update to golangci-lint v1.49.0 for compatibilty with go1.19

.golangci.yml

@@ -1,7 +1,6 @@
 linters:
   enable:
     - bodyclose
-    - deadcode
     - depguard
     - dogsled
     - gocyclo
@@ -14,14 +13,12 @@ linters:
     - megacheck
     - misspell
     - nakedret
+    - revive
     - staticcheck
-    - structcheck
     - typecheck
     - unconvert
     - unparam
     - unused
-    - revive
-    - varcheck
 
   disable:
     - errcheck
@@ -98,6 +95,12 @@ issues:
       linters:
         - gosec
 
+    # G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772)
+    # only affects gp < 1.16.14. and go < 1.17.7
+    - text: "(G113)"
+      linters:
+        - gosec
+
     # Looks like the match in "EXC0007" above doesn't catch this one
     # TODO: consider upstreaming this to golangci-lint's default exclusion rules
     - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
@@ -109,6 +112,11 @@ issues:
       linters:
         - gosec
 
+    # TODO: make sure all packages have a description. Currently, there's 67 packages without.
+    - text: "package-comments: should have a package comment"
+      linters:
+        - revive
+
     # Exclude some linters from running on tests files.
     - path: _test\.go
       linters:

cli-plugins/manager/plugin.go

@@ -33,8 +33,6 @@ type Plugin struct {
 // is set, and is always a `pluginError`, but the `Plugin` is still
 // returned with no error. An error is only returned due to a
 // non-recoverable error.
-//
-//nolint:gocyclo
 func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 	path := c.Path()
 	if path == "" {

cli/command/cli_options_test.go

@@ -15,23 +15,13 @@ func contentTrustEnabled(t *testing.T) bool {
 
 // NB: Do not t.Parallel() this test -- it messes with the process environment.
 func TestWithContentTrustFromEnv(t *testing.T) {
-	envvar := "DOCKER_CONTENT_TRUST"
-	if orig, ok := os.LookupEnv(envvar); ok {
-		defer func() {
-			os.Setenv(envvar, orig)
-		}()
-	} else {
-		defer func() {
-			os.Unsetenv(envvar)
-		}()
-	}
-
-	os.Setenv(envvar, "true")
-	assert.Assert(t, contentTrustEnabled(t))
-	os.Setenv(envvar, "false")
-	assert.Assert(t, !contentTrustEnabled(t))
-	os.Setenv(envvar, "invalid")
-	assert.Assert(t, contentTrustEnabled(t))
+	const envvar = "DOCKER_CONTENT_TRUST"
+	t.Setenv(envvar, "true")
+	assert.Check(t, contentTrustEnabled(t))
+	t.Setenv(envvar, "false")
+	assert.Check(t, !contentTrustEnabled(t))
+	t.Setenv(envvar, "invalid")
+	assert.Check(t, contentTrustEnabled(t))
 	os.Unsetenv(envvar)
-	assert.Assert(t, !contentTrustEnabled(t))
+	assert.Check(t, !contentTrustEnabled(t))
 }

cli/command/config/inspect.go

@@ -2,7 +2,7 @@ package config
 
 import (
 	"context"
-	"fmt"
+	"errors"
 	"strings"
 
 	"github.com/docker/cli/cli"
@@ -56,7 +56,7 @@ func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error {
 	// check if the user is trying to apply a template to the pretty format, which
 	// is not supported
 	if strings.HasPrefix(f, "pretty") && f != "pretty" {
-		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
+		return errors.New("cannot supply extra formatting options to the pretty template")
 	}
 
 	configCtx := formatter.Context{

cli/command/container/opts.go

@@ -925,8 +925,7 @@ func parseDevice(device, serverOS string) (container.DeviceMapping, error) {
 // parseLinuxDevice parses a device mapping string to a container.DeviceMapping struct
 // knowing that the target is a Linux daemon
 func parseLinuxDevice(device string) (container.DeviceMapping, error) {
-	src := ""
-	dst := ""
+	var src, dst string
 	permissions := "rwm"
 	arr := strings.Split(device, ":")
 	switch len(arr) {

cli/command/formatter/tabwriter/tabwriter.go

@@ -12,7 +12,7 @@
 
 // based on https://github.com/golang/go/blob/master/src/text/tabwriter/tabwriter.go Last modified 690ac40 on 31 Jan
 
-//nolint:gocyclo,nakedret,revive,unused // ignore linting errors, so that we can stick close to upstream
+//nolint:gocyclo,nakedret,revive,stylecheck,unused // ignore linting errors, so that we can stick close to upstream
 package tabwriter
 
 import (

cli/command/image/build/context.go

@@ -235,7 +235,7 @@ func getWithStatusError(url string) (resp *http.Response, err error) {
 	if resp, err = http.Get(url); err != nil {
 		return nil, err
 	}
-	if resp.StatusCode < 400 {
+	if resp.StatusCode < http.StatusBadRequest {
 		return resp, nil
 	}
 	msg := fmt.Sprintf("failed to GET %s with status %s", url, resp.Status)

cli/command/image/formatter_history_test.go

@@ -186,14 +186,14 @@ func TestHistoryContext_Table(t *testing.T) {
 		{ID: "imageID3", Created: unixTime, CreatedBy: "/bin/bash ls", Size: int64(182964289), Comment: "Hi", Tags: []string{"image:tag2"}},
 		{ID: "imageID4", Created: unixTime, CreatedBy: "/bin/bash grep", Size: int64(182964289), Comment: "Hi", Tags: []string{"image:tag2"}},
 	}
-	//nolint:lll
-	expectedNoTrunc := `IMAGE      CREATED        CREATED BY                                                                                                                     SIZE      COMMENT
+
+	const expectedNoTrunc = `IMAGE      CREATED        CREATED BY                                                                                                                     SIZE      COMMENT
 imageID1   24 hours ago   /bin/bash ls && npm i && npm run test && karma -c karma.conf.js start && npm start && more commands here && the list goes on   183MB     Hi
 imageID2   24 hours ago   /bin/bash echo                                                                                                                 183MB     Hi
 imageID3   24 hours ago   /bin/bash ls                                                                                                                   183MB     Hi
 imageID4   24 hours ago   /bin/bash grep                                                                                                                 183MB     Hi
 `
-	expectedTrunc := `IMAGE      CREATED        CREATED BY                                      SIZE      COMMENT
+	const expectedTrunc = `IMAGE      CREATED        CREATED BY                                      SIZE      COMMENT
 imageID1   24 hours ago   /bin/bash ls && npm i && npm run test && kar…   183MB     Hi
 imageID2   24 hours ago   /bin/bash echo                                  183MB     Hi
 imageID3   24 hours ago   /bin/bash ls                                    183MB     Hi

cli/command/manifest/inspect_test.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/docker/cli/cli/manifest/store"
 	"github.com/docker/cli/cli/manifest/types"
-	manifesttypes "github.com/docker/cli/cli/manifest/types"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/schema2"
@@ -80,10 +79,10 @@ func TestInspectCommandNotFound(t *testing.T) {
 	cli := test.NewFakeCli(nil)
 	cli.SetManifestStore(store)
 	cli.SetRegistryClient(&fakeRegistryClient{
-		getManifestFunc: func(_ context.Context, _ reference.Named) (manifesttypes.ImageManifest, error) {
-			return manifesttypes.ImageManifest{}, errors.New("missing")
+		getManifestFunc: func(_ context.Context, _ reference.Named) (types.ImageManifest, error) {
+			return types.ImageManifest{}, errors.New("missing")
 		},
-		getManifestListFunc: func(ctx context.Context, ref reference.Named) ([]manifesttypes.ImageManifest, error) {
+		getManifestListFunc: func(ctx context.Context, ref reference.Named) ([]types.ImageManifest, error) {
 			return nil, errors.Errorf("No such manifest: %s", ref)
 		},
 	})
@@ -119,7 +118,7 @@ func TestInspectcommandRemoteManifest(t *testing.T) {
 	cli := test.NewFakeCli(nil)
 	cli.SetManifestStore(store)
 	cli.SetRegistryClient(&fakeRegistryClient{
-		getManifestFunc: func(_ context.Context, ref reference.Named) (manifesttypes.ImageManifest, error) {
+		getManifestFunc: func(_ context.Context, ref reference.Named) (types.ImageManifest, error) {
 			return fullImageManifest(t, ref), nil
 		},
 	})

cli/command/node/inspect.go

@@ -2,7 +2,7 @@ package node
 
 import (
 	"context"
-	"fmt"
+	"errors"
 	"strings"
 
 	"github.com/docker/cli/cli"
@@ -58,7 +58,7 @@ func runInspect(dockerCli command.Cli, opts inspectOptions) error {
 	// check if the user is trying to apply a template to the pretty format, which
 	// is not supported
 	if strings.HasPrefix(f, "pretty") && f != "pretty" {
-		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
+		return errors.New("cannot supply extra formatting options to the pretty template")
 	}
 
 	nodeCtx := formatter.Context{

cli/command/secret/inspect.go

@@ -2,7 +2,7 @@ package secret
 
 import (
 	"context"
-	"fmt"
+	"errors"
 	"strings"
 
 	"github.com/docker/cli/cli"
@@ -54,7 +54,7 @@ func runSecretInspect(dockerCli command.Cli, opts inspectOptions) error {
 	// check if the user is trying to apply a template to the pretty format, which
 	// is not supported
 	if strings.HasPrefix(f, "pretty") && f != "pretty" {
-		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
+		return errors.New("cannot supply extra formatting options to the pretty template")
 	}
 
 	secretCtx := formatter.Context{

cli/command/service/list.go

@@ -109,8 +109,6 @@ func runList(dockerCli command.Cli, opts listOptions) error {
 // there may be other situations where the client uses the "default" version.
 // To take these situations into account, we do a quick check for services
 // that don't have ServiceStatus set, and perform a lookup for those.
-//
-//nolint:gocyclo
 func AppendServiceStatus(ctx context.Context, c client.APIClient, services []swarm.Service) ([]swarm.Service, error) {
 	status := map[string]*swarm.ServiceStatus{}
 	taskFilter := filters.NewArgs()

cli/command/stack/swarm/deploy_composefile.go

@@ -12,7 +12,6 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/swarm"
 	apiclient "github.com/docker/docker/client"
-	dockerclient "github.com/docker/docker/client"
 	"github.com/pkg/errors"
 )
 
@@ -77,7 +76,7 @@ func getServicesDeclaredNetworks(serviceConfigs []composetypes.ServiceConfig) ma
 	return serviceNetworks
 }
 
-func validateExternalNetworks(ctx context.Context, client dockerclient.NetworkAPIClient, externalNetworks []string) error {
+func validateExternalNetworks(ctx context.Context, client apiclient.NetworkAPIClient, externalNetworks []string) error {
 	for _, networkName := range externalNetworks {
 		if !container.NetworkMode(networkName).IsUserDefined() {
 			// Networks that are not user defined always exist on all nodes as
@@ -86,7 +85,7 @@ func validateExternalNetworks(ctx context.Context, client dockerclient.NetworkAP
 		}
 		network, err := client.NetworkInspect(ctx, networkName, types.NetworkInspectOptions{})
 		switch {
-		case dockerclient.IsErrNotFound(err):
+		case apiclient.IsErrNotFound(err):
 			return errors.Errorf("network %q is declared as external, but could not be found. You need to create a swarm-scoped network before the stack is deployed", networkName)
 		case err != nil:
 			return err
@@ -175,7 +174,6 @@ func createNetworks(ctx context.Context, dockerCli command.Cli, namespace conver
 	return nil
 }
 
-//nolint:gocyclo
 func deployServices(ctx context.Context, dockerCli command.Cli, services map[string]swarm.ServiceSpec, namespace convert.Namespace, sendAuth bool, resolveImage string) error {
 	apiClient := dockerCli.Client()
 	out := dockerCli.Out()

cli/command/swarm/opts_test.go

@@ -34,7 +34,7 @@ func TestNodeAddrOptionSetPortOnly(t *testing.T) {
 
 func TestNodeAddrOptionSetInvalidFormat(t *testing.T) {
 	opt := NewListenAddrOption()
-	assert.Error(t, opt.Set("http://localhost:4545"), "Invalid proto, expected tcp: http://localhost:4545")
+	assert.Error(t, opt.Set("http://localhost:4545"), "invalid proto, expected tcp: http://localhost:4545")
 }
 
 func TestExternalCAOptionErrors(t *testing.T) {

cli/command/trust/common.go

@@ -74,15 +74,15 @@ func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.Ro
 		logrus.Debug(trust.NotaryError(remote, err))
 		// print an empty table if we don't have signed targets, but have an initialized notary repo
 		if _, ok := err.(client.ErrNoSuchTarget); !ok {
-			return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
+			return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("no signatures or cannot access %s", remote)
 		}
 	}
 	signatureRows := matchReleasedSignatures(allSignedTargets)
 
 	// get the administrative roles
 	adminRolesWithSigs, err := notaryRepo.ListRoles()
 	if err != nil {
-		return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
+		return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("no signers for %s", remote)
 	}
 
 	// get delegation roles with the canonical key IDs

cli/command/trust/inspect_pretty_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/docker/cli/internal/test"
 	notaryfake "github.com/docker/cli/internal/test/notary"
 	"github.com/docker/docker/api/types"
-	dockerClient "github.com/docker/docker/client"
+	apiclient "github.com/docker/docker/client"
 	"github.com/theupdateframework/notary"
 	"github.com/theupdateframework/notary/client"
 	"github.com/theupdateframework/notary/tuf/data"
@@ -24,7 +24,7 @@ import (
 // TODO(n4ss): remove common tests with the regular inspect command
 
 type fakeClient struct {
-	dockerClient.Client
+	apiclient.Client
 }
 
 func (c *fakeClient) Info(ctx context.Context) (types.Info, error) {
@@ -77,15 +77,15 @@ func TestTrustInspectPrettyCommandOfflineErrors(t *testing.T) {
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"nonexistent-reg-name.io/image"})
 	cmd.SetOut(io.Discard)
-	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image")
+	assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access nonexistent-reg-name.io/image")
 
 	cli = test.NewFakeCli(&fakeClient{})
 	cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
 	cmd = newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"nonexistent-reg-name.io/image:tag"})
 	cmd.SetOut(io.Discard)
-	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image")
+	assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access nonexistent-reg-name.io/image")
 }
 
 func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) {
@@ -95,15 +95,15 @@ func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) {
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"reg/unsigned-img"})
 	cmd.SetOut(io.Discard)
-	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img")
+	assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access reg/unsigned-img")
 
 	cli = test.NewFakeCli(&fakeClient{})
 	cli.SetNotaryClient(notaryfake.GetUninitializedNotaryRepository)
 	cmd = newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"reg/unsigned-img:tag"})
 	cmd.SetOut(io.Discard)
-	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img:tag")
+	assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access reg/unsigned-img:tag")
 }
 
 func TestTrustInspectPrettyCommandEmptyNotaryRepoErrors(t *testing.T) {

cli/command/trust/inspect_test.go

@@ -55,26 +55,26 @@ func TestTrustInspectCommandRepositoryErrors(t *testing.T) {
 			doc:              "OfflineErrors",
 			args:             []string{"nonexistent-reg-name.io/image"},
 			notaryRepository: notary.GetOfflineNotaryRepository,
-			err:              "No signatures or cannot access nonexistent-reg-name.io/image",
+			err:              "no signatures or cannot access nonexistent-reg-name.io/image",
 		},
 		{
 			doc:              "OfflineErrorsWithImageTag",
 			args:             []string{"nonexistent-reg-name.io/image:tag"},
 			notaryRepository: notary.GetOfflineNotaryRepository,
-			err:              "No signatures or cannot access nonexistent-reg-name.io/image:tag",
+			err:              "no signatures or cannot access nonexistent-reg-name.io/image:tag",
 		},
 		{
 			doc:              "UninitializedErrors",
 			args:             []string{"reg/unsigned-img"},
 			notaryRepository: notary.GetUninitializedNotaryRepository,
-			err:              "No signatures or cannot access reg/unsigned-img",
+			err:              "no signatures or cannot access reg/unsigned-img",
 			golden:           "trust-inspect-uninitialized.golden",
 		},
 		{
 			doc:              "UninitializedErrorsWithImageTag",
 			args:             []string{"reg/unsigned-img:tag"},
 			notaryRepository: notary.GetUninitializedNotaryRepository,
-			err:              "No signatures or cannot access reg/unsigned-img:tag",
+			err:              "no signatures or cannot access reg/unsigned-img:tag",
 			golden:           "trust-inspect-uninitialized.golden",
 		},
 	}

cli/command/trust/sign.go

@@ -132,9 +132,9 @@ func validateTag(imgRefAndAuth trust.ImageRefAndAuth) error {
 	tag := imgRefAndAuth.Tag()
 	if tag == "" {
 		if imgRefAndAuth.Digest() != "" {
-			return fmt.Errorf("cannot use a digest reference for IMAGE:TAG")
+			return errors.New("cannot use a digest reference for IMAGE:TAG")
 		}
-		return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
+		return fmt.Errorf("no tag specified for %s", imgRefAndAuth.Name())
 	}
 	return nil
 }
@@ -148,7 +148,7 @@ func createTarget(notaryRepo client.Repository, tag string) (client.Target, erro
 	target := &client.Target{}
 	var err error
 	if tag == "" {
-		return *target, fmt.Errorf("No tag specified")
+		return *target, errors.New("no tag specified")
 	}
 	target.Name = tag
 	target.Hashes, target.Length, err = getSignedManifestHashAndSize(notaryRepo, tag)