From 5127acc17a81860954512653cbec8d718d65b409 Mon Sep 17 00:00:00 2001 From: mlahane Date: Thu, 18 Sep 2025 00:31:36 -0400 Subject: [PATCH 1/3] chore: update Go version, lint config, and improve HTTP response handling - Bump Go version to 1.24 and golangci-lint to v2.4.0 in GitHub Actions workflow - Update .golangci.yaml for compatibility with golangci-lint v2 - Refactor internal/zestwrapper/rpm.go to use safer HTTP response body closing with error handling and improved logging - Switch to math/rand/v2 in pkg/tangy/queries.go for randomness, remove golang.org/x/exp/rand (deprecated) dependency - Update dependancies in go.mod and go.sum --- .github/workflows/tang-actions.yaml | 8 +- .golangci.yaml | 21 ++-- go.mod | 48 ++++----- go.sum | 147 ++++++++-------------------- internal/zestwrapper/rpm.go | 50 ++++++++-- pkg/tangy/queries.go | 2 +- 6 files changed, 121 insertions(+), 155 deletions(-) diff --git a/.github/workflows/tang-actions.yaml b/.github/workflows/tang-actions.yaml index d7cab6f..e9bbc5a 100644 --- a/.github/workflows/tang-actions.yaml +++ b/.github/workflows/tang-actions.yaml @@ -16,11 +16,11 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-go@v2 with: - go-version: "1.22" + go-version: "1.24" - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@v7 with: - version: v1.60.3 + version: v2.4.0 skip-go-installation: true args: --timeout=5m gotest: @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-go@v2 with: - go-version: "1.22" + go-version: "1.24" - name: start pulp uses: isbang/compose-action@v2.0.2 with: diff --git a/.golangci.yaml b/.golangci.yaml index 710ea5f..2ad5555 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,14 +1,21 @@ -# Configuration for golangci-lint. See https://golangci-lint.run/usage/configuration/. +# Configuration for golangci-lint v2. See https://golangci-lint.run/usage/configuration/. +version: "2" + linters: - disable-all: false # use default linters + default: standard enable: - - gofmt - whitespace - govet - misspell - forcetypeassert - - gci - bodyclose -issues: - exclude: - - composite + exclusions: + rules: + - text: composite + linters: + - govet + +formatters: + enable: + - gofmt + - gci diff --git a/go.mod b/go.mod index f53ace3..bef7193 100644 --- a/go.mod +++ b/go.mod @@ -1,48 +1,40 @@ module github.com/content-services/tang -go 1.22.0 - -toolchain go1.22.4 +go 1.24.0 require ( - github.com/content-services/zest/release/v2024 v2024.11.1731697894 + github.com/content-services/zest/release/v2024 v2024.12.1734541842 github.com/google/uuid v1.6.0 github.com/jackc/pgx-zerolog v0.0.0-20230315001418-f978528409eb - github.com/jackc/pgx/v5 v5.7.1 - github.com/rs/zerolog v1.33.0 - github.com/spf13/viper v1.19.0 - github.com/stretchr/testify v1.9.0 - golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f + github.com/jackc/pgx/v5 v5.7.6 + github.com/rs/zerolog v1.34.0 + github.com/spf13/viper v1.21.0 + github.com/stretchr/testify v1.11.1 + golang.org/x/exp v0.0.0-20250911091902-df9299821621 ) require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/fsnotify/fsnotify v1.8.0 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect + github.com/fsnotify/fsnotify v1.9.0 // indirect + github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect - github.com/magiconair/properties v1.8.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/pelletier/go-toml/v2 v2.2.3 // indirect + github.com/pelletier/go-toml/v2 v2.2.4 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect - github.com/sagikazarmark/locafero v0.6.0 // indirect - github.com/sagikazarmark/slog-shim v0.1.0 // indirect - github.com/sourcegraph/conc v0.3.0 // indirect - github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect + github.com/sagikazarmark/locafero v0.12.0 // indirect + github.com/spf13/afero v1.15.0 // indirect + github.com/spf13/cast v1.10.0 // indirect + github.com/spf13/pflag v1.0.10 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect - go.uber.org/atomic v1.11.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.29.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/text v0.20.0 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/crypto v0.42.0 // indirect + golang.org/x/sync v0.17.0 // indirect + golang.org/x/sys v0.36.0 // indirect + golang.org/x/text v0.29.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index a168a65..edc8579 100644 --- a/go.sum +++ b/go.sum @@ -1,154 +1,89 @@ -github.com/content-services/zest/release/v2024 v2024.3.1709674773 h1:kr7NX4UZhF9ZrJEhRgsZ5Kw5vwV03r6uSTRl42Wv4yc= -github.com/content-services/zest/release/v2024 v2024.3.1709674773/go.mod h1:UnV5iAE/frEbOToKYweoIrRAQphmfv+2wN/fwr8ytcA= -github.com/content-services/zest/release/v2024 v2024.9.1726768195 h1:4OjES3YJ6GVfyoI6CDBg/RBkUWofaw4go4bkYEkQ6cY= -github.com/content-services/zest/release/v2024 v2024.9.1726768195/go.mod h1:UnV5iAE/frEbOToKYweoIrRAQphmfv+2wN/fwr8ytcA= -github.com/content-services/zest/release/v2024 v2024.11.1731697894 h1:DUQrNSNeeLRqdbfwZ7kW8w4hOvBWpRy3lW+YGUCd0zM= -github.com/content-services/zest/release/v2024 v2024.11.1731697894/go.mod h1:UnV5iAE/frEbOToKYweoIrRAQphmfv+2wN/fwr8ytcA= +github.com/content-services/zest/release/v2024 v2024.12.1734541842 h1:vIIWFZ5j76MVg2VuxkXAR56NAvkst7LtAeAugbfJmFU= +github.com/content-services/zest/release/v2024 v2024.12.1734541842/go.mod h1:fUWkjhvNTiS9UaaAWNLYkshl37V9IVmmRaprp9eDmrU= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= -github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= +github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= +github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= -github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgx-zerolog v0.0.0-20230315001418-f978528409eb h1:pSv+zRVeAYjbXRFjyytFIMRBSKWVowCi7KbXSMR/+ug= github.com/jackc/pgx-zerolog v0.0.0-20230315001418-f978528409eb/go.mod h1:CRUuPsmIajLt3dZIlJ5+O8IDSib6y8yrst8DkCthTa4= -github.com/jackc/pgx/v5 v5.5.1 h1:5I9etrGkLrN+2XPCsi6XLlV5DITbSL/xBZdmAxFcXPI= -github.com/jackc/pgx/v5 v5.5.1/go.mod h1:Ig06C2Vu0t5qXC60W8sqIthScaEnFvojjj9dSljmHRA= -github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs= -github.com/jackc/pgx/v5 v5.7.1/go.mod h1:e7O26IywZZ+naJtWWos6i6fvWK+29etgITqrqHLfoZA= -github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk= -github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= +github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk= +github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= -github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= -github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= +github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= +github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A= -github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= -github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= -github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= -github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= -github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= -github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3N51bwOk= -github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0= -github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= -github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= -github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= -github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= -github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM= -github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= -github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= -github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= +github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= +github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= +github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= +github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4= +github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI= +github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= +github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg= +github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= +github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU= +github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= -go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= -golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8= -golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= +golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= +golang.org/x/exp v0.0.0-20250911091902-df9299821621 h1:2id6c1/gto0kaHYyrixvknJ8tUK/Qs5IsmBtrc+FtgU= +golang.org/x/exp v0.0.0-20250911091902-df9299821621/go.mod h1:TwQYMMnGpvZyc+JpB/UAuTNIsVJifOlSkrZkhcvpVUk= +golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= +golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= +golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= +golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/zestwrapper/rpm.go b/internal/zestwrapper/rpm.go index e612352..adebbc7 100644 --- a/internal/zestwrapper/rpm.go +++ b/internal/zestwrapper/rpm.go @@ -67,7 +67,11 @@ func (r *RpmZest) LookupOrCreateDomain(name string) (string, error) { domain = *zest.NewDomain(name, localStorage, emptyConfig) domainResp, resp, err := r.client.DomainsAPI.DomainsCreate(r.ctx, DefaultDomain).Domain(domain).Execute() if resp != nil && resp.Body != nil { - defer resp.Body.Close() + defer func() { + if closeErr := resp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() } if err != nil { return "", err @@ -80,12 +84,16 @@ func (r *RpmZest) LookupDomain(name string) (string, error) { if err != nil { return "", err } - defer resp.Body.Close() + defer func() { + if closeErr := resp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() if len(list.Results) == 0 { return "", nil } else if list.Results[0].PulpHref == nil { - return "", fmt.Errorf("Unexpectedly got a nil href for domain %v", name) + return "", fmt.Errorf("unexpectedly got a nil href for domain %v", name) } else { return *list.Results[0].PulpHref, nil } @@ -99,7 +107,11 @@ func (r *RpmZest) CreateRepository(domain, name, url string) (repoHref string, r if err != nil { return "", "", err } - defer httpResp.Body.Close() + defer func() { + if closeErr := httpResp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() rpmRpmRepository := *zest.NewRpmRpmRepository(name) if remoteResponse.PulpHref != nil { @@ -111,7 +123,11 @@ func (r *RpmZest) CreateRepository(domain, name, url string) (repoHref string, r if err != nil { return "", "", err } - defer httpResp.Body.Close() + defer func() { + if closeErr := httpResp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() return *resp.PulpHref, *remoteResponse.PulpHref, nil } @@ -119,7 +135,11 @@ func (r *RpmZest) CreateRepository(domain, name, url string) (repoHref string, r func (r *RpmZest) UpdateRemote(remoteHref string, url string) error { _, httpResp, err := r.client.RemotesRpmAPI.RemotesRpmRpmPartialUpdate(r.ctx, remoteHref).PatchedrpmRpmRemote(zest.PatchedrpmRpmRemote{Url: &url}).Execute() if httpResp != nil { - defer httpResp.Body.Close() + defer func() { + if closeErr := httpResp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() } if err != nil { return err @@ -134,7 +154,11 @@ func (r *RpmZest) SyncRpmRepository(rpmRpmRepositoryHref string, remoteHref stri resp, httpResp, err := r.client.RepositoriesRpmAPI.RepositoriesRpmRpmSync(r.ctx, rpmRpmRepositoryHref). RpmRepositorySyncURL(rpmRepositoryHref).Execute() - defer httpResp.Body.Close() + defer func() { + if closeErr := httpResp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() if err != nil { return "", err } @@ -148,7 +172,11 @@ func (r *RpmZest) GetTask(taskHref string) (zest.TaskResponse, error) { if err != nil { return zest.TaskResponse{}, err } - defer httpResp.Body.Close() + defer func() { + if closeErr := httpResp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() return *task, nil } @@ -190,7 +218,11 @@ func (r *RpmZest) GetRpmRepositoryByName(domain, name string) (*zest.RpmRpmRepos if err != nil { return nil, err } - defer httpResp.Body.Close() + defer func() { + if closeErr := httpResp.Body.Close(); closeErr != nil { + fmt.Printf("failed to close response body: %v\n", closeErr) + } + }() results := resp.GetResults() if len(results) > 0 { diff --git a/pkg/tangy/queries.go b/pkg/tangy/queries.go index 10b86a1..d984afe 100644 --- a/pkg/tangy/queries.go +++ b/pkg/tangy/queries.go @@ -2,10 +2,10 @@ package tangy import ( "fmt" + "math/rand/v2" "strings" "github.com/jackc/pgx/v5" - "golang.org/x/exp/rand" ) // contentIdsInVersion forms a single query to fetch a list of content ids in a repository version From 115be3ec57e8c3f01b0a803836293a5e4eb160c2 Mon Sep 17 00:00:00 2001 From: mlahane Date: Tue, 30 Sep 2025 10:43:26 -0400 Subject: [PATCH 2/3] fix: update linter config and resolve G115 and ST1005 linter errors Update .golangci.yaml to match backend linter configuration to ensure all appropriate linters are enabled. - G115 - Integer overflow in pool limit: Change PoolLimit type from int to int32 to match pgxpool.Config.MaxConns, eliminating type conversion and preventing potential integer overflow. - ST1005 - Error strings should not be capitalized Fix error message capitalization in zestwrapper/rpm.go --- .golangci.yaml | 38 +++++++++++++++++++---------- internal/zestwrapper/rpm.go | 48 +++++++------------------------------ pkg/tangy/config.go | 4 ++-- pkg/tangy/interface.go | 2 +- 4 files changed, 37 insertions(+), 55 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 2ad5555..d6ecdf0 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,21 +1,35 @@ -# Configuration for golangci-lint v2. See https://golangci-lint.run/usage/configuration/. version: "2" - linters: - default: standard enable: - - whitespace - - govet - - misspell - - forcetypeassert - bodyclose + - forcetypeassert + - gosec + - misspell + - whitespace + settings: + gosec: + excludes: + - G404 exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling rules: - - text: composite - linters: - - govet - + - path: (.+)\.go$ + text: composite + paths: + - third_party$ + - builtin$ + - examples$ formatters: enable: - - gofmt - gci + - gofmt + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ diff --git a/internal/zestwrapper/rpm.go b/internal/zestwrapper/rpm.go index adebbc7..0bedb15 100644 --- a/internal/zestwrapper/rpm.go +++ b/internal/zestwrapper/rpm.go @@ -67,11 +67,7 @@ func (r *RpmZest) LookupOrCreateDomain(name string) (string, error) { domain = *zest.NewDomain(name, localStorage, emptyConfig) domainResp, resp, err := r.client.DomainsAPI.DomainsCreate(r.ctx, DefaultDomain).Domain(domain).Execute() if resp != nil && resp.Body != nil { - defer func() { - if closeErr := resp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer resp.Body.Close() } if err != nil { return "", err @@ -84,11 +80,7 @@ func (r *RpmZest) LookupDomain(name string) (string, error) { if err != nil { return "", err } - defer func() { - if closeErr := resp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer resp.Body.Close() if len(list.Results) == 0 { return "", nil @@ -107,11 +99,7 @@ func (r *RpmZest) CreateRepository(domain, name, url string) (repoHref string, r if err != nil { return "", "", err } - defer func() { - if closeErr := httpResp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer httpResp.Body.Close() rpmRpmRepository := *zest.NewRpmRpmRepository(name) if remoteResponse.PulpHref != nil { @@ -123,11 +111,7 @@ func (r *RpmZest) CreateRepository(domain, name, url string) (repoHref string, r if err != nil { return "", "", err } - defer func() { - if closeErr := httpResp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer httpResp.Body.Close() return *resp.PulpHref, *remoteResponse.PulpHref, nil } @@ -135,11 +119,7 @@ func (r *RpmZest) CreateRepository(domain, name, url string) (repoHref string, r func (r *RpmZest) UpdateRemote(remoteHref string, url string) error { _, httpResp, err := r.client.RemotesRpmAPI.RemotesRpmRpmPartialUpdate(r.ctx, remoteHref).PatchedrpmRpmRemote(zest.PatchedrpmRpmRemote{Url: &url}).Execute() if httpResp != nil { - defer func() { - if closeErr := httpResp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer httpResp.Body.Close() } if err != nil { return err @@ -154,11 +134,7 @@ func (r *RpmZest) SyncRpmRepository(rpmRpmRepositoryHref string, remoteHref stri resp, httpResp, err := r.client.RepositoriesRpmAPI.RepositoriesRpmRpmSync(r.ctx, rpmRpmRepositoryHref). RpmRepositorySyncURL(rpmRepositoryHref).Execute() - defer func() { - if closeErr := httpResp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer httpResp.Body.Close() if err != nil { return "", err } @@ -172,11 +148,7 @@ func (r *RpmZest) GetTask(taskHref string) (zest.TaskResponse, error) { if err != nil { return zest.TaskResponse{}, err } - defer func() { - if closeErr := httpResp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer httpResp.Body.Close() return *task, nil } @@ -218,11 +190,7 @@ func (r *RpmZest) GetRpmRepositoryByName(domain, name string) (*zest.RpmRpmRepos if err != nil { return nil, err } - defer func() { - if closeErr := httpResp.Body.Close(); closeErr != nil { - fmt.Printf("failed to close response body: %v\n", closeErr) - } - }() + defer httpResp.Body.Close() results := resp.GetResults() if len(results) > 0 { diff --git a/pkg/tangy/config.go b/pkg/tangy/config.go index 243456c..cc3158f 100644 --- a/pkg/tangy/config.go +++ b/pkg/tangy/config.go @@ -6,7 +6,7 @@ import ( "github.com/rs/zerolog" ) -const DefaultMaxPoolLimit = 20 +const DefaultMaxPoolLimit int32 = 20 // Logger configuration options for logger type Logger struct { @@ -23,7 +23,7 @@ type Database struct { User string Password string CACertPath string `mapstructure:"ca_cert_path"` - PoolLimit int `mapstructure:"pool_limit"` + PoolLimit int32 `mapstructure:"pool_limit"` } // Url return url of database diff --git a/pkg/tangy/interface.go b/pkg/tangy/interface.go index 3924fe0..32a7fb4 100644 --- a/pkg/tangy/interface.go +++ b/pkg/tangy/interface.go @@ -19,7 +19,7 @@ func New(dbConfig Database, logConfig Logger) (Tangy, error) { if dbConfig.PoolLimit == 0 { dbConfig.PoolLimit = DefaultMaxPoolLimit } - pxConfig.MaxConns = int32(dbConfig.PoolLimit) + pxConfig.MaxConns = dbConfig.PoolLimit if logConfig.Logger != nil && logConfig.Enabled { zlog := zerologadapter.NewLogger(*logConfig.Logger) From 132ccfbfb1d93df0e9d89ba27f7f4fc95adbe4b8 Mon Sep 17 00:00:00 2001 From: mlahane Date: Mon, 6 Oct 2025 22:42:28 -0400 Subject: [PATCH 3/3] add: validation for pool limit bounds in New function Validate that dbConfig.PoolLimit is within 32-bit integer range (math.MinInt32 to math.MaxInt32) before converting to int32 to prevent overflow issues. --- pkg/tangy/config.go | 4 ++-- pkg/tangy/interface.go | 10 +++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pkg/tangy/config.go b/pkg/tangy/config.go index cc3158f..243456c 100644 --- a/pkg/tangy/config.go +++ b/pkg/tangy/config.go @@ -6,7 +6,7 @@ import ( "github.com/rs/zerolog" ) -const DefaultMaxPoolLimit int32 = 20 +const DefaultMaxPoolLimit = 20 // Logger configuration options for logger type Logger struct { @@ -23,7 +23,7 @@ type Database struct { User string Password string CACertPath string `mapstructure:"ca_cert_path"` - PoolLimit int32 `mapstructure:"pool_limit"` + PoolLimit int `mapstructure:"pool_limit"` } // Url return url of database diff --git a/pkg/tangy/interface.go b/pkg/tangy/interface.go index 32a7fb4..3be185f 100644 --- a/pkg/tangy/interface.go +++ b/pkg/tangy/interface.go @@ -3,6 +3,7 @@ package tangy import ( "context" "fmt" + "math" zerologadapter "github.com/jackc/pgx-zerolog" "github.com/jackc/pgx/v5/pgxpool" @@ -19,7 +20,14 @@ func New(dbConfig Database, logConfig Logger) (Tangy, error) { if dbConfig.PoolLimit == 0 { dbConfig.PoolLimit = DefaultMaxPoolLimit } - pxConfig.MaxConns = dbConfig.PoolLimit + + // Validate pool limit is within 32-bit integer range + if dbConfig.PoolLimit < math.MinInt32 || dbConfig.PoolLimit > math.MaxInt32 { + return nil, fmt.Errorf("pool limit size is invalid: %d (must be between %d and %d)", + dbConfig.PoolLimit, math.MinInt32, math.MaxInt32) + } + + pxConfig.MaxConns = int32(dbConfig.PoolLimit) if logConfig.Logger != nil && logConfig.Enabled { zlog := zerologadapter.NewLogger(*logConfig.Logger)