Merge branch 'master' into name-constraints

Author: maraino

Diff for: .github/workflows/codeql-analysis.yml

@@ -18,7 +18,11 @@ on:
     # The branches below must be a subset of the branches above
     branches: [ "master" ]
   schedule:
-    - cron: '30 3 * * 3'
+    - cron: '0 0 * * *'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 jobs:
   analyze:
@@ -48,11 +52,11 @@ jobs:
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
-        
+
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-        
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
@@ -61,7 +65,7 @@ jobs:
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
     # - run: |

Diff for: .github/workflows/release.yml

@@ -7,41 +7,13 @@ on:
     - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
 jobs:
-  test:
-    name: Lint, Test, Build
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        go: [ '1.18', '1.19' ]
-    outputs:
-      is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go }}
-      -
-        name: Install Deps
-        id: install-deps
-        run: sudo apt-get -y install libpcsclite-dev
-      -
-        name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
-        with:
-          version: ${{ secrets.GOLANGCI_LINT_VERSION }}
-          args: --timeout=30m
-      -
-        name: Test, Build
-        id: lint_test_build
-        run: V=1 make ci
+  ci:
+    uses: smallstep/workflows/.github/workflows/goCI.yml@main
+
 
   create_release:
     name: Create Release
-    needs: test
+    needs: ci
     runs-on: ubuntu-20.04
     outputs:
       debversion: ${{ steps.extract-tag.outputs.DEB_VERSION }}
@@ -132,7 +104,7 @@ jobs:
   build_upload_docker:
     name: Build & Upload Docker Images
     runs-on: ubuntu-20.04
-    needs: test
+    needs: ci
     steps:
       -
         name: Checkout

Diff for: .github/workflows/test.yml

@@ -1,4 +1,4 @@
-name: Lint, Test, Build
+name: CI
 
 on:
   push:
@@ -7,43 +7,13 @@ on:
     branches:
     - "**"
   pull_request:
+  schedule:
+    - cron: '0 0 * * *'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  lintTestBuild:
-    name: Lint, Test, Build
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        go: [ '1.18', '1.19' ]
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ matrix.go }}
-      -
-        name: Install Deps
-        id: install-deps
-        run: sudo apt-get -y install libpcsclite-dev
-      -
-        name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
-        with:
-          version: ${{ secrets.GOLANGCI_LINT_VERSION }}
-          args: --timeout=30m
-      -
-        name: Test, Build
-        id: lint_test_build
-        run: V=1 make ci
-      -
-        name: Codecov
-        if: matrix.go == '1.19'
-        uses: codecov/codecov-action@v2
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./coverage.out # optional
-          name: codecov-umbrella # optional
-          fail_ci_if_error: true # optional (default = false)
+  ci:
+    uses: smallstep/workflows/.github/workflows/goCI.yml@main

Diff for: .golangci.yml

@@ -28,8 +28,9 @@ ci: testcgo build
 #########################################
 
 bootstra%:
-	# Using a released version of golangci-lint to take into account custom replacements in their go.mod
-	$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.42.0
+	$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $$(go env GOPATH)/bin latest
+	$Q go install golang.org/x/vuln/cmd/govulncheck@latest
+	$Q go install gotest.tools/gotestsum@latest
 
 .PHONY: bootstra%
 
@@ -132,17 +133,18 @@ generate:
 # Test
 #########################################
 test:
-	$Q $(GOFLAGS) go test -short -coverprofile=coverage.out ./...
+	$Q $(GOFLAGS) gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
+
 
 testcgo:
-	$Q go test -short -coverprofile=coverage.out ./...
+	$Q gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
 
 .PHONY: test testcgo
 
 integrate: integration
 
 integration: bin/$(BINNAME)
-	$Q $(GOFLAGS) go test -tags=integration ./integration/...
+	$Q $(GOFLAGS) gotestsum -- -tags=integration ./integration/...
 
 .PHONY: integrate integration
 
@@ -151,15 +153,14 @@ integration: bin/$(BINNAME)
 #########################################
 
 fmt:
-	$Q gofmt -l -s -w $(SRC)
+	$Q goimports -l -w $(SRC)
 
+lint: SHELL:=/bin/bash
 lint:
-	$Q golangci-lint run --timeout=30m
-
-lintcgo:
-	$Q LOG_LEVEL=error golangci-lint run --timeout=30m
+	$Q LOG_LEVEL=error golangci-lint run --config <(curl -s https://raw.githubusercontent.com/smallstep/workflows/master/.golangci.yml) --timeout=30m
+	$Q govulncheck ./...
 
-.PHONY: fmt lint lintcgo
+.PHONY: fmt lint
 
 #########################################
 # Install

Diff for: Makefile

@@ -33,7 +33,7 @@ func (a *Account) ToLog() (interface{}, error) {
 
 // IsValid returns true if the Account is valid.
 func (a *Account) IsValid() bool {
-	return Status(a.Status) == StatusValid
+	return a.Status == StatusValid
 }
 
 // KeyToID converts a JWK to a thumbprint.

Diff for: acme/account.go

@@ -46,14 +46,14 @@ func TestKeyToID(t *testing.T) {
 			tc := run(t)
 			if id, err := KeyToID(tc.jwk); err != nil {
 				if assert.NotNil(t, tc.err) {
-					switch k := err.(type) {
-					case *Error:
+					var k *Error
+					if errors.As(err, &k) {
 						assert.Equals(t, k.Type, tc.err.Type)
 						assert.Equals(t, k.Detail, tc.err.Detail)
 						assert.Equals(t, k.Status, tc.err.Status)
 						assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
 						assert.Equals(t, k.Detail, tc.err.Detail)
-					default:
+					} else {
 						assert.FatalError(t, errors.New("unexpected error type"))
 					}
 				}
@@ -131,12 +131,13 @@ func TestExternalAccountKey_BindTo(t *testing.T) {
 			}
 			if wantErr {
 				assert.NotNil(t, err)
-				assert.Type(t, &Error{}, err)
-				ae, _ := err.(*Error)
-				assert.Equals(t, ae.Type, tt.err.Type)
-				assert.Equals(t, ae.Detail, tt.err.Detail)
-				assert.Equals(t, ae.Identifier, tt.err.Identifier)
-				assert.Equals(t, ae.Subproblems, tt.err.Subproblems)
+				var ae *Error
+				if assert.True(t, errors.As(err, &ae)) {
+					assert.Equals(t, ae.Type, tt.err.Type)
+					assert.Equals(t, ae.Detail, tt.err.Detail)
+					assert.Equals(t, ae.Identifier, tt.err.Identifier)
+					assert.Equals(t, ae.Subproblems, tt.err.Subproblems)
+				}
 			} else {
 				assert.Equals(t, eak.AccountID, acct.ID)
 				assert.Equals(t, eak.HmacKey, []byte{})

Diff for: acme/account_test.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 
 	"github.com/go-chi/chi"
@@ -97,8 +98,8 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 	httpStatus := http.StatusCreated
 	acc, err := accountFromContext(ctx)
 	if err != nil {
-		acmeErr, ok := err.(*acme.Error)
-		if !ok || acmeErr.Status != http.StatusBadRequest {
+		var acmeErr *acme.Error
+		if !errors.As(err, &acmeErr) || acmeErr.Status != http.StatusBadRequest {
 			// Something went wrong ...
 			render.Error(w, err)
 			return

Diff for: acme/api/account.go

@@ -197,11 +197,12 @@ func TestNewAccountRequest_Validate(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			if err := tc.nar.Validate(); err != nil {
 				if assert.NotNil(t, err) {
-					ae, ok := err.(*acme.Error)
-					assert.True(t, ok)
-					assert.HasPrefix(t, ae.Error(), tc.err.Error())
-					assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
-					assert.Equals(t, ae.Type, tc.err.Type)
+					var ae *acme.Error
+					if assert.True(t, errors.As(err, &ae)) {
+						assert.HasPrefix(t, ae.Error(), tc.err.Error())
+						assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
+						assert.Equals(t, ae.Type, tc.err.Type)
+					}
 				}
 			} else {
 				assert.Nil(t, tc.err)
@@ -268,11 +269,12 @@ func TestUpdateAccountRequest_Validate(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			if err := tc.uar.Validate(); err != nil {
 				if assert.NotNil(t, err) {
-					ae, ok := err.(*acme.Error)
-					assert.True(t, ok)
-					assert.HasPrefix(t, ae.Error(), tc.err.Error())
-					assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
-					assert.Equals(t, ae.Type, tc.err.Type)
+					var ae *acme.Error
+					if assert.True(t, errors.As(err, &ae)) {
+						assert.HasPrefix(t, ae.Error(), tc.err.Error())
+						assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
+						assert.Equals(t, ae.Type, tc.err.Type)
+					}
 				}
 			} else {
 				assert.Nil(t, tc.err)