chore: linting (#23)

* chore: add golangci-lint config

* refactor: enable linters and adapt code style

.github/workflows/ci.yml

@@ -18,8 +18,6 @@ jobs:
 
     - name: Lint
       uses: golangci/golangci-lint-action@v3
-      with:
-        args: --timeout=5m --color=always --max-same-issues=0 --max-issues-per-linter=0
 
     - name: Build
       run: go build -v -o parlay

.golangci.yaml

@@ -0,0 +1,30 @@
+run:
+  issues-exit-code: 1
+  color: always
+  max-same-issues: 0
+  max-issues-per-linter: 0
+  tests: true
+  timeout: 5m
+
+linters:
+  enable:
+    - errcheck
+    - goimports
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - staticcheck
+    - typecheck
+    - unused
+
+linters-settings:
+  errcheck:
+    check-blank: true
+    check-type-assertions: true
+  govet:
+    check-shadowing: true
+  goimports:
+    local-prefixes: github.com/snyk/parlay
+  misspell:
+    locale: US

go.sum

@@ -165,8 +165,6 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I=
-github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw=
 github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o=
 github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=

internal/commands/default.go

@@ -3,24 +3,29 @@ package commands
 import (
 	"os"
 
+	"github.com/rs/zerolog"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+
 	"github.com/snyk/parlay/internal/commands/deps"
 	"github.com/snyk/parlay/internal/commands/ecosystems"
 	"github.com/snyk/parlay/internal/commands/scorecard"
 	"github.com/snyk/parlay/internal/commands/snyk"
-
-	"github.com/rs/zerolog"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
 )
 
 func NewDefaultCommand() *cobra.Command {
+	output := zerolog.ConsoleWriter{Out: os.Stderr}
+	logger := zerolog.New(output).With().Timestamp().Logger()
+
 	cmd := cobra.Command{
 		Use:                   "parlay",
 		Short:                 "Enrich an SBOM with context from third party services",
 		SilenceUsage:          true,
 		DisableFlagsInUseLine: true,
 		Run: func(cmd *cobra.Command, args []string) {
-			_ = cmd.Help()
+			if err := cmd.Help(); err != nil {
+				logger.Fatal().Err(err).Msg("Failed to run parlay command")
+			}
 		},
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
 			if viper.GetBool("debug") {
@@ -35,9 +40,6 @@ func NewDefaultCommand() *cobra.Command {
 	cmd.PersistentFlags().Bool("debug", false, "")
 	viper.BindPFlag("debug", cmd.PersistentFlags().Lookup("debug")) //nolint:errcheck
 
-	output := zerolog.ConsoleWriter{Out: os.Stderr}
-	logger := zerolog.New(output).With().Timestamp().Logger()
-
 	cmd.AddCommand(ecosystems.NewEcosystemsRootCommand(logger))
 	cmd.AddCommand(snyk.NewSnykRootCommand(logger))
 	cmd.AddCommand(deps.NewDepsRootCommand(logger))

internal/commands/deps/repos.go

@@ -1,13 +1,13 @@
 package deps
 
 import (
+	"encoding/json"
 	"fmt"
-  "encoding/json"
-
-	"github.com/snyk/parlay/lib/deps"
 
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/lib/deps"
 )
 
 func NewRepoCommand(logger zerolog.Logger) *cobra.Command {
@@ -20,7 +20,7 @@ func NewRepoCommand(logger zerolog.Logger) *cobra.Command {
 			if err != nil {
 				logger.Fatal().Err(err).Msg("Error retrieving data from deps.dev")
 			}
-      repository, err := json.Marshal(repo)
+			repository, err := json.Marshal(repo)
 			if err != nil {
 				logger.Fatal().Err(err).Msg("Error with JSON response from deps.dev")
 			}

internal/commands/deps/root.go

@@ -13,7 +13,9 @@ func NewDepsRootCommand(logger zerolog.Logger) *cobra.Command {
 		DisableFlagsInUseLine: true,
 		SilenceUsage:          true,
 		Run: func(cmd *cobra.Command, args []string) {
-			_ = cmd.Help()
+			if err := cmd.Help(); err != nil {
+				logger.Fatal().Err(err).Msg("Failed to run deps command")
+			}
 		},
 	}
 

internal/commands/ecosystems/enrich.go

@@ -4,12 +4,12 @@ import (
 	"bytes"
 	"os"
 
-	"github.com/snyk/parlay/internal/utils"
-	"github.com/snyk/parlay/lib/ecosystems"
-
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/internal/utils"
+	"github.com/snyk/parlay/lib/ecosystems"
 )
 
 func NewEnrichCommand(logger zerolog.Logger) *cobra.Command {
@@ -32,6 +32,7 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command {
 			bom = ecosystems.EnrichSBOM(bom)
 			err = cdx.NewBOMEncoder(os.Stdout, cdx.BOMFileFormatJSON).Encode(bom)
 			if err != nil {
+				// We dont wunt to eat this erorr.
 				logger.Fatal().Err(err).Msg("Failed to envode new SBOM")
 			}
 		},

internal/commands/ecosystems/packages.go

@@ -3,11 +3,11 @@ package ecosystems
 import (
 	"fmt"
 
-	"github.com/snyk/parlay/lib/ecosystems"
-
 	"github.com/package-url/packageurl-go"
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/lib/ecosystems"
 )
 
 func NewPackageCommand(logger zerolog.Logger) *cobra.Command {

internal/commands/ecosystems/repos.go

@@ -3,10 +3,10 @@ package ecosystems
 import (
 	"fmt"
 
-	"github.com/snyk/parlay/lib/ecosystems"
-
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/lib/ecosystems"
 )
 
 func NewRepoCommand(logger zerolog.Logger) *cobra.Command {
@@ -17,7 +17,7 @@ func NewRepoCommand(logger zerolog.Logger) *cobra.Command {
 		Run: func(cmd *cobra.Command, args []string) {
 			resp, err := ecosystems.GetRepoData(args[0])
 			if err != nil {
-				logger.Fatal().Err(err).Msg("An error occured")
+				logger.Fatal().Err(err).Msg("An error occurred")
 			}
 			fmt.Print(string(resp.Body))
 		},

internal/commands/ecosystems/root.go

@@ -13,7 +13,9 @@ func NewEcosystemsRootCommand(logger zerolog.Logger) *cobra.Command {
 		DisableFlagsInUseLine: true,
 		SilenceUsage:          true,
 		Run: func(cmd *cobra.Command, args []string) {
-			_ = cmd.Help()
+			if err := cmd.Help(); err != nil {
+				logger.Fatal().Err(err).Msg("Failed to run ecosystems command")
+			}
 		},
 	}
 

internal/commands/scorecard/enrich.go

@@ -4,12 +4,12 @@ import (
 	"bytes"
 	"os"
 
-  "github.com/snyk/parlay/internal/utils"
-	"github.com/snyk/parlay/lib/scorecard"
-
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/internal/utils"
+	"github.com/snyk/parlay/lib/scorecard"
 )
 
 func NewEnrichCommand(logger zerolog.Logger) *cobra.Command {

internal/commands/scorecard/root.go

@@ -13,7 +13,9 @@ func NewRootCommand(logger zerolog.Logger) *cobra.Command {
 		DisableFlagsInUseLine: true,
 		SilenceUsage:          true,
 		Run: func(cmd *cobra.Command, args []string) {
-			_ = cmd.Help()
+			if err := cmd.Help(); err != nil {
+				logger.Fatal().Err(err).Msg("Failed to run scorecard command")
+			}
 		},
 	}
 

internal/commands/snyk/enrich.go

@@ -4,12 +4,12 @@ import (
 	"bytes"
 	"os"
 
-	"github.com/snyk/parlay/internal/utils"
-	"github.com/snyk/parlay/lib/snyk"
-
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/internal/utils"
+	"github.com/snyk/parlay/lib/snyk"
 )
 
 func NewEnrichCommand(logger zerolog.Logger) *cobra.Command {

internal/commands/snyk/packages.go

@@ -3,11 +3,11 @@ package snyk
 import (
 	"fmt"
 
-	"github.com/snyk/parlay/lib/snyk"
-
 	"github.com/package-url/packageurl-go"
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
+
+	"github.com/snyk/parlay/lib/snyk"
 )
 
 func NewPackageCommand(logger zerolog.Logger) *cobra.Command {
@@ -23,7 +23,7 @@ func NewPackageCommand(logger zerolog.Logger) *cobra.Command {
 			logger.Debug().Str("purl", args[0]).Msg("Looking up package vulnerabilities from Snyk")
 			resp, err := snyk.GetPackageVulnerabilities(purl)
 			if err != nil {
-				logger.Fatal().Err(err).Msg("An error occured")
+				logger.Fatal().Err(err).Msg("An error occurred")
 			}
 			fmt.Print(string(resp.Body))
 		},

internal/commands/snyk/root.go

@@ -13,7 +13,9 @@ func NewSnykRootCommand(logger zerolog.Logger) *cobra.Command {
 		DisableFlagsInUseLine: true,
 		SilenceUsage:          true,
 		Run: func(cmd *cobra.Command, args []string) {
-			_ = cmd.Help()
+			if err := cmd.Help(); err != nil {
+				logger.Fatal().Err(err).Msg("Failed to run snyk command")
+			}
 		},
 	}
 	cmd.AddCommand(NewPackageCommand(logger))

lib/deps/repo.go

@@ -17,7 +17,7 @@
 package deps
 
 import (
-  "github.com/edoardottt/depsdev/pkg/depsdev"
+	"github.com/edoardottt/depsdev/pkg/depsdev"
 )
 
 func GetRepoData(url string) (*depsdev.Project, error) {

lib/ecosystems/enrich.go

@@ -19,11 +19,11 @@ package ecosystems
 import (
 	"time"
 
-	"github.com/snyk/parlay/ecosystems/packages"
-
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/package-url/packageurl-go"
 	"github.com/remeh/sizedwaitgroup"
+
+	"github.com/snyk/parlay/ecosystems/packages"
 )
 
 func enrichDescription(component cdx.Component, packageData packages.Package) cdx.Component {
@@ -37,8 +37,8 @@ func enrichLicense(component cdx.Component, packageData packages.Package) cdx.Co
 	if packageData.NormalizedLicenses != nil {
 		if len(packageData.NormalizedLicenses) > 0 {
 			expression := packageData.NormalizedLicenses[0]
-			licences := cdx.LicenseChoice{Expression: expression}
-			component.Licenses = &cdx.Licenses{licences}
+			licenses := cdx.LicenseChoice{Expression: expression}
+			component.Licenses = &cdx.Licenses{licenses}
 		}
 	}
 	return component
@@ -179,7 +179,8 @@ func enrichComponentsWithEcosystems(bom *cdx.BOM, enrichFuncs []func(cdx.Compone
 	for i, component := range *bom.Components {
 		wg.Add()
 		go func(component cdx.Component, i int) {
-			purl, _ := packageurl.FromString(component.PackageURL)
+			// TODO: return when there is no usable Purl on the component.
+			purl, _ := packageurl.FromString(component.PackageURL) //nolint:errcheck
 			resp, err := GetPackageData(purl)
 			if err == nil {
 				packageData := resp.JSON200

lib/ecosystems/enrich_test.go

@@ -21,11 +21,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/snyk/parlay/ecosystems/packages"
-
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/jarcoal/httpmock"
 	"github.com/stretchr/testify/assert"
+
+	"github.com/snyk/parlay/ecosystems/packages"
 )
 
 func TestEnrichSBOM(t *testing.T) {

lib/ecosystems/package.go

@@ -21,9 +21,9 @@ import (
 	"fmt"
 	"net/url"
 
-	"github.com/snyk/parlay/ecosystems/packages"
-
 	"github.com/package-url/packageurl-go"
+
+	"github.com/snyk/parlay/ecosystems/packages"
 )
 
 const server = "https://packages.ecosyste.ms/api/v1"

lib/ecosystems/package_test.go

@@ -24,6 +24,7 @@ import (
 	"github.com/jarcoal/httpmock"
 	"github.com/package-url/packageurl-go"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestGetPackageData(t *testing.T) {
@@ -36,9 +37,11 @@ func TestGetPackageData(t *testing.T) {
 		httpmock.NewBytesResponder(200, []byte{}),
 	)
 
-	purl, _ := packageurl.FromString("pkg:maven/org.springframework.boot/spring-boot-starter-jdb")
+	purl, err := packageurl.FromString("pkg:maven/org.springframework.boot/spring-boot-starter-jdb")
+	require.NoError(t, err)
 
-	_, _ = GetPackageData(purl)
+	_, err = GetPackageData(purl)
+	require.NoError(t, err)
 
 	httpmock.GetTotalCallCount()
 	calls := httpmock.GetCallCountInfo()

lib/ecosystems/repo_test.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/jarcoal/httpmock"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestGetRepoData(t *testing.T) {
@@ -33,7 +34,8 @@ func TestGetRepoData(t *testing.T) {
 		httpmock.NewBytesResponder(200, []byte{}),
 	)
 
-	_, _ = GetRepoData("https://github.com/golang/go")
+	_, err := GetRepoData("https://github.com/golang/go")
+	require.NoError(t, err)
 
 	httpmock.GetTotalCallCount()
 	calls := httpmock.GetCallCountInfo()