cloudfoundry · chombium · Sep 19, 2025 · Sep 18, 2025
@@ -9,7 +9,7 @@ set +e
 golangci_lint_executable=$(which golangci-lint)
 set -e
 if [ -z "${golangci_lint_executable}" ] || [ ! -x "${golangci_lint_executable}" ]; then
-  go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+  go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
 fi
 
 pushd "${SCRIPT_DIR}/../../src" > /dev/null

@@ -1,6 +1,8 @@
+version: "2"
+
 run:
-  # Timeout for analysis.
-  # Default: 1m.
+  # Timeout full work, e.g. 30s, 5m.
+  # Default: none
   timeout: 5m
 
 linters:
@@ -13,9 +15,28 @@ linters:
     - gosec
     # Enforces standards of using ginkgo and gomega.
     - ginkgolinter
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
 
 issues:
   # Disable max issues per linter.
   max-issues-per-linter: 0
   # Disable max same issues.
   max-same-issues: 0
+
+formatters:
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
@@ -22,7 +22,7 @@ import (
 	"code.cloudfoundry.org/go-envstruct"
 	client "code.cloudfoundry.org/go-log-cache/v3"
 	"code.cloudfoundry.org/log-cache/internal/auth"
-	. "code.cloudfoundry.org/log-cache/internal/cfauthproxy"
+	"code.cloudfoundry.org/log-cache/internal/cfauthproxy"
 	"code.cloudfoundry.org/log-cache/internal/plumbing"
 	"code.cloudfoundry.org/log-cache/internal/promql"
 )
@@ -109,7 +109,7 @@ func main() {
 
 	if cfg.ProxyCAPath != "" {
 		proxyCACertPool := loadCA(cfg.ProxyCAPath, loggr)
-		metaHTTPClient.Transport = NewTransportWithRootCA(proxyCACertPool)
+		metaHTTPClient.Transport = cfauthproxy.NewTransportWithRootCA(proxyCACertPool)
 	}
 
 	metaFetcher := client.NewClient(
@@ -125,26 +125,26 @@ func main() {
 		capiClient,
 	)
 
-	proxyOptions := []CFAuthProxyOption{
-		WithAuthMiddleware(middlewareProvider.Middleware),
+	proxyOptions := []cfauthproxy.CFAuthProxyOption{
+		cfauthproxy.WithAuthMiddleware(middlewareProvider.Middleware),
 	}
 
 	if cfg.ProxyCAPath != "" {
 		proxyCACertPool := loadCA(cfg.ProxyCAPath, loggr)
-		proxyOptions = append(proxyOptions, WithCFAuthProxyCACertPool(proxyCACertPool))
+		proxyOptions = append(proxyOptions, cfauthproxy.WithCFAuthProxyCACertPool(proxyCACertPool))
 	}
 
 	if cfg.PromQLUnimplemented {
-		proxyOptions = append(proxyOptions, WithPromMiddleware(promql.UnimplementedMiddleware))
+		proxyOptions = append(proxyOptions, cfauthproxy.WithPromMiddleware(promql.UnimplementedMiddleware))
 	}
 
 	if cfg.CertPath == "" && cfg.KeyPath == "" {
-		proxyOptions = append(proxyOptions, WithCFAuthProxyTLSDisabled())
+		proxyOptions = append(proxyOptions, cfauthproxy.WithCFAuthProxyTLSDisabled())
 	} else {
-		proxyOptions = append(proxyOptions, WithCFAuthProxyTLSServer(cfg.CertPath, cfg.KeyPath))
+		proxyOptions = append(proxyOptions, cfauthproxy.WithCFAuthProxyTLSServer(cfg.CertPath, cfg.KeyPath))
 	}
 
-	proxy := NewCFAuthProxy(
+	proxy := cfauthproxy.NewCFAuthProxy(
 		gatewayURL.String(),
 		cfg.Addr,
 		proxyOptions...,
@@ -169,7 +169,7 @@ func main() {
 
 		accessLogger := auth.NewAccessLogger(accessLog)
 		accessMiddleware := auth.NewAccessMiddleware(accessLogger, cfg.InternalIP, localPort)
-		WithAccessMiddleware(accessMiddleware)(proxy)
+		cfauthproxy.WithAccessMiddleware(accessMiddleware)(proxy)
 	}
 
 	proxy.Start(uaaClient.RefreshTokenKeys)

@@ -14,7 +14,7 @@ import (
 	//nolint: gosec
 	_ "net/http/pprof"
 
-	. "code.cloudfoundry.org/log-cache/internal/gateway"
+	"code.cloudfoundry.org/log-cache/internal/gateway"
 	"code.cloudfoundry.org/log-cache/internal/plumbing"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -67,14 +67,14 @@ func main() {
 		go func() { log.Println("PPROF SERVER STOPPED " + pprofServer.ListenAndServe().Error()) }()
 	}
 
-	gatewayOptions := []GatewayOption{
-		WithGatewayLogger(gatewayLoggr),
-		WithGatewayVersion(cfg.Version),
-		WithGatewayBlock(),
+	gatewayOptions := []gateway.GatewayOption{
+		gateway.WithGatewayLogger(gatewayLoggr),
+		gateway.WithGatewayVersion(cfg.Version),
+		gateway.WithGatewayBlock(),
 	}
 
 	if cfg.ProxyCertPath != "" || cfg.ProxyKeyPath != "" {
-		gatewayOptions = append(gatewayOptions, WithGatewayTLSServer(cfg.ProxyCertPath, cfg.ProxyKeyPath))
+		gatewayOptions = append(gatewayOptions, gateway.WithGatewayTLSServer(cfg.ProxyCertPath, cfg.ProxyKeyPath))
 	}
 	if cfg.TLS.HasAnyCredential() {
 		tlsConfig, err := tlsconfig.Build(
@@ -88,21 +88,21 @@ func main() {
 			panic(err)
 		}
 
-		gatewayOptions = append(gatewayOptions, WithGatewayLogCacheDialOpts(
+		gatewayOptions = append(gatewayOptions, gateway.WithGatewayLogCacheDialOpts(
 			grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
 			grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(50*1024*1024)),
 		),
 		)
 	} else {
-		gatewayOptions = append(gatewayOptions, WithGatewayLogCacheDialOpts(
+		gatewayOptions = append(gatewayOptions, gateway.WithGatewayLogCacheDialOpts(
 			grpc.WithTransportCredentials(insecure.NewCredentials()),
 			grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(50*1024*1024)),
 		),
 		)
 
 	}
 
-	gateway := NewGateway(cfg.LogCacheAddr, cfg.Addr, gatewayOptions...)
+	gw := gateway.NewGateway(cfg.LogCacheAddr, cfg.Addr, gatewayOptions...)
 
-	gateway.Start()
+	gw.Start()
 }
@@ -17,7 +17,7 @@ import (
 	"code.cloudfoundry.org/tlsconfig"
 
 	"code.cloudfoundry.org/go-envstruct"
-	. "code.cloudfoundry.org/log-cache/internal/cache"
+	"code.cloudfoundry.org/log-cache/internal/cache"
 	"code.cloudfoundry.org/log-cache/internal/plumbing"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -89,17 +89,17 @@ func main() {
 		}
 	}(time.Now())
 
-	logCacheOptions := []LogCacheOption{
-		WithAddr(cfg.Addr),
-		WithMemoryLimitPercent(float64(cfg.MemoryLimitPercent)),
-		WithMemoryLimit(cfg.MemoryLimit),
-		WithMaxPerSource(cfg.MaxPerSource),
-		WithQueryTimeout(cfg.QueryTimeout),
-		WithTruncationInterval(cfg.TruncationInterval),
-		WithPrunesPerGC(cfg.PrunesPerGC),
-		WithIngressBufferSize(cfg.IngressBufferSize),
-		WithIngressBufferReadBatchSize(cfg.IngressBufferReadBatchSize),
-		WithIngressBufferReadBatchInterval(cfg.IngressBufferReadBatchInterval),
+	logCacheOptions := []cache.LogCacheOption{
+		cache.WithAddr(cfg.Addr),
+		cache.WithMemoryLimitPercent(float64(cfg.MemoryLimitPercent)),
+		cache.WithMemoryLimit(cfg.MemoryLimit),
+		cache.WithMaxPerSource(cfg.MaxPerSource),
+		cache.WithQueryTimeout(cfg.QueryTimeout),
+		cache.WithTruncationInterval(cfg.TruncationInterval),
+		cache.WithPrunesPerGC(cfg.PrunesPerGC),
+		cache.WithIngressBufferSize(cfg.IngressBufferSize),
+		cache.WithIngressBufferReadBatchSize(cfg.IngressBufferReadBatchSize),
+		cache.WithIngressBufferReadBatchInterval(cfg.IngressBufferReadBatchInterval),
 	}
 	var transport grpc.DialOption
 	if cfg.TLS.HasAnyCredential() {
@@ -125,24 +125,24 @@ func main() {
 		if err != nil {
 			panic(err)
 		}
-		logCacheOptions = append(logCacheOptions, WithServerOpts(grpc.Creds(credentials.NewTLS(tlsConfigServer)), grpc.MaxRecvMsgSize(50*1024*1024)))
+		logCacheOptions = append(logCacheOptions, cache.WithServerOpts(grpc.Creds(credentials.NewTLS(tlsConfigServer)), grpc.MaxRecvMsgSize(50*1024*1024)))
 	} else {
 		transport = grpc.WithTransportCredentials(insecure.NewCredentials())
 	}
-	logCacheOptions = append(logCacheOptions, WithClustered(
+	logCacheOptions = append(logCacheOptions, cache.WithClustered(
 		cfg.NodeIndex,
 		cfg.NodeAddrs,
 		transport,
 		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(50*1024*1024)),
 	))
 
-	cache := New(
+	lc := cache.New(
 		m,
 		logger,
 		logCacheOptions...,
 	)
 
-	cache.Start()
+	lc.Start()
 	waitForTermination()
 }
 

@@ -13,7 +13,7 @@ import (
 
 	"code.cloudfoundry.org/go-envstruct"
 	metrics "code.cloudfoundry.org/go-metric-registry"
-	. "code.cloudfoundry.org/log-cache/internal/nozzle"
+	"code.cloudfoundry.org/log-cache/internal/nozzle"
 	"code.cloudfoundry.org/log-cache/internal/plumbing"
 	"code.cloudfoundry.org/log-cache/internal/syslog"
 	"code.cloudfoundry.org/tlsconfig"
@@ -96,7 +96,7 @@ func main() {
 
 	go server.Start()
 
-	nozzleOptions := []NozzleOption{}
+	nozzleOptions := []nozzle.NozzleOption{}
 	if cfg.LogCacheTLS.HasAnyCredential() {
 		tlsConfig, err := tlsconfig.Build(
 			tlsconfig.WithInternalServiceDefaults(),
@@ -108,18 +108,18 @@ func main() {
 		if err != nil {
 			panic(err)
 		}
-		nozzleOptions = append(nozzleOptions, WithDialOpts(grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))))
+		nozzleOptions = append(nozzleOptions, nozzle.WithDialOpts(grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))))
 	} else {
-		nozzleOptions = append(nozzleOptions, WithDialOpts(grpc.WithTransportCredentials(insecure.NewCredentials())))
+		nozzleOptions = append(nozzleOptions, nozzle.WithDialOpts(grpc.WithTransportCredentials(insecure.NewCredentials())))
 	}
 
-	nozzle := NewNozzle(
+	noz := nozzle.NewNozzle(
 		server,
 		cfg.LogCacheAddr,
 		m,
 		loggr,
 		nozzleOptions...,
 	)
 
-	nozzle.Start()
+	noz.Start()
 }
@@ -179,7 +179,7 @@ func (g *Gateway) listenAndServe() {
 }
 
 func (g *Gateway) handleInfoEndpoint(w http.ResponseWriter, r *http.Request) {
-	_, err := w.Write([]byte(fmt.Sprintf(`{"version":"%s","vm_uptime":"%d"}`+"\n", g.logCacheVersion, g.uptimeFn())))
+	_, err := fmt.Fprintf(w, `{"version":"%s","vm_uptime":"%d"}`+"\n", g.logCacheVersion, g.uptimeFn())
 	if err != nil {
 		g.log.Println("Cannot send result for the info endpoint")
 	}

@@ -340,7 +340,7 @@ func (l *LogCacheQuerier) Select(params *storage.SelectParams, ll ...*labels.Mat
 	}
 
 	if len(sourceIDs) == 0 {
-		err := fmt.Errorf("Metric '%s' does not have a 'source_id' label.", metric)
+		err := fmt.Errorf("metric '%s' does not have a 'source_id' label", metric)
 		l.errf(err)
 		return nil, nil, err
 	}

@@ -49,11 +49,11 @@ func (r *LocalStoreReader) Read(ctx context.Context, req *logcache_v1.ReadReques
 	}
 
 	if req.Limit > 1000 {
-		return nil, fmt.Errorf("Limit (%d) must be 1000 or less", req.Limit)
+		return nil, fmt.Errorf("limit (%d) must be 1000 or less", req.Limit)
 	}
 
 	if req.Limit < 0 {
-		return nil, fmt.Errorf("Limit (%d) must be greater than zero", req.Limit)
+		return nil, fmt.Errorf("limit (%d) must be greater than zero", req.Limit)
 	}
 
 	if req.EndTime == 0 {
@@ -69,7 +69,7 @@ func (r *LocalStoreReader) Read(ctx context.Context, req *logcache_v1.ReadReques
 	if req.NameFilter != "" {
 		nameFilter, err = regexp.Compile(req.NameFilter)
 		if err != nil {
-			return nil, fmt.Errorf("Name filter must be a valid regular expression: %s", err)
+			return nil, fmt.Errorf("name filter must be a valid regular expression: %s", err)
 		}
 	}
 

@@ -47,7 +47,7 @@ func (t *RoutingTable) Lookup(item string) []int {
 	node := t.hasher.Hash(hashValue)
 
 	var result []int
-	var replicationFactor int = int(t.replicationFactor) //#nosec G115
+	var replicationFactor = int(t.replicationFactor) //#nosec G115
 	for n := 0; n < replicationFactor; n++ {
 		result = append(result, (node+n*replicationFactor)%len(t.addresses))
 	}

@@ -3,7 +3,7 @@ package testing
 import (
 	"net"
 
-	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega" //nolint:staticcheck
 )
 
 func GetFreePort() int {

@@ -9,7 +9,7 @@ import (
 	"strings"
 	"time"
 
-	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega" //nolint:staticcheck
 )
 
 func NewServerRequest(method, uri string, body io.Reader) (*http.Request, error) {

@@ -5,7 +5,7 @@ import (
 	"strconv"
 	"time"
 
-	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega" //nolint:staticcheck
 )
 
 func FormatTimeWithDecimalMillis(t time.Time) string {