ossf · azeemshaikh38 · Jul 20, 2022 · Jul 20, 2022 · Jul 20, 2022 · Jul 20, 2022
diff --git a/.github/workflows/golangci.yml b/.github/workflows/golangci.yml
@@ -16,25 +16,9 @@ jobs:
         os: [ ubuntu-latest ]
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
-        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-      - uses: actions/cache@c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d #v2.1.7
-        with:
-          # In order:
-          # * Module download cache
-          # * Build cache (Linux)
-          # * Build cache (Mac)
-          # * Build cache (Windows)
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-            ~/Library/Caches/go-build
-            %LocalAppData%\go-build
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
       - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a #v2.1.5
         with:
-          go-version: '1.17.x'
+          go-version: '1.18'
       - uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc
         with:
           only-new-issues: true
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -36,7 +36,7 @@ jobs:
             ${{ runner.os }}-go-
       - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a #v2.1.5
         with:
-          go-version: '1.17.x'
+          go-version: '1.18'
       - name: Run Go tests
         # cannot run tests with race because we are mutating state (setting ENV variables)
         run: go test -covermode=atomic  -coverprofile=unit-coverage.out ./...

diff --git a/Dockerfile b/Dockerfile
@@ -22,8 +22,8 @@
 #           -e GITHUB_REPOSITORY="ossf/scorecard" \
 #           laurentsimon/scorecard-action:latest
 
-#v1.17 go
-FROM golang@sha256:bd9823cdad5700fb4abe983854488749421d5b4fc84154c30dae474100468b85 AS base
+#v1.18 go
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

diff --git a/github/github.go b/github/github.go
@@ -20,10 +20,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"net/url"
+	"os"
 
 	"github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper"
 	sclog "github.com/ossf/scorecard/v4/log"
@@ -123,7 +123,7 @@ func (c *Client) ParseFromFile(filepath string) (RepoInfo, error) {
 	var ret RepoInfo
 
 	log.Printf("getting repo info from file: %s", filepath)
-	repoInfo, err := ioutil.ReadFile(filepath)
+	repoInfo, err := os.ReadFile(filepath)
 	if err != nil {
 		return ret, fmt.Errorf("reading GitHub event path: %w", err)
 	}

diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/install/install.go b/install/install.go
@@ -19,8 +19,8 @@ package install
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"log"
+	"os"
 
 	"github.com/google/go-github/v42/github"
 
@@ -42,8 +42,11 @@ var workflowFiles = []string{
 // organization.
 // TODO(install): Improve description.
 // TODO(install): Accept a context instead of setting one.
-//nolint:gocognit
 // TODO(lint): cognitive complexity 31 of func `Run` is high (> 30) (gocognit).
+//
+// TODO(lint): cognitive complexity 31 of func `Run` is high (> 30) (gocognit).
+//
+//nolint:gocognit
 func Run(o *options.Options) error {
 	err := o.Validate()
 	if err != nil {
@@ -69,7 +72,7 @@ func Run(o *options.Options) error {
 	}
 
 	// Get yml file into byte array.
-	workflowContent, err := ioutil.ReadFile(o.ConfigPath)
+	workflowContent, err := os.ReadFile(o.ConfigPath)
 	if err != nil {
 		return fmt.Errorf("reading scorecard workflow file: %w", err)
 	}

diff --git a/signing/signing.go b/signing/signing.go
@@ -22,7 +22,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
@@ -78,7 +77,7 @@ func GetJSONScorecardResults() ([]byte, error) {
 	}
 
 	// Get json output data from file.
-	jsonPayload, err := ioutil.ReadFile(os.Getenv(options.EnvInputResultsFile))
+	jsonPayload, err := os.ReadFile(os.Getenv(options.EnvInputResultsFile))
 	if err != nil {
 		return nil, fmt.Errorf("reading scorecard json results from file: %w", err)
 	}

diff --git a/signing/signing_test.go b/signing/signing_test.go
@@ -17,7 +17,7 @@
 package signing
 
 import (
-	"io/ioutil"
+	"os"
 	"testing"
 )
 
@@ -76,7 +76,7 @@ import (
 func Test_ProcessSignature(t *testing.T) {
 	t.Parallel()
 
-	jsonPayload, err := ioutil.ReadFile("testdata/results.json")
+	jsonPayload, err := os.ReadFile("testdata/results.json")
 	repoName := "ossf-tests/scorecard-action"
 	repoRef := "refs/heads/main"
 	accessToken := ""