google · zchee · Apr 26, 2024 · Apr 26, 2024
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -17,12 +17,13 @@ linters:
   - depguard
   - errorlint
   - gofmt
-  - gosec
+  - gofumpt
   - goimports
+  - gosec
   - importas
+  - misspell
   - prealloc
   - revive
-  - misspell
   - stylecheck
   - tparallel
   - unconvert
@@ -38,3 +39,5 @@ linters-settings:
     include-go-root: true
     packages-with-error-message:
     - crypto/sha256: "use crypto.SHA256 instead"
+  gofumpt:
+    extra-rules: true
diff --git a/cmd/crane/cmd/gc.go b/cmd/crane/cmd/gc.go
@@ -41,7 +41,6 @@ func newCmdGc() *cobra.Command {
 			path := args[0]
 
 			p, err := layout.FromPath(path)
-
 			if err != nil {
 				return err
 			}

diff --git a/cmd/crane/cmd/push.go b/cmd/crane/cmd/push.go
@@ -71,7 +71,7 @@ func NewCmdPush(options *[]crane.Option) *cobra.Command {
 
 			digest := ref.Context().Digest(h.String())
 			if imageRefs != "" {
-				if err := os.WriteFile(imageRefs, []byte(digest.String()), 0600); err != nil {
+				if err := os.WriteFile(imageRefs, []byte(digest.String()), 0o600); err != nil {
 					return fmt.Errorf("failed to write image refs to %s: %w", imageRefs, err)
 				}
 			}

diff --git a/cmd/crane/help/main.go b/cmd/crane/help/main.go
@@ -23,15 +23,17 @@ import (
 	"github.com/spf13/cobra/doc"
 )
 
-var dir string
-var root = &cobra.Command{
-	Use:   "gendoc",
-	Short: "Generate crane's help docs",
-	Args:  cobra.NoArgs,
-	RunE: func(*cobra.Command, []string) error {
-		return doc.GenMarkdownTree(cmd.Root, dir)
-	},
-}
+var (
+	dir  string
+	root = &cobra.Command{
+		Use:   "gendoc",
+		Short: "Generate crane's help docs",
+		Args:  cobra.NoArgs,
+		RunE: func(*cobra.Command, []string) error {
+			return doc.GenMarkdownTree(cmd.Root, dir)
+		},
+	}
+)
 
 func init() {
 	root.Flags().StringVarP(&dir, "dir", "d", ".", "Path to directory in which to generate docs")

diff --git a/internal/cmd/edit.go b/internal/cmd/edit.go
@@ -272,7 +272,7 @@ func editConfig(ctx context.Context, in io.Reader, out io.Writer, src, dst strin
 	return dstRef, nil
 }
 
-func editManifest(in io.Reader, out io.Writer, src string, dst string, mt string, options ...crane.Option) (name.Reference, error) {
+func editManifest(in io.Reader, out io.Writer, src, dst, mt string, options ...crane.Option) (name.Reference, error) {
 	o := crane.GetOptions(options...)
 
 	ref, err := name.ParseReference(src, o.Name...)
@@ -465,7 +465,7 @@ func blankHeader(name string) *tar.Header {
 		// Use a fixed Mode, so that this isn't sensitive to the directory and umask
 		// under which it was created. Additionally, windows can only set 0222,
 		// 0444, or 0666, none of which are executable.
-		Mode: 0555,
+		Mode: 0o555,
 	}
 }
 

diff --git a/internal/compression/compression_test.go b/internal/compression/compression_test.go
@@ -24,8 +24,10 @@ import (
 	"github.com/google/go-containerregistry/internal/zstd"
 )
 
-type Compressor = func(rc io.ReadCloser) io.ReadCloser
-type Decompressor = func(rc io.ReadCloser) (io.ReadCloser, error)
+type (
+	Compressor   = func(rc io.ReadCloser) io.ReadCloser
+	Decompressor = func(rc io.ReadCloser) (io.ReadCloser, error)
+)
 
 func testPeekCompression(t *testing.T,
 	compressionExpected string,

diff --git a/internal/estargz/estargz_test.go b/internal/estargz/estargz_test.go
@@ -84,9 +84,7 @@ func TestReader(t *testing.T) {
 	}
 }
 
-var (
-	errRead = fmt.Errorf("Read failed")
-)
+var errRead = fmt.Errorf("Read failed")
 
 type failReader struct{}
 

diff --git a/internal/gzip/zip_test.go b/internal/gzip/zip_test.go
@@ -65,9 +65,7 @@ func TestIs(t *testing.T) {
 	}
 }
 
-var (
-	errRead = fmt.Errorf("Read failed")
-)
+var errRead = fmt.Errorf("Read failed")
 
 type failReader struct{}
 

diff --git a/internal/windows/windows.go b/internal/windows/windows.go
@@ -55,7 +55,7 @@ func Windows(layer v1.Layer) (v1.Layer, error) {
 			// Use a fixed Mode, so that this isn't sensitive to the directory and umask
 			// under which it was created. Additionally, windows can only set 0222,
 			// 0444, or 0666, none of which are executable.
-			Mode:   0555,
+			Mode:   0o555,
 			Format: tar.FormatPAX,
 		}); err != nil {
 			return nil, fmt.Errorf("writing %s directory: %w", dir, err)

diff --git a/internal/zstd/zstd_test.go b/internal/zstd/zstd_test.go
@@ -64,9 +64,7 @@ func TestIs(t *testing.T) {
 	}
 }
 
-var (
-	errRead = fmt.Errorf("read failed")
-)
+var errRead = fmt.Errorf("read failed")
 
 type failReader struct{}
 

diff --git a/pkg/authn/authn_test.go b/pkg/authn/authn_test.go
@@ -51,7 +51,6 @@ func TestAuthConfigMarshalJSON(t *testing.T) {
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
 			bytes, err := json.Marshal(&tc.config)
-
 			if err != nil {
 				t.Fatal("Marshal() =", err)
 			}

diff --git a/pkg/authn/keychain.go b/pkg/authn/keychain.go
@@ -51,10 +51,8 @@ type defaultKeychain struct {
 	mu sync.Mutex
 }
 
-var (
-	// DefaultKeychain implements Keychain by interpreting the docker config file.
-	DefaultKeychain = &defaultKeychain{}
-)
+// DefaultKeychain implements Keychain by interpreting the docker config file.
+var DefaultKeychain = &defaultKeychain{}
 
 const (
 	// DefaultAuthKey is the key used for dockerhub in config files, which

diff --git a/pkg/authn/keychain_test.go b/pkg/authn/keychain_test.go
@@ -61,7 +61,7 @@ func setupConfigDir(t *testing.T) string {
 	p := filepath.Join(tmpdir, fmt.Sprintf("%d", fresh))
 	t.Logf("DOCKER_CONFIG=%s", p)
 	t.Setenv("DOCKER_CONFIG", p)
-	if err := os.Mkdir(p, 0777); err != nil {
+	if err := os.Mkdir(p, 0o777); err != nil {
 		t.Fatalf("mkdir %q: %v", p, err)
 	}
 	return p
@@ -70,7 +70,7 @@ func setupConfigDir(t *testing.T) string {
 func setupConfigFile(t *testing.T, content string) string {
 	cd := setupConfigDir(t)
 	p := filepath.Join(cd, "config.json")
-	if err := os.WriteFile(p, []byte(content), 0600); err != nil {
+	if err := os.WriteFile(p, []byte(content), 0o600); err != nil {
 		t.Fatalf("write %q: %v", p, err)
 	}
 
@@ -93,10 +93,10 @@ func TestNoConfig(t *testing.T) {
 }
 
 func writeConfig(t *testing.T, dir, file, content string) {
-	if err := os.MkdirAll(dir, 0777); err != nil {
+	if err := os.MkdirAll(dir, 0o777); err != nil {
 		t.Fatalf("mkdir %s: %v", dir, err)
 	}
-	if err := os.WriteFile(filepath.Join(dir, file), []byte(content), 0600); err != nil {
+	if err := os.WriteFile(filepath.Join(dir, file), []byte(content), 0o600); err != nil {
 		t.Fatalf("write %q: %v", file, err)
 	}
 }
@@ -338,7 +338,7 @@ func (h helper) Get(serverURL string) (string, string, error) {
 }
 
 func TestNewKeychainFromHelper(t *testing.T) {
-	var repo = name.MustParseReference("example.com/my/repo").Context()
+	repo := name.MustParseReference("example.com/my/repo").Context()
 
 	t.Run("success", func(t *testing.T) {
 		kc := NewKeychainFromHelper(helper{"username", "password", nil})
@@ -398,7 +398,7 @@ func TestConfigFileIsADir(t *testing.T) {
 	tmpdir := setupConfigDir(t)
 	// Create "config.json" as a directory, not a file to simulate optional
 	// secrets in Kubernetes.
-	err := os.Mkdir(path.Join(tmpdir, "config.json"), 0777)
+	err := os.Mkdir(path.Join(tmpdir, "config.json"), 0o777)
 	if err != nil {
 		t.Fatal(err)
 	}

diff --git a/pkg/authn/kubernetes/keychain.go b/pkg/authn/kubernetes/keychain.go
@@ -246,7 +246,7 @@ func (keyring *keyring) Resolve(target authn.Resource) (authn.Authenticator, err
 }
 
 // urlsMatchStr is wrapper for URLsMatch, operating on strings instead of URLs.
-func urlsMatchStr(glob string, target string) (bool, error) {
+func urlsMatchStr(glob, target string) (bool, error) {
 	globURL, err := parseSchemelessURL(glob)
 	if err != nil {
 		return false, err
@@ -290,7 +290,7 @@ func splitURL(url *url.URL) (parts []string, port string) {
 //	globURL=*.docker.io, targetURL=not.right.io   => no match
 //
 // Note that we don't support wildcards in ports and paths yet.
-func urlsMatch(globURL *url.URL, targetURL *url.URL) (bool, error) {
+func urlsMatch(globURL, targetURL *url.URL) (bool, error) {
 	globURLParts, globPort := splitURL(globURL)
 	targetURLParts, targetPort := splitURL(targetURL)
 	if globPort != targetPort {

diff --git a/pkg/authn/kubernetes/keychain_test.go b/pkg/authn/kubernetes/keychain_test.go
@@ -43,7 +43,7 @@ type secretType struct {
 	marshal func(t *testing.T, registry string, auth authn.AuthConfig) []byte
 }
 
-func (s *secretType) Create(t *testing.T, namespace, name string, registry string, auth authn.AuthConfig) *corev1.Secret {
+func (s *secretType) Create(t *testing.T, namespace, name, registry string, auth authn.AuthConfig) *corev1.Secret {
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
@@ -192,7 +192,6 @@ func TestSecretAttachedServiceAccount(t *testing.T) {
 
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-
 			objs := []runtime.Object{
 				&corev1.ServiceAccount{
 					ObjectMeta: metav1.ObjectMeta{
@@ -225,7 +224,6 @@ func TestSecretAttachedServiceAccount(t *testing.T) {
 			testResolve(t, kc, registry(t, "fake.registry.io"), c.expected)
 		})
 	}
-
 }
 
 // Prioritze picking the first secret
@@ -269,7 +267,6 @@ func TestResolveTargets(t *testing.T) {
 				kc, err := NewFromPullSecrets(context.Background(), []corev1.Secret{
 					*secretType.Create(t, "ns", "secret", target.String(), auth),
 				})
-
 				if err != nil {
 					t.Fatalf("New() = %v", err)
 				}
@@ -289,7 +286,6 @@ func TestAuthWithScheme(t *testing.T) {
 	kc, err := NewFromPullSecrets(context.Background(), []corev1.Secret{
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret", "https://fake.registry.io", auth),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -307,7 +303,6 @@ func TestAuthWithPorts(t *testing.T) {
 	kc, err := NewFromPullSecrets(context.Background(), []corev1.Secret{
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret", "fake.registry.io:5000", auth),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -332,7 +327,6 @@ func TestAuthPathMatching(t *testing.T) {
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret-3", "fake.registry.io/nested/repo", leafAuth),
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret-4", "fake.registry.io/par", partialAuth),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -351,7 +345,6 @@ func TestAuthHostNameVariations(t *testing.T) {
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret-1", "fake.registry.io", rootAuth),
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret-2", "1.fake.registry.io", subdomainAuth),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -372,7 +365,6 @@ func TestAuthSpecialPathsIgnored(t *testing.T) {
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret-1", "https://fake.registry.io/v1/", auth),
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret-2", "https://fake2.registry.io/v2/", auth2),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -388,7 +380,6 @@ func TestAuthDockerRegistry(t *testing.T) {
 	kc, err := NewFromPullSecrets(context.Background(), []corev1.Secret{
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret", "index.docker.io", auth),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -402,7 +393,6 @@ func TestAuthWithGlobs(t *testing.T) {
 	kc, err := NewFromPullSecrets(context.Background(), []corev1.Secret{
 		*dockerConfigJSONSecretType.Create(t, "ns", "secret", "*.registry.io", auth),
 	})
-
 	if err != nil {
 		t.Fatalf("New() = %v", err)
 	}
@@ -437,7 +427,6 @@ func toJSON(t *testing.T, obj any) []byte {
 	t.Helper()
 
 	bites, err := json.Marshal(obj)
-
 	if err != nil {
 		t.Fatal("unable to json marshal", err)
 	}
@@ -537,7 +526,8 @@ func TestKubernetesAuth(t *testing.T) {
 			"dtestcontainer.azurecr.io/dave/nginx",
 			"http://dtestcontainer.azurecr.io/dave/nginx",
 			"https://dtestcontainer.azurecr.io/dave/nginx",
-		}} {
+		},
+	} {
 		repo, err := name.NewRepository(k)
 		if err != nil {
 			t.Errorf("parsing %q: %v", k, err)

diff --git a/pkg/crane/append.go b/pkg/crane/append.go
@@ -50,7 +50,6 @@ func Append(base v1.Image, paths ...string) (v1.Image, error) {
 	}
 
 	baseMediaType, err := base.MediaType()
-
 	if err != nil {
 		return nil, fmt.Errorf("getting base image media type: %w", err)
 	}

diff --git a/pkg/crane/append_test.go b/pkg/crane/append_test.go
@@ -26,19 +26,16 @@ import (
 func TestAppendWithOCIBaseImage(t *testing.T) {
 	base := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
 	img, err := crane.Append(base, "testdata/content.tar")
-
 	if err != nil {
 		t.Fatalf("crane.Append(): %v", err)
 	}
 
 	layers, err := img.Layers()
-
 	if err != nil {
 		t.Fatalf("img.Layers(): %v", err)
 	}
 
 	mediaType, err := layers[0].MediaType()
-
 	if err != nil {
 		t.Fatalf("layers[0].MediaType(): %v", err)
 	}
@@ -50,19 +47,16 @@ func TestAppendWithOCIBaseImage(t *testing.T) {
 
 func TestAppendWithDockerBaseImage(t *testing.T) {
 	img, err := crane.Append(empty.Image, "testdata/content.tar")
-
 	if err != nil {
 		t.Fatalf("crane.Append(): %v", err)
 	}
 
 	layers, err := img.Layers()
-
 	if err != nil {
 		t.Fatalf("img.Layers(): %v", err)
 	}
 
 	mediaType, err := layers[0].MediaType()
-
 	if err != nil {
 		t.Fatalf("layers[0].MediaType(): %v", err)
 	}

diff --git a/pkg/gcrane/copy_test.go b/pkg/gcrane/copy_test.go
@@ -301,7 +301,7 @@ func TestDiffImages(t *testing.T) {
 			"a": {
 				Size:      123,
 				MediaType: string(types.DockerManifestSchema2),
-				Created:   time.Date(1992, time.January, 7, 6, 40, 00, 5e8, time.UTC),
+				Created:   time.Date(1992, time.January, 7, 6, 40, 0o0, 5e8, time.UTC),
 				Uploaded:  time.Date(2018, time.November, 29, 4, 13, 30, 5e8, time.UTC),
 				Tags:      []string{"b", "c", "d"},
 			},
@@ -311,7 +311,7 @@ func TestDiffImages(t *testing.T) {
 			"a": {
 				Size:      123,
 				MediaType: string(types.DockerManifestSchema2),
-				Created:   time.Date(1992, time.January, 7, 6, 40, 00, 5e8, time.UTC),
+				Created:   time.Date(1992, time.January, 7, 6, 40, 0o0, 5e8, time.UTC),
 				Uploaded:  time.Date(2018, time.November, 29, 4, 13, 30, 5e8, time.UTC),
 				Tags:      []string{"b", "c", "d"},
 			},