Update linter, codeql

CodeQL was failing because this version did not support Go 1.21. Also bumped the linter and fixed lint failures. Signed-off-by: Hayden Blauzvern <[email protected]>
haydentherapper · Feb 5, 2024 · 880bac8 · 880bac8
1 parent 13098f9
commit 880bac8
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 17 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -42,12 +42,12 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.26
+      uses: github/codeql-action/init@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.26
+      uses: github/codeql-action/autobuild@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.1.26
+      uses: github/codeql-action/analyze@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -34,7 +34,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
         with:
-          version: v1.54
+          version: v1.55
           args: --timeout=5m --verbose
           # sometimes the pkg cache gets corrupted, skipping cache avoids this
           # https://github.com/golangci/golangci-lint-action/issues/23

diff --git a/.github/workflows/verify_license.yml b/.github/workflows/verify_license.yml
@@ -30,8 +30,8 @@ jobs:
           go-version-file: './go.mod'
           check-latest: true
       - name: Install addlicense
-        run: go install github.com/google/addlicense@v1.0.0
+        run: go install github.com/google/addlicense@latest
       - name: Check license headers
         run: |
           set -e
-          addlicense -check -l apache -c 'The Sigstore Authors' -ignore "third_party/**" -v *
+          addlicense -check -l apache -c 'The Sigstore Authors' -ignore "third_party/**" -v *
diff --git a/pkg/verify/signature.go b/pkg/verify/signature.go
@@ -44,10 +44,9 @@ func VerifySignature(sigContent SignatureContent, verificationContent Verificati
 		return verifyEnvelope(verifier, envelope)
 	} else if msg := sigContent.MessageSignatureContent(); msg != nil {
 		return errors.New("artifact must be provided to verify message signature")
-	} else {
-		// should never happen, but just in case:
-		return fmt.Errorf("signature content has neither an envelope or a message")
 	}
+	// handle an invalid signature content message
+	return fmt.Errorf("signature content has neither an envelope or a message")
 }
 
 func VerifySignatureWithArtifact(sigContent SignatureContent, verificationContent VerificationContent, trustedMaterial root.TrustedMaterial, artifact io.Reader) error { // nolint: revive
@@ -63,10 +62,9 @@ func VerifySignatureWithArtifact(sigContent SignatureContent, verificationConten
 		return verifyEnvelopeWithArtifact(verifier, envelope, artifact)
 	} else if msg := sigContent.MessageSignatureContent(); msg != nil {
 		return verifyMessageSignature(verifier, msg, artifact)
-	} else {
-		// should never happen, but just in case:
-		return fmt.Errorf("signature content has neither an envelope or a message")
 	}
+	// handle an invalid signature content message
+	return fmt.Errorf("signature content has neither an envelope or a message")
 }
 
 func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verificationContent VerificationContent, trustedMaterial root.TrustedMaterial, artifactDigest []byte, artifactDigestAlgorithm string) error { // nolint: revive
@@ -82,10 +80,9 @@ func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verification
 		return verifyEnvelopeWithArtifactDigest(verifier, envelope, artifactDigest, artifactDigestAlgorithm)
 	} else if msg := sigContent.MessageSignatureContent(); msg != nil {
 		return verifyMessageSignatureWithArtifactDigest(verifier, msg, artifactDigest)
-	} else {
-		// should never happen, but just in case:
-		return fmt.Errorf("signature content has neither an envelope or a message")
 	}
+	// handle an invalid signature content message
+	return fmt.Errorf("signature content has neither an envelope or a message")
 }
 
 func getSignatureVerifier(verificationContent VerificationContent, tm root.TrustedMaterial) (signature.Verifier, error) {
@@ -94,9 +91,8 @@ func getSignatureVerifier(verificationContent VerificationContent, tm root.Trust
 		return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)
 	} else if pk, ok := verificationContent.HasPublicKey(); ok {
 		return tm.PublicKeyVerifier(pk.Hint())
-	} else {
-		return nil, fmt.Errorf("no public key or certificate found")
 	}
+	return nil, fmt.Errorf("no public key or certificate found")
 }
 
 func verifyEnvelope(verifier signature.Verifier, envelope EnvelopeContent) error {