docs: add golangci-lint.yml & fix workflow

.github/workflows/build-binary.yml

@@ -15,6 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      packages: write
 
     steps:
       - name: Checkout repository

.github/workflows/build.yml

@@ -2,9 +2,8 @@ name: Build and Publish
 run-name: Build and Publish (${{ github.ref }}) ${{ inputs.dry_run && '(🧪 Dry-Run)' || '' }}
 
 on:
-  push:
-    tags:
-      - 'v*'
+  release:
+    types: [published]
 
   workflow_dispatch:
     inputs:
@@ -17,6 +16,11 @@ on:
         type: string
         default: "binary,docker"
 
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+
 jobs:
   # Get the current tag
   get_tag:

.github/workflows/release.yml

@@ -1,5 +1,5 @@
 name: 0x📦 Release New Version
-run-name: 📦 Release ${{ inputs.semver }} by @${{ github.actor }} ${{ inputs.dry_run && '(🧪 Dry-Run)' || '' }}
+run-name: 📦 Release ${{ inputs.semver }}/${{ inputs.custom_version }} by @${{ github.actor }} ${{ inputs.dry_run && '(🧪 Dry-Run)' || '' }}
 
 on:
   workflow_dispatch:
@@ -13,7 +13,7 @@ on:
           - major
         required: true
       custom_version:
-        description: Manual Custom Version (Special Purpose, v*)
+        description: Manual Custom Version (Special Purpose, e.g. 1.0.0)
         type: string
         required: false
       dry_run:
@@ -28,61 +28,23 @@ jobs:
   release:
     needs: test
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
-      - name: Checkout Code
+      - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          ref: master
-          fetch-depth: 0
-
-      - name: Setup Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20.x
-          registry-url: https://registry.npmjs.org/
-
-      - name: Setup semver
-        run: npm install -g semver
-
-      - name: Handle Version Number
-        run: |
-          PREV_VERSION="$(git describe --tags --abbrev=0 --match 'v*')"
-
-          if [ -n "${{ inputs.custom_version }}" ]; then
-            NEXT_VERSION="${{ inputs.custom_version }}"
-          else
-            NEXT_VERSION="v$(semver --increment ${{ inputs.semver }} ${PREV_VERSION})"
-          fi
-
-          echo "PREV_VERSION=${PREV_VERSION}" >> $GITHUB_ENV
-          echo "VERSION=${NEXT_VERSION}" >> $GITHUB_ENV
-
-      - name: Print Next Version
-        run: echo "${VERSION}"
-
-      - name: Setup git-chglog
-        run: |
-          curl -sL $(curl -s https://api.github.com/repos/git-chglog/git-chglog/releases/latest \
-            | grep -oP '"https://.+linux_amd64.tar.gz"' | tr -d \") | tar -C /usr/local/bin -xz git-chglog
-          git-chglog --version
-
-      - name: Version Changelog
-        id: changelog
-        run: |
-          # prepend changelog
-          changelog=$(git-chglog --config .github/chglog/config.yml --next-tag "${VERSION}" "${VERSION}")
-          echo "changelog=${changelog}\n" >> "$GITHUB_OUTPUT"
 
       - name: Bump version and push tag
         id: tag_version
         uses: mathieudutour/github-tag-action@v6.2
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          custom_tag: ${{ env.VERSION }}
+          default_bump: ${{ inputs.semver }}
+          custom_tag: ${{ inputs.custom_version }}
 
       - name: Create a GitHub release
         uses: ncipollo/release-action@v1
         with:
-          tag: ${{ steps.tag_version.outputs.VERSION }}
+          tag: ${{ steps.tag_version.outputs.new_tag }}
           name: Release ${{ steps.tag_version.outputs.new_tag }}
-          body: ${{ steps.changelog.outputs.changelog }}
+          body: ${{ steps.tag_version.outputs.changelog }}

.github/workflows/test.yml

@@ -1,6 +1,7 @@
 name: Run Tests
 
 on:
+  workflow_call:
   push:
     branches-ignore: ["release/*", "nightly"]
     tags-ignore: ["v*"]
@@ -36,5 +37,6 @@ jobs:
 
     - name: Run golangci-lint
       uses: golangci/golangci-lint-action@v6
+      continue-on-error: true
       with:
         version: v1.60

.golangci.yml

@@ -0,0 +1,128 @@
+# Options for analysis running
+run:
+  # Timeout for analysis, e.g. 30s, 5m, default is 1m
+  timeout: 5m
+
+  # Include test files or not, default is true
+  tests: false
+
+# Output configuration options
+output:
+  # print lines of code with issue, default is true
+  print-issued-lines: true
+
+  # print linter name in the end of issue text, default is true
+  print-linter-name: true
+
+# All available settings of specific linters
+linters-settings:
+  errcheck:
+    # report about not checking of errors in type assertions: `a := b.(MyStruct)`;
+    # default is false: such cases aren't reported by default.
+    check-type-assertions: true
+
+  govet:
+    # Enable the 'shadow' check instead of 'check-shadowing'
+    enable:
+      - shadow
+
+  gocyclo:
+    # minimal code complexity to report, 30 by default
+    min-complexity: 30
+
+  dupl:
+    # tokens count to trigger issue, 150 by default
+    threshold: 150
+
+  goconst:
+    # minimal length of string constant, 3 by default
+    min-len: 3
+    # minimal occurrences count to trigger, 3 by default
+    min-occurrences: 3
+
+  lll:
+    # max line length, lines longer will be reported. Default is 120.
+    line-length: 120
+
+# Linters to run
+linters:
+  enable:
+    ## enabled by default
+    - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - gosimple # specializes in simplifying a code
+    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign # detects when assignments to existing variables are not used
+    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
+    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
+    - unused # checks for unused constants, variables, functions and types
+    ## disabled by default
+    - asasalint # checks for pass []any as any in variadic func(...any)
+    - asciicheck # checks that your code does not contain non-ASCII identifiers
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - canonicalheader # checks whether net/http.Header uses canonical header
+    - copyloopvar # detects places where loop variables are copied (Go 1.22+)
+    - cyclop # checks function and package cyclomatic complexity
+    - dupl # tool for code clone detection
+    - durationcheck # checks for two durations multiplied together
+    - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - exhaustive # checks exhaustiveness of enum switch statements
+    - fatcontext # detects nested contexts in loops
+    - funlen # tool for detection of long functions
+    - gocheckcompilerdirectives # validates go compiler directive comments (//go:)
+    - gochecksumtype # checks exhaustiveness on Go "sum types"
+    - gocyclo # computes and checks the cyclomatic complexity of functions
+    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
+    - gomoddirectives # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    - gomodguard # allow and block lists linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations
+    - goprintffuncname # checks that printf-like functions are named with f at the end
+    - gosec # inspects source code for security problems
+    - lll # reports long lines
+    - loggercheck # checks key value pairs for common logger libraries (kitlog,klog,logr,zap)
+    - makezero # finds slice declarations with non-zero initial length
+    - mirror # reports wrong mirror patterns of bytes/strings usage
+    - musttag # enforces field tags in (un)marshaled structs
+    - nakedret # finds naked returns in functions greater than a specified function length
+    - nestif # reports deeply nested if statements
+    - nilerr # finds the code that returns nil even if it checks that the error is not nil
+    - nilnil # checks that there is no simultaneous return of nil error and an invalid value
+    - noctx # finds sending http request without context.Context
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - nosprintfhostport # checks for misuse of Sprintf to construct a host with port in a URL
+    - predeclared # finds code that shadows one of Go's predeclared identifiers
+    - promlinter # checks Prometheus metrics naming via promlint
+    - protogetter # reports direct reads from proto message fields when getters should be used
+    - reassign # checks that package variables are not reassigned
+    - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - rowserrcheck # checks whether Err of rows is checked successfully
+    - sloglint # ensure consistent code style when using log/slog
+    - spancheck # checks for mistakes with OpenTelemetry/Census spans
+    - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
+    - stylecheck # is a replacement for golint
+    - tenv # detects using os.Setenv instead of t.Setenv since Go1.17
+    - testableexamples # checks if examples are testable (have an expected output)
+    - testifylint # checks usage of github.com/stretchr/testify
+    - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - unconvert # removes unnecessary type conversions
+    - unparam # reports unused function parameters
+    - usestdlibvars # detects the possibility to use variables/constants from the Go standard library
+    - wastedassign # finds wasted assignment statements
+    - whitespace # detects leading and trailing whitespace
+
+# Issues configuration
+issues:
+  # List of regexps of issue texts to exclude, empty list by default.
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - dupl
+        - gosec
+
+  exclude-dirs:
+    - vendor
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-issues-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0

pkg/imageutil/imageutil.go

@@ -13,10 +13,12 @@ func ParseColor(hex string) color.Color {
 	if err != nil {
 		return color.White
 	}
+
+	//nolint:gosec // Intentionally ignoring potential overflow for simplicity
 	return color.RGBA{
 		R: uint8(c >> 16),
-		G: uint8((c >> 8) & 0xFF),
-		B: uint8(c & 0xFF),
+		G: uint8(c >> 8),
+		B: uint8(c),
 		A: 255,
 	}
 }
@@ -93,6 +95,7 @@ func applyOpacity(img *image.RGBA, opacity float64) {
 			c := img.At(x, y)
 			r, g, b, a := c.RGBA()
 			alpha := uint16(float64(a) * opacity)
+			//nolint:gosec // Intentionally ignoring potential overflow as color values are within safe range
 			img.Set(x, y, color.RGBA64{uint16(r), uint16(g), uint16(b), alpha})
 		}
 	}

pkg/mixer/source_manager.go

@@ -56,7 +56,7 @@ func (s *Source) Name() string {
 	return s.config.Name
 }
 
-func (s *Source) GetSource(name string) ([]byte, error) {
+func (s *Source) GetSource(_ string) ([]byte, error) {
 	return s.data, nil
 }
 

server/server.go

@@ -81,7 +81,6 @@ func (s *server) Run() error {
 		if err != nil {
 			return fmt.Errorf("failed to initialize MixRepo: %w", err)
 		}
-
 	}
 
 	if !s.cfg.MultiRepoOpt.Disable {