fix: upgrade golang to 1.21.x and also golangci-lint

.github/workflows/ci.yaml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: ["1.20"]
+        go-version: ["1.21"]
         os: ["linux"]
         arch: ["amd64"]
     steps:
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: ["1.20"]
+        go-version: ["1.21"]
         os: ["linux"]
         arch: ["amd64"]
     steps:

.github/workflows/cloc.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Install go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19.x
+          go-version: 1.21.x
       - name: Check out source code
         uses: actions/checkout@v3
       - name: Install dependencies

.github/workflows/codeql-analysis.yml

@@ -47,7 +47,7 @@ jobs:
     - name: Install go
       uses: actions/setup-go@v4
       with:
-        go-version: 1.20.x
+        go-version: 1.21.x
 
     - name: Install dependencies
       run: |

.github/workflows/golangci-lint.yaml

@@ -18,13 +18,13 @@ jobs:
     steps:
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.19'
+          go-version: '1.21'
       - uses: actions/checkout@v3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.51.2
+          version: v1.56.2
 
           # Optional: working directory, useful for monorepos
           # working-directory: somedir

Makefile

@@ -5,7 +5,7 @@ COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),$(COMMIT_HAS
 BINDIR=bin
 TOOLSDIR := $(shell pwd)/hack/tools
 GOLINTER := $(TOOLSDIR)/bin/golangci-lint
-GOLINTER_VERSION := v1.52.2
+GOLINTER_VERSION := v1.56.2
 
 # OCI registry
 ZOT := $(TOOLSDIR)/bin/zot

go.mod

@@ -1,6 +1,8 @@
 module stackerbuild.io/stacker-bom
 
-go 1.20
+go 1.21.0
+
+toolchain go1.21.6
 
 require (
 	github.com/anchore/syft v0.90.0

golangcilint.yaml

@@ -5,7 +5,7 @@ run:
 
 linters:
   enable-all: true
-  disable: funlen,gocognit,exhaustivestruct,paralleltest,forbidigo,ireturn,wrapcheck,exhaustive,maintidx,exhaustruct,nosnakecase,interfacer,structcheck,varcheck,deadcode,ifshort,golint,scopelint,maligned,rowserrcheck,sqlclosecheck,tagliatelle
+  disable: funlen,gocognit,exhaustivestruct,paralleltest,forbidigo,ireturn,wrapcheck,exhaustive,maintidx,exhaustruct,nosnakecase,interfacer,structcheck,varcheck,deadcode,ifshort,golint,scopelint,maligned,rowserrcheck,sqlclosecheck,tagliatelle,depguard,tagalign,revive
 
 linters-settings:
   dupl:

pkg/bom/doc.go

@@ -15,7 +15,7 @@ func NewDocument(author, organization string) *spdx.Document {
 	doc := spdx.NewDocument()
 	doc.Creator.Person = author
 	doc.Creator.Organization = organization
-	doc.Creator.Tool = []string{fmt.Sprintf("stackerbuild.io/sbom@%s", buildgen.Commit)}
+	doc.Creator.Tool = []string{"stackerbuild.io/sbom@" + buildgen.Commit}
 
 	return doc
 }
@@ -55,7 +55,7 @@ func MergeDocuments(dir, namespace, name, author, organization, output string) e
 	sdoc.Name = name
 	sdoc.Creator.Person = author
 	sdoc.Creator.Organization = organization
-	sdoc.Creator.Tool = []string{fmt.Sprintf("stackerbuild.io/stacker-bom@%s", buildgen.Commit)}
+	sdoc.Creator.Tool = []string{"stackerbuild.io/stacker-bom@" + buildgen.Commit}
 
 	mcount := 0
 
@@ -79,6 +79,7 @@ func MergeDocuments(dir, namespace, name, author, organization, output string) e
 		sdoc.Packages = MergeMaps(sdoc.Packages, doc.Packages)
 
 		log.Info().Str("path", path).Msg("file found for merging")
+
 		mcount++
 
 		return nil

pkg/distro/apk/apk.go

@@ -9,7 +9,6 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
-	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@@ -73,7 +72,7 @@ func ParsePackage(input, output, author, organization, license string) error {
 	sdoc.Creator.Person = author
 	sdoc.Creator.Organization = organization
 	sdoc.Creator.Tool = []string{"stackerbuild.io/sbom"}
-	sdoc.Creator.Tool = []string{fmt.Sprintf("stackerbuild.io/sbom@%s", buildgen.Commit)}
+	sdoc.Creator.Tool = []string{"stackerbuild.io/sbom@" + buildgen.Commit}
 
 	var pkglicense string
 
@@ -158,12 +157,12 @@ func ParsePackage(input, output, author, organization, license string) error {
 
 		log.Info().Str("name", hdr.Name).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		sfile := &spdx.File{
 			Entity: spdx.Entity{
-				Name: fmt.Sprintf("/%s", hdr.Name),
+				Name: "/" + hdr.Name,
 				Checksum: map[string]string{
 					"SHA1":   hex.EncodeToString(cksumSHA1[:]),
 					"SHA256": hex.EncodeToString(cksumSHA256[:]),
@@ -246,7 +245,7 @@ func InstalledPackage(doc *spdx.Document, pkg *IndexEntry, files []string) error
 
 		log.Info().Str("name", info.Name()).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()

pkg/distro/deb/deb.go

@@ -38,7 +38,7 @@ func ParsePackage(input, output, author, organization, license string) error {
 	sdoc.Creator.Person = author
 	sdoc.Creator.Organization = organization
 	sdoc.Creator.Tool = []string{"stackerbuild.io/sbom"}
-	sdoc.Creator.Tool = []string{fmt.Sprintf("stackerbuild.io/sbom@%s", buildgen.Commit)}
+	sdoc.Creator.Tool = []string{"stackerbuild.io/sbom@" + buildgen.Commit}
 
 	spkg := &spdx.Package{
 		Entity: spdx.Entity{
@@ -96,7 +96,7 @@ func ParsePackage(input, output, author, organization, license string) error {
 
 		log.Info().Str("name", hdr.Name).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		sfile := &spdx.File{
@@ -221,6 +221,7 @@ func InstalledPackages(doc *spdx.Document) error {
 				rgxp := regexp.MustCompile(`^(?P<Key>[a-zA-Z-]+?):\s*(?P<Value>.*)$`)
 				params := rgxp.FindStringSubmatch(line)
 				key := params[rgxp.SubexpIndex("Key")]
+
 				if rgxp.SubexpIndex("Value") < 0 {
 					lastkey = key
 				} else {
@@ -349,7 +350,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 
 		log.Info().Str("name", info.Name()).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()

pkg/distro/rpm/rpm.go

@@ -5,7 +5,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
-	"fmt"
 	"io"
 	"os"
 	"strings"
@@ -74,7 +73,7 @@ func ParsePackage(input, output, author, organization, license string) error {
 	sdoc.Creator.Person = author
 	sdoc.Creator.Organization = organization
 	sdoc.Creator.Tool = []string{"stackerbuild.io/sbom"}
-	sdoc.Creator.Tool = []string{fmt.Sprintf("stackerbuild.io/sbom@%s", buildgen.Commit)}
+	sdoc.Creator.Tool = []string{"stackerbuild.io/sbom@" + buildgen.Commit}
 
 	spkg := &spdx.Package{
 		Entity: spdx.Entity{
@@ -139,7 +138,7 @@ func ParsePackage(input, output, author, organization, license string) error {
 
 		log.Info().Str("name", info.Name()).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()
@@ -232,7 +231,7 @@ func InstalledPackage(doc *spdx.Document, pkg *rpmdb.PackageInfo) error {
 
 		log.Info().Str("name", info.Name()).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()

pkg/fs/fs.go

@@ -4,7 +4,6 @@ import (
 	"crypto/sha1" //nolint:gosec // used only to produce the sha1 checksum field
 	"encoding/hex"
 	"errors"
-	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@@ -82,7 +81,7 @@ func BuildPackageFromDir(input string, kdoc *k8spdx.Document, kpkg *k8spdx.Packa
 
 	for _, tpkg := range sdoc.Packages {
 		p := stbom.ConvertFromSyftPackage(tpkg)
-		p.SetSPDXID(fmt.Sprintf("SPDXRef-%s", p.SPDXID()))
+		p.SetSPDXID("SPDXRef-" + p.SPDXID())
 		p.LicenseConcluded = license
 		p.LicenseDeclared = license
 		tpkgs[p.SPDXID()] = p
@@ -135,7 +134,7 @@ func BuildPackageFromDir(input string, kdoc *k8spdx.Document, kpkg *k8spdx.Packa
 
 		log.Info().Str("name", info.Name()).
 			Int("size", bufsz).
-			Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+			Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 			Msg("file entry detected")
 
 		kfile := k8spdx.NewFile()
@@ -149,6 +148,7 @@ func BuildPackageFromDir(input string, kdoc *k8spdx.Document, kpkg *k8spdx.Packa
 			},
 		)
 		kfile.LicenseInfoInFile = license
+
 		if err := kpkg.AddFile(kfile); err != nil {
 			log.Error().Err(err).Msg("unable to add file to package")
 
@@ -279,7 +279,7 @@ func BuildPackageFromFile(input string, kpkg *k8spdx.Package, license string) er
 
 	log.Info().Str("name", ifo.Name()).
 		Int("size", bufsz).
-		Str("cksum", fmt.Sprintf("SHA256:%s", hex.EncodeToString(cksumSHA256[:]))).
+		Str("cksum", "SHA256:"+hex.EncodeToString(cksumSHA256[:])).
 		Msg("file entry detected")
 
 	kfile := k8spdx.NewFile()
@@ -309,7 +309,7 @@ func BuildPackage(name, author, organization, license,
 	kdoc.Name = name
 	kdoc.Creator.Person = author
 	kdoc.Creator.Organization = organization
-	kdoc.Creator.Tool = []string{fmt.Sprintf("stackerbuild.io/sbom@%s", buildgen.Commit)}
+	kdoc.Creator.Tool = []string{"stackerbuild.io/sbom@" + buildgen.Commit}
 
 	kpkg := &k8spdx.Package{
 		Entity: k8spdx.Entity{

pkg/fs/verify.go

@@ -108,7 +108,9 @@ func Verify(input, inventory, missing string) error {
 
 		if err := checkBOM(input, entry.Path); err != nil {
 			log.Error().Err(err).Str("path", entry.Path).Msg("inventory verify failed")
+
 			mcount++
+
 			sfile := spdx.NewFile()
 			sfile.SetEntity(
 				&spdx.Entity{