Chore upgrade golangci lint

.github/workflows/build.yml

@@ -13,16 +13,16 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go_version: ['1.24']
+        go_version: ['1.25']
         os: [ubuntu-latest, windows-latest, macos-latest]
 
     steps:
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Go ${{ matrix.go_version }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go_version }}
           check-latest: true
@@ -35,6 +35,12 @@ jobs:
       - name: Build
         run: go build -v ./...
 
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: v2.11.4
+          args: --timeout=30m
+
       - name: Test
         shell: bash
         run: |
@@ -45,7 +51,7 @@ jobs:
           fi
 
       - name: Code coverage with codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           env_vars: OS,GO
           files: ./coverage.txt

.golangci.yml

@@ -1,3 +1,4 @@
+version: "2"
 linters:
   enable:
     - asasalint
@@ -8,7 +9,7 @@ linters:
     - errname
     - gocheckcompilerdirectives
     - gosec
-    - maintidx
+    # - maintidx
     - misspell
     - nilnil
     - noctx
@@ -20,10 +21,30 @@ linters:
     - unconvert
     - unparam
     - usestdlibvars
-
-linters-settings:
-  gosec:
-    excludes:
-      - G101 # Potential hardcoded credentials
-  staticcheck:
-    checks: ["all", "-SA1019"] # "golang.org/x/crypto/openpgp" is deprecated
+  settings:
+    gosec:
+      excludes:
+        - G101
+    staticcheck:
+      checks:
+        - all
+        - -SA1019
+        - -ST1003
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

Makefile

@@ -10,6 +10,11 @@ GOTEST=$(GOCMD) test
 GOTOOL=$(GOCMD) tool
 GOGET=$(GOCMD) get
 GOPATH?=`$(GOCMD) env GOPATH`
+GOBIN=$(shell $(GOCMD) env GOBIN)
+
+ifeq ($(GOBIN),)
+	GOBIN := $(GOPATH)/bin
+endif
 
 TESTS=. ./update
 COVERAGE_FILE=coverage.txt
@@ -26,6 +31,20 @@ TOC_PATH=toc.md
 
 all: test build
 
+verify: ## Verify go installation
+ifeq ($(GOPATH),)
+	@echo "GOPATH not found, please check your go installation"
+	exit 1
+endif
+
+$(GOBIN)/eget: verify
+	@echo "[*] $@"
+	GOBIN="$(GOBIN)" $(GOCMD) install -v github.com/zyedidia/eget@v1.3.4
+
+$(GOBIN)/golangci-lint-v2: verify $(GOBIN)/eget
+	@echo "[*] $@"
+	"$(GOBIN)/eget" golangci/golangci-lint --tag v2.11.4 --asset=tar.gz --upgrade-only --to '$(GOBIN)/golangci-lint-v2'
+
 build:
 		$(GOBUILD) -v ./...
 
@@ -53,17 +72,17 @@ toc:
 	rm ${README}.1 ${README}.2 ${TOC_PATH}
 
 .PHONY: lint
-lint:
+lint: $(GOBIN)/golangci-lint-v2
 	@echo "[*] $@"
-	GOOS=darwin golangci-lint run
-	GOOS=linux golangci-lint run
-	GOOS=windows golangci-lint run
+	GOOS=darwin $(GOBIN)/golangci-lint-v2 run
+	GOOS=linux $(GOBIN)/golangci-lint-v2 run
+	GOOS=windows $(GOBIN)/golangci-lint-v2 run
 
 .PHONY: fix
-fix:
+fix: $(GOBIN)/golangci-lint-v2
 	@echo "[*] $@"
 	$(GOCMD) mod tidy
 	$(GOCMD) fix ./...
-	GOOS=darwin golangci-lint run --fix
-	GOOS=linux golangci-lint run --fix
-	GOOS=windows golangci-lint run --fix
+	GOOS=darwin $(GOBIN)/golangci-lint-v2 run --fix
+	GOOS=linux $(GOBIN)/golangci-lint-v2 run --fix
+	GOOS=windows $(GOBIN)/golangci-lint-v2 run --fix

arm_test.go

@@ -1,6 +1,7 @@
 package selfupdate
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"os/exec"
@@ -36,7 +37,7 @@ func TestGetGOARM(t *testing.T) {
 		t.Run(tc.goOS+" "+tc.goArch+" "+tc.goArm, func(t *testing.T) {
 			tempBinary := t.TempDir() + "/tempBinary-" + tc.goOS + tc.goArch + "v" + tc.goArm
 			buildCmd := fmt.Sprintf("GOOS=%s GOARCH=%s GOARM=%s go build -o %s ./testdata/hello", tc.goOS, tc.goArch, tc.goArm, tempBinary)
-			cmd := exec.Command("sh", "-c", buildCmd)
+			cmd := exec.CommandContext(context.TODO(), "sh", "-c", buildCmd)
 			cmd.Stdout = os.Stdout
 			cmd.Stderr = os.Stderr
 			err := cmd.Run()

cmd/serve-repo/logger.go

@@ -47,7 +47,7 @@ func WithLogging(h http.Handler) http.Handler {
 
 		duration := time.Since(start)
 
-		slog.Info("request completed",
+		slog.Info("request completed", //nolint:gosec // G706: Log injection via taint analysis
 			"uri", req.RequestURI,
 			"method", req.Method,
 			"status", responseData.status, // get captured status code

decompress.go

@@ -99,7 +99,7 @@ func gunzip(src io.Reader, cmd, os, arch string) (io.Reader, error) {
 		return nil, fmt.Errorf("%w gzip file: %s", ErrCannotDecompressFile, err)
 	}
 
-	name := r.Header.Name
+	name := r.Name
 	if !matchExecutableName(cmd, os, arch, name) {
 		return nil, fmt.Errorf("%w: expected %q but found %q", ErrExecutableNotFoundInArchive, cmd, name)
 	}

detect_test.go

@@ -897,7 +897,6 @@ func TestFindReleaseAndAsset(t *testing.T) {
 	}
 
 	for _, testItem := range testData {
-		testItem := testItem
 		t.Run(testItem.name, func(t *testing.T) {
 			t.Parallel()
 

github_release.go

@@ -36,8 +36,8 @@ func NewGitHubRelease(from *github.RepositoryRelease) *GitHubRelease {
 	return release
 }
 
-func (a *GitHubRelease) GetID() int64 {
-	return a.releaseID
+func (r *GitHubRelease) GetID() int64 {
+	return r.releaseID
 }
 
 func (r *GitHubRelease) GetTagName() string {

github_source.go

@@ -101,17 +101,17 @@ func (s *GitHubSource) DownloadReleaseAsset(ctx context.Context, rel *Release, a
 	// This is a workaround for the issue that the GitHub API does not support downloading assets from GitHub Proxy services.
 	if useGithubProxy {
 		// Determine download url based on asset id.
-		var downloadUrl string
+		var downloadURL string
 		if rel.AssetID == assetID {
-			downloadUrl = rel.AssetURL
+			downloadURL = rel.AssetURL
 		} else if rel.ValidationAssetID == assetID {
-			downloadUrl = rel.ValidationAssetURL
+			downloadURL = rel.ValidationAssetURL
 		}
-		if downloadUrl == "" {
+		if downloadURL == "" {
 			return nil, fmt.Errorf("asset ID %d: %w", assetID, ErrAssetNotFound)
 		}
 		// Download the asset directly from the AssetURL
-		req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadUrl, http.NoBody)
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, http.NoBody)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create download request:%w", err)
 		}

gitlab_release.go

@@ -76,7 +76,7 @@ type GitLabAsset struct {
 
 func NewGitLabAsset(from *gitlab.ReleaseLink) *GitLabAsset {
 	return &GitLabAsset{
-		id:   int64(from.ID),
+		id:   from.ID,
 		name: from.Name,
 		url:  from.URL,
 	}

gitlab_source.go

@@ -75,27 +75,27 @@ func (s *GitLabSource) DownloadReleaseAsset(ctx context.Context, rel *Release, a
 	if rel == nil {
 		return nil, ErrInvalidRelease
 	}
-	var downloadUrl string
+	var downloadURL string
 	if rel.AssetID == assetID {
-		downloadUrl = rel.AssetURL
+		downloadURL = rel.AssetURL
 	} else if rel.ValidationAssetID == assetID {
-		downloadUrl = rel.ValidationAssetURL
+		downloadURL = rel.ValidationAssetURL
 	}
-	if downloadUrl == "" {
+	if downloadURL == "" {
 		return nil, fmt.Errorf("asset ID %d: %w", assetID, ErrAssetNotFound)
 	}
 
-	log.Printf("downloading %q", downloadUrl)
+	log.Printf("downloading %q", downloadURL)
 	client := http.DefaultClient
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadUrl, http.NoBody)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, http.NoBody)
 	if err != nil {
 		log.Print(err)
 		return nil, err
 	}
 
 	if s.token != "" {
 		// verify request is from same domain not to leak token
-		ok, err := canUseTokenForDomain(s.baseURL, downloadUrl)
+		ok, err := canUseTokenForDomain(s.baseURL, downloadURL)
 		if err != nil {
 			return nil, err
 		}

http_source.go

@@ -162,21 +162,21 @@ func (s *HttpSource) DownloadReleaseAsset(ctx context.Context, rel *Release, ass
 	}
 
 	// Determine download url based on asset id.
-	var downloadUrl string
+	var downloadURL string
 	if rel.AssetID == assetID {
-		downloadUrl = rel.AssetURL
+		downloadURL = rel.AssetURL
 	} else if rel.ValidationAssetID == assetID {
-		downloadUrl = rel.ValidationAssetURL
+		downloadURL = rel.ValidationAssetURL
 	}
-	if downloadUrl == "" {
+	if downloadURL == "" {
 		return nil, fmt.Errorf("asset ID %d: %w", assetID, ErrAssetNotFound)
 	}
 
 	// Setup HTTP client.
 	client := &http.Client{Transport: s.transport}
 
 	// Make request.
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadUrl, http.NoBody)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, http.NoBody)
 	if err != nil {
 		return nil, err
 	}

http_source_test.go

@@ -36,14 +36,14 @@ import (
 const httpTestBaseURL = "http://localhost"
 
 // Test server for testing http repos.
-type HttpRepoTestServer struct {
+type HTTPRepoTestServer struct {
 	server  *httptest.Server
 	repoURL string
 }
 
 // Setup test server with test data.
-func NewHttpRepoTestServer() *HttpRepoTestServer {
-	s := new(HttpRepoTestServer)
+func NewHTTPRepoTestServer() *HTTPRepoTestServer {
+	s := new(HTTPRepoTestServer)
 
 	// Setup handlers.
 	mux := http.NewServeMux()
@@ -57,7 +57,7 @@ func NewHttpRepoTestServer() *HttpRepoTestServer {
 }
 
 // Stop the HTTP server.
-func (s *HttpRepoTestServer) Stop() {
+func (s *HTTPRepoTestServer) Stop() {
 	s.server.Close()
 }
 
@@ -120,7 +120,7 @@ func TestHttpDownloadReleaseAssetWithNilRelease(t *testing.T) {
 // Verify we're able to list releases and download an asset.
 func TestHttpListAndDownloadReleaseAsset(t *testing.T) {
 	// Create test HTTP server and start it.
-	server := NewHttpRepoTestServer()
+	server := NewHTTPRepoTestServer()
 
 	// Make HTTP source with our test server.
 	source, err := NewHttpSource(HttpConfig{BaseURL: server.repoURL})

internal/resolve_path_windows.go

@@ -3,10 +3,11 @@
 package internal
 
 import (
-	"golang.org/x/sys/windows"
 	"os"
 	"strings"
 	"syscall"
+
+	"golang.org/x/sys/windows"
 )
 
 // ResolvePath returns the path of a given filename with all symlinks resolved.
@@ -27,7 +28,7 @@ func ResolvePath(filename string) (string, error) {
 	}
 
 	buf := make([]uint16, bufSize)
-	n, err := windows.GetFinalPathNameByHandle(handle, &buf[0], uint32(len(buf)), 0)
+	n, err := windows.GetFinalPathNameByHandle(handle, &buf[0], bufSize, 0)
 	if err != nil {
 		return "", err
 	}

log.go

@@ -11,13 +11,13 @@ func SetLogger(logger Logger) {
 // Logger interface. Compatible with standard log.Logger
 type Logger interface {
 	// Print calls Output to print to the standard logger. Arguments are handled in the manner of fmt.Print.
-	Print(v ...interface{})
+	Print(v ...any)
 	// Printf calls Output to print to the standard logger. Arguments are handled in the manner of fmt.Printf.
-	Printf(format string, v ...interface{})
+	Printf(format string, v ...any)
 }
 
 // emptyLogger to discard all logs by default
 type emptyLogger struct{}
 
-func (l *emptyLogger) Print(v ...interface{})                 {}
-func (l *emptyLogger) Printf(format string, v ...interface{}) {}
+func (l *emptyLogger) Print(v ...any)                 {}
+func (l *emptyLogger) Printf(format string, v ...any) {}