r.ReadString('\n')
 
 	fmt.Print("GitHub Password: ")
-	bytePassword, _ := term.ReadPassword(int(syscall.Stdin))
+	bytePassword, _ := term.ReadPassword(syscall.Stdin)
 	password := string(bytePassword)
 
 	tp := github.BasicAuthTransport{

diff --git a/example/commitpr/main.go b/example/commitpr/main.go
@@ -133,7 +133,7 @@ func pushCommit(ref *github.Reference, tree *github.Tree) (err error) {
 
 	// Create the commit using the tree.
 	date := time.Now()
-	author := &github.CommitAuthor{Date: &github.Timestamp{date}, Name: authorName, Email: authorEmail}
+	author := &github.CommitAuthor{Date: &github.Timestamp{Time: date}, Name: authorName, Email: authorEmail}
 	commit := &github.Commit{Author: author, Message: commitMessage, Tree: tree, Parents: []*github.Commit{parent.Commit}}
 	newCommit, _, err := client.Git.CreateCommit(ctx, *sourceOwner, *sourceRepo, commit)
 	if err != nil {

diff --git a/example/tagprotection/main.go b/example/tagprotection/main.go
@@ -39,7 +39,7 @@ func main() {
 	pattern = strings.TrimSpace(pattern)
 
 	fmt.Print("GitHub Token: ")
-	byteToken, _ := term.ReadPassword(int(syscall.Stdin))
+	byteToken, _ := term.ReadPassword(syscall.Stdin)
 	println()
 	token := string(byteToken)
 

diff --git a/example/tokenauth/main.go b/example/tokenauth/main.go
@@ -21,7 +21,7 @@ import (
 
 func main() {
 	fmt.Print("GitHub Token: ")
-	byteToken, _ := term.ReadPassword(int(syscall.Stdin))
+	byteToken, _ := term.ReadPassword(syscall.Stdin)
 	println()
 	token := string(byteToken)
 

diff --git a/github/actions_runners_test.go b/github/actions_runners_test.go
@@ -65,7 +65,7 @@ func TestActionsService_GenerateOrgJITConfig(t *testing.T) {
 
 	mux.HandleFunc("/orgs/o/actions/runners/generate-jitconfig", func(w http.ResponseWriter, r *http.Request) {
 		v := new(GenerateJITConfigRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, input) {
@@ -109,7 +109,7 @@ func TestActionsService_GenerateRepoJITConfig(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/actions/runners/generate-jitconfig", func(w http.ResponseWriter, r *http.Request) {
 		v := new(GenerateJITConfigRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, input) {

diff --git a/github/actions_secrets.go b/github/actions_secrets.go
@@ -23,7 +23,7 @@ type PublicKey struct {
 // do not error out when unmarshaling.
 func (p *PublicKey) UnmarshalJSON(data []byte) error {
 	var pk struct {
-		KeyID interface{} `json:"key_id,string"`
+		KeyID interface{} `json:"key_id"`
 		Key   *string     `json:"key"`
 	}
 

diff --git a/github/actions_workflow_runs_test.go b/github/actions_workflow_runs_test.go
@@ -1247,7 +1247,7 @@ func TestActionService_PendingDeployments(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/actions/runs/399444496/pending_deployments", func(w http.ResponseWriter, r *http.Request) {
 		v := new(PendingDeploymentsRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, input) {

diff --git a/github/actions_workflows_test.go b/github/actions_workflows_test.go
@@ -243,7 +243,7 @@ func TestActionsService_CreateWorkflowDispatchEventByID(t *testing.T) {
 	}
 	mux.HandleFunc("/repos/o/r/actions/workflows/72844/dispatches", func(w http.ResponseWriter, r *http.Request) {
 		var v CreateWorkflowDispatchEventRequest
-		json.NewDecoder(r.Body).Decode(&v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(&v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, event) {
@@ -287,7 +287,7 @@ func TestActionsService_CreateWorkflowDispatchEventByFileName(t *testing.T) {
 	}
 	mux.HandleFunc("/repos/o/r/actions/workflows/main.yml/dispatches", func(w http.ResponseWriter, r *http.Request) {
 		var v CreateWorkflowDispatchEventRequest
-		json.NewDecoder(r.Body).Decode(&v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(&v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, event) {

diff --git a/github/activity_notifications_test.go b/github/activity_notifications_test.go
@@ -251,7 +251,7 @@ func TestActivityService_SetThreadSubscription(t *testing.T) {
 
 	mux.HandleFunc("/notifications/threads/1/subscription", func(w http.ResponseWriter, r *http.Request) {
 		v := new(Subscription)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PUT")
 		if !cmp.Equal(v, input) {

diff --git a/github/activity_test.go b/github/activity_test.go
@@ -21,7 +21,7 @@ func TestActivityService_List(t *testing.T) {
 		testMethod(t, r, "GET")
 
 		w.WriteHeader(http.StatusOK)
-		w.Write(feedsJSON)
+		assertWrite(t, w, feedsJSON)
 	})
 
 	ctx := context.Background()

diff --git a/github/activity_watching_test.go b/github/activity_watching_test.go
@@ -196,7 +196,7 @@ func TestActivityService_SetRepositorySubscription(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/subscription", func(w http.ResponseWriter, r *http.Request) {
 		v := new(Subscription)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PUT")
 		if !cmp.Equal(v, input) {

diff --git a/github/admin_orgs_test.go b/github/admin_orgs_test.go
@@ -25,7 +25,7 @@ func TestAdminOrgs_Create(t *testing.T) {
 
 	mux.HandleFunc("/admin/organizations", func(w http.ResponseWriter, r *http.Request) {
 		v := new(createOrgRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		want := &createOrgRequest{Login: String("github"), Admin: String("ghAdmin")}
@@ -67,7 +67,7 @@ func TestAdminOrgs_Rename(t *testing.T) {
 
 	mux.HandleFunc("/admin/organizations/o", func(w http.ResponseWriter, r *http.Request) {
 		v := new(renameOrgRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		want := &renameOrgRequest{Login: String("the-new-octocats")}
@@ -105,7 +105,7 @@ func TestAdminOrgs_RenameByName(t *testing.T) {
 
 	mux.HandleFunc("/admin/organizations/o", func(w http.ResponseWriter, r *http.Request) {
 		v := new(renameOrgRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		want := &renameOrgRequest{Login: String("the-new-octocats")}

diff --git a/github/admin_test.go b/github/admin_test.go
@@ -25,7 +25,7 @@ func TestAdminService_UpdateUserLDAPMapping(t *testing.T) {
 
 	mux.HandleFunc("/admin/ldap/users/u/mapping", func(w http.ResponseWriter, r *http.Request) {
 		v := new(UserLDAPMapping)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		if !cmp.Equal(v, input) {
@@ -73,7 +73,7 @@ func TestAdminService_UpdateTeamLDAPMapping(t *testing.T) {
 
 	mux.HandleFunc("/admin/ldap/teams/1/mapping", func(w http.ResponseWriter, r *http.Request) {
 		v := new(TeamLDAPMapping)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		if !cmp.Equal(v, input) {

diff --git a/github/admin_users_test.go b/github/admin_users_test.go
@@ -22,7 +22,7 @@ func TestAdminUsers_Create(t *testing.T) {
 
 	mux.HandleFunc("/admin/users", func(w http.ResponseWriter, r *http.Request) {
 		v := new(createUserRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		want := &createUserRequest{Login: String("github"), Email: String("[email protected]")}

diff --git a/github/apps_test.go b/github/apps_test.go
@@ -400,7 +400,7 @@ func TestAppsService_CreateInstallationTokenWithOptions(t *testing.T) {
 
 	mux.HandleFunc("/app/installations/1/access_tokens", func(w http.ResponseWriter, r *http.Request) {
 		v := new(InstallationTokenOptions)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		if !cmp.Equal(v, installationTokenOptions) {
 			t.Errorf("request sent %+v, want %+v", v, installationTokenOptions)
@@ -431,7 +431,7 @@ func TestAppsService_CreateAttachement(t *testing.T) {
 		testHeader(t, r, "Accept", mediaTypeContentAttachmentsPreview)
 
 		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`{"id":1,"title":"title1","body":"body1"}`))
+		assertWrite(t, w, []byte(`{"id":1,"title":"title1","body":"body1"}`))
 	})
 
 	ctx := context.Background()

diff --git a/github/code-scanning_test.go b/github/code-scanning_test.go
@@ -60,7 +60,7 @@ func TestCodeScanningService_UploadSarif(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/code-scanning/sarifs", func(w http.ResponseWriter, r *http.Request) {
 		v := new(SarifAnalysis)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 		testMethod(t, r, "POST")
 		want := &SarifAnalysis{CommitSHA: String("abc"), Ref: String("ref/head/main"), Sarif: String("abc"), CheckoutURI: String("uri"), StartedAt: &Timestamp{time.Date(2006, time.January, 02, 15, 04, 05, 0, time.UTC)}, ToolName: String("codeql-cli")}
 		if !cmp.Equal(v, want) {
@@ -316,7 +316,7 @@ func TestCodeScanningService_ListAlertsForOrg(t *testing.T) {
 		},
 	}
 	if !cmp.Equal(alerts, want) {
-		t.Errorf("CodeScanning.ListAlertsForOrg returned %+v, want %+v", *&alerts, *&want)
+		t.Errorf("CodeScanning.ListAlertsForOrg returned %+v, want %+v", alerts, want)
 	}
 
 	const methodName = "ListAlertsForOrg"
@@ -442,7 +442,7 @@ func TestCodeScanningService_ListAlertsForOrgLisCursorOptions(t *testing.T) {
 		},
 	}
 	if !cmp.Equal(alerts, want) {
-		t.Errorf("CodeScanning.ListAlertsForOrg returned %+v, want %+v", *&alerts, *&want)
+		t.Errorf("CodeScanning.ListAlertsForOrg returned %+v, want %+v", alerts, want)
 	}
 
 	const methodName = "ListAlertsForOrg"

diff --git a/github/enterprise_actions_runners_test.go b/github/enterprise_actions_runners_test.go
@@ -24,7 +24,10 @@ func TestEnterpriseService_GenerateEnterpriseJITConfig(t *testing.T) {
 
 	mux.HandleFunc("/enterprises/o/actions/runners/generate-jitconfig", func(w http.ResponseWriter, r *http.Request) {
 		v := new(GenerateJITConfigRequest)
-		json.NewDecoder(r.Body).Decode(v)
+		err := json.NewDecoder(r.Body).Decode(v)
+		if err != nil {
+			t.Errorf("Request body decode failed: %v", err)
+		}
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, input) {

diff --git a/github/enterprise_code_security_and_analysis_test.go b/github/enterprise_code_security_and_analysis_test.go
@@ -77,7 +77,7 @@ func TestEnterpriseService_UpdateCodeSecurityAndAnalysis(t *testing.T) {
 
 	mux.HandleFunc("/enterprises/e/code_security_and_analysis", func(w http.ResponseWriter, r *http.Request) {
 		v := new(EnterpriseSecurityAnalysisSettings)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		if !cmp.Equal(v, input) {

diff --git a/github/gists_comments_test.go b/github/gists_comments_test.go
@@ -169,7 +169,7 @@ func TestGistsService_CreateComment(t *testing.T) {
 
 	mux.HandleFunc("/gists/1/comments", func(w http.ResponseWriter, r *http.Request) {
 		v := new(GistComment)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, input) {
@@ -222,7 +222,7 @@ func TestGistsService_EditComment(t *testing.T) {
 
 	mux.HandleFunc("/gists/1/comments/2", func(w http.ResponseWriter, r *http.Request) {
 		v := new(GistComment)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		if !cmp.Equal(v, input) {

diff --git a/github/gists_test.go b/github/gists_test.go
@@ -484,7 +484,7 @@ func TestGistsService_Create(t *testing.T) {
 
 	mux.HandleFunc("/gists", func(w http.ResponseWriter, r *http.Request) {
 		v := new(Gist)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 		if !cmp.Equal(v, input) {
@@ -546,7 +546,7 @@ func TestGistsService_Edit(t *testing.T) {
 
 	mux.HandleFunc("/gists/1", func(w http.ResponseWriter, r *http.Request) {
 		v := new(Gist)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "PATCH")
 		if !cmp.Equal(v, input) {

diff --git a/github/git_blobs_test.go b/github/git_blobs_test.go
@@ -118,7 +118,7 @@ func TestGitService_CreateBlob(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/git/blobs", func(w http.ResponseWriter, r *http.Request) {
 		v := new(Blob)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 

diff --git a/github/git_commits_test.go b/github/git_commits_test.go
@@ -174,7 +174,7 @@ func TestGitService_CreateCommit(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/git/commits", func(w http.ResponseWriter, r *http.Request) {
 		v := new(createCommit)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 
@@ -232,7 +232,7 @@ func TestGitService_CreateSignedCommit(t *testing.T) {
 
 	mux.HandleFunc("/repos/o/r/git/commits", func(w http.ResponseWriter, r *http.Request) {
 		v := new(createCommit)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")
 
@@ -335,7 +335,7 @@ Commit Message.`)
 
 	mux.HandleFunc("/repos/o/r/git/commits", func(w http.ResponseWriter, r *http.Request) {
 		v := new(createCommit)
-		json.NewDecoder(r.Body).Decode(v)
+		assertNilError(t, json.NewDecoder(r.Body).Decode(v))
 
 		testMethod(t, r, "POST")