CI: avoid using nolint with revive (#4144)

mmetc · web-flow · commit a1aea2ccea36 · 2025-12-15T14:22:03.000+01:00
The "nolinlint" checks are flaky with revive checks,
triggering false positives.
So we use revive-specific comments or exclusions in .golangci.yml
diff --git a/.golangci.yml b/.golangci.yml
@@ -337,6 +337,8 @@ linters:
       severity: error
       enable-all-rules: true
       rules:
+        - name: argument-limit
+          arguments: [9]
         - name: add-constant
           disabled: true
         - name: cognitive-complexity
@@ -595,6 +597,11 @@ linters:
         path: cmd/crowdsec/flags.go
         text: 'deep-exit: .*'
 
+      - linters:
+          - revive
+        path: cmd/crowdsec-cli/clisetup/setup/systemd_test.go
+        text: 'deep-exit: .*'
+
       - linters:
           - gocritic
         path: cmd/crowdsec-cli
@@ -615,11 +622,6 @@ linters:
         path: pkg/(appsec|acquisition|dumps|alertcontext|leakybucket|exprhelpers)
         text: 'rangeValCopy: .*'
 
-      - linters:
-          - revive
-        path: pkg/logging/configure.go
-        text: 'argument-limit: .*'
-
       - linters:
           - usetesting
         path: pkg/apiserver/(.+)_test.go
diff --git a/cmd/crowdsec-cli/clidecision/decisions.go b/cmd/crowdsec-cli/clidecision/decisions.go
@@ -261,7 +261,6 @@ cscli decisions list --origin lists --scenario list_name
 	return cmd
 }
 
-//nolint:revive // we'll reduce the number of args later
 func (cli *cliDecisions) add(ctx context.Context, addIP, addRange, addDuration, addValue, addScope, addReason, addType string, bypassAllowlist bool) error {
 	alerts := models.AddAlertsRequest{}
 	origin := types.CscliOrigin
diff --git a/cmd/crowdsec-cli/clisetup/setup/systemd_test.go b/cmd/crowdsec-cli/clisetup/setup/systemd_test.go
@@ -38,7 +38,7 @@ func TestHelperProcess(_ *testing.T) {
 	}
 
 	if i >= len(args) {
-		os.Exit(2) //nolint:revive
+		os.Exit(2)
 	}
 
 	if args[i] == "systemctl" && i+1 < len(args) {
@@ -54,7 +54,7 @@ func TestHelperProcess(_ *testing.T) {
 			fmt.Fprint(os.Stdout, "Names="+unit+"\n")
 			fmt.Fprint(os.Stdout, "StandardOutput=journal\n")
 			fmt.Fprint(os.Stdout, "StandardError=journal\n")
-			os.Exit(0) //nolint:revive
+			os.Exit(0)
 		case "list-unit-files":
 			// systemctl list-unit-files --type=service
 			//nolint:dupword
@@ -64,7 +64,7 @@ apache2.service                           enabled  enabled
 apparmor.service                          enabled  enabled
 
 3 unit files listed.`)
-			os.Exit(0) //nolint:revive
+			os.Exit(0)
 		}
 	}
 }
diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go
@@ -81,7 +81,8 @@ func isBrokenConnection(maybeError any) bool {
 }
 
 func recoverFromPanic(c *gin.Context) {
-	err := recover() //nolint:revive
+	//revive:disable-next-line:defer
+	err := recover()
 	if err == nil {
 		return
 	}
diff --git a/pkg/apiserver/middlewares/v1/cache.go b/pkg/apiserver/middlewares/v1/cache.go
@@ -52,7 +52,8 @@ func (rc *RevocationCache) purgeExpired() {
 	}
 }
 
-func (rc *RevocationCache) Get(cert *x509.Certificate) (error, bool) { //nolint:revive
+//revive:disable-next-line:error-return
+func (rc *RevocationCache) Get(cert *x509.Certificate) (error, bool) {
 	rc.purgeExpired()
 	key := rc.generateKey(cert)
 	rc.mu.RLock()
diff --git a/pkg/apiserver/middlewares/v1/tls_auth.go b/pkg/apiserver/middlewares/v1/tls_auth.go
@@ -37,7 +37,8 @@ func (ta *TLSAuth) isExpired(cert *x509.Certificate) bool {
 }
 
 // checkRevocationPath checks a single chain against OCSP and CRL
-func (ta *TLSAuth) checkRevocationPath(ctx context.Context, chain []*x509.Certificate) (error, bool) { //nolint:revive
+//revive:disable-next-line:error-return
+func (ta *TLSAuth) checkRevocationPath(ctx context.Context, chain []*x509.Certificate) (error, bool) {
 	// if we ever fail to check OCSP or CRL, we should not cache the result
 	couldCheck := true
 
diff --git a/pkg/csplugin/hclog_adapter.go b/pkg/csplugin/hclog_adapter.go
@@ -234,5 +234,7 @@ func safeString(str fmt.Stringer) (s string) {
 	} else {
 		s = str.String()
 	}
-	return //nolint:revive // bare return for the defer
+
+	//revive:disable-next-line:bare-return
+	return // bare return is required for the defer
 }
diff --git a/pkg/dumps/parser_dump.go b/pkg/dumps/parser_dump.go
@@ -225,7 +225,8 @@ func (t *tree) displayResults(opts DumpOpts) {
 						case "update":
 							detailsDisplay += fmt.Sprintf("\t%s\t\t%s %s evt.%s : %s -> %s\n", presep, sep, change.Type, strings.Join(change.Path, "."), change.From, yellow(change.To))
 
-							if change.Path[0] == "Whitelisted" && change.To == true { //nolint:revive
+							//revive:disable-next-line:bool-literal-in-expr
+							if change.Path[0] == "Whitelisted" && change.To == true {
 								whitelisted = true
 
 								if whitelistReason == "" {
diff --git a/pkg/leakybucket/overflows.go b/pkg/leakybucket/overflows.go
@@ -361,7 +361,8 @@ func NewAlert(leaky *Leaky, queue *pipeline.Queue) (pipeline.RuntimeAlert, error
 		srcCopy := srcValue
 		newApiAlert.Source = &srcCopy
 
-		if v, ok := leaky.BucketConfig.Labels["remediation"]; ok && v == true { //nolint:revive
+		//revive:disable-next-line:bool-literal-in-expr
+		if v, ok := leaky.BucketConfig.Labels["remediation"]; ok && v == true {
 			newApiAlert.Remediation = true
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -261,7 +261,6 @@ cscli decisions list --origin lists --scenario list_name`
`261`	`261`	`return cmd`
`262`	`262`	`}`
`263`	`263`
`264`		`-//nolint:revive // we'll reduce the number of args later`
`265`	`264`	`func (cli *cliDecisions) add(ctx context.Context, addIP, addRange, addDuration, addValue, addScope, addReason, addType string, bypassAllowlist bool) error {`
`266`	`265`	`alerts := models.AddAlertsRequest{}`
`267`	`266`	`origin := types.CscliOrigin`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ func TestHelperProcess(_ *testing.T) {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`if i >= len(args) {`
`41`		`- os.Exit(2) //nolint:revive`
	`41`	`+ os.Exit(2)`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`if args[i] == "systemctl" && i+1 < len(args) {`
`@@ -54,7 +54,7 @@ func TestHelperProcess(_ *testing.T) {`
`54`	`54`	`fmt.Fprint(os.Stdout, "Names="+unit+"\n")`
`55`	`55`	`fmt.Fprint(os.Stdout, "StandardOutput=journal\n")`
`56`	`56`	`fmt.Fprint(os.Stdout, "StandardError=journal\n")`
`57`		`- os.Exit(0) //nolint:revive`
	`57`	`+ os.Exit(0)`
`58`	`58`	`case "list-unit-files":`
`59`	`59`	`// systemctl list-unit-files --type=service`
`60`	`60`	`//nolint:dupword`
`@@ -64,7 +64,7 @@ apache2.service enabled enabled`
`64`	`64`	`apparmor.service enabled enabled`
`65`	`65`
`66`	`66`	3 unit files listed.`)
`67`		`- os.Exit(0) //nolint:revive`
	`67`	`+ os.Exit(0)`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,8 @@ func isBrokenConnection(maybeError any) bool {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`func recoverFromPanic(c *gin.Context) {`
`84`		`- err := recover() //nolint:revive`
	`84`	`+ //revive:disable-next-line:defer`
	`85`	`+ err := recover()`
`85`	`86`	`if err == nil {`
`86`	`87`	`return`
`87`	`88`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,8 @@ func (rc *RevocationCache) purgeExpired() {`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`
`55`		`-func (rc RevocationCache) Get(cert x509.Certificate) (error, bool) { //nolint:revive`
	`55`	`+//revive:disable-next-line:error-return`
	`56`	`+func (rc RevocationCache) Get(cert x509.Certificate) (error, bool) {`
`56`	`57`	`rc.purgeExpired()`
`57`	`58`	`key := rc.generateKey(cert)`
`58`	`59`	`rc.mu.RLock()`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,8 @@ func (ta TLSAuth) isExpired(cert x509.Certificate) bool {`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`// checkRevocationPath checks a single chain against OCSP and CRL`
`40`		`-func (ta TLSAuth) checkRevocationPath(ctx context.Context, chain []x509.Certificate) (error, bool) { //nolint:revive`
	`40`	`+//revive:disable-next-line:error-return`
	`41`	`+func (ta TLSAuth) checkRevocationPath(ctx context.Context, chain []x509.Certificate) (error, bool) {`
`41`	`42`	`// if we ever fail to check OCSP or CRL, we should not cache the result`
`42`	`43`	`couldCheck := true`
`43`	`44`
Original file line number	Diff line number	Diff line change
`@@ -234,5 +234,7 @@ func safeString(str fmt.Stringer) (s string) {`
`234`	`234`	`} else {`
`235`	`235`	`s = str.String()`
`236`	`236`	`}`
`237`		`- return //nolint:revive // bare return for the defer`
	`237`	`+`
	`238`	`+ //revive:disable-next-line:bare-return`
	`239`	`+ return // bare return is required for the defer`
`238`	`240`	`}`
Original file line number	Diff line number	Diff line change
`@@ -361,7 +361,8 @@ func NewAlert(leaky Leaky, queue pipeline.Queue) (pipeline.RuntimeAlert, error`
`361`	`361`	`srcCopy := srcValue`
`362`	`362`	`newApiAlert.Source = &srcCopy`
`363`	`363`
`364`		`- if v, ok := leaky.BucketConfig.Labels["remediation"]; ok && v == true { //nolint:revive`
	`364`	`+ //revive:disable-next-line:bool-literal-in-expr`
	`365`	`+ if v, ok := leaky.BucketConfig.Labels["remediation"]; ok && v == true {`
`365`	`366`	`newApiAlert.Remediation = true`
`366`	`367`	`}`
`367`	`368`