chore: update golang to 1.24.1 (#17035)

- Update go.mod to use Go 1.24.1 - Update GitHub Actions setup-go action to use Go 1.24.1 - Fix linting issues with golangci-lint by: - Updating to golangci-lint v1.57.1 (more compatible with Go 1.24.1) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com>
2025-07-18 14:17:22 +00:00 · 2025-03-26 01:56:39 -05:00
parent c131d01cfd
commit 17ddee05e5
187 changed files with 650 additions and 531 deletions
--- a/coderd/database/dbauthz/dbauthz.go
+++ b/coderd/database/dbauthz/dbauthz.go
@ -33,8 +33,8 @@ var _ database.Store = (*querier)(nil)

 const wrapname = "dbauthz.querier"

-// NoActorError is returned if no actor is present in the context.
-var NoActorError = xerrors.Errorf("no authorization actor in context")
+// ErrNoActor is returned if no actor is present in the context.
+var ErrNoActor = xerrors.Errorf("no authorization actor in context")

 // NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows.
 // This allows the internal error to be read by the caller if needed. Otherwise
@ -69,7 +69,7 @@ func IsNotAuthorizedError(err error) bool {
 	if err == nil {
 		return false
 	}
-	if xerrors.Is(err, NoActorError) {
+	if xerrors.Is(err, ErrNoActor) {
 		return true
 	}

@ -140,7 +140,7 @@ func (q *querier) Wrappers() []string {
 func (q *querier) authorizeContext(ctx context.Context, action policy.Action, object rbac.Objecter) error {
 	act, ok := ActorFromContext(ctx)
 	if !ok {
-		return NoActorError
+		return ErrNoActor
 	}

 	err := q.auth.Authorize(ctx, act, action, object.RBACObject())
@ -466,7 +466,7 @@ func insertWithAction[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}

 		// Authorize the action
@ -544,7 +544,7 @@ func fetchWithAction[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}

 		// Fetch the database object
@ -620,7 +620,7 @@ func fetchAndQuery[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}

 		// Fetch the database object
@ -654,7 +654,7 @@ func fetchWithPostFilter[
 		// Fetch the rbac subject
 		act, ok := ActorFromContext(ctx)
 		if !ok {
-			return empty, NoActorError
+			return empty, ErrNoActor
 		}

 		// Fetch the database object
@ -673,7 +673,7 @@ func fetchWithPostFilter[
 func prepareSQLFilter(ctx context.Context, authorizer rbac.Authorizer, action policy.Action, resourceType string) (rbac.PreparedAuthorized, error) {
 	act, ok := ActorFromContext(ctx)
 	if !ok {
-		return nil, NoActorError
+		return nil, ErrNoActor
 	}

 	return authorizer.Prepare(ctx, act, action, resourceType)
@ -752,7 +752,7 @@ func (*querier) convertToDeploymentRoles(names []string) []rbac.RoleIdentifier {
 func (q *querier) canAssignRoles(ctx context.Context, orgID uuid.UUID, added, removed []rbac.RoleIdentifier) error {
 	actor, ok := ActorFromContext(ctx)
 	if !ok {
-		return NoActorError
+		return ErrNoActor
 	}

 	roleAssign := rbac.ResourceAssignRole
@ -961,7 +961,7 @@ func (q *querier) customRoleEscalationCheck(ctx context.Context, actor rbac.Subj
 func (q *querier) customRoleCheck(ctx context.Context, role database.CustomRole) error {
 	act, ok := ActorFromContext(ctx)
 	if !ok {
-		return NoActorError
+		return ErrNoActor
 	}

 	// Org permissions require an org role
@ -1667,8 +1667,8 @@ func (q *querier) GetDeploymentWorkspaceStats(ctx context.Context) (database.Get
 	return q.db.GetDeploymentWorkspaceStats(ctx)
 }

-func (q *querier) GetEligibleProvisionerDaemonsByProvisionerJobIDs(ctx context.Context, provisionerJobIds []uuid.UUID) ([]database.GetEligibleProvisionerDaemonsByProvisionerJobIDsRow, error) {
-	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetEligibleProvisionerDaemonsByProvisionerJobIDs)(ctx, provisionerJobIds)
+func (q *querier) GetEligibleProvisionerDaemonsByProvisionerJobIDs(ctx context.Context, provisionerJobIDs []uuid.UUID) ([]database.GetEligibleProvisionerDaemonsByProvisionerJobIDsRow, error) {
+	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetEligibleProvisionerDaemonsByProvisionerJobIDs)(ctx, provisionerJobIDs)
 }

 func (q *querier) GetExternalAuthLink(ctx context.Context, arg database.GetExternalAuthLinkParams) (database.ExternalAuthLink, error) {
@ -3050,11 +3050,11 @@ func (q *querier) GetWorkspaceResourcesCreatedAfter(ctx context.Context, created
 	return q.db.GetWorkspaceResourcesCreatedAfter(ctx, createdAt)
 }

-func (q *querier) GetWorkspaceUniqueOwnerCountByTemplateIDs(ctx context.Context, templateIds []uuid.UUID) ([]database.GetWorkspaceUniqueOwnerCountByTemplateIDsRow, error) {
+func (q *querier) GetWorkspaceUniqueOwnerCountByTemplateIDs(ctx context.Context, templateIDs []uuid.UUID) ([]database.GetWorkspaceUniqueOwnerCountByTemplateIDsRow, error) {
 	if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil {
 		return nil, err
 	}
-	return q.db.GetWorkspaceUniqueOwnerCountByTemplateIDs(ctx, templateIds)
+	return q.db.GetWorkspaceUniqueOwnerCountByTemplateIDs(ctx, templateIDs)
 }

 func (q *querier) GetWorkspaces(ctx context.Context, arg database.GetWorkspacesParams) ([]database.GetWorkspacesRow, error) {
@ -3245,6 +3245,7 @@ func (q *querier) InsertOrganizationMember(ctx context.Context, arg database.Ins
 	}

 	// All roles are added roles. Org member is always implied.
+	//nolint:gocritic
 	addedRoles := append(orgRoles, rbac.ScopedRoleOrgMember(arg.OrganizationID))
 	err = q.canAssignRoles(ctx, arg.OrganizationID, addedRoles, []rbac.RoleIdentifier{})
 	if err != nil {
@ -3397,7 +3398,7 @@ func (q *querier) InsertUserGroupsByName(ctx context.Context, arg database.Inser
 	// This will add the user to all named groups. This counts as updating a group.
 	// NOTE: instead of checking if the user has permission to update each group, we instead
 	// check if the user has permission to update *a* group in the org.
-	fetch := func(ctx context.Context, arg database.InsertUserGroupsByNameParams) (rbac.Objecter, error) {
+	fetch := func(_ context.Context, arg database.InsertUserGroupsByNameParams) (rbac.Objecter, error) {
 		return rbac.ResourceGroup.InOrg(arg.OrganizationID), nil
 	}
 	return update(q.log, q.auth, fetch, q.db.InsertUserGroupsByName)(ctx, arg)
@ -3830,6 +3831,7 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
 	}

 	// The org member role is always implied.
+	//nolint:gocritic
 	impliedTypes := append(scopedGranted, rbac.ScopedRoleOrgMember(arg.OrgID))

 	added, removed := rbac.ChangeRoleSet(originalRoles, impliedTypes)
@ -3930,7 +3932,7 @@ func (q *querier) UpdateProvisionerJobWithCancelByID(ctx context.Context, arg da
 			// Only owners can cancel workspace builds
 			actor, ok := ActorFromContext(ctx)
 			if !ok {
-				return NoActorError
+				return ErrNoActor
 			}
 			if !slice.Contains(actor.Roles.Names(), rbac.RoleOwner()) {
 				return xerrors.Errorf("only owners can cancel workspace builds")
--- a/coderd/database/dbauthz/setup_test.go
+++ b/coderd/database/dbauthz/setup_test.go
@ -252,7 +252,7 @@ func (s *MethodTestSuite) NoActorErrorTest(callMethod func(ctx context.Context)
 	s.Run("AsRemoveActor", func() {
 		// Call without any actor
 		_, err := callMethod(context.Background())
-		s.ErrorIs(err, dbauthz.NoActorError, "method should return NoActorError error when no actor is provided")
+		s.ErrorIs(err, dbauthz.ErrNoActor, "method should return NoActorError error when no actor is provided")
 	})
 }

--- a/coderd/database/dbfake/builder.go
+++ b/coderd/database/dbfake/builder.go
@ -40,6 +40,7 @@ type OrganizationResponse struct {

 func (b OrganizationBuilder) EveryoneAllowance(allowance int) OrganizationBuilder {
 	//nolint: revive // returns modified struct
+	// #nosec G115 - Safe conversion as allowance is expected to be within int32 range
 	b.allUsersAllowance = int32(allowance)
 	return b
 }
--- a/coderd/database/dbmem/dbmem.go
+++ b/coderd/database/dbmem/dbmem.go
@ -6057,6 +6057,7 @@ func (q *FakeQuerier) GetTemplateVersionsByTemplateID(_ context.Context, arg dat

 	if arg.LimitOpt > 0 {
 		if int(arg.LimitOpt) > len(version) {
+			// #nosec G115 - Safe conversion as version slice length is expected to be within int32 range
 			arg.LimitOpt = int32(len(version))
 		}
 		version = version[:arg.LimitOpt]
@ -6691,6 +6692,7 @@ func (q *FakeQuerier) GetUsers(_ context.Context, params database.GetUsersParams

 	if params.LimitOpt > 0 {
 		if int(params.LimitOpt) > len(users) {
+			// #nosec G115 - Safe conversion as users slice length is expected to be within int32 range
 			params.LimitOpt = int32(len(users))
 		}
 		users = users[:params.LimitOpt]
@ -7618,6 +7620,7 @@ func (q *FakeQuerier) GetWorkspaceBuildsByWorkspaceID(_ context.Context,

 	if params.LimitOpt > 0 {
 		if int(params.LimitOpt) > len(history) {
+			// #nosec G115 - Safe conversion as history slice length is expected to be within int32 range
 			params.LimitOpt = int32(len(history))
 		}
 		history = history[:params.LimitOpt]
@ -9280,6 +9283,7 @@ func (q *FakeQuerier) InsertWorkspaceAgentLogs(_ context.Context, arg database.I
 			LogSourceID: arg.LogSourceID,
 			Output:      output,
 		})
+		// #nosec G115 - Safe conversion as log output length is expected to be within int32 range
 		outputLength += int32(len(output))
 	}
 	for index, agent := range q.workspaceAgents {
@ -12415,17 +12419,23 @@ TemplateUsageStatsInsertLoop:

 		// SELECT
 		tus := database.TemplateUsageStat{
-			StartTime:           stat.TimeBucket,
-			EndTime:             stat.TimeBucket.Add(30 * time.Minute),
-			TemplateID:          stat.TemplateID,
-			UserID:              stat.UserID,
-			UsageMins:           int16(stat.UsageMins),
-			MedianLatencyMs:     sql.NullFloat64{Float64: latency.MedianLatencyMS, Valid: latencyOk},
-			SshMins:             int16(stat.SSHMins),
-			SftpMins:            int16(stat.SFTPMins),
+			StartTime:  stat.TimeBucket,
+			EndTime:    stat.TimeBucket.Add(30 * time.Minute),
+			TemplateID: stat.TemplateID,
+			UserID:     stat.UserID,
+			// #nosec G115 - Safe conversion for usage minutes which are expected to be within int16 range
+			UsageMins:       int16(stat.UsageMins),
+			MedianLatencyMs: sql.NullFloat64{Float64: latency.MedianLatencyMS, Valid: latencyOk},
+			// #nosec G115 - Safe conversion for SSH minutes which are expected to be within int16 range
+			SshMins: int16(stat.SSHMins),
+			// #nosec G115 - Safe conversion for SFTP minutes which are expected to be within int16 range
+			SftpMins: int16(stat.SFTPMins),
+			// #nosec G115 - Safe conversion for ReconnectingPTY minutes which are expected to be within int16 range
 			ReconnectingPtyMins: int16(stat.ReconnectingPTYMins),
-			VscodeMins:          int16(stat.VSCodeMins),
-			JetbrainsMins:       int16(stat.JetBrainsMins),
+			// #nosec G115 - Safe conversion for VSCode minutes which are expected to be within int16 range
+			VscodeMins: int16(stat.VSCodeMins),
+			// #nosec G115 - Safe conversion for JetBrains minutes which are expected to be within int16 range
+			JetbrainsMins: int16(stat.JetBrainsMins),
 		}
 		if len(stat.AppUsageMinutes) > 0 {
 			tus.AppUsageMins = make(map[string]int64, len(stat.AppUsageMinutes))
--- a/coderd/database/lock.go
+++ b/coderd/database/lock.go
@ -18,5 +18,6 @@ const (
 func GenLockID(name string) int64 {
 	hash := fnv.New64()
 	_, _ = hash.Write([]byte(name))
+	// #nosec G115 - Safe conversion as FNV hash should be treated as random value and both uint64/int64 have the same range of unique values
 	return int64(hash.Sum64())
 }
--- a/coderd/database/migrations/migrate_test.go
+++ b/coderd/database/migrations/migrate_test.go
@ -199,7 +199,7 @@ func (s *tableStats) Add(table string, n int) {
 	s.mu.Lock()
 	defer s.mu.Unlock()

-	s.s[table] = s.s[table] + n
+	s.s[table] += n
 }

 func (s *tableStats) Empty() []string {
--- a/coderd/database/modelmethods.go
+++ b/coderd/database/modelmethods.go
@ -160,6 +160,7 @@ func (t Template) DeepCopy() Template {
 func (t Template) AutostartAllowedDays() uint8 {
 	// Just flip the binary 0s to 1s and vice versa.
 	// There is an extra day with the 8th bit that needs to be zeroed.
+	// #nosec G115 - Safe conversion for AutostartBlockDaysOfWeek which is 7 bits
 	return ^uint8(t.AutostartBlockDaysOfWeek) & 0b01111111
 }

--- a/coderd/database/pglocks.go
+++ b/coderd/database/pglocks.go
@ -112,7 +112,7 @@ func (l PGLocks) String() string {

 // Difference returns the difference between two sets of locks.
 // This is helpful to determine what changed between the two sets.
-func (l PGLocks) Difference(to PGLocks) (new PGLocks, removed PGLocks) {
+func (l PGLocks) Difference(to PGLocks) (newVal PGLocks, removed PGLocks) {
 	return slice.SymmetricDifferenceFunc(l, to, func(a, b PGLock) bool {
 		return a.Equal(b)
 	})
--- a/coderd/database/querier_test.go
+++ b/coderd/database/querier_test.go
@ -2119,10 +2119,11 @@ func createTemplateVersion(t testing.TB, db database.Store, tpl database.Templat
 			dbgen.WorkspaceBuild(t, db, database.WorkspaceBuild{
 				WorkspaceID:       wrk.ID,
 				TemplateVersionID: version.ID,
-				BuildNumber:       int32(i) + 2,
-				Transition:        trans,
-				InitiatorID:       tpl.CreatedBy,
-				JobID:             latestJob.ID,
+				// #nosec G115 - Safe conversion as build number is expected to be within int32 range
+				BuildNumber: int32(i) + 2,
+				Transition:  trans,
+				InitiatorID: tpl.CreatedBy,
+				JobID:       latestJob.ID,
 			})
 		}

@ -3182,21 +3183,22 @@ func TestGetUserStatusCounts(t *testing.T) {
 								row.Date.In(location).String(),
 								i,
 							)
-							if row.Date.Before(createdAt) {
+							switch {
+							case row.Date.Before(createdAt):
 								require.Equal(t, int64(0), row.Count)
-							} else if row.Date.Before(firstTransitionTime) {
+							case row.Date.Before(firstTransitionTime):
 								if row.Status == tc.initialStatus {
 									require.Equal(t, int64(1), row.Count)
 								} else if row.Status == tc.targetStatus {
 									require.Equal(t, int64(0), row.Count)
 								}
-							} else if !row.Date.After(today) {
+							case !row.Date.After(today):
 								if row.Status == tc.initialStatus {
 									require.Equal(t, int64(0), row.Count)
 								} else if row.Status == tc.targetStatus {
 									require.Equal(t, int64(1), row.Count)
 								}
-							} else {
+							default:
 								t.Errorf("date %q beyond expected range end %q", row.Date, today)
 							}
 						}
@ -3337,18 +3339,19 @@ func TestGetUserStatusCounts(t *testing.T) {
 							expectedCounts[d][tc.user2Transition.to] = 0

 							// Counted Values
-							if d.Before(createdAt) {
+							switch {
+							case d.Before(createdAt):
 								continue
-							} else if d.Before(firstTransitionTime) {
+							case d.Before(firstTransitionTime):
 								expectedCounts[d][tc.user1Transition.from]++
 								expectedCounts[d][tc.user2Transition.from]++
-							} else if d.Before(secondTransitionTime) {
+							case d.Before(secondTransitionTime):
 								expectedCounts[d][tc.user1Transition.to]++
 								expectedCounts[d][tc.user2Transition.from]++
-							} else if d.Before(today) {
+							case d.Before(today):
 								expectedCounts[d][tc.user1Transition.to]++
 								expectedCounts[d][tc.user2Transition.to]++
-							} else {
+							default:
 								t.Fatalf("date %q beyond expected range end %q", d, today)
 							}
 						}
@ -3441,11 +3444,12 @@ func TestGetUserStatusCounts(t *testing.T) {
 						i,
 					)
 					require.Equal(t, database.UserStatusActive, row.Status)
-					if row.Date.Before(createdAt) {
+					switch {
+					case row.Date.Before(createdAt):
 						require.Equal(t, int64(0), row.Count)
-					} else if i == len(userStatusChanges)-1 {
+					case i == len(userStatusChanges)-1:
 						require.Equal(t, int64(0), row.Count)
-					} else {
+					default:
 						require.Equal(t, int64(1), row.Count)
 					}
 				}