linters:
  disable-all: true
  enable:
    - depguard
    - gosec
    - gocritic
    - gofmt
    - govet
    - ineffassign
    - revive
    - rowserrcheck
    - sqlclosecheck
    - typecheck
    - unconvert
    - unused
    - errcheck

linters-settings:
  depguard:
    list-type: denylist
    include-go-stdlib: false
    packages-with-error-message:
      - github.com/pkg/errors: "use ctxerr if a context.Context is available or stdlib errors.New / fmt.Errorf with the %w verb"

  errcheck:
    check-type-assertions: false
    check-blank: false
    ignore: fmt:.*
    disable-default-exclusions: false
    exclude-functions:
      - "(github.com/go-kit/log.Logger).Log"
  
  gosec:
    config:
      G306: "0644"

  gocritic:
    enabled-checks:
      - ruleguard
    settings:
      ruleguard:
        rules: "./tools/ci/rules.go"
        failOn: all

  gofmt:
    # simplify code: gofmt with `-s` option, true by default
    simplify: false

  revive:
    ignoreGeneratedHeader: false
    severity: "warning"
    confidence: 0.8
    errorCode: 0
    warningCode: 0

    rules:
      - name: dot-imports
      - name: error-return
      - name: var-declaration
      - name: package-comments
      - name: range
      - name: receiver-naming
      - name: time-naming
      - name: indent-error-flow
      - name: errorf
      - name: empty-block
      - name: superfluous-else
      - name: unreachable-code
      - name: redefines-builtin-id

# Before excluding files from gosec linter - an issue must be created and referenced in a comment.
issues:
  exclude-rules:
    - path: server/datastore/mysql/migrations/[^/]+/[^/]+\.go
      linters:
        - depguard
    # cmd gosec exclusions https://github.com/fleetdm/fleet/issues/4451
    - path: cmd/osquery-perf/agent.go
      linters:
        - gosec
    - path: cmd/fleet/serve.go
      linters:
        - gosec
    - path: cmd/fleetctl/api.go
      linters:
        - gosec
    - path: cmd/fleetctl/get.go
      linters:
        - gosec
    - path: cmd/fleetctl/preview.go
      linters:
        - gosec
    # Orbit gosec exclusions https://github.com/fleetdm/fleet/issues/4452
    - path: orbit/pkg/update/update.go
      linters:
        - gosec
    - path: orbit/pkg/packaging/wix/wix.go
      linters:
        - gosec
    - path: orbit/pkg/packaging/macos.go
      linters:
        - gosec
    - path: orbit/pkg/packaging/windows.go
      linters:
        - gosec
    - path: orbit/pkg/packaging/packaging.go
      linters:
        - gosec
    # insecure proxy is insecure by design
    - path: orbit/pkg/insecure/proxy.go
      linters:
        - gosec
    # pkg gosec exclusions https://github.com/fleetdm/fleet/issues/4453
    # Test file which triggers many TLS warnings by design
    - path: pkg/fleethttp/fleethttp_test.go
      linters:
        - gosec
    - path: pkg/certificate/certificate.go
      linters:
        - gosec
    - path: pkg/download/download.go
      linters:
        - gosec
    # server gosec exclusions https://github.com/fleetdm/fleet/issues/4455
    - path: server/mail/mail.go
      linters:
        - gosec
    - path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
      linters:
        - gosec
    - path: server/service/redis_policy_set/redis_policy_set_test.go
      linters:
        - gosec
    - path: server/sso/settings.go
      linters:
        - gosec
    - path: server/datastore/mysql/hosts.go
      linters:
        - gosec
    - path: server/datastore/mysql/hosts_test.go
      linters:
        - gosec
    - path: server/datastore/mysql/mysql_test.go
      linters:
        - gosec
    - path: server/service/client_live_query.go
      linters:
        - gosec
    - path: server/service/invites.go
      linters:
        - gosec
    - path: server/service/service_appconfig.go
      linters:
        - gosec
    - path: server/service/service_users.go
      linters:
        - gosec
    - path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
      linters:
        - gosec
    - path: server/datastore/mysql/aggregated_stats_test.go
      linters:
        - gosec
    - path: server/fleet/app.go
      linters:
        - gosec
    - path: server/service/async/async_policy.go
      linters:
        - gosec
    - path: server/logging/kinesis.go
      linters:
        - gosec
    - path: server/logging/kinesis_test.go
      linters:
        - gosec
    - path: server/config/config.go
      linters:
        - gosec
    - path: server/datastore/redis/ratelimit_store.go
      linters:
        - gosec
    - path: server/datastore/mysql/testing_utils.go
      linters:
        - gosec
    - path: server/datastore/mysql/packs_test.go
      linters:
        - gosec
    - path: server/service/appconfig.go
      linters:
        - gosec
    - path: server/service/client.go
      linters:
        - gosec
    - path: server/service/users.go
      linters:
        - gosec
    - path: server/service/appconfig_test.go
      linters:
        - gosec
    - path: server/service/service_campaign_test.go
      linters:
        - gosec
    - path: server/datastore/mysql/software_test.go
      linters:
        - gosec
    # tools gosec exclusions https://github.com/fleetdm/fleet/issues/4456
    - path: tools/dbutils/schema_generator.go
      linters:
        - gosec