diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e007430..5d4f066 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,6 +24,9 @@ jobs: signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - name: Show nixpkgs version run: nix-instantiate --eval -E '(import {}).lib.version' + - name: Run golangci-lint + run: nix-shell --pure --run "golangci-lint run" + if: matrix.nixPath == 'nixpkgs=channel:nixpkgs-unstable' - name: Build nix packages run: nix run nixpkgs.nix-build-uncached -c nix-build-uncached default.nix - name: Add keys group (needed for go tests) diff --git a/pkgs/sops-pgp-hook/hook_test.go b/pkgs/sops-pgp-hook/hook_test.go index 6d4f8f2..c3af301 100644 --- a/pkgs/sops-pgp-hook/hook_test.go +++ b/pkgs/sops-pgp-hook/hook_test.go @@ -36,18 +36,18 @@ func TestShellHook(t *testing.T) { cmd.Stderr = &stderrBuf cmd.Dir = assets err = cmd.Run() - stdout := string(stdoutBuf.Bytes()) - stderr := string(stderrBuf.Bytes()) + stdout := stdoutBuf.String() + stderr := stderrBuf.String() fmt.Printf("$ %s\nstdout: \n%s\nstderr: \n%s\n", strings.Join(cmd.Args, " "), stdout, stderr) ok(t, err) expectedStdout := "SOPS_PGP_FP=C6DA56E69A7C756564A8AFEB4A6B05B714D13EFD,4EC40F8E04A945339F7F7C0032C5225271038E3F,7FB89715AADA920D65D25E63F9BA9DEBD03F57C0" - if strings.Index(stdout, expectedStdout) == -1 { + if !strings.Contains(stdout, expectedStdout) { t.Fatalf("'%v' not in '%v'", expectedStdout, stdout) } expectedStderr := "./non-existing-key.gpg does not exists" - if strings.Index(stderr, expectedStderr) == -1 { + if !strings.Contains(stderr, expectedStderr) { t.Fatalf("'%v' not in '%v'", expectedStderr, stdout) } diff --git a/pkgs/ssh-to-pgp/main.go b/pkgs/ssh-to-pgp/main.go index 4cb269c..b9f1a2b 100644 --- a/pkgs/ssh-to-pgp/main.go +++ b/pkgs/ssh-to-pgp/main.go @@ -25,7 +25,10 @@ func parseFlags(args []string) options { f.StringVar(&opts.format, "format", "armor", "GPG format encoding (binary|armor)") f.StringVar(&opts.in, "i", "-", "Input path. Reads by default from standard output") f.StringVar(&opts.out, "o", "-", "Output path. Prints by default to standard output") - f.Parse(args[1:]) + if err := f.Parse(args[1:]); err != nil { + // should never happen since flag.ExitOnError + panic(err) + } return opts } diff --git a/pkgs/sshkeys/convert.go b/pkgs/sshkeys/convert.go index cccb686..a591809 100644 --- a/pkgs/sshkeys/convert.go +++ b/pkgs/sshkeys/convert.go @@ -12,27 +12,6 @@ import ( "golang.org/x/crypto/ssh" ) -func parsePublicKey(publicKey []byte) (*rsa.PublicKey, error) { - key, _, _, _, err := ssh.ParseAuthorizedKey(publicKey) - if err != nil { - return nil, fmt.Errorf("failed to parse public ssh key: %s", err) - } - - cryptoPublicKey, ok := key.(ssh.CryptoPublicKey) - - if !ok { - return nil, fmt.Errorf("Unsupported public key algo: %s", key.Type()) - } - - rsaKey, ok := cryptoPublicKey.CryptoPublicKey().(*rsa.PublicKey) - - if !ok { - return nil, fmt.Errorf("Unsupported public key algo: %s", key.Type()) - } - - return rsaKey, nil -} - func parsePrivateKey(sshPrivateKey []byte) (*rsa.PrivateKey, error) { privateKey, err := ssh.ParseRawPrivateKey(sshPrivateKey) if err != nil { diff --git a/shell.nix b/shell.nix index 7f1bda6..4438e14 100644 --- a/shell.nix +++ b/shell.nix @@ -7,6 +7,7 @@ pkgs.mkShell { gnupg utillinux nix + golangci-lint ]; # delve does not compile with hardening enabled hardeningDisable = [ "all" ];