upd: update gitflow

.github/dependabot.yml

@@ -9,3 +9,8 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/go-test-gosec.yml

@@ -0,0 +1,28 @@
+# Run tests on every push for extra branches
+name: GoSec
+
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+          args: '-no-fail -fmt sarif -out results.sarif ./...'
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif
+          category: my-gosec-tool

.github/workflows/go-test.yml

@@ -17,18 +17,15 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
-      - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
-        with:
-          # we let the report trigger content trigger a failure using the GitHub Security features.
-          args: '-no-fail -fmt sarif -out results.sarif ./...'
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          # Path to SARIF file relative to the root of the repository
-          sarif_file: results.sarif
-          category: my-gosec-tool
+          go-version: 1.22
       - name: Test
         run: go test -v -tags test ./...
+      - name: Test & publish code coverage
+        uses: paambaati/codeclimate-action@v9.0.0
+        env:
+          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
+        with:
+          coverageCommand: go test -tags test -race -covermode=atomic -coverprofile=c.out . ./cmd/... ./storage/...
+          prefix: "github.com/LeKovr/showonce"
+          debug: true
 

.github/workflows/golang-ci-lint.yml

@@ -14,16 +14,16 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
           cache: false
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.52
+          version: v1.60.3
 
           # Optional: working directory, useful for monorepos
           # working-directory: somedir

.golangci.yml

@@ -30,26 +30,18 @@ linters-settings:
       - commentedOutCode # todo
       - deferInLoop
   gocyclo:
-    min-complexity: 15
+    min-complexity: 16
   goimports:
     local-prefixes: github.com/golangci/golangci-lint
   golint:
     min-confidence: 0
-  gomnd:
-    settings:
-      mnd:
-        # don't include the "operation" and "assign"
-        checks: [argument, case, condition, return]
-  govet:
-    check-shadowing: true
   lll:
-    line-length: 140
+    line-length: 145
   maligned:
     suggest-new: true
   misspell:
     locale: US
   gofumpt:
-    lang-version: "1.20"
     extra-rules: true
   forbidigo:
     forbid:
@@ -76,7 +68,6 @@ linters:
     - gofmt
     - gofumpt
     - goimports
-    - gomnd
     - goprintffuncname
     - gosec
     - gosimple
@@ -104,10 +95,9 @@ issues:
     - path: _test\.go
       linters:
         - gosec
-        - gomnd
         - errcheck
 
 # golangci.com configuration
 # https://github.com/golangci/golangci/wiki/Configuration
 service:
-  golangci-lint-version: 1.52.x # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.60.x # use the fixed version to not introduce new linters unexpectedly

go.mod

@@ -1,6 +1,8 @@
 module github.com/dopos/narra
 
-go 1.21.3
+go 1.22.7
+
+toolchain go1.23.2
 
 require (
 	github.com/LeKovr/go-kit/config v0.2.2

narra.go

@@ -451,17 +451,15 @@ func (srv *Service) processMeta(r *http.Request) (url string, ids *[]string, err
 	log := logr.FromContextOrDiscard(r.Context())
 	code := r.FormValue("code")
 	state := r.FormValue("state")
-	// TODO: r.FormValue("error")
+	// ?? r.FormValue("error")
 	// error=invalid_request&error_description
 	log.V(DL).Info("Auth data", "code", code, "state", state)
 	if code == "" || state == "" {
-		err = ErrAuthNotGranted
-		return
+		return "", nil, ErrAuthNotGranted
 	}
 	url, found := srv.cache.Get(state)
 	if !found {
-		err = ErrStateUnknown
-		return
+		return "", nil, ErrStateUnknown
 	}
 	srv.cache.Delete(state)
 
@@ -471,8 +469,7 @@ func (srv *Service) processMeta(r *http.Request) (url string, ids *[]string, err
 
 	tok, err := srv.api.Exchange(ctx, code)
 	if err != nil {
-		err = fmt.Errorf("token fetch failed: %w", err)
-		return
+		return "", nil, fmt.Errorf("token fetch failed: %w", err)
 	}
 
 	log.V(DL+1).Info("API token", "token", tok)
@@ -481,7 +478,7 @@ func (srv *Service) processMeta(r *http.Request) (url string, ids *[]string, err
 	// load usernames from provider
 	ids, err = srv.getMeta(client)
 	log.V(DL).Info("User meta", "tags", ids)
-	return
+	return url, ids, err
 }
 
 // stringExists checks if str exists in strings slice