.gitignore

@@ -7,11 +7,7 @@
 .gitlab_shell_secret
 .idea
 /*.log*
-/bin/check
-/bin/gitlab-shell
-/bin/gitlab-shell-authorized-keys-check
-/bin/gitlab-shell-authorized-principals-check
-/bin/gitlab-sshd
+/bin/*
 /gl-code-quality-report.json
 /go_build
 /support/bin/golangci-*

.gitlab-ci.yml

@@ -3,27 +3,29 @@ include:
   - template: Security/SAST.gitlab-ci.yml
   - template: Security/Dependency-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
-  - component: ${CI_SERVER_FQDN}/gitlab-org/components/danger-review/danger-review@1.4.1
 
 stages:
   - prepare
+  - lint
   - test
+  - post-test
 
 variables:
   FF_USE_FASTZIP: 'true'
   TRANSFER_METER_FREQUENCY: "1s"
   DOCKER_VERSION: "20.10.15"
   BUNDLE_FROZEN: "true"
-  GO_VERSION: "golang-1.22"
+  GO_VERSION: "1.23"
   GOPATH: $CI_PROJECT_DIR/.GOPATH
   DEBIAN_VERSION: "bookworm"
-  RUBY_VERSION: "3.2.4"
+  RUBY_VERSION: "3.2.5"
   BUNDLE_PATH: vendor/ruby
   POLICY: pull
   CI_DEBUG_SERVICES: 'true'
-  RUST_VERSION: "rust-1.73"
+  RUST_VERSION: "1.73"
   UBI_VERSION: "8.6"
-  IMAGE_TAG: "rubygems-3.4-git-2.36-exiftool-12.60"
+  IMAGE_TAG: "rubygems-3.5-git-2.45-exiftool-12.60"
+  GITLAB_ADVANCED_SAST_ENABLED: 'true'
 
 workflow:
   rules: &workflow_rules
@@ -34,8 +36,15 @@ workflow:
     # For tags, create a pipeline.
     - if: '$CI_COMMIT_TAG'
 
+.rules:go-changes:
+  rules:
+    - changes:
+        - 'go.mod'
+        - 'go.sum'
+        - '**/*.go'
+
 default:
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-${GO_VERSION}-${RUST_VERSION}:${IMAGE_TAG}
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:${IMAGE_TAG}
   tags:
     - gitlab-org
 
@@ -49,7 +58,7 @@ default:
 
 .cached-go: &cached_go
   - key:
-      prefix: $GO_VERSION-cache
+      prefix: "golang-${GO_VERSION}-cache"
       files:
         - go.mod
         - go.sum
@@ -84,7 +93,7 @@ default:
 .go-matrix-job:
   parallel:
     matrix:
-      - GO_VERSION: ["golang-1.21", "golang-1.22"]
+      - GO_VERSION: ["1.22", "1.23"]
 
 ################################################################################
 # Prepare jobs
@@ -114,6 +123,7 @@ modules:download:
 
 .test-job:
   needs: ['bundle:install', 'modules:download']
+  rules: !reference [".rules:go-changes", rules]
   variables:
     GITALY_CONNECTION_INFO: '{"address":"tcp://gitaly:8075", "storage":"default"}'
   before_script:
@@ -156,7 +166,7 @@ tests_without_cgo:
     - make verify test_fancy
 
 tests:fips:
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images/ubi-${UBI_VERSION}-ruby-${RUBY_VERSION}-${GO_VERSION}-${RUST_VERSION}:${IMAGE_TAG}
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images/ubi-${UBI_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:${IMAGE_TAG}
   extends:
     - .cached-job
     - .test-job
@@ -174,10 +184,12 @@ race:
     - make test_golang_race
 
 code_quality:
+  stage: lint
   extends: .use-docker-in-docker
   rules: *workflow_rules
 
 code_navigation:
+  stage: post-test
   image: sourcegraph/lsif-go:v1.9
   allow_failure: true
   script:
@@ -188,17 +200,25 @@ code_navigation:
 
 # SAST
 semgrep-sast:
+  stage: lint
+  rules: *workflow_rules
+
+gitlab-advanced-sast:
+  stage: lint
   rules: *workflow_rules
 
 # Dependency Scanning
 gemnasium-dependency_scanning:
+  stage: lint
   rules: *workflow_rules
 
 # Secret Detection
 secret_detection:
+  stage: lint
   rules: *workflow_rules
 
 build-package-and-qa:
+  stage: post-test
   trigger:
     project: 'gitlab-org/build/omnibus-gitlab-mirror'
     branch: 'master'
@@ -230,13 +250,14 @@ build-package-and-qa:
   needs: []
 
 modules:tidy:
+  stage: lint
   needs: ['modules:download']
   script:
     - go mod tidy
     - git diff --exit-code go.mod go.sum
 
 lint:
-  stage: test
+  stage: lint
   script:
     # Write the code coverage report to gl-code-quality-report.json
     # and print linting issues to stdout in the format: path/to/file:line description
@@ -252,7 +273,8 @@ lint:
       - gl-code-quality-report.json
 
 nilaway:
-  stage: test
+  stage: lint
+  rules: !reference [".rules:go-changes", rules]
   before_script:
     - go install go.uber.org/nilaway/cmd/nilaway@latest
   script:

.gitlab/CODEOWNERS

 # https://gitlab.com/groups/gitlab-org/maintainers/gitlab-shell/-/group_members?with_inherited_permissions=exclude
 * @gitlab-org/maintainers/gitlab-shell
 
-[Documentation]
-*.md @aqualls
+[Documentation] @gl-docsteam
+*.md 
+/doc/

.golangci.yml

@@ -61,6 +61,8 @@ output:
   # print linter name in the end of issue text, default is true
   print-linter-name: true
 
+  sort-results: true
+
 # all available settings of specific linters
 linters-settings:
   errcheck:
@@ -262,11 +264,11 @@ linters:
   disable-all: true
   enable:
     - bodyclose
+    - copyloopvar
     - depguard
     - dogsled
     - dupl
     - errcheck
-    - exportloopref
     - funlen
     - gocognit
     - goconst

.ruby-version

-3.2.3
+3.3.4

.tool-versions

-ruby 3.2.3
-golang 1.22.4
+ruby 3.3.5
+golang 1.23.2

CHANGELOG

+v14.39.0
+
+- Revise CODEOWNERS to use entire TW team !1125
+- Rename bin/check to bin/gitlab-shell-check to to avoid name clash !801
+- Update golangci to 1.60.1 !1122
+- Move bin/install to support/make_necessary_dirs !799
+- Update dependency golang to v1.23.0 !1121
+- Use go build so we can use -o !1117
+- Add 'make make_necessary_dirs' alias !1119
+- Add GitLab Advanced SAST to CI/CD config !1120
+- Update github.com/charmbracelet/git-lfs-transfer digest to 2cab0ea !1118
+- Update module golang.org/x/crypto to v0.26.0 !1115
+- Update dependency golang to v1.22.6 !1116
+- Update github.com/charmbracelet/git-lfs-transfer digest to c3aa24b !1113
+- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.8 !1114
+- Update module golang.org/x/sync to v0.8.0 !1112
+
+v14.38.0
+
+- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.7 !1110
+- Add basic LFS connections metric for SSH !1107
+- Update module google.golang.org/grpc to v1.65.0 !1098
+- Add basic LFS connections metric for HTTP !1108
+- Remove migration section as no longer supported !1106
+- Update module gitlab.com/gitlab-org/gitaly/v16 to v16.11.6 !1104
+- Update dependency ruby to v3.3.4 !1102
+- Update Ruby to 3.3.4 !1105
+- Update module golang.org/x/crypto to v0.25.0 !1100
+- Update github.com/charmbracelet/git-lfs-transfer digest to bacbfdb !1101
+- Restructure CI jobs !1097
+- Update dependency golang to v1.22.5 !1099
+
 v14.37.0
 
 - Update dependency danger-review to v1.4.1 !1095

Gemfile

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 group :development, :test do
   gem 'rspec', '~> 3.13.0'
-  gem 'webrick', '~> 1.8', '>= 1.8.1'
+  gem 'webrick', '~> 1.8', '>= 1.8.2'
 end
 
 group :development, :danger do

Gemfile.lock

@@ -91,7 +91,7 @@ GEM
       unicode-display_width (>= 1.1.1, < 3)
     unicode-display_width (2.5.0)
     uri (0.13.0)
-    webrick (1.8.1)
+    webrick (1.8.2)
 
 PLATFORMS
   ruby
@@ -99,7 +99,7 @@ PLATFORMS
 DEPENDENCIES
   gitlab-dangerfiles (~> 4.8.0)
   rspec (~> 3.13.0)
-  webrick (~> 1.8, >= 1.8.1)
+  webrick (~> 1.8, >= 1.8.2)
 
 BUNDLED WITH
    2.5.11

Makefile

-.PHONY: validate verify verify_ruby verify_golang test test_ruby test_golang test_fancy test_golang_fancy coverage coverage_golang setup _script_install build compile check clean install lint
+.PHONY: validate verify verify_ruby verify_golang test test_ruby test_golang test_fancy test_golang_fancy coverage coverage_golang setup _script_install make_necessary_dirs build compile check clean install lint
 
 FIPS_MODE ?= 0
 OS := $(shell uname | tr A-Z a-z)
@@ -9,10 +9,10 @@ GO_TAGS := tracer_static tracer_static_jaeger continuous_profiler_stackdriver
 
 ARCH ?= $(shell uname -m | sed -e 's/x86_64/amd64/' | sed -e 's/aarch64/arm64/')
 
-GOTESTSUM_VERSION := 1.11.0
+GOTESTSUM_VERSION := 1.12.0
 GOTESTSUM_FILE := support/bin/gotestsum-${GOTESTSUM_VERSION}
 
-GOLANGCI_LINT_VERSION := 1.59.1
+GOLANGCI_LINT_VERSION := 1.60.3
 GOLANGCI_LINT_FILE := support/bin/golangci-lint-${GOLANGCI_LINT_VERSION}
 
 export GOFLAGS := -mod=readonly
@@ -86,36 +86,42 @@ coverage: coverage_golang
 coverage_golang:
 	[ -f cover.out ] && go tool cover -func cover.out
 
-lint: ${GOLANGCI_LINT_FILE}
-	${GOLANGCI_LINT_FILE} --version
-	${GOLANGCI_LINT_FILE} run --issues-exit-code 0 --print-issued-lines=false ${GOLANGCI_LINT_ARGS}
+lint:
+	@support/lint.sh ./...
+
+golangci: ${GOLANGCI_LINT_FILE}
+	@${GOLANGCI_LINT_FILE} run --issues-exit-code 0 --print-issued-lines=false ${GOLANGCI_LINT_ARGS}
 
 ${GOLANGCI_LINT_FILE}:
-	mkdir -p $(shell dirname ${GOLANGCI_LINT_FILE})
-	curl -L https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-${OS}-${ARCH}.tar.gz | tar --strip-components 1 -zOxf - golangci-lint-${GOLANGCI_LINT_VERSION}-${OS}-${ARCH}/golangci-lint > ${GOLANGCI_LINT_FILE} && chmod +x ${GOLANGCI_LINT_FILE}
+	@mkdir -p $(shell dirname ${GOLANGCI_LINT_FILE})
+	@curl -L https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-${OS}-${ARCH}.tar.gz | tar --strip-components 1 -zOxf - golangci-lint-${GOLANGCI_LINT_VERSION}-${OS}-${ARCH}/golangci-lint > ${GOLANGCI_LINT_FILE} && chmod +x ${GOLANGCI_LINT_FILE}
 
-setup: _script_install bin/gitlab-shell
+setup: make_necessary_dirs bin/gitlab-shell
 
-_script_install:
-	bin/install
+make_necessary_dirs:
+	support/make_necessary_dirs
 
 compile: bin/gitlab-shell bin/gitlab-sshd
-bin/gitlab-shell: $(GO_SOURCES)
-	GOBIN="$(CURDIR)/bin" go install $(GOBUILD_FLAGS) ./cmd/...
 
-bin/gitlab-sshd: $(GO_SOURCES)
-	GOBIN="$(CURDIR)/bin" go install $(GOBUILD_FLAGS) ./cmd/gitlab-sshd
+bin:
+	mkdir -p bin
+
+bin/gitlab-shell: bin $(GO_SOURCES)
+	go build $(GOBUILD_FLAGS) -o $(CURDIR)/bin ./cmd/...
+
+bin/gitlab-sshd: bin $(GO_SOURCES)
+	go build $(GOBUILD_FLAGS) -o $(CURDIR)/bin/gitlab-sshd ./cmd/gitlab-sshd
 
 check:
-	bin/check
+	bin/gitlab-shell-check
 
 clean:
-	rm -f bin/check bin/gitlab-shell bin/gitlab-shell-authorized-keys-check bin/gitlab-shell-authorized-principals-check bin/gitlab-sshd
+	rm -f bin/*
 
 install: compile
 	mkdir -p $(DESTDIR)$(PREFIX)/bin/
-	install -m755 bin/check $(DESTDIR)$(PREFIX)/bin/check
-	install -m755 bin/gitlab-shell $(DESTDIR)$(PREFIX)/bin/gitlab-shell
-	install -m755 bin/gitlab-shell-authorized-keys-check $(DESTDIR)$(PREFIX)/bin/gitlab-shell-authorized-keys-check
-	install -m755 bin/gitlab-shell-authorized-principals-check $(DESTDIR)$(PREFIX)/bin/gitlab-shell-authorized-principals-check
-	install -m755 bin/gitlab-sshd $(DESTDIR)$(PREFIX)/bin/gitlab-sshd
+	install -m755 bin/gitlab-shell-check $(DESTDIR)$(PREFIX)/bin/
+	install -m755 bin/gitlab-shell $(DESTDIR)$(PREFIX)/bin/
+	install -m755 bin/gitlab-shell-authorized-keys-check $(DESTDIR)$(PREFIX)/bin/
+	install -m755 bin/gitlab-shell-authorized-principals-check $(DESTDIR)$(PREFIX)/bin/
+	install -m755 bin/gitlab-sshd $(DESTDIR)$(PREFIX)/bin/

README.md

@@ -4,10 +4,48 @@ group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# GitLab Shell documentation has moved
-
 [![pipeline status](https://gitlab.com/gitlab-org/gitlab-shell/badges/main/pipeline.svg)](https://gitlab.com/gitlab-org/gitlab-shell/-/pipelines?ref=main)
 [![coverage report](https://gitlab.com/gitlab-org/gitlab-shell/badges/main/coverage.svg)](https://gitlab.com/gitlab-org/gitlab-shell/-/pipelines?ref=main)
 [![Code Climate](https://codeclimate.com/github/gitlabhq/gitlab-shell.svg)](https://codeclimate.com/github/gitlabhq/gitlab-shell)
 
-The documentation for GitLab Shell [has moved into the `gitlab` repository](https://docs.gitlab.com/ee/development/gitlab_shell/).
+# GitLab Shell
+
+GitLab Shell handles Git SSH sessions for GitLab and modifies the list of
+authorized keys. GitLab Shell is not a Unix shell nor a replacement for Bash or Zsh.
+
+GitLab supports Git LFS authentication through SSH.
+
+## Development Documentation
+
+Development documentation for GitLab Shell [has moved into the `gitlab` repository](https://docs.gitlab.com/ee/development/gitlab_shell/).
+
+## Project structure
+
+| Directory | Description |
+|-----------|-------------|
+| `cmd/` | 'Commands' that will ultimately be compiled into binaries. |
+| `internal/` | Internal Go source code that is not intended to be used outside of the project/module. |
+| `client/` | HTTP and GitLab client logic that is used internally and by other modules, e.g. Gitaly. |
+| `bin/` | Compiled binaries are created here. |
+| `support/` | Scripts and tools that assist in development and/or testing. |
+| `spec/` | Ruby based integration tests. |
+
+## Building
+
+Run `make` or `make build`.
+
+## Testing
+
+Run `make test`.
+
+## Release Process
+
+1. Create a `gitlab-org/gitlab-shell` MR to update [`VERSION`](https://gitlab.com/gitlab-org/gitlab-shell/-/blob/main/VERSION) and [`CHANGELOG`](https://gitlab.com/gitlab-org/gitlab-shell/-/blob/main/CHANGELOG) files, e.g. [Release v14.39.0](https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/1123).
+2. Once `gitlab-org/gitlab-shell` MR is merged, create the corresponding git tag, e.g. https://gitlab.com/gitlab-org/gitlab-shell/-/tags/v14.39.0.
+3. Create a `gitlab-org/gitlab` MR to update [`GITLAB_SHELL_VERSION`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/GITLAB_SHELL_VERSION) to the proposed tag, e.g. [Bump GitLab Shell to 14.39.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/162661).
+4. Announce in `#gitlab-shell` a new version has been created.
+
+## Licensing
+
+See the `LICENSE` file for licensing information as it pertains to files in
+this repository.

VERSION

-14.37.0
+14.39.0

client/client_test.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -36,31 +37,31 @@ func TestClients(t *testing.T) {
 	}{
 		{
 			desc:   "Socket client",
-			server: testserver.StartSocketHttpServer,
+			server: testserver.StartSocketHTTPServer,
 			secret: secret,
 		},
 		{
 			desc:            "Socket client with a relative URL at /",
 			relativeURLRoot: "/",
-			server:          testserver.StartSocketHttpServer,
+			server:          testserver.StartSocketHTTPServer,
 			secret:          secret,
 		},
 		{
 			desc:            "Socket client with relative URL at /gitlab",
 			relativeURLRoot: "/gitlab",
-			server:          testserver.StartSocketHttpServer,
+			server:          testserver.StartSocketHTTPServer,
 			secret:          secret,
 		},
 		{
 			desc:   "Http client",
-			server: testserver.StartHttpServer,
+			server: testserver.StartHTTPServer,
 			secret: secret,
 		},
 		{
 			desc:   "Https client",
 			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 			server: func(t *testing.T, handlers []testserver.TestRequestHandler) string {
-				return testserver.StartHttpsServer(t, handlers, "")
+				return testserver.StartHTTPSServer(t, handlers, "")
 			},
 			secret: secret,
 		},
@@ -68,13 +69,13 @@ func TestClients(t *testing.T) {
 			desc:   "Secret with newlines",
 			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 			server: func(t *testing.T, handlers []testserver.TestRequestHandler) string {
-				return testserver.StartHttpsServer(t, handlers, "")
+				return testserver.StartHTTPSServer(t, handlers, "")
 			},
 			secret: "\n" + secret + "\n",
 		},
 		{
 			desc:   "Retry client",
-			server: testserver.StartRetryHttpServer,
+			server: testserver.StartRetryHTTPServer,
 			secret: secret,
 		},
 	}
@@ -240,7 +241,7 @@ func buildRequests(t *testing.T, relativeURLRoot string) []testserver.TestReques
 		{
 			Path: "/api/v4/internal/hello",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method)
+				assert.Equal(t, http.MethodGet, r.Method)
 
 				fmt.Fprint(w, "Hello")
 			},
@@ -248,12 +249,12 @@ func buildRequests(t *testing.T, relativeURLRoot string) []testserver.TestReques
 		{
 			Path: "/api/v4/internal/post_endpoint",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodPost, r.Method)
+				assert.Equal(t, http.MethodPost, r.Method)
 
 				b, err := io.ReadAll(r.Body)
 				defer r.Body.Close()
 
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				fmt.Fprint(w, "Echo: "+string(b))
 			},

client/httpclient_test.go

@@ -10,6 +10,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
 )
@@ -34,7 +35,7 @@ func TestBasicAuthSettings(t *testing.T) {
 		{
 			Path: "/api/v4/internal/get_endpoint",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method)
+				assert.Equal(t, http.MethodGet, r.Method)
 
 				fmt.Fprint(w, r.Header.Get("Authorization"))
 			},
@@ -42,7 +43,7 @@ func TestBasicAuthSettings(t *testing.T) {
 		{
 			Path: "/api/v4/internal/post_endpoint",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodPost, r.Method)
+				assert.Equal(t, http.MethodPost, r.Method)
 
 				fmt.Fprint(w, r.Header.Get("Authorization"))
 			},
@@ -82,7 +83,7 @@ func TestEmptyBasicAuthSettings(t *testing.T) {
 		{
 			Path: "/api/v4/internal/empty_basic_auth",
 			Handler: func(_ http.ResponseWriter, r *http.Request) {
-				require.Equal(t, "", r.Header.Get("Authorization"))
+				assert.Equal(t, "", r.Header.Get("Authorization"))
 			},
 		},
 	}
@@ -100,13 +101,13 @@ func TestRequestWithUserAgent(t *testing.T) {
 		{
 			Path: "/api/v4/internal/default_user_agent",
 			Handler: func(_ http.ResponseWriter, r *http.Request) {
-				require.Equal(t, defaultUserAgent, r.UserAgent())
+				assert.Equal(t, defaultUserAgent, r.UserAgent())
 			},
 		},
 		{
 			Path: "/api/v4/internal/override_user_agent",
 			Handler: func(_ http.ResponseWriter, r *http.Request) {
-				require.Equal(t, gitalyUserAgent, r.UserAgent())
+				assert.Equal(t, gitalyUserAgent, r.UserAgent())
 			},
 		},
 	}
@@ -125,7 +126,7 @@ func TestRequestWithUserAgent(t *testing.T) {
 }
 
 func setup(t *testing.T, username, password string, requests []testserver.TestRequestHandler) *GitlabNetClient {
-	url := testserver.StartHttpServer(t, requests)
+	url := testserver.StartHTTPServer(t, requests)
 
 	httpClient, err := NewHTTPClientWithOpts(url, "", "", "", 1, nil)
 	require.NoError(t, err)

client/httpsclient_test.go

@@ -8,6 +8,7 @@ import (
 	"path"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/testhelper"
@@ -116,14 +117,14 @@ func setupWithRequests(t *testing.T, caFile, caPath, clientCAPath, clientCertPat
 		{
 			Path: "/api/v4/internal/hello",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method)
+				assert.Equal(t, http.MethodGet, r.Method)
 
 				fmt.Fprint(w, "Hello")
 			},
 		},
 	}
 
-	url := testserver.StartHttpsServer(t, requests, clientCAPath)
+	url := testserver.StartHTTPSServer(t, requests, clientCAPath)
 
 	opts := defaultHttpOpts
 	if clientCertPath != "" && clientKeyPath != "" {

client/testserver/testserver.go

@@ -22,7 +22,8 @@ type TestRequestHandler struct {
 	Handler func(w http.ResponseWriter, r *http.Request)
 }
 
-func StartSocketHttpServer(t *testing.T, handlers []TestRequestHandler) string {
+// StartSocketHTTPServer starts a socket based HTTP server
+func StartSocketHTTPServer(t *testing.T, handlers []TestRequestHandler) string {
 	t.Helper()
 
 	// We can't use t.TempDir() here because it will create a directory that
@@ -55,7 +56,8 @@ func StartSocketHttpServer(t *testing.T, handlers []TestRequestHandler) string {
 	return url
 }
 
-func StartHttpServer(t *testing.T, handlers []TestRequestHandler) string {
+// StartHTTPServer starts a TCP based HTTP server
+func StartHTTPServer(t *testing.T, handlers []TestRequestHandler) string {
 	t.Helper()
 
 	server := httptest.NewServer(buildHandler(handlers))
@@ -64,7 +66,8 @@ func StartHttpServer(t *testing.T, handlers []TestRequestHandler) string {
 	return server.URL
 }
 
-func StartRetryHttpServer(t *testing.T, handlers []TestRequestHandler) string {
+// StartRetryHTTPServer starts a TCP based HTTP server with retry capabilities
+func StartRetryHTTPServer(t *testing.T, handlers []TestRequestHandler) string {
 	attempts := map[string]int{}
 
 	retryMiddileware := func(next func(w http.ResponseWriter, r *http.Request)) http.Handler {
@@ -92,7 +95,8 @@ func StartRetryHttpServer(t *testing.T, handlers []TestRequestHandler) string {
 	return server.URL
 }
 
-func StartHttpsServer(t *testing.T, handlers []TestRequestHandler, clientCAPath string) string {
+// StartHTTPSServer starts a TCP based HTTPS capable server
+func StartHTTPSServer(t *testing.T, handlers []TestRequestHandler, clientCAPath string) string {
 	t.Helper()
 
 	testRoot := testhelper.PrepareTestRootDir(t)

client/transport.go

+// Package client provides an HTTP client with enhanced logging, tracing, and correlation handling.
 package client
 
 import (
@@ -13,6 +14,7 @@ type transport struct {
 	next http.RoundTripper
 }
 
+// RoundTrip executes a single HTTP transaction, adding logging and tracing capabilities.
 func (rt *transport) RoundTrip(request *http.Request) (*http.Response, error) {
 	ctx := request.Context()
 
@@ -55,10 +57,12 @@ func (rt *transport) RoundTrip(request *http.Request) (*http.Response, error) {
 	return response, nil
 }
 
+// DefaultTransport returns a clone of the default HTTP transport.
 func DefaultTransport() http.RoundTripper {
 	return http.DefaultTransport.(*http.Transport).Clone()
 }
 
+// NewTransport creates a new transport with logging, tracing, and correlation handling.
 func NewTransport(next http.RoundTripper) http.RoundTripper {
 	t := &transport{next: next}
 	return correlation.NewInstrumentedRoundTripper(tracing.NewRoundTripper(t))

cmd/gitlab-shell-authorized-principals-check/command/command.go

+// Package command handles command creation and initialization in GitLab Shell.
 package command
 
 import (
@@ -9,6 +10,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
 )
 
+// New creates a new command based on provided arguments, config, and I/O.
 func New(arguments []string, config *config.Config, readWriter *readwriter.ReadWriter) (command.Command, error) {
 	args, err := Parse(arguments)
 	if err != nil {
@@ -22,6 +24,7 @@ func New(arguments []string, config *config.Config, readWriter *readwriter.ReadW
 	return nil, disallowedcommand.Error
 }
 
+// Parse parses command-line arguments into a CommandArgs structure.
 func Parse(arguments []string) (*commandargs.AuthorizedPrincipals, error) {
 	args := &commandargs.AuthorizedPrincipals{Arguments: arguments}
 

cmd/gitlab-shell-authorized-principals-check/command/command_test.go

@@ -58,7 +58,7 @@ func TestParseSuccess(t *testing.T) {
 			desc:         "It parses authorized-principals command",
 			executable:   &executable.Executable{Name: executable.AuthorizedPrincipalsCheck},
 			arguments:    []string{"key", "principal-1", "principal-2"},
-			expectedArgs: &commandargs.AuthorizedPrincipals{Arguments: []string{"key", "principal-1", "principal-2"}, KeyId: "key", Principals: []string{"principal-1", "principal-2"}},
+			expectedArgs: &commandargs.AuthorizedPrincipals{Arguments: []string{"key", "principal-1", "principal-2"}, KeyID: "key", Principals: []string{"principal-1", "principal-2"}},
 		},
 	}
 

cmd/gitlab-shell-authorized-principals-check/main.go

+// Package main is the entry point for the GitLab Shell authorized principals check command.
 package main
 
 import (
@@ -21,6 +22,10 @@ var (
 )
 
 func main() {
+	os.Exit(run())
+}
+
+func run() int {
 	command.CheckForVersionFlag(os.Args, Version, BuildTime)
 
 	readWriter := &readwriter.ReadWriter{
@@ -31,32 +36,33 @@ func main() {
 
 	executable, err := executable.New(executable.AuthorizedPrincipalsCheck)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
-		os.Exit(1)
+		_, _ = fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
+		return 1
 	}
 
 	config, err := config.NewFromDirExternal(executable.RootDir)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
-		os.Exit(1)
+		_, _ = fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting:", err)
+		return 1
 	}
 
 	logCloser := logger.Configure(config)
-	defer logCloser.Close()
+	defer logCloser.Close() //nolint:errcheck
 
 	cmd, err := cmd.New(os.Args[1:], config, readWriter)
 	if err != nil {
 		// For now this could happen if `SSH_CONNECTION` is not set on
 		// the environment
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+		_, _ = fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
+		return 1
 	}
 
 	ctx, finished := command.Setup(executable.Name, config)
 	defer finished()
 
-	if ctx, err = cmd.Execute(ctx); err != nil {
+	if _, err = cmd.Execute(ctx); err != nil {
 		console.DisplayWarningMessage(err.Error(), readWriter.ErrOut)
-		os.Exit(1)
+		return 1
 	}
+	return 0
 }