Merge branch 'main' of gitlab.com:gitlab-community/gitlab-shell into 793-discover-lint

5c5f721f · Archish · 1d894193 · c2d73ce0 · 5c5f721f · 5c5f721f
Commit 5c5f721f authored 6 months ago by Archish
--- a/.tool-versions
+++ b/.tool-versions
-ruby 3.3.4
-golang 1.23.0
+ruby 3.3.5
+golang 1.23.1
--- a/cmd/gitlab-shell-authorized-principals-check/command/command.go
+++ b/cmd/gitlab-shell-authorized-principals-check/command/command.go
+// Package command handles command creation and initialization in GitLab Shell.
 package command

 import (
@@ -9,6 +10,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
 )

+// New creates a new command based on provided arguments, config, and I/O.
 func New(arguments []string, config *config.Config, readWriter *readwriter.ReadWriter) (command.Command, error) {
 	args, err := Parse(arguments)
 	if err != nil {
@@ -22,6 +24,7 @@ func New(arguments []string, config *config.Config, readWriter *readwriter.ReadW
 	return nil, disallowedcommand.Error
 }

+// Parse parses command-line arguments into a CommandArgs structure.
 func Parse(arguments []string) (*commandargs.AuthorizedPrincipals, error) {
 	args := &commandargs.AuthorizedPrincipals{Arguments: arguments}


--- a/cmd/gitlab-shell-authorized-principals-check/main.go
+++ b/cmd/gitlab-shell-authorized-principals-check/main.go
+// Package main is the entry point for the GitLab Shell authorized principals check command.
 package main

 import (
@@ -21,6 +22,10 @@ var (
 )

 func main() {
+	os.Exit(run())
+}
+
+func run() int {
 	command.CheckForVersionFlag(os.Args, Version, BuildTime)

 	readWriter := &readwriter.ReadWriter{
@@ -31,32 +36,33 @@ func main() {

 	executable, err := executable.New(executable.AuthorizedPrincipalsCheck)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
-		os.Exit(1)
+		_, _ = fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
+		return 1
 	}

 	config, err := config.NewFromDirExternal(executable.RootDir)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
-		os.Exit(1)
+		_, _ = fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
+		return 1
 	}

 	logCloser := logger.Configure(config)
-	defer logCloser.Close()
+	defer logCloser.Close() //nolint:errcheck

 	cmd, err := cmd.New(os.Args[1:], config, readWriter)
 	if err != nil {
 		// For now this could happen if `SSH_CONNECTION` is not set on
 		// the environment
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+		_, _ = fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
+		return 1
 	}

 	ctx, finished := command.Setup(executable.Name, config)
 	defer finished()

-	if ctx, err = cmd.Execute(ctx); err != nil {
+	if _, err = cmd.Execute(ctx); err != nil {
 		console.DisplayWarningMessage(err.Error(), readWriter.ErrOut)
-		os.Exit(1)
+		return 1
 	}
+	return 0
 }
--- a/cmd/gitlab-shell-check/main.go
+++ b/cmd/gitlab-shell-check/main.go
+// Package main is the entry point for the GitLab Shell health check command.
 package main

 import (
@@ -20,6 +21,10 @@ var (
 )

 func main() {
+	os.Exit(run())
+}
+
+func run() int {
 	command.CheckForVersionFlag(os.Args, Version, BuildTime)

 	readWriter := &readwriter.ReadWriter{
@@ -28,32 +33,38 @@ func main() {
 		ErrOut: os.Stderr,
 	}

+	exitOnError := func(err error, message string) int {
+		if err != nil {
+			_, _ = fmt.Fprintf(readWriter.ErrOut, "%s: %v\n", message, err)
+			return 1
+		}
+		return 0
+	}
+
 	executable, err := executable.New(executable.Healthcheck)
-	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
-		os.Exit(1)
+	if code := exitOnError(err, "Failed to determine executable, exiting"); code != 0 {
+		return code
 	}

 	config, err := config.NewFromDirExternal(executable.RootDir)
-	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
-		os.Exit(1)
+	if code := exitOnError(err, "Failed to read config, exiting"); code != 0 {
+		return code
 	}

 	logCloser := logger.Configure(config)
-	defer logCloser.Close()
+	defer logCloser.Close() //nolint:errcheck

 	cmd, err := checkCmd.New(config, readWriter)
-	if err != nil {
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+	if code := exitOnError(err, "Failed to create command"); code != 0 {
+		return code
 	}

 	ctx, finished := command.Setup(executable.Name, config)
 	defer finished()

-	if ctx, err = cmd.Execute(ctx); err != nil {
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+	if _, err = cmd.Execute(ctx); err != nil {
+		_, _ = fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
+		return 1
 	}
+	return 0
 }
--- a/go.mod
+++ b/go.mod
@@ -15,12 +15,12 @@ require (
 	github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b
 	github.com/otiai10/copy v1.14.0
 	github.com/pires/go-proxyproto v0.7.0
-	github.com/prometheus/client_golang v1.20.2
+	github.com/prometheus/client_golang v1.20.3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
 	gitlab.com/gitlab-org/gitaly/v16 v16.11.8
 	gitlab.com/gitlab-org/labkit v1.21.0
-	golang.org/x/crypto v0.26.0
+	golang.org/x/crypto v0.27.0
 	golang.org/x/sync v0.8.0
 	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
@@ -98,8 +98,8 @@ require (
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect

--- a/go.sum
+++ b/go.sum
@@ -324,8 +324,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg=
-github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4=
+github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
@@ -422,8 +422,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -587,11 +587,11 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -600,8 +600,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

--- a/internal/command/authorizedkeys/authorized_keys.go
+++ b/internal/command/authorizedkeys/authorized_keys.go
+// Package authorizedkeys handles fetching and printing authorized SSH keys.
 package authorizedkeys

 import (
@@ -12,12 +13,14 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/keyline"
 )

+// Command contains the configuration, arguments, and I/O interfaces.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.AuthorizedKeys
 	ReadWriter *readwriter.ReadWriter
 }

+// Execute runs the command to fetch and print the authorized SSH key.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	// Do and return nothing when the expected and actual user don't match.
 	// This can happen when the user in sshd_config doesn't match the user
@@ -38,7 +41,7 @@ func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 func (c *Command) printKeyLine(ctx context.Context) error {
 	response, err := c.getAuthorizedKey(ctx)
 	if err != nil {
-		fmt.Fprintln(c.ReadWriter.Out, fmt.Sprintf("# No key was found for %s", c.Args.Key))
+		_, _ = fmt.Fprintf(c.ReadWriter.Out, "# No key was found for %s\n", c.Args.Key)
 		return nil
 	}

@@ -47,7 +50,7 @@ func (c *Command) printKeyLine(ctx context.Context) error {
 		return err
 	}

-	fmt.Fprintln(c.ReadWriter.Out, keyLine.ToString())
+	_, _ = fmt.Fprintln(c.ReadWriter.Out, keyLine.ToString())

 	return nil
 }

--- a/internal/command/authorizedprincipals/authorized_principals.go
+++ b/internal/command/authorizedprincipals/authorized_principals.go
+// Package authorizedprincipals handles printing authorized principals in GitLab Shell.
 package authorizedprincipals

 import (
@@ -10,12 +11,14 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/keyline"
 )

+// Command contains the configuration, arguments, and I/O interfaces.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.AuthorizedPrincipals
 	ReadWriter *readwriter.ReadWriter
 }

+// Execute runs the command to print authorized principals.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	if err := c.printPrincipalLines(); err != nil {
 		return ctx, err
@@ -42,7 +45,7 @@ func (c *Command) printPrincipalLine(principal string) error {
 		return err
 	}

-	fmt.Fprintln(c.ReadWriter.Out, principalKeyLine.ToString())
+	_, _ = fmt.Fprintln(c.ReadWriter.Out, principalKeyLine.ToString())

 	return nil
 }
--- a/internal/command/healthcheck/healthcheck_test.go
+++ b/internal/command/healthcheck/healthcheck_test.go
@@ -34,7 +34,7 @@ func buildTestHandlers(code int, rsp *healthcheck.Response) []testserver.TestReq
 	return []testserver.TestRequestHandler{
 		{
 			Path: "/api/v4/internal/check",
-			Handler: func(w http.ResponseWriter, r *http.Request) {
+			Handler: func(w http.ResponseWriter, _ *http.Request) {
 				w.WriteHeader(code)
 				if rsp != nil {
 					json.NewEncoder(w).Encode(rsp)

--- a/internal/command/shared/accessverifier/accessverifier.go
+++ b/internal/command/shared/accessverifier/accessverifier.go
+// Package accessverifier handles the verification of access permission.
 package accessverifier

 import (
@@ -11,14 +12,17 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/gitlabnet/accessverifier"
 )

+// Response is an alias for accessverifier.Response, representing the result of an access verification.
 type Response = accessverifier.Response

+// Command handles access verification commands.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.Shell
 	ReadWriter *readwriter.ReadWriter
 }

+// Verify checks access permissions and returns a response.
 func (c *Command) Verify(ctx context.Context, action commandargs.CommandType, repo string) (*Response, error) {
 	client, err := accessverifier.NewClient(c.Config)
 	if err != nil {

--- a/internal/command/shared/accessverifier/accessverifier_test.go
+++ b/internal/command/shared/accessverifier/accessverifier_test.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -28,23 +29,23 @@ func setup(t *testing.T) (*Command, *bytes.Buffer, *bytes.Buffer) {
 			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)

 				var requestBody *accessverifier.Request
 				err = json.Unmarshal(b, &requestBody)
-				require.NoError(t, err)
+				assert.NoError(t, err)

 				if requestBody.KeyID == "1" {
 					body := map[string]interface{}{
 						"gl_console_messages": []string{"console", "message"},
 					}
-					require.NoError(t, json.NewEncoder(w).Encode(body))
+					assert.NoError(t, json.NewEncoder(w).Encode(body))
 				} else {
 					body := map[string]interface{}{
 						"status":  false,
 						"message": "missing user",
 					}
-					require.NoError(t, json.NewEncoder(w).Encode(body))
+					assert.NoError(t, json.NewEncoder(w).Encode(body))
 				}
 			},
 		},

--- a/internal/gitlabnet/git/client_test.go
+++ b/internal/gitlabnet/git/client_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	httpclient "gitlab.com/gitlab-org/gitlab-shell/v14/client"
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -16,6 +17,7 @@ var customHeaders = map[string]string{
 	"Authorization": "Bearer: token",
 	"Header-One":    "Value-Two",
 }
+var refsBody = "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"

 func TestInfoRefs(t *testing.T) {
 	client := setup(t)
@@ -53,7 +55,6 @@ func TestReceivePack(t *testing.T) {
 func TestUploadPack(t *testing.T) {
 	client := setup(t)

-	refsBody := "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"
 	response, err := client.UploadPack(context.Background(), bytes.NewReader([]byte(refsBody)))
 	require.NoError(t, err)
 	defer response.Body.Close()
@@ -67,7 +68,6 @@ func TestUploadPack(t *testing.T) {
 func TestSSHUploadPack(t *testing.T) {
 	client := setup(t)

-	refsBody := "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"
 	response, err := client.SSHUploadPack(context.Background(), bytes.NewReader([]byte(refsBody)))
 	require.NoError(t, err)
 	defer response.Body.Close()
@@ -81,7 +81,6 @@ func TestSSHUploadPack(t *testing.T) {
 func TestSSHReceivePack(t *testing.T) {
 	client := setup(t)

-	refsBody := "0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n"
 	response, err := client.SSHReceivePack(context.Background(), bytes.NewReader([]byte(refsBody)))
 	require.NoError(t, err)
 	defer response.Body.Close()
@@ -157,8 +156,8 @@ func setup(t *testing.T) *Client {
 		{
 			Path: "/info/refs",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))

 				w.Write([]byte(r.URL.Query().Get("service")))
 			},
@@ -166,13 +165,13 @@ func setup(t *testing.T) *Client {
 		{
 			Path: "/git-receive-pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
-				require.Equal(t, "application/x-git-receive-pack-request", r.Header.Get("Content-Type"))
-				require.Equal(t, "application/x-git-receive-pack-result", r.Header.Get("Accept"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, "application/x-git-receive-pack-request", r.Header.Get("Content-Type"))
+				assert.Equal(t, "application/x-git-receive-pack-result", r.Header.Get("Accept"))

 				body, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("git-receive-pack: "))
@@ -182,13 +181,13 @@ func setup(t *testing.T) *Client {
 		{
 			Path: "/git-upload-pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
-				require.Equal(t, "application/x-git-upload-pack-request", r.Header.Get("Content-Type"))
-				require.Equal(t, "application/x-git-upload-pack-result", r.Header.Get("Accept"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, "application/x-git-upload-pack-request", r.Header.Get("Content-Type"))
+				assert.Equal(t, "application/x-git-upload-pack-result", r.Header.Get("Accept"))

 				_, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("git-upload-pack: content"))
@@ -197,11 +196,11 @@ func setup(t *testing.T) *Client {
 		{
 			Path: sshUploadPackPath,
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))

 				_, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("ssh-upload-pack: content"))
@@ -210,11 +209,11 @@ func setup(t *testing.T) *Client {
 		{
 			Path: sshReceivePackPath,
 			Handler: func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
-				require.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))
+				assert.Equal(t, customHeaders["Authorization"], r.Header.Get("Authorization"))
+				assert.Equal(t, customHeaders["Header-One"], r.Header.Get("Header-One"))

 				_, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 				defer r.Body.Close()

 				w.Write([]byte("ssh-receive-pack: content"))

--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
+// Package logger provides logging configuration utilities for the gitlab-shell
 package logger

 import (
@@ -52,7 +53,7 @@ func buildOpts(cfg *config.Config) []log.LoggerOption {
 // opened for writing.
 func Configure(cfg *config.Config) io.Closer {
 	var closer io.Closer = io.NopCloser(nil)
-	err := fmt.Errorf("No logfile specified")
+	err := fmt.Errorf("no logfile specified")

 	if cfg.LogFile != "" {
 		closer, err = log.Initialize(buildOpts(cfg)...)
@@ -66,7 +67,7 @@ func Configure(cfg *config.Config) io.Closer {
 			syslogLogger.Print(msg)
 		} else {
 			msg := fmt.Sprintf("%s: Unable to configure logging: %v, %v\n", progName, err.Error(), syslogLoggerErr.Error())
-			fmt.Fprintf(os.Stderr, msg)
+			fmt.Fprintln(os.Stderr, msg)
 		}

 		cfg.LogFile = "/dev/null"

--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
+// Package metrics provides Prometheus metrics for monitoring gitlab-shell components.
 package metrics

 import (
@@ -34,6 +35,7 @@ const (
 )

 var (
+	// SshdSessionDuration is a histogram of latencies for connections to gitlab-shell sshd.
 	SshdSessionDuration = promauto.NewHistogram(
 		prometheus.HistogramOpts{
 			Namespace: namespace,
@@ -48,6 +50,7 @@ var (
 		},
 	)

+	// SshdSessionEstablishedDuration is a histogram of latencies until session established to gitlab-shell sshd.
 	SshdSessionEstablishedDuration = promauto.NewHistogram(
 		prometheus.HistogramOpts{
 			Namespace: namespace,
@@ -62,6 +65,7 @@ var (
 		},
 	)

+	// SshdConnectionsInFlight is a gauge of connections currently being served by gitlab-shell sshd.
 	SshdConnectionsInFlight = promauto.NewGauge(
 		prometheus.GaugeOpts{
 			Namespace: namespace,
@@ -71,6 +75,7 @@ var (
 		},
 	)

+	// SshdHitMaxSessions is the number of times the concurrent sessions limit was hit in gitlab-shell sshd.
 	SshdHitMaxSessions = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Namespace: namespace,
@@ -80,6 +85,7 @@ var (
 		},
 	)

+	// SliSshdSessionsTotal is the number of SSH sessions that have been established.
 	SliSshdSessionsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: sliSshdSessionsTotalName,
@@ -87,6 +93,7 @@ var (
 		},
 	)

+	// SliSshdSessionsErrorsTotal is the number of SSH sessions that have failed.
 	SliSshdSessionsErrorsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: sliSshdSessionsErrorsTotalName,
@@ -94,6 +101,7 @@ var (
 		},
 	)

+	// GitalyConnectionsTotal is a counter for the number of Gitaly connections that have been established,
 	GitalyConnectionsTotal = promauto.NewCounterVec(
 		prometheus.CounterOpts{
 			Namespace: namespace,
@@ -147,6 +155,7 @@ var (
 		},
 	)

+	// LfsHTTPConnectionsTotal is the number of LFS over HTTP connections that have been established.
 	LfsHTTPConnectionsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: lfsHTTPConnectionsTotalName,
@@ -154,6 +163,7 @@ var (
 		},
 	)

+	// LfsSSHConnectionsTotal is the number of LFS over SSH connections that have been established.
 	LfsSSHConnectionsTotal = promauto.NewCounter(
 		prometheus.CounterOpts{
 			Name: lfsSSHConnectionsTotalName,
@@ -162,6 +172,7 @@ var (
 	)
 )

+// NewRoundTripper wraps an http.RoundTripper to instrument it with Prometheus metrics.
 func NewRoundTripper(next http.RoundTripper) promhttp.RoundTripperFunc {
 	rt := next


--- a/internal/pktline/pktline.go
+++ b/internal/pktline/pktline.go
+// Package pktline provides utility functions for working with the Git pkt-line format.
 package pktline

 // Utility functions for working with the Git pkt-line format. See
@@ -27,6 +28,7 @@ func NewScanner(r io.Reader) *bufio.Scanner {
 	return scanner
 }

+// IsRefRemoval checks if the packet represents a reference removal.
 func IsRefRemoval(pkt []byte) bool {
 	return branchRemovalPktRegexp.Match(pkt)
 }

--- a/support/lint_last_known_acceptable.txt
+++ b/support/lint_last_known_acceptable.txt
@@ -42,24 +42,6 @@ client/transport.go:58:1: exported: exported function DefaultTransport should ha
 client/transport.go:62:1: exported: exported function NewTransport should have comment or be unexported (revive)
 cmd/gitlab-shell-authorized-keys-check/main.go:40:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
 cmd/gitlab-shell-authorized-keys-check/main.go:43:13: unnecessary conversion (unconvert)
-cmd/gitlab-shell-authorized-principals-check/command/command.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-shell-authorized-principals-check/command/command.go:12:1: exported: exported function New should have comment or be unexported (revive)
-cmd/gitlab-shell-authorized-principals-check/command/command.go:25:1: exported: exported function Parse should have comment or be unexported (revive)
-cmd/gitlab-shell-authorized-principals-check/main.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-shell-authorized-principals-check/main.go:34:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:40:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:45:23: Error return value of `logCloser.Close` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:51:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
-cmd/gitlab-shell-authorized-principals-check/main.go:52:3: exitAfterDefer: os.Exit will exit, and `defer logCloser.Close()` will not run (gocritic)
-cmd/gitlab-shell-authorized-principals-check/main.go:58:5: ineffectual assignment to ctx (ineffassign)
-cmd/gitlab-shell-check/main.go:1:1: package-comments: should have a package comment (revive)
-cmd/gitlab-shell-check/main.go:33:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:39:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:44:23: Error return value of `logCloser.Close` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:48:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
-cmd/gitlab-shell-check/main.go:49:3: exitAfterDefer: os.Exit will exit, and `defer logCloser.Close()` will not run (gocritic)
-cmd/gitlab-shell-check/main.go:55:5: ineffectual assignment to ctx (ineffassign)
-cmd/gitlab-shell-check/main.go:56:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
 cmd/gitlab-shell/command/command.go:74: cmd/gitlab-shell/command/command.go:74: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "FIXME: When 1.21+ only Golang is support..." (godox)
 cmd/gitlab-shell/main.go:1:1: package-comments: should have a package comment (revive)
 cmd/gitlab-shell/main.go:42:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
@@ -78,16 +60,7 @@ cmd/gitlab-sshd/main.go:30:5: var-naming: var gitlabUrl should be gitlabURL (rev
 cmd/gitlab-sshd/main.go:44: Function 'main' is too long (73 > 60) (funlen)
 cmd/gitlab-sshd/main.go:70:23: Error return value of `logCloser.Close` is not checked (errcheck)
 cmd/gitlab-sshd/main.go:108:18: Error return value of `server.Shutdown` is not checked (errcheck)
-internal/command/authorizedkeys/authorized_keys.go:1:1: package-comments: should have a package comment (revive)
-internal/command/authorizedkeys/authorized_keys.go:15:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/authorizedkeys/authorized_keys.go:21:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/authorizedkeys/authorized_keys.go:26: internal/command/authorizedkeys/authorized_keys.go:26: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "TODO: Log this event once we have a cons..." (godox)
-internal/command/authorizedkeys/authorized_keys.go:41:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
-internal/command/authorizedkeys/authorized_keys.go:50:14: Error return value of `fmt.Fprintln` is not checked (errcheck)
-internal/command/authorizedprincipals/authorized_principals.go:1:1: package-comments: should have a package comment (revive)
-internal/command/authorizedprincipals/authorized_principals.go:13:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/authorizedprincipals/authorized_principals.go:19:1: exported: exported method Command.Execute should have comment or be unexported (revive)
-internal/command/authorizedprincipals/authorized_principals.go:45:14: Error return value of `fmt.Fprintln` is not checked (errcheck)
+internal/command/authorizedkeys/authorized_keys.go:29: internal/command/authorizedkeys/authorized_keys.go:29: Line contains TODO/BUG/FIXME/NOTE/OPTIMIZE/HACK: "TODO: Log this event once we have a cons..." (godox)
 internal/command/command.go:1:1: package-comments: should have a package comment (revive)
 internal/command/command.go:15:6: exported: exported type Command should have comment or be unexported (revive)
 internal/command/command.go:19:6: exported: exported type LogMetadata should have comment or be unexported (revive)
@@ -126,6 +99,18 @@ internal/command/commandargs/shell.go:98:6: var-naming: func tryParseKeyId shoul
 internal/command/commandargs/shell.go:106:1: exported: exported method Shell.ParseCommand should have comment or be unexported (revive)
 internal/command/discover/discover.go:38:20: context-keys-type: should not use basic type string as key in context.WithValue (revive)
 internal/command/healthcheck/healthcheck_test.go:37:41: unused-parameter: parameter 'r' seems to be unused, consider removing or renaming it as _ (revive)
+internal/command/discover/discover.go:1:1: package-comments: should have a package comment (revive)
+internal/command/discover/discover.go:14:6: exported: exported type Command should have comment or be unexported (revive)
+internal/command/discover/discover.go:20:1: exported: exported method Command.Execute should have comment or be unexported (revive)
+internal/command/discover/discover.go:23:15: ST1005: error strings should not be capitalized (stylecheck)
+internal/command/discover/discover.go:29:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
+internal/command/discover/discover.go:32:14: Error return value of `fmt.Fprintf` is not checked (errcheck)
+internal/command/discover/discover.go:35:20: context-keys-type: should not use basic type string as key in context.WithValue (revive)
+internal/command/healthcheck/healthcheck.go:1:1: package-comments: should have a package comment (revive)
+internal/command/healthcheck/healthcheck.go:17:6: exported: exported type Command should have comment or be unexported (revive)
+internal/command/healthcheck/healthcheck.go:22:1: exported: exported method Command.Execute should have comment or be unexported (revive)
+internal/command/healthcheck/healthcheck.go:28:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
+internal/command/healthcheck/healthcheck.go:34:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
 internal/command/lfsauthenticate/lfsauthenticate.go:87:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
 internal/command/lfsauthenticate/lfsauthenticate_test.go:76:5: go-require: do not use require in http handlers (testifylint)
 internal/command/lfsauthenticate/lfsauthenticate_test.go:79:5: go-require: do not use require in http handlers (testifylint)
@@ -197,14 +182,6 @@ internal/command/readwriter/readwriter.go:7:6: exported: exported type ReadWrite
 internal/command/receivepack/gitalycall_test.go:24:4: S1038: should use t.Logf(...) instead of t.Log(fmt.Sprintf(...)) (gosimple)
 internal/command/receivepack/gitalycall_test.go:31:5: var-naming: struct field keyId should be keyID (revive)
 internal/command/receivepack/gitalycall_test.go:98:5: expected-actual: need to reverse actual and expected values (testifylint)
-internal/command/shared/accessverifier/accessverifier.go:1:1: package-comments: should have a package comment (revive)
-internal/command/shared/accessverifier/accessverifier.go:14:6: exported: exported type Response should have comment or be unexported (revive)
-internal/command/shared/accessverifier/accessverifier.go:16:6: exported: exported type Command should have comment or be unexported (revive)
-internal/command/shared/accessverifier/accessverifier.go:22:1: exported: exported method Command.Verify should have comment or be unexported (revive)
-internal/command/shared/accessverifier/accessverifier_test.go:31:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/accessverifier/accessverifier_test.go:35:5: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/accessverifier/accessverifier_test.go:41:6: go-require: do not use require in http handlers (testifylint)
-internal/command/shared/accessverifier/accessverifier_test.go:47:6: go-require: do not use require in http handlers (testifylint)
 internal/command/shared/customaction/customaction_test.go:27:5: go-require: do not use require in http handlers (testifylint)
 internal/command/shared/customaction/customaction_test.go:30:5: go-require: do not use require in http handlers (testifylint)
 internal/command/shared/customaction/customaction_test.go:32:5: go-require: do not use require in http handlers (testifylint)
@@ -277,26 +254,6 @@ internal/gitlabnet/client.go:14:1: exported: exported function GetClient should
 internal/gitlabnet/client.go:21:15: ST1005: error strings should not be capitalized (stylecheck)
 internal/gitlabnet/client.go:27:1: exported: exported function ParseJSON should have comment or be unexported (revive)
 internal/gitlabnet/client.go:35:1: exported: exported function ParseIP should have comment or be unexported (revive)
-internal/gitlabnet/git/client_test.go:56:14: string `0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7
-` has 3 occurrences, make it a constant (goconst)
-internal/gitlabnet/git/client_test.go:160:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:161:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:169:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:170:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:171:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:172:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:175:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:185:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:186:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:187:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:188:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:191:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:200:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:201:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:204:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:213:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:214:5: go-require: do not use require in http handlers (testifylint)
-internal/gitlabnet/git/client_test.go:217:5: go-require: do not use require in http handlers (testifylint)
 internal/gitlabnet/healthcheck/client_test.go:19:41: unused-parameter: parameter 'r' seems to be unused, consider removing or renaming it as _ (revive)
 internal/gitlabnet/lfsauthenticate/client_test.go:29:5: go-require: do not use require in http handlers (testifylint)
 internal/gitlabnet/lfsauthenticate/client_test.go:32:5: go-require: do not use require in http handlers (testifylint)
@@ -318,14 +275,6 @@ internal/gitlabnet/lfstransfer/client.go:214:1: exported: exported method Client
 internal/gitlabnet/lfstransfer/client.go:271:1: exported: exported method Client.Unlock should have comment or be unexported (revive)
 internal/gitlabnet/lfstransfer/client.go:321:1: exported: exported method Client.ListLocksVerify should have comment or be unexported (revive)
 internal/gitlabnet/personalaccesstoken/client_test.go:30:5: go-require: do not use require in http handlers (testifylint)
-internal/logger/logger.go:1:1: package-comments: should have a package comment (revive)
-internal/logger/logger.go:55:9: ST1005: error strings should not be capitalized (stylecheck)
-internal/logger/logger.go:69:27: printf: non-constant format string in call to fmt.Fprintf (govet)
-internal/metrics/metrics.go:1:1: package-comments: should have a package comment (revive)
-internal/metrics/metrics.go:37:2: exported: exported var SshdSessionDuration should have comment or be unexported (revive)
-internal/metrics/metrics.go:165:1: exported: exported function NewRoundTripper should have comment or be unexported (revive)
-internal/pktline/pktline.go:1:1: package-comments: should have a package comment (revive)
-internal/pktline/pktline.go:30:1: exported: exported function IsRefRemoval should have comment or be unexported (revive)
 internal/sshd/gssapi_unsupported.go:11:1: exported: exported function NewGSSAPIServer should have comment or be unexported (revive)
 internal/sshd/gssapi_unsupported.go:19:6: exported: exported type OSGSSAPIServer should have comment or be unexported (revive)
 internal/sshd/gssapi_unsupported.go:23:1: exported: exported method OSGSSAPIServer.AcceptSecContext should have comment or be unexported (revive)