ci, versioning, lint improvements

Author: trvon

.github/workflows/main.yml

@@ -23,10 +23,65 @@ permissions:
 env:
   CI_COMMIT_AUTHOR: trvon
   CI_COMMIT_EMAIL: [email protected]
+  GO_VERSION: '1.22'
 
 jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          args: --timeout=5m
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: Check formatting
+        run: |
+          if [ -n "$(gofmt -s -l .)" ]; then
+            echo "Go code is not formatted:"
+            gofmt -s -d .
+            exit 1
+          fi
+
+  security:
+    name: Security Checks
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: true
+
+      - name: Run govulncheck
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...
+
+      - name: Run tests with race detector
+        run: go test -race -short ./...
+
   unit-tests:
     name: Unit Tests
+    needs: [lint]
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
@@ -38,24 +93,33 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.18'
+          go-version: ${{ env.GO_VERSION }}
           cache: true
 
       - name: Unit Tests
         run: |
-          go test ./... -v -timeout=120s
+          go test ./... -v -timeout=120s -coverprofile=coverage.out
         timeout-minutes: 5
 
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        if: always()
+        with:
+          files: ./coverage.out
+          flags: unittests
+          fail_ci_if_error: false
+
   acceptance-tests:
     name: Acceptance Tests
+    needs: [lint]
     runs-on: ubuntu-latest
     timeout-minutes: 20
     container:
       image: gns3/openvswitch:latest
       volumes:
         - /lib/modules:/lib/modules
       options: --cap-add=NET_ADMIN --privileged
-    
+
     steps:
       - name: Install dependencies
         run: |
@@ -67,15 +131,15 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-        
+
       - name: Verify and setup Go
         run: |
           echo "Go binary location: $(which go)"
           go version
           echo "GOPATH: $GOPATH"
           # Make sure Go binaries are in PATH
           echo "PATH=$PATH:/usr/local/go/bin:$(go env GOPATH)/bin" >> $GITHUB_ENV
-        
+
       - name: Start Open vSwitch service
         run: |
           /usr/share/openvswitch/scripts/ovs-ctl start
@@ -91,15 +155,19 @@ jobs:
 
   integration-tests:
     name: Integration Tests
-    needs: [unit-tests, acceptance-tests]
+    needs: [unit-tests, acceptance-tests, security]
     runs-on: ubuntu-latest
     timeout-minutes: 30
+    strategy:
+      matrix:
+        terraform_version: ['1.6.0', '1.10.5']
+        opentofu_version: ['1.6.0', '1.8.10']
     container:
       image: gns3/openvswitch:latest
       volumes:
         - /lib/modules:/lib/modules
       options: --cap-add=NET_ADMIN --privileged
-    
+
     steps:
       - name: Install dependencies
         run: |
@@ -131,8 +199,8 @@ jobs:
 
       - name: Install Terraform
         run: |
-          wget https://releases.hashicorp.com/terraform/1.6.0/terraform_1.6.0_linux_amd64.zip
-          unzip terraform_1.6.0_linux_amd64.zip
+          wget https://releases.hashicorp.com/terraform/${{ matrix.terraform_version }}/terraform_${{ matrix.terraform_version }}_linux_amd64.zip
+          unzip terraform_${{ matrix.terraform_version }}_linux_amd64.zip
           mv terraform /usr/local/bin/
           terraform version
         timeout-minutes: 5
@@ -155,9 +223,10 @@ jobs:
 
       - name: Install OpenTofu
         run: |
-          wget https://github.com/opentofu/opentofu/releases/download/v1.6.0/tofu_1.6.0_linux_amd64.zip
-          unzip -o tofu_1.6.0_linux_amd64.zip
+          wget https://github.com/opentofu/opentofu/releases/download/v${{ matrix.opentofu_version }}/tofu_${{ matrix.opentofu_version }}_linux_amd64.zip
+          unzip -o tofu_${{ matrix.opentofu_version }}_linux_amd64.zip
           mv tofu /usr/local/bin/
+          tofu version
         timeout-minutes: 5
 
       - name: Test with OpenTofu
@@ -209,21 +278,21 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.18'
+          go-version: ${{ env.GO_VERSION }}
           cache: true
 
       - name: 'Terraform Provider Release'
         uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/community.yml@v4
         with:
           gpg-private-key: '${{ secrets.GPG_PRIVATE_KEY }}'
           setup-go-version-file: 'go.mod'
-          
+
       - name: Generate Release Notes
         run: |
           cd .changes
           sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ steps.version.outputs.CHANGELOG_VERSION }}.md > /tmp/release-notes.txt
         timeout-minutes: 2
-        
+
       - name: GH Release
         run: |
           gh release create "${{ github.event.inputs.versionNumber }}" --notes-file /tmp/release-notes.txt --title "${{ github.event.inputs.versionNumber }}"

.golangci.yml

@@ -0,0 +1,146 @@
+---
+# golangci-lint configuration for Terraform Provider
+# See https://golangci-lint.run/usage/configuration/ for all options
+
+run:
+  timeout: 5m
+  tests: true
+  # Define which Go version to target for linting
+  go: '1.22'
+
+output:
+  # Format output
+  formats:
+    - format: colored-line-number
+  # Print lines of code with issue
+  print-issued-lines: true
+  # Print linter name in the end of issue text
+  print-linter-name: true
+  # Sort results by file, line, and column
+  sort-results: true
+
+linters:
+  enable:
+    # Default linters
+    - errcheck        # Check for unchecked errors
+    - gosimple        # Simplify code
+    - govet           # Vet examines Go source code
+    - ineffassign     # Detect ineffectual assignments
+    - staticcheck     # Go static analysis
+    - unused          # Check for unused code
+
+    # Additional recommended linters
+    - gofmt           # Check if code was gofmt-ed
+    - goimports       # Check import statements formatting
+    - misspell        # Find commonly misspelled English words
+    - revive          # Fast, configurable, extensible, flexible linter
+    - gosec           # Inspect source code for security problems
+    - unconvert       # Remove unnecessary type conversions
+    - unparam         # Report unused function parameters
+    - prealloc        # Find slice declarations that could be preallocated
+    - nolintlint      # Report ill-formed or insufficient nolint directives
+    - copyloopvar     # Check for loop variables captured by func literals (replaces exportloopref)
+    - gocritic        # Comprehensive Go source code linter
+    - gocyclo         # Compute cyclomatic complexity
+    - bodyclose       # Check HTTP response body is closed
+    - errorlint       # Find code that will cause problems with Go 1.13+ error wrapping
+
+  disable:
+    - typecheck       # Disabled because it can conflict with Go build
+
+linters-settings:
+  errcheck:
+    # Report about not checking of errors in type assertions: `a := b.(MyStruct)`
+    check-type-assertions: true
+    # Report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`
+    check-blank: false
+    # Exclude functions - these are known to return errors we intentionally ignore
+    exclude-functions:
+      - '(*database/sql.DB).Close'
+      - '(*database/sql.Rows).Close'
+
+  gocyclo:
+    # Minimal cyclomatic complexity to report
+    min-complexity: 15
+
+  govet:
+    # Enable all analyzers
+    enable-all: true
+    # Disable specific analyzers
+    disable:
+      - shadow  # Can be too noisy
+
+  misspell:
+    locale: US
+    ignore-words:
+      - ovs
+      - vsctl
+      - ofctl
+      - openvswitch
+
+  gosec:
+    # Exclude specific security checks
+    excludes:
+      - G204  # Subprocess launched with variable - we need this for ovs-vsctl commands
+      - G304  # File path provided as taint input
+    # Confidence level to report issues
+    confidence: medium
+
+  revive:
+    rules:
+      - name: exported
+        disabled: false
+        arguments:
+          - "disableStutteringCheck"
+      - name: package-comments
+        disabled: true  # Not all packages need comments in small projects
+
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - style
+      - performance
+    disabled-checks:
+      - commentedOutCode
+      - whyNoLint
+
+  staticcheck:
+    # https://staticcheck.io/docs/options#checks
+    checks:
+      - "all"
+      - "-SA1019"  # Allow deprecated functions temporarily during migration
+
+issues:
+  # Maximum issues count per one linter
+  max-issues-per-linter: 0
+  # Maximum count of issues with the same text
+  max-same-issues: 0
+
+  # Show all issues from a linter
+  new: false
+
+  # Make issues output unique by line
+  uniq-by-line: true
+
+  # Exclude specific issues
+  exclude-rules:
+    # Exclude some linters from running on tests files
+    - path: _test\.go
+      linters:
+        - gosec
+        - errcheck
+        - gocritic
+
+    # Exclude known issues in legacy code that will be fixed during SDK migration
+    - path: openvswitch/
+      text: "SA1019"  # Deprecated function usage (terraform v0.12 SDK)
+      linters:
+        - staticcheck
+
+    # Allow complex functions in test files
+    - path: _test\.go
+      linters:
+        - gocyclo
+
+  # Independently of option `exclude` we use default exclude patterns
+  exclude-use-default: true