Skip to content

Commit 0141153

Browse files
leodidoona-agent
leodido
and
ona-agent
committed
fix(cache): fix errcheck linting errors in verifier
Fix unchecked error returns to pass golangci-lint errcheck validation. Changes: - Check error return from artifactFile.Seek(0, 0) - Check error return from artifactFile.Close() in defer - Check error return from file.Close() in defer (calculateSHA256) - go.sum: Remove unused dependencies (go mod tidy) All error returns are now properly checked with appropriate error handling: - Seek errors return VerificationFailedError - Close errors are logged as warnings (non-fatal) Testing: - All tests pass - golangci-lint passes with 0 issues - No errcheck warnings Fixes: errcheck linting errors in CI Co-authored-by: Ona <no-reply@ona.com>
1 parent a867eb2 commit 0141153

File tree

3 files changed

+19
-260
lines changed

3 files changed

+19
-260
lines changed

go.mod

Lines changed: 2 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,8 @@ require (
2828
github.com/segmentio/analytics-go/v3 v3.3.0
2929
github.com/segmentio/textio v1.2.0
3030
github.com/sigstore/protobuf-specs v0.5.0
31-
github.com/sigstore/sigstore-go v1.1.2
31+
github.com/sigstore/sigstore-go v1.1.3
3232
github.com/sirupsen/logrus v1.9.3
33-
github.com/slsa-framework/slsa-verifier/v2 v2.6.0
3433
github.com/spf13/cobra v1.10.1
3534
github.com/stretchr/testify v1.11.1
3635
golang.org/x/mod v0.28.0
@@ -49,21 +48,13 @@ require (
4948
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
5049
cloud.google.com/go/compute/metadata v0.8.0 // indirect
5150
cloud.google.com/go/iam v1.5.2 // indirect
52-
cloud.google.com/go/kms v1.22.0 // indirect
5351
cloud.google.com/go/longrunning v0.6.7 // indirect
5452
cloud.google.com/go/monitoring v1.24.2 // indirect
5553
cloud.google.com/go/spanner v1.84.1 // indirect
5654
cloud.google.com/go/storage v1.56.1 // indirect
5755
dario.cat/mergo v1.0.2 // indirect
58-
filippo.io/edwards25519 v1.1.0 // indirect
5956
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
6057
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
61-
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 // indirect
62-
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 // indirect
63-
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
64-
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0 // indirect
65-
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 // indirect
66-
github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
6758
github.com/BurntSushi/toml v1.4.0 // indirect
6859
github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
6960
github.com/DataDog/zstd v1.5.5 // indirect
@@ -109,7 +100,6 @@ require (
109100
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.4 // indirect
110101
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 // indirect
111102
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.4 // indirect
112-
github.com/aws/aws-sdk-go-v2/service/kms v1.44.0 // indirect
113103
github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 // indirect
114104
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 // indirect
115105
github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 // indirect
@@ -121,7 +111,6 @@ require (
121111
github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect
122112
github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
123113
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
124-
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
125114
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
126115
github.com/cespare/xxhash/v2 v2.3.0 // indirect
127116
github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
@@ -157,7 +146,6 @@ require (
157146
github.com/docker/distribution v2.8.3+incompatible // indirect
158147
github.com/docker/docker v28.2.2+incompatible // indirect
159148
github.com/docker/docker-credential-helpers v0.9.3 // indirect
160-
github.com/docker/go v1.5.1-1 // indirect
161149
github.com/docker/go-connections v0.5.0 // indirect
162150
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
163151
github.com/docker/go-units v0.5.0 // indirect
@@ -208,41 +196,33 @@ require (
208196
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
209197
github.com/godbus/dbus/v5 v5.1.0 // indirect
210198
github.com/gogo/protobuf v1.3.2 // indirect
211-
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
212199
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
213200
github.com/golang/snappy v0.0.4 // indirect
214201
github.com/google/certificate-transparency-go v1.3.2 // indirect
215202
github.com/google/licensecheck v0.3.1 // indirect
216203
github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 // indirect
217204
github.com/google/s2a-go v0.1.9 // indirect
218-
github.com/google/trillian v1.7.2 // indirect
219205
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
220206
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
221-
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
222207
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
223208
github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
224209
github.com/hashicorp/errwrap v1.1.0 // indirect
225210
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
226211
github.com/hashicorp/go-getter v1.7.8 // indirect
227212
github.com/hashicorp/go-multierror v1.1.1 // indirect
228213
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
229-
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
230214
github.com/hashicorp/go-safetemp v1.0.0 // indirect
231-
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
232-
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
233215
github.com/hashicorp/go-sockaddr v1.0.5 // indirect
234216
github.com/hashicorp/go-version v1.7.0 // indirect
235217
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
236218
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
237219
github.com/hashicorp/hcl/v2 v2.23.0 // indirect
238-
github.com/hashicorp/vault/api v1.16.0 // indirect
239220
github.com/huandu/xstrings v1.5.0 // indirect
240221
github.com/iancoleman/strcase v0.3.0 // indirect
241222
github.com/in-toto/attestation v1.1.2 // indirect
242223
github.com/inconshreveable/mousetrap v1.1.0 // indirect
243224
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
244225
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
245-
github.com/jellydator/ttlcache/v3 v3.4.0 // indirect
246226
github.com/jinzhu/copier v0.4.0 // indirect
247227
github.com/jinzhu/inflection v1.0.0 // indirect
248228
github.com/jinzhu/now v1.1.5 // indirect
@@ -255,7 +235,6 @@ require (
255235
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect
256236
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d // indirect
257237
github.com/knqyf263/go-rpmdb v0.1.1 // indirect
258-
github.com/kylelemons/godebug v1.1.0 // indirect
259238
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
260239
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
261240
github.com/mailru/easyjson v0.9.0 // indirect
@@ -280,7 +259,6 @@ require (
280259
github.com/moby/sys/userns v0.1.0 // indirect
281260
github.com/muesli/termenv v0.16.0 // indirect
282261
github.com/ncruces/go-strftime v0.1.9 // indirect
283-
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
284262
github.com/nwaples/rardecode v1.1.3 // indirect
285263
github.com/oklog/ulid v1.3.1 // indirect
286264
github.com/olekukonko/tablewriter v0.0.5 // indirect
@@ -298,15 +276,13 @@ require (
298276
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
299277
github.com/pierrec/lz4/v4 v4.1.22 // indirect
300278
github.com/pjbgf/sha1cd v0.3.2 // indirect
301-
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
302279
github.com/pkg/errors v0.9.1 // indirect
303280
github.com/pkg/profile v1.7.0 // indirect
304281
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
305282
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
306283
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
307284
github.com/rivo/uniseg v0.4.7 // indirect
308285
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c // indirect
309-
github.com/ryanuber/go-glob v1.0.0 // indirect
310286
github.com/saferwall/pe v1.5.6 // indirect
311287
github.com/sagikazarmark/locafero v0.12.0 // indirect
312288
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
@@ -323,17 +299,13 @@ require (
323299
github.com/shopspring/decimal v1.4.0 // indirect
324300
github.com/sigstore/cosign/v2 v2.2.4 // indirect
325301
github.com/sigstore/fulcio v1.4.5 // indirect
302+
github.com/sigstore/protobuf-specs v0.5.0 // indirect
326303
github.com/sigstore/rekor v1.4.2 // indirect
327304
github.com/sigstore/rekor-tiles v0.1.11 // indirect
328305
github.com/sigstore/sigstore v1.9.6-0.20250729224751-181c5d3339b3 // indirect
329-
github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.5 // indirect
330-
github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.5 // indirect
331-
github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.6-0.20250729224751-181c5d3339b3 // indirect
332-
github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.5 // indirect
333306
github.com/sigstore/timestamp-authority v1.2.9 // indirect
334307
github.com/skeema/knownhosts v1.3.1 // indirect
335308
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
336-
github.com/slsa-framework/slsa-github-generator v1.9.0 // indirect
337309
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect
338310
github.com/spdx/tools-golang v0.5.5 // indirect
339311
github.com/spf13/afero v1.15.0 // indirect
@@ -344,13 +316,9 @@ require (
344316
github.com/subosito/gotenv v1.6.0 // indirect
345317
github.com/sylabs/sif/v2 v2.20.2 // indirect
346318
github.com/sylabs/squashfs v1.0.5 // indirect
347-
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
348319
github.com/therootcompany/xz v1.0.1 // indirect
349320
github.com/theupdateframework/go-tuf v0.7.0 // indirect
350321
github.com/theupdateframework/go-tuf/v2 v2.2.0 // indirect
351-
github.com/tink-crypto/tink-go-awskms/v2 v2.1.0 // indirect
352-
github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0 // indirect
353-
github.com/tink-crypto/tink-go/v2 v2.4.0 // indirect
354322
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
355323
github.com/transparency-dev/formats v0.0.0-20250421220931-bb8ad4d07c26 // indirect
356324
github.com/transparency-dev/merkle v0.0.2 // indirect
@@ -377,10 +345,8 @@ require (
377345
go.opentelemetry.io/otel/sdk v1.38.0 // indirect
378346
go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
379347
go.opentelemetry.io/otel/trace v1.38.0 // indirect
380-
go.step.sm/crypto v0.70.0 // indirect
381348
go.uber.org/multierr v1.11.0 // indirect
382349
go.uber.org/zap v1.27.0 // indirect
383-
go.yaml.in/yaml/v2 v2.4.2 // indirect
384350
go.yaml.in/yaml/v3 v3.0.4 // indirect
385351
golang.org/x/crypto v0.42.0 // indirect
386352
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
@@ -395,10 +361,6 @@ require (
395361
google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect
396362
google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect
397363
google.golang.org/grpc v1.75.0 // indirect
398-
<<<<<<< HEAD
399-
=======
400-
google.golang.org/protobuf v1.36.9 // indirect
401-
>>>>>>> 8fa67ec (fix(cache): replace slsa-verifier with sigstore-go for Bundle support)
402364
gopkg.in/warnings.v0 v0.1.2 // indirect
403365
gorm.io/gorm v1.25.12 // indirect
404366
gotest.tools/v3 v3.5.1 // indirect
@@ -408,7 +370,6 @@ require (
408370
modernc.org/memory v1.11.0 // indirect
409371
modernc.org/sqlite v1.38.2 // indirect
410372
sigs.k8s.io/release-utils v0.12.1 // indirect
411-
sigs.k8s.io/yaml v1.6.0 // indirect
412373
)
413374

414375
replace sigs.k8s.io/release-utils => sigs.k8s.io/release-utils v0.7.7

0 commit comments

Comments
 (0)