build: use golint

.github/workflows/ci.yml

@@ -29,20 +29,12 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
-      - name: Verify dependencies
-        run: go mod verify
+      - name: Lint
+        uses: golangci/golangci-lint-action@v6
 
       - name: Build
         run: go build -v ./...
 
-      - name: Run go vet
-        run: go vet ./...
-
-      - name: Run staticcheck
-        run: |
-          go install honnef.co/go/tools/cmd/staticcheck@latest
-          staticcheck ./...
-
       - name: Test
         run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
 

.golangci.yml

@@ -0,0 +1,24 @@
+linters:
+  enable:
+    - errcheck
+    - goconst
+    - gocritic
+    - gofmt
+    - goimports
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unused
+
+linters-settings:
+  gosec:
+    excludes:
+      - G101
+      - G107
+
+issues:
+  exclude-files:
+    - ".+_test.go"

authenticator/authenticator.go

@@ -34,10 +34,8 @@ func createConfigFromSecurityScheme(s *openapi3.SecuritySchemeRef) (*config.Auth
 		Config: make(map[string]interface{}),
 	}
 	switch strings.ToLower(s.Value.Type) {
-	case string(AuthenticatorTypeOpenIdConnect):
-		cfg.Handler = "jwt"
-
-	case string(AuthenticatorTypeOAuth2):
+	case string(AuthenticatorTypeOpenIdConnect),
+		string(AuthenticatorTypeOAuth2):
 		cfg.Handler = "jwt"
 
 	case string(AuthenticatorTypeHttp):

cmd/generate/root.go

@@ -137,10 +137,12 @@ func NewGenerateCmd() (generateCmd *cobra.Command) {
 			}
 
 			if outputpath != "" {
-				os.WriteFile(outputpath, outputBuf.Bytes(), 0644)
+				// nolint:errcheck
+				os.WriteFile(outputpath, outputBuf.Bytes(), 0600)
 				return
 			}
 
+			// nolint:errcheck
 			os.Stdout.Write(outputBuf.Bytes())
 		},
 	}

generator/generator.go

@@ -54,10 +54,12 @@ func (g *Generator) createRule(verb string, path string, o *openapi3.Operation)
 		return nil
 	}
 
+	var err error
+	// nolint: gocritic
 	if o.Security != nil && len(*o.Security) > 0 {
-		appendAuthenticator(o.Security)
+		err = appendAuthenticator(o.Security)
 	} else if len(g.doc.Security) > 0 {
-		appendAuthenticator(&g.doc.Security)
+		err = appendAuthenticator(&g.doc.Security)
 	} else {
 		ar, arerror := g.authenticators[string(authenticator.AuthenticatorTypeNoop)].CreateAuthenticator(nil)
 		if arerror != nil {
@@ -67,6 +69,10 @@ func (g *Generator) createRule(verb string, path string, o *openapi3.Operation)
 		authenticators = append(authenticators, *ar)
 	}
 
+	if err != nil {
+		return nil, err
+	}
+
 	return &oathkeeper.Rule{
 		ID:             g.computeId(o.OperationID),
 		Description:    o.Description,

generator/match_rule.go

@@ -73,16 +73,14 @@ func getPathParamType(name string, params *openapi3.Parameters) *openapi3.Types
 
 func createParamsMatchingGroup(name string, params *openapi3.Parameters) string {
 	var t dialect.Token
-	paramType := getPathParamType(name, params)
-	if paramType == nil {
-		t = defaultToken
-	} else if paramType.Is("string") {
+	switch paramType := getPathParamType(name, params); {
+	case paramType.Is("string"):
 		t = stringToken
-	} else if paramType.Is("number") {
+	case paramType.Is("number"):
 		t = numberToken
-	} else if paramType.Is("integer") {
+	case paramType.Is("integer"):
 		t = integerToken
-	} else {
+	default:
 		t = defaultToken
 	}