upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/hack/golangci-hints.yaml
Kubernetes Prow Robot c91e982433
Merge pull request #136489 from Ignoramuss/optionalorrequired-node 
api: enable optionalorrequired linter for node API
2026-02-03 23:58:27 +05:30

572 lines
32 KiB
YAML
Raw Permalink Blame History

# golangci-lint is used in Kubernetes with different configurations that
# enable an increasing amount of checks:
# - golangci.yaml is the most permissive configuration. All existing code
# passed.
# - golangci-hints.yaml adds checks for code patterns where developer
# and reviewer may decide whether findings should get addressed before
# merging. Beware that the golangci-lint output includes also the
# issues that must be fixed and doesn't indicate how severe each issue
# is (https://gophers.slack.com/archives/CS0TBRKPC/p1685721815275349).
#
# All three flavors are generated from golangci.yaml.in with
# hack/update-golangci-lint-config.sh.
run:
timeout: 30m
# The default is relative to the configuration, which is confusing because
# then all paths start with ../ to move out of the "hack" directory.
# `gomod` mirrors the current behavior of `golangci-lint.sh` changing into
# the root of the repository. Because we are operating in a workspace,
# the module picked by `gomod` is the main one
relative-path-mode: gomod
version: "2"
formatters:
exclusions:
paths:
- third_party
output:
formats:
text:
path: stderr
issues:
max-issues-per-linter: 0
max-same-issues: 0
linters:
exclusions:
paths:
- third_party
# Log a warning if an exclusion rule is unused.
#
# Uncomment when investigating whether the configuration can be simplified,
# but beware that golangci-lint then needs to be invoked for the entire
# repository. Invoking it for individual packages may trigger these warning
# when the rules are only needed elsewhere.
#
# warn-unused: true
# Excluding configuration per-path, per-linter, per-text and per-source.
rules:
# https://github.com/kubernetes/kubernetes/issues/117288#issuecomment-1507012435
- linters:
- gocritic
text: "ifElseChain: rewrite if-else to switch statement"
# Only packages listed here opt into the strict "exported symbols must be documented".
#
# Exclude texts from https://github.com/golangci/golangci-lint/blob/ab3c3cd69e602ff53bb4c3e2c188f0caeb80305d/pkg/config/issues.go#L11-L103
- linters:
- revive
- staticcheck
text: comment on exported (method|function|type|const)|should have( a package)? comment|comment should be of the form|comment on exported (method|function|type|const)|should have( a package)? comment|comment should be of the form|exported (.+) should have comment( \(or a comment on this block\))? or be unexported|package comment should be of the form "(.+)...|comment on exported (.+) should be of the form "(.+)...|should have a package comment
path-except: cmd/kubeadm
# The unused linter that comes from staticcheck currently does not handle types which implement
# a generic interface. The linter incorrectly reports the implementations of unexported
# interface methods as unused. See https://github.com/dominikh/go-tools/issues/1294.
# Rather than exporting the interface methods, which makes the error go away but changes the
# semantics of the code, we ignore this error for affected files.
# This can be removed when the staticcheck implementation of this rule is fixed, which may
# depend on https://github.com/golang/go/issues/63982.
- linters:
- unused
path: staging/src/k8s.io/client-go/util/workqueue/metrics.go
# SSA Extract calls are allowed in tests.
- linters:
- forbidigo
text: should not be used because managedFields was removed
path: _test.go$
# Adding unversioned feature gates is allowed in tests
- linters:
- forbidigo
text: should not use Add, use AddVersioned instead
path: _test.go$
# The Kubernetes naming convention for conversion functions uses underscores
# and intentionally deviates from normal Go conventions to make those function
# names more readable. Same for SetDefaults_*.
#
# https://github.com/kubernetes/kubernetes/issues/117288#issuecomment-1507028627
# https://github.com/kubernetes/kubernetes/issues/117288#issuecomment-1514201592
- linters:
- staticcheck
- revive
text: "(ST1003: should not use underscores in Go names; func ([cC]onvert_.*_To_.*|[sS]etDefaults_)|exported: exported function (Convert|SetDefaults)_.* should be of the form)"
# The generated swagger docs also don't follow the naming convention.
- linters:
- staticcheck
text: "ST1003: should not use underscores in Go names"
path: types_swagger_doc_generated.go$
- path: (.+)\.go$
# staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
text: ineffective break statement. Did you mean to break out of the outer loop
# exclude ineffassign linter for generated files for conversion
- path: conversion\.go
linters:
- ineffassign
# Kube-API-Linter should only be run on the API definitions
- linters:
- kubeapilinter
path-except: staging/src/k8s.io/api/.*
# Exceptions for kube-api-linter.
# Exceptions are used for kube-api-linter to ignore existing issues that cannot be fixed without breaking changes.
# Pre-existing issues from the conditions linter
# Conditions generally should be a metav1.Condition, and should not use custom condition types.
- text: "Conditions field in StorageVersionStatus|StatefulSetStatus|DeploymentStatus|DaemonSetStatus|ReplicaSetStatus|HorizontalPodAutoscalerStatus|JobStatus|CertificateSigningRequestStatus|PersistentVolumeClaimStatus|ReplicationControllerStatus|ServiceStatus|NodeStatus|NamespaceStatus|ComponentStatus|PodStatus|FlowSchemaStatus|PriorityLevelConfigurationStatus|FlowSchemaStatus|PriorityLevelConfigurationStatus|PodDisruptionBudgetStatus|AllocatedDeviceStatus|Endpoint|StatefulSetStatus|DeploymentStatus|DaemonSetStatus|ReplicaSetStatus|HorizontalPodAutoscalerStatus|JobStatus|CertificateSigningRequestStatus|PersistentVolumeClaimStatus|ReplicationControllerStatus|ServiceStatus|NodeStatus|NamespaceStatus|ComponentStatus|PodStatus|FlowSchemaStatus|PriorityLevelConfigurationStatus|FlowSchemaStatus|PriorityLevelConfigurationStatus|PodDisruptionBudgetStatus|AllocatedDeviceStatus|Endpoint|StorageVersionMigrationStatus must be a slice of metav1.Condition"
path: "staging/src/k8s.io/api/"
# Conditions should have patch strategy markers, but changing these after shipping a client is a breaking change.
# Clients would treat these as atomic, when the patch strategy should be merge.
- text: "Conditions field in ValidatingAdmissionPolicyStatus is missing the following markers: patchStrategy=merge, patchMergeKey=type"
path: "staging/src/k8s.io/api/admissionregistration/"
- text: "Conditions field in ValidatingAdmissionPolicyStatus has incorrect tags, should be: `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,3,rep,name=conditions\"`"
path: "staging/src/k8s.io/api/admissionregistration/"
- text: "Conditions field in PodDisruptionBudgetStatus has incorrect tags, should be: `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`"
path: "staging/src/k8s.io/api/policy/"
- text: "Conditions field in AllocatedDeviceStatus is missing the following markers: patchStrategy=merge, patchMergeKey=type"
path: "staging/src/k8s.io/api/resource/"
- text: "Conditions field in AllocatedDeviceStatus has incorrect tags, should be: `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,5,rep,name=conditions\"`"
path: "staging/src/k8s.io/api/resource/"
# Commentstart - Ignore commentstart issues for existing API group
# TODO: For each existing API group, we aim to remove it over time.
- text: "godoc for field .* should start with '.* ...'"
path: "staging/src/k8s.io/api/(apiserverinternal|apps|authorization|autoscaling|batch|certificates|coordination|core|discovery|events|extensions|flowcontrol|imagepolicy|networking|node|policy|rbac|resource|scheduling|storage|storagemigration)"
- text: "field .* is missing godoc comment"
path: "staging/src/k8s.io/api/autoscaling/"
# notimestamp: Legacy 'Timestamp' fields retained for backward compatibility
- text: 'notimestamp: naming convention "notimestamp": field TokenRequestStatus.ExpirationTimestamp: prefer use of the term ''time'' over ''timestamp'''
path: "staging/src/k8s.io/api/authentication/v1/types.go"
- text: 'notimestamp: naming convention "notimestamp": field (PodLogOptions.Timestamps|Event.FirstTimestamp|Event.LastTimestamp): prefer use of the term ''time'' over ''timestamp'''
path: "staging/src/k8s.io/api/core/v1/types.go"
- text: 'notimestamp: naming convention "notimestamp": field Event.Deprecated(FirstTimestamp|LastTimestamp): prefer use of the term ''time'' over ''timestamp'''
path: "staging/src/k8s.io/api/events/(v1|v1beta1)/types.go"
- text: 'notimestamp: naming convention "notimestamp": field AllocationResult.AllocationTimestamp: prefer use of the term ''time'' over ''timestamp'''
path: "staging/src/k8s.io/api/resource/(v1|v1beta1|v1beta2)/types.go"
# Pre-existing issues from the conflictmarkers linter
# The Error field in some older API types is marked as both optional and required.
# This is incorrect, but cannot be changed without breaking changes.
- text: "field PortStatus.Error has conflicting markers: optional_vs_required: {\\[optional\\], \\[kubebuilder:validation:Required\\]}. fields cannot be both optional and required"
path: "staging/src/k8s.io/api/core/v1/types.go"
- text: "field IngressPortStatus.Error has conflicting markers: optional_vs_required: {\\[optional\\], \\[kubebuilder:validation:Required\\]}. fields cannot be both optional and required"
path: "staging/src/k8s.io/api/extensions/v1beta1/types.go"
- text: "field IngressPortStatus.Error has conflicting markers: optional_vs_required: {\\[optional\\], \\[kubebuilder:validation:Required\\]}. fields cannot be both optional and required"
path: "staging/src/k8s.io/api/networking/v1/types.go"
- text: "field IngressPortStatus.Error has conflicting markers: optional_vs_required: {\\[optional\\], \\[kubebuilder:validation:Required\\]}. fields cannot be both optional and required"
path: "staging/src/k8s.io/api/networking/v1beta1/types.go"
# The following exceptions are for fields in stable or deprecated APIs that cannot be
# changed due to backward compatibility constraints. Each rule is scoped to the
# specific field to avoid hiding new violations.
## For the "Extra" field, which is common across several auth-related APIs.
- text: "field UserInfo.Extra should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/authentication/(v1|v1beta1)/types.go"
- text: "field SubjectAccessReviewSpec.Extra should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/authorization/(v1|v1beta1)/types.go"
- text: "field CertificateSigningRequestSpec.Extra should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/certificates/(v1|v1beta1)/types.go"
## For ResourceList fields in the core API.
- text: "field (PersistentVolumeSpec.Capacity|ContainerStatus.AllocatedResources|PodSpec.Overhead|ResourceQuotaSpec.Hard) type ResourceList should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/core/v1/types.go"
- text: "field (ResourceRequirements|VolumeResourceRequirements).(Limits|Requests) type ResourceList should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/core/v1/types.go"
- text: "field LimitRangeItem.(Max|Min|Default|DefaultRequest|MaxLimitRequestRatio) type ResourceList should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/core/v1/types.go"
- text: "field ResourceQuotaStatus.(Hard|Used) type ResourceList should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/core/v1/types.go"
- text: "type ResourceList should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/core/v1/types.go"
## For the Secret.Data and ConfigMap.BinaryData fields in the core API.
- text: "field (Secret.Data|ConfigMap.BinaryData) should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/core/v1/types.go"
## For map fields in the resource API (across all versions).
- text: "field (CounterSet|DeviceCounterConsumption).Counters should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/resource/(v1|v1beta1|v1beta2)/types.go"
- text: "field BasicDevice.(Attributes|Capacity) should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/resource/v1beta1/types.go"
- text: "field Device.(Attributes|Capacity) should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/resource/(v1|v1beta2)/types.go"
- text: "field (CapacityRequirements.Requests|DeviceRequestAllocationResult.ConsumedCapacity) should not use a map type, use a list type with a unique name/identifier instead"
path: "staging/src/k8s.io/api/resource/(v1|v1beta1|v1beta2)/types.go"
# OptionalOrRequired is being enabled over time. For now, each API group should be added to this list until we comb through each group and fix the missing tags.
- text: "must be marked as optional or required"
path: "staging/src/k8s.io/api/(admission|apidiscovery|apiserverinternal|apps|authentication|authorization|autoscaling|batch|certificates|coordination|core|discovery|events|extensions|flowcontrol|networking|policy|rbac|resource|storage|storagemigration)"
# OptionalOrRequired - Existing fields that are marked as both optional and required (based on standard optional vs kubebuilder:validation:Required) and should not be fixed.
- text: "field (PortStatus|IngressPortStatus)\\.Error must not be marked as both optional and required"
path: "staging/src/k8s.io/api/(core/v1|extensions/v1beta1|networking/(v1|v1beta1))"
# jsontags: 'Port' must be capitalized for backward compatibility
- text: 'jsontags: field DaemonEndpoint.Port json tag does not match'
path: "staging/src/k8s.io/api/core/v1/types.go"
- linters:
- forbidigo
path: test/e2e/e2e_test\.go|test/e2e/framework/internal/.*|test/e2e/framework/[^/]*\.go|test/e2e/invariants/.*
default: standard
enable: # please keep this alphabetized
- depguard
- forbidigo
- ginkgolinter
- gocritic
- govet
- errorlint
- ineffassign
- kubeapilinter
- logcheck
- modernize
- revive
- sorted
- staticcheck
- testifylint
- unused
- usestdlibvars
settings: # please keep this alphabetized
custom:
logcheck:
# Installed there by hack/verify-golangci-lint.sh.
path: _output/local/bin/logcheck.so
description: structured logging checker
original-url: k8s.io/logtools/logcheck
settings:
config: |
# hack/logcheck.conf contains regular expressions that are matched against <pkg>/<file>,
# for example k8s.io/cmd/kube-scheduler/app/config/config.go.
#
# By default, structured logging call parameters are checked, but usage of
# those calls is not required. That is changed on a per-file basis.
#
# Remember to clean the golangci-lint cache when changing the configuration and
# running the verify-golangci-lint.sh script multiple times, otherwise
# golangci-lint will report stale results:
# _output/local/bin/golangci-lint cache clean
# At this point we don't enforce the usage structured logging calls except in
# those packages that were migrated. This disables the check for other files.
-structured .*
# Now enable it again for migrated packages.
structured k8s.io/kubernetes/pkg/kubelet/.*
structured k8s.io/kubernetes/pkg/proxy/.*
structured k8s.io/kms/.*
structured k8s.io/apiserver/pkg/storage/value/.*
structured k8s.io/apiserver/pkg/server/options/encryptionconfig/.*
structured k8s.io/kubernetes/pkg/credentialprovider/plugin/.*
# The following packages have been migrated to contextual logging.
# Packages matched here do not have to be listed above because
# "contextual" implies "structured".
contextual k8s.io/api/.*
contextual k8s.io/apimachinery/pkg/util/runtime/.*
contextual k8s.io/client-go/metadata/.*
contextual k8s.io/client-go/rest/.*
contextual k8s.io/client-go/tools/cache/.*
contextual k8s.io/client-go/tools/events/.*
contextual k8s.io/client-go/tools/record/.*
contextual k8s.io/component-base/featuregate/*
contextual k8s.io/component-helpers/.*
contextual k8s.io/cri-api/.*
contextual k8s.io/cri-client/.*
contextual k8s.io/csi-translation-lib/.*
contextual k8s.io/dynamic-resource-allocation/.*
contextual k8s.io/endpointslice/.*
contextual k8s.io/kms/.*
contextual k8s.io/kube-controller-manager/.*
contextual k8s.io/kube-proxy/.*
contextual k8s.io/kube-scheduler/.*
contextual k8s.io/sample-apiserver/.*
contextual k8s.io/sample-cli-plugin/.*
contextual k8s.io/sample-controller/.*
contextual k8s.io/kubernetes/cmd/kube-proxy/.*
contextual k8s.io/kubernetes/cmd/kube-scheduler/.*
contextual k8s.io/kubernetes/cmd/kubelet/.*
contextual k8s.io/kubernetes/pkg/api/.*
contextual k8s.io/kubernetes/pkg/apis/.*
contextual k8s.io/kubernetes/pkg/capabilities/.*
contextual k8s.io/kubernetes/pkg/client/.*
contextual k8s.io/kubernetes/pkg/cluster/.*
contextual k8s.io/kubernetes/pkg/controller/.*
contextual k8s.io/kubernetes/pkg/features/.*
contextual k8s.io/kubernetes/pkg/fieldpath/.*
contextual k8s.io/kubernetes/pkg/generated/.*
contextual k8s.io/kubernetes/pkg/printers/.*
contextual k8s.io/kubernetes/pkg/quota/.*
contextual k8s.io/kubernetes/pkg/scheduler/.*
contextual k8s.io/kubernetes/pkg/security/.*
contextual k8s.io/kubernetes/pkg/securitycontext/.*
contextual k8s.io/kubernetes/test/e2e/dra/.*
contextual k8s.io/kubernetes/test/images/sample-device-plugin/.*
contextual k8s.io/kubernetes/pkg/kubelet/allocation/.*
contextual k8s.io/kubernetes/pkg/kubelet/apis/.*
contextual k8s.io/kubernetes/pkg/kubelet/cadvisor/.*
contextual k8s.io/kubernetes/pkg/kubelet/certificate/.*
contextual k8s.io/kubernetes/pkg/kubelet/checkpointmanager/.*
contextual k8s.io/kubernetes/pkg/kubelet/client/.*
contextual k8s.io/kubernetes/pkg/kubelet/clustertrustbundle/.*
contextual k8s.io/kubernetes/pkg/kubelet/cm/.*
contextual k8s.io/kubernetes/pkg/kubelet/config/.*
contextual k8s.io/kubernetes/pkg/kubelet/configmap/.*
contextual k8s.io/kubernetes/pkg/kubelet/container/.*
contextual k8s.io/kubernetes/pkg/kubelet/envvars/.*
contextual k8s.io/kubernetes/pkg/kubelet/events/.*
contextual k8s.io/kubernetes/pkg/kubelet/eviction/.*
contextual k8s.io/kubernetes/pkg/kubelet/images/.*
contextual k8s.io/kubernetes/pkg/kubelet/kubeletconfig/.*
contextual k8s.io/kubernetes/pkg/kubelet/kuberuntime/.*
contextual k8s.io/kubernetes/pkg/kubelet/lifecycle/.*
contextual k8s.io/kubernetes/pkg/kubelet/logs/.*
contextual k8s.io/kubernetes/pkg/kubelet/metrics/.*
contextual k8s.io/kubernetes/pkg/kubelet/network/.*
contextual k8s.io/kubernetes/pkg/kubelet/nodeshutdown/.*
contextual k8s.io/kubernetes/pkg/kubelet/nodestatus/.*
contextual k8s.io/kubernetes/pkg/kubelet/oom/.*
contextual k8s.io/kubernetes/pkg/kubelet/pleg/.*
contextual k8s.io/kubernetes/pkg/kubelet/pluginmanager/.*
contextual k8s.io/kubernetes/pkg/kubelet/pod/.*
contextual k8s.io/kubernetes/pkg/kubelet/podcertificate/.*
contextual k8s.io/kubernetes/pkg/kubelet/preemption/.*
contextual k8s.io/kubernetes/pkg/kubelet/prober/.*
contextual k8s.io/kubernetes/pkg/kubelet/qos/.*
contextual k8s.io/kubernetes/pkg/kubelet/runtimeclass/.*
contextual k8s.io/kubernetes/pkg/kubelet/secret/.*
contextual k8s.io/kubernetes/pkg/kubelet/server/.*
contextual k8s.io/kubernetes/pkg/kubelet/stats/.*
contextual k8s.io/kubernetes/pkg/kubelet/status/.*
contextual k8s.io/kubernetes/pkg/kubelet/sysctl/.*
contextual k8s.io/kubernetes/pkg/kubelet/token/.*
contextual k8s.io/kubernetes/pkg/kubelet/types/.*
contextual k8s.io/kubernetes/pkg/kubelet/userns/.*
contextual k8s.io/kubernetes/pkg/kubelet/util/.*
contextual k8s.io/kubernetes/pkg/kubelet/volumemanager/.*
contextual k8s.io/kubernetes/pkg/kubelet/watchdog/.*
contextual k8s.io/kubernetes/pkg/kubelet/winstats/.*
# As long as contextual logging is alpha or beta, all WithName, WithValues,
# NewContext calls have to go through klog. Once it is GA, we can lift
# this restriction. Whether we then do a global search/replace remains
# to be decided.
with-helpers .*
sorted:
# Installed there by hack/verify-golangci-lint.sh.
path: _output/local/bin/sorted.so
description: check if feature gates are sorted
original-url: k8s.io/kubernetes/hack/tools/golangci-lint/sorted
settings:
files:
- cmd/kubeadm/app/features/features.go
- pkg/features/kube_features.go
- staging/src/k8s.io/apiserver/pkg/features/kube_features.go
- staging/src/k8s.io/client-go/features/known_features.go
- staging/src/k8s.io/controller-manager/pkg/features/kube_features.go
- staging/src/k8s.io/apiextensions-apiserver/pkg/features/kube_features.go
- test/e2e/feature/feature.go
- test/e2e/environment/environment.go
kubeapilinter:
path: _output/local/bin/kube-api-linter.so
description: kube-api-linter and lints Kube like APIs based on API conventions and best practices.
original-url: sigs.k8s.io/kube-api-linter
settings:
linters:
disable:
- '*'
enable:
- "commentstart" # Ensure comments start with the serialized version of the field name.
- "conditions" # Ensure conditions have the correct json tags and markers.
- "conflictingmarkers" # Detect mutually exclusive markers on the same field.
- "integers" # Ensure only int32 and int64 are used for integers.
- "jsontags" # Ensure every field has a json tag.
# - "maxlength" # Ensure all strings and arrays have maximum lengths/maximum items. ONLY for CRDs until declarative markers exist in core types.
# - "nobools" # Bools do not evolve over time, should use enums instead.
# - "nofloats" # Ensure floats are not used.
- "nomaps" # Ensure maps are not used, unless they are `map[string]string` (for labels/annotations/etc).
- "nonullable" # Ensure fields are not marked as nullable.
# - "nophase" # Ensure field names do not have the word "phase" in them.
- "notimestamp" # Ensure fields are not named "timestamp", prefer "time".
# - "optionalfields" # Ensure fields marked optional have omitempty and pointers.
- "optionalorrequired" # Every field should be marked as `+optional` xor `+required`.
# - "requiredfields" # Required fields should only be pointers when required based on the validity of the zero value, they should always have `omitempty`.
- "ssatags" # Ensure lists have a listType tag.
# - "uniquemarkers" # Ensure markers are not duplicated across field and type definitions.
- "duplicatemarkers" #Prevent identical markers from being present on types and fields
- "dependenttags" # Ensure markers dependent on other markers are present.
- "nodurations" # Ensure duration types are not used.
lintersConfig:
conditions:
isFirstField: Ignore
usePatchStrategy: SuggestFix
useProtobuf: SuggestFix
conflictingmarkers:
conflicts:
- name: "optional_vs_required"
sets:
- ["k8s:optional", "optional", "kubebuilder:validation:Optional"]
- ["k8s:required", "required", "kubebuilder:validation:Required"]
description: "fields cannot be both optional and required"
- name: "required_vs_default"
sets:
- ["k8s:required", "required", "kubebuilder:validation:Required"]
- ["default"]
description: "fields with default values are always optional"
dependenttags:
rules:
- identifier: "k8s:unionMember"
type: "All"
dependsOn:
- "k8s:optional"
# jsonTags:
# jsonTagRegex: "^[a-z][a-z0-9]*(?:[A-Z][a-z0-9]*)*$" # The default regex is appropriate for our use case.
# nomaps:
# policy: AllowStringToStringMaps # Determines how the linter should handle maps of basic types. Maps of objects are always disallowed.
# optionalFields:
# policy: AllowOptionalFields # Determines how the linter should handle optional fields.optionalfields:
# pointers:
# preference: Always | WhenRequired # Whether to always require pointers, or only when required. Defaults to `Always`.
# policy: SuggestFix | Warn # The policy for pointers in optional fields. Defaults to `SuggestFix`.
# omitempty:
# policy: SuggestFix | Warn | Ignore # The policy for omitempty in optional fields. Defaults to `SuggestFix`.
# omitzero:
# policy: SuggestFix | Warn | Forbid # The policy for omitzero in optional fields. Defaults to `SuggestFix`.
# optionalOrRequired:
# preferredOptionalMarker: optional # The preferred optional marker to use, fixes will suggest to use this marker. Defaults to `optional`.
# preferredRequiredMarker: required # The preferred required marker to use, fixes will suggest to use this marker. Defaults to `required`.
# policy: AllowOptionalFields # Determines how the linter should handle optional fields.
# requiredFields:
# pointers:
# policy: SuggestFix | Warn # The policy for pointers in required fields. Defaults to `SuggestFix`.
# omitempty:
# policy: SuggestFix | Warn | Ignore # The policy for omitempty in required fields. Defaults to `SuggestFix`.
# omitzero:
# policy: SuggestFix | Warn | Forbid # The policy for omitzero in required fields. Defaults to `SuggestFix`.
ssatags:
listTypeSetUsage: Ignore # The policy for listType=set usage on object arrays. Defaults to `Warn`.
# uniquemarkers:
# customMarkers:
# - identifier: custom:SomeCustomMarker
# attributes:
# - fruit
depguard:
rules:
utils:
files:
- $all
deny:
- pkg: "k8s.io/utils/pointer"
desc: "k8s.io/utils/pointer shall no longer be used, please use k8s.io/utils/ptr."
go-cmp:
files:
- $all
- "!$test"
- "!**/test/**"
- "!**/testing/**"
- "!**/apitesting/**"
deny:
- pkg: "github.com/google/go-cmp/cmp"
desc: "cmp is allowed only in test files"
- pkg: "html/template"
desc: "template is allowed only in test files as it disables dead code elimination"
forbidigo:
analyze-types: true
forbid:
- pattern: md5\.*
# https://github.com/kubernetes/kubernetes/issues/129652
msg: md5 is oudated, insecure, prefer a secure hash (such as sha256) or a non-cryptographic hash
- pattern: ^managedfields\.ExtractInto$
pkg: ^k8s\.io/apimachinery/pkg/util/managedfields$
msg: should not be used because managedFields was removed
- pattern: \.Extract
pkg: ^k8s\.io/client-go/applyconfigurations/
msg: should not be used because managedFields was removed
- pattern: \.Add$
pkg: ^k8s\.io/component-base/featuregate$
msg: should not use Add, use AddVersioned instead
- pattern: \.(ReportBeforeSuite|ReportAfterSuite)
pkg: ^github\.com/onsi/ginkgo/v2$
msg: usage is restricted to code under control of SIG Testing
# Exceptions are listed above under rules.
- pattern: ^gomega\.BeTrue$
pkg: ^github.com/onsi/gomega$
msg: "it does not produce a good failure message - use BeTrueBecause with an explicit printf-style failure message instead, or plain Go: if ... { ginkgo.Fail(...) }"
- pattern: ^gomega\.BeFalse$
pkg: ^github.com/onsi/gomega$
msg: "it does not produce a good failure message - use BeFalseBecause with an explicit printf-style failure message instead, or plain Go: if ... { ginkgo.Fail(...) }"
modernize:
# List of analyzers to disable.
# By default, all analyzers are enabled but in
# Kubernetes we want to be more selective and
# disable those which are not useful for it.
#
# Analyzers which are kept enabled are not
# called out here, see https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/modernize#section-documentation
# for the full list.
disable:
# Replace interface{} with any.
#
# Disabled because developers may
# prefer to use `interface{}` for
# consistency with existing code
# and it's just syntactic sugar.
- any
# Suggest replacing omitempty with omitzero for struct fields.
#
# Disabled because might interfere
# with encoding of API structs.
- omitzero
# Replace += with strings.Builder.
#
# Disabled because in code which
# isn't performance-sensitive +=
# can be a bit more readable.
- stringsbuilder
# Replace context.WithCancel with t.Context in tests.
#
# Disabled because in Kubernetes,
# test/utils/ktesting handles
# context cancellation and also
# addresses other pain points.
- testingcontext
# Replace wg.Add(1)/go/wg.Done() with wg.Go.
#
# A useful hint leading to shorter code.
# Makes wait.Group obsolete.
# Please enable when all supported Kubernetes versions
# are on GoLang 1.25+
- waitgroup
revive:
# Only these rules are enabled.
rules:
- name: exported
arguments:
- disableStutteringCheck
staticcheck:
checks:
- "all"
- "-QF1008" # Omit embedded fields from selector expression
testifylint:
enable-all: true
Reference in a new issue View git blame Copy permalink