Merge branch 'main' of gitlab.com:gitlab-community/gitlab-shell into 797-console-lint

.tool-versions

-ruby 3.3.4
-golang 1.23.0
+ruby 3.3.5
+golang 1.23.1

client/transport.go

+// Package client provides an HTTP client with enhanced logging, tracing, and correlation handling.
 package client
 
 import (
@@ -13,6 +14,7 @@ type transport struct {
 	next http.RoundTripper
 }
 
+// RoundTrip executes a single HTTP transaction, adding logging and tracing capabilities.
 func (rt *transport) RoundTrip(request *http.Request) (*http.Response, error) {
 	ctx := request.Context()
 
@@ -55,10 +57,12 @@ func (rt *transport) RoundTrip(request *http.Request) (*http.Response, error) {
 	return response, nil
 }
 
+// DefaultTransport returns a clone of the default HTTP transport.
 func DefaultTransport() http.RoundTripper {
 	return http.DefaultTransport.(*http.Transport).Clone()
 }
 
+// NewTransport creates a new transport with logging, tracing, and correlation handling.
 func NewTransport(next http.RoundTripper) http.RoundTripper {
 	t := &transport{next: next}
 	return correlation.NewInstrumentedRoundTripper(tracing.NewRoundTripper(t))

cmd/gitlab-shell-authorized-principals-check/command/command.go

+// Package command handles command creation and initialization in GitLab Shell.
 package command
 
 import (
@@ -9,6 +10,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/config"
 )
 
+// New creates a new command based on provided arguments, config, and I/O.
 func New(arguments []string, config *config.Config, readWriter *readwriter.ReadWriter) (command.Command, error) {
 	args, err := Parse(arguments)
 	if err != nil {
@@ -22,6 +24,7 @@ func New(arguments []string, config *config.Config, readWriter *readwriter.ReadW
 	return nil, disallowedcommand.Error
 }
 
+// Parse parses command-line arguments into a CommandArgs structure.
 func Parse(arguments []string) (*commandargs.AuthorizedPrincipals, error) {
 	args := &commandargs.AuthorizedPrincipals{Arguments: arguments}
 

cmd/gitlab-shell-authorized-principals-check/main.go

+// Package main is the entry point for the GitLab Shell authorized principals check command.
 package main
 
 import (
@@ -21,6 +22,10 @@ var (
 )
 
 func main() {
+	os.Exit(run())
+}
+
+func run() int {
 	command.CheckForVersionFlag(os.Args, Version, BuildTime)
 
 	readWriter := &readwriter.ReadWriter{
@@ -31,32 +36,33 @@ func main() {
 
 	executable, err := executable.New(executable.AuthorizedPrincipalsCheck)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
-		os.Exit(1)
+		_, _ = fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
+		return 1
 	}
 
 	config, err := config.NewFromDirExternal(executable.RootDir)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
-		os.Exit(1)
+		_, _ = fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting:", err)
+		return 1
 	}
 
 	logCloser := logger.Configure(config)
-	defer logCloser.Close()
+	defer logCloser.Close() //nolint:errcheck
 
 	cmd, err := cmd.New(os.Args[1:], config, readWriter)
 	if err != nil {
 		// For now this could happen if `SSH_CONNECTION` is not set on
 		// the environment
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+		_, _ = fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
+		return 1
 	}
 
 	ctx, finished := command.Setup(executable.Name, config)
 	defer finished()
 
-	if ctx, err = cmd.Execute(ctx); err != nil {
+	if _, err = cmd.Execute(ctx); err != nil {
 		console.DisplayWarningMessage(err.Error(), readWriter.ErrOut)
-		os.Exit(1)
+		return 1
 	}
+	return 0
 }

cmd/gitlab-shell-check/main.go

+// Package main is the entry point for the GitLab Shell health check command.
 package main
 
 import (
@@ -20,6 +21,10 @@ var (
 )
 
 func main() {
+	os.Exit(run())
+}
+
+func run() int {
 	command.CheckForVersionFlag(os.Args, Version, BuildTime)
 
 	readWriter := &readwriter.ReadWriter{
@@ -28,32 +33,38 @@ func main() {
 		ErrOut: os.Stderr,
 	}
 
+	exitOnError := func(err error, message string) int {
+		if err != nil {
+			_, _ = fmt.Fprintf(readWriter.ErrOut, "%s: %v\n", message, err)
+			return 1
+		}
+		return 0
+	}
+
 	executable, err := executable.New(executable.Healthcheck)
-	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to determine executable, exiting")
-		os.Exit(1)
+	if code := exitOnError(err, "Failed to determine executable, exiting"); code != 0 {
+		return code
 	}
 
 	config, err := config.NewFromDirExternal(executable.RootDir)
-	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
-		os.Exit(1)
+	if code := exitOnError(err, "Failed to read config, exiting"); code != 0 {
+		return code
 	}
 
 	logCloser := logger.Configure(config)
-	defer logCloser.Close()
+	defer logCloser.Close() //nolint:errcheck
 
 	cmd, err := checkCmd.New(config, readWriter)
-	if err != nil {
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+	if code := exitOnError(err, "Failed to create command"); code != 0 {
+		return code
 	}
 
 	ctx, finished := command.Setup(executable.Name, config)
 	defer finished()
 
-	if ctx, err = cmd.Execute(ctx); err != nil {
-		fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
-		os.Exit(1)
+	if _, err = cmd.Execute(ctx); err != nil {
+		_, _ = fmt.Fprintf(readWriter.ErrOut, "%v\n", err)
+		return 1
 	}
+	return 0
 }

cmd/gitlab-shell/main.go

@@ -45,7 +45,7 @@ func main() {
 
 	config, err := config.NewFromDirExternal(executable.RootDir)
 	if err != nil {
-		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting")
+		fmt.Fprintln(readWriter.ErrOut, "Failed to read config, exiting:", err)
 		os.Exit(1)
 	}
 

cmd/gitlab-sshd/main.go

+// Package main implements the GitLab SSH daemon.
 package main
 
 import (
@@ -27,8 +28,8 @@ var (
 )
 
 func overrideConfigFromEnvironment(cfg *config.Config) {
-	if gitlabUrl := os.Getenv("GITLAB_URL"); gitlabUrl != "" {
-		cfg.GitlabUrl = gitlabUrl
+	if gitlabURL := os.Getenv("GITLAB_URL"); gitlabURL != "" {
+		cfg.GitlabUrl = gitlabURL
 	}
 	if gitlabTracing := os.Getenv("GITLAB_TRACING"); gitlabTracing != "" {
 		cfg.GitlabTracing = gitlabTracing
@@ -67,8 +68,11 @@ func main() {
 	cfg.ApplyGlobalState()
 
 	logCloser := logger.ConfigureStandalone(cfg)
-	defer logCloser.Close()
-
+	defer func() {
+		if err := logCloser.Close(); err != nil {
+			log.WithError(err).Fatal("Error closing logCloser")
+		}
+	}()
 	ctx, finished := command.Setup("gitlab-sshd", cfg)
 	defer finished()
 
@@ -81,15 +85,7 @@ func main() {
 
 	// Startup monitoring endpoint.
 	if cfg.Server.WebListen != "" {
-		go func() {
-			err := monitoring.Start(
-				monitoring.WithListenerAddress(cfg.Server.WebListen),
-				monitoring.WithBuildInformation(Version, BuildTime),
-				monitoring.WithServeMux(server.MonitoringServeMux()),
-			)
-
-			log.WithError(err).Fatal("monitoring service raised an error")
-		}()
+		startupMonitoringEndpoint(cfg, server)
 	}
 
 	ctx, cancel := context.WithCancel(ctx)
@@ -98,6 +94,14 @@ func main() {
 	done := make(chan os.Signal, 1)
 	signal.Notify(done, syscall.SIGINT, syscall.SIGTERM)
 
+	gracefulShutdown(ctx, done, cfg, server, cancel)
+
+	if err := server.ListenAndServe(ctx); err != nil {
+		log.WithError(err).Fatal("GitLab built-in sshd failed to listen for new connections")
+	}
+}
+
+func gracefulShutdown(ctx context.Context, done chan os.Signal, cfg *config.Config, server *sshd.Server, cancel context.CancelFunc) {
 	go func() {
 		sig := <-done
 		signal.Reset(syscall.SIGINT, syscall.SIGTERM)
@@ -105,14 +109,24 @@ func main() {
 		gracePeriod := time.Duration(cfg.Server.GracePeriod)
 		log.WithContextFields(ctx, log.Fields{"shutdown_timeout_s": gracePeriod.Seconds(), "signal": sig.String()}).Info("Shutdown initiated")
 
-		server.Shutdown()
+		if err := server.Shutdown(); err != nil {
+			log.WithError(err).Fatal("Error shutting down the server")
+		}
 
 		<-time.After(gracePeriod)
 
 		cancel()
 	}()
+}
 
-	if err := server.ListenAndServe(ctx); err != nil {
-		log.WithError(err).Fatal("GitLab built-in sshd failed to listen for new connections")
-	}
+func startupMonitoringEndpoint(cfg *config.Config, server *sshd.Server) {
+	go func() {
+		err := monitoring.Start(
+			monitoring.WithListenerAddress(cfg.Server.WebListen),
+			monitoring.WithBuildInformation(Version, BuildTime),
+			monitoring.WithServeMux(server.MonitoringServeMux()),
+		)
+
+		log.WithError(err).Fatal("monitoring service raised an error")
+	}()
 }

go.mod

@@ -5,7 +5,7 @@ go 1.22
 toolchain go1.22.6
 
 require (
-	github.com/charmbracelet/git-lfs-transfer v0.1.1-0.20240809134258-2cab0ea18f7e
+	github.com/charmbracelet/git-lfs-transfer v0.1.1-0.20240909190640-edbf58104250
 	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
@@ -15,14 +15,14 @@ require (
 	github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b
 	github.com/otiai10/copy v1.14.0
 	github.com/pires/go-proxyproto v0.7.0
-	github.com/prometheus/client_golang v1.20.2
+	github.com/prometheus/client_golang v1.20.3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
-	gitlab.com/gitlab-org/gitaly/v16 v16.11.8
+	gitlab.com/gitlab-org/gitaly/v16 v16.11.9
 	gitlab.com/gitlab-org/labkit v1.21.0
-	golang.org/x/crypto v0.26.0
+	golang.org/x/crypto v0.27.0
 	golang.org/x/sync v0.8.0
-	google.golang.org/grpc v1.66.0
+	google.golang.org/grpc v1.66.1
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -98,8 +98,8 @@ require (
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect

go.sum

@@ -82,8 +82,8 @@ github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMr
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/charmbracelet/git-lfs-transfer v0.1.1-0.20240809134258-2cab0ea18f7e h1:0ykk0ltl/PYMiDz1WfHDTc3WVg/nPY19O9SJq6y/ZW8=
-github.com/charmbracelet/git-lfs-transfer v0.1.1-0.20240809134258-2cab0ea18f7e/go.mod h1:84e2N3Hojky9EZivj6QyAQ7bjkZJ+pwFwqzi/1c/4iU=
+github.com/charmbracelet/git-lfs-transfer v0.1.1-0.20240909190640-edbf58104250 h1:7q/muqKUnoQgReeoJtS2qY13HS4qmXigl5opxTMcrUg=
+github.com/charmbracelet/git-lfs-transfer v0.1.1-0.20240909190640-edbf58104250/go.mod h1:eEYu9YGtNB3EhSYX+vb2BSAfxUuHMhs3mvYM1mj7ZgY=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -324,8 +324,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg=
-github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4=
+github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
@@ -383,8 +383,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-gitlab.com/gitlab-org/gitaly/v16 v16.11.8 h1:bL9F90+rXTlQcsSuZJivn+CIwKGXXc787IJi4g3XQEU=
-gitlab.com/gitlab-org/gitaly/v16 v16.11.8/go.mod h1:lJizRUtXRd1SBHjNbbbL9OsGN4TiugvfRBd8bIsdWI0=
+gitlab.com/gitlab-org/gitaly/v16 v16.11.9 h1:UKuF9m7A6v4vKMWRjWQ4hATWoUd7xZstBZEtBFMdUi4=
+gitlab.com/gitlab-org/gitaly/v16 v16.11.9/go.mod h1:lJizRUtXRd1SBHjNbbbL9OsGN4TiugvfRBd8bIsdWI0=
 gitlab.com/gitlab-org/labkit v1.21.0 h1:hLmdBDtXjD1yOmZ+uJOac3a5Tlo83QaezwhES4IYik4=
 gitlab.com/gitlab-org/labkit v1.21.0/go.mod h1:zeATDAaSBelPcPLbTTq8J3ZJEHyPTLVBM1q3nva+/W4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -422,8 +422,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -587,11 +587,11 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -600,8 +600,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -788,8 +788,8 @@ google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c=
-google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM=
+google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=

internal/command/authorizedkeys/authorized_keys.go

+// Package authorizedkeys handles fetching and printing authorized SSH keys.
 package authorizedkeys
 
 import (
@@ -12,12 +13,14 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/keyline"
 )
 
+// Command contains the configuration, arguments, and I/O interfaces.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.AuthorizedKeys
 	ReadWriter *readwriter.ReadWriter
 }
 
+// Execute runs the command to fetch and print the authorized SSH key.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	// Do and return nothing when the expected and actual user don't match.
 	// This can happen when the user in sshd_config doesn't match the user
@@ -38,7 +41,7 @@ func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 func (c *Command) printKeyLine(ctx context.Context) error {
 	response, err := c.getAuthorizedKey(ctx)
 	if err != nil {
-		fmt.Fprintln(c.ReadWriter.Out, fmt.Sprintf("# No key was found for %s", c.Args.Key))
+		_, _ = fmt.Fprintf(c.ReadWriter.Out, "# No key was found for %s\n", c.Args.Key)
 		return nil
 	}
 
@@ -47,7 +50,7 @@ func (c *Command) printKeyLine(ctx context.Context) error {
 		return err
 	}
 
-	fmt.Fprintln(c.ReadWriter.Out, keyLine.ToString())
+	_, _ = fmt.Fprintln(c.ReadWriter.Out, keyLine.ToString())
 
 	return nil
 }

internal/command/authorizedprincipals/authorized_principals.go

+// Package authorizedprincipals handles printing authorized principals in GitLab Shell.
 package authorizedprincipals
 
 import (
@@ -10,12 +11,14 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/keyline"
 )
 
+// Command contains the configuration, arguments, and I/O interfaces.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.AuthorizedPrincipals
 	ReadWriter *readwriter.ReadWriter
 }
 
+// Execute runs the command to print authorized principals.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	if err := c.printPrincipalLines(); err != nil {
 		return ctx, err
@@ -42,7 +45,7 @@ func (c *Command) printPrincipalLine(principal string) error {
 		return err
 	}
 
-	fmt.Fprintln(c.ReadWriter.Out, principalKeyLine.ToString())
+	_, _ = fmt.Fprintln(c.ReadWriter.Out, principalKeyLine.ToString())
 
 	return nil
 }

internal/command/discover/discover.go

+// Package discover implements the "discover" command for fetching user info and displaying a welcome message.
 package discover
 
 import (
@@ -11,28 +12,32 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/gitlabnet/discover"
 )
 
+type logDataKey struct{}
+
+// Command struct encapsulates the necessary components for executing the Discover command.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.Shell
 	ReadWriter *readwriter.ReadWriter
 }
 
+// Execute runs the discover command, fetching and displaying user information.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	response, err := c.getUserInfo(ctx)
 	if err != nil {
-		return ctx, fmt.Errorf("Failed to get username: %v", err)
+		return ctx, fmt.Errorf("Failed to get username: %v", err) //nolint:stylecheck // This is customer facing message
 	}
 
 	logData := command.LogData{}
 	if response.IsAnonymous() {
 		logData.Username = "Anonymous"
-		fmt.Fprintf(c.ReadWriter.Out, "Welcome to GitLab, Anonymous!\n")
+		_, _ = fmt.Fprintf(c.ReadWriter.Out, "Welcome to GitLab, Anonymous!\n")
 	} else {
 		logData.Username = response.Username
-		fmt.Fprintf(c.ReadWriter.Out, "Welcome to GitLab, @%s!\n", response.Username)
+		_, _ = fmt.Fprintf(c.ReadWriter.Out, "Welcome to GitLab, @%s!\n", response.Username)
 	}
 
-	ctxWithLogData := context.WithValue(ctx, "logData", logData)
+	ctxWithLogData := context.WithValue(ctx, logDataKey{}, logData)
 
 	return ctxWithLogData, nil
 }

internal/command/discover/discover_test.go

@@ -90,7 +90,7 @@ func TestExecute(t *testing.T) {
 
 			require.NoError(t, err)
 			require.Equal(t, expectedOutput, buffer.String())
-			require.Equal(t, expectedUsername, ctxWithLogData.Value("logData").(command.LogData).Username)
+			require.Equal(t, expectedUsername, ctxWithLogData.Value(logDataKey{}).(command.LogData).Username)
 		})
 	}
 }

internal/command/healthcheck/healthcheck.go

+// Package healthcheck provides functionality to perform health checks.
 package healthcheck
 
 import (
@@ -14,24 +15,26 @@ var (
 	redisMessage = "Redis available via internal API"
 )
 
+// Command handles the execution of health checks.
 type Command struct {
 	Config     *config.Config
 	ReadWriter *readwriter.ReadWriter
 }
 
+// Execute performs the health check and outputs the result.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	response, err := c.runCheck(ctx)
 	if err != nil {
 		return ctx, fmt.Errorf("%v: FAILED - %v", apiMessage, err)
 	}
 
-	fmt.Fprintf(c.ReadWriter.Out, "%v: OK\n", apiMessage)
+	_, _ = fmt.Fprintf(c.ReadWriter.Out, "%v: OK\n", apiMessage)
 
 	if !response.Redis {
 		return ctx, fmt.Errorf("%v: FAILED", redisMessage)
 	}
 
-	fmt.Fprintf(c.ReadWriter.Out, "%v: OK\n", redisMessage)
+	_, _ = fmt.Fprintf(c.ReadWriter.Out, "%v: OK\n", redisMessage)
 	return ctx, nil
 }
 

internal/command/healthcheck/healthcheck_test.go

@@ -34,7 +34,7 @@ func buildTestHandlers(code int, rsp *healthcheck.Response) []testserver.TestReq
 	return []testserver.TestRequestHandler{
 		{
 			Path: "/api/v4/internal/check",
-			Handler: func(w http.ResponseWriter, r *http.Request) {
+			Handler: func(w http.ResponseWriter, _ *http.Request) {
 				w.WriteHeader(code)
 				if rsp != nil {
 					json.NewEncoder(w).Encode(rsp)

internal/command/personalaccesstoken/personalaccesstoken.go

+// Package personalaccesstoken handles operations related to personal access tokens,
+// including parsing arguments, requesting tokens, and formatting responses.
 package personalaccesstoken
 
 import (
@@ -22,6 +24,7 @@ const (
 	expiresDateFormat = "2006-01-02"
 )
 
+// Command represents a command to manage personal access tokens.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.Shell
@@ -35,6 +38,7 @@ type tokenArgs struct {
 	ExpiresDate string // Calculated, a TTL is passed from command-line.
 }
 
+// Execute processes the command, requests a personal access token, and prints the result.
 func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 	err := c.parseTokenArgs()
 	if err != nil {
@@ -50,16 +54,16 @@ func (c *Command) Execute(ctx context.Context) (context.Context, error) {
 		return ctx, err
 	}
 
-	fmt.Fprint(c.ReadWriter.Out, "Token:   "+response.Token+"\n")
-	fmt.Fprint(c.ReadWriter.Out, "Scopes:  "+strings.Join(response.Scopes, ",")+"\n")
-	fmt.Fprint(c.ReadWriter.Out, "Expires: "+response.ExpiresAt+"\n")
+	_, _ = fmt.Fprint(c.ReadWriter.Out, "Token:   "+response.Token+"\n")
+	_, _ = fmt.Fprint(c.ReadWriter.Out, "Scopes:  "+strings.Join(response.Scopes, ",")+"\n")
+	_, _ = fmt.Fprint(c.ReadWriter.Out, "Expires: "+response.ExpiresAt+"\n")
 
 	return ctx, nil
 }
 
 func (c *Command) parseTokenArgs() error {
 	if len(c.Args.SshArgs) < 3 || len(c.Args.SshArgs) > 4 {
-		return errors.New(usageText)
+		return errors.New(usageText) // nolint:stylecheck // usageText is customer facing
 	}
 
 	var rectfiedScopes []string
@@ -86,7 +90,7 @@ func (c *Command) parseTokenArgs() error {
 
 	TTL, err := strconv.Atoi(rawTTL)
 	if err != nil || TTL < 0 {
-		return fmt.Errorf("Invalid value for days_ttl: '%s'", rawTTL)
+		return fmt.Errorf("Invalid value for days_ttl: '%s'", rawTTL) //nolint:stylecheck //message is customer facing
 	}
 
 	c.TokenArgs.ExpiresDate = time.Now().AddDate(0, 0, TTL+1).Format(expiresDateFormat)

internal/command/personalaccesstoken/personalaccesstoken_test.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -28,7 +29,7 @@ func setup(t *testing.T) {
 				b, err := io.ReadAll(r.Body)
 				defer r.Body.Close()
 
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				var requestBody *personalaccesstoken.RequestBody
 				json.Unmarshal(b, &requestBody)
@@ -177,7 +178,7 @@ func TestExecute(t *testing.T) {
 		},
 		{
 			desc:      "With unknown configured scopes",
-			PATConfig: config.PATConfig{AllowedScopes: []string{"read_reposotory"}},
+			PATConfig: config.PATConfig{AllowedScopes: []string{"read_reposotory"}}, //nolint:misspell //testing purpose
 			arguments: &commandargs.Shell{
 				GitlabKeyId: "default",
 				SshArgs:     []string{cmdname, "newtoken", "read_api,read_repository"},
@@ -191,7 +192,7 @@ func TestExecute(t *testing.T) {
 			PATConfig: config.PATConfig{AllowedScopes: []string{"read_api", "read_repository"}},
 			arguments: &commandargs.Shell{
 				GitlabKeyId: "default",
-				SshArgs:     []string{cmdname, "newtoken", "read_api,read_reposotory"},
+				SshArgs:     []string{cmdname, "newtoken", "read_api,read_reposotory"}, //nolint:misspell //testing purpose
 			},
 			expectedOutput: "Token:   YXuxvUgCEmeePY3G1YAa\n" +
 				"Scopes:  read_api\n" +
@@ -199,10 +200,10 @@ func TestExecute(t *testing.T) {
 		},
 		{
 			desc:      "With matching unknown requested scopes",
-			PATConfig: config.PATConfig{AllowedScopes: []string{"read_api", "read_reposotory"}},
+			PATConfig: config.PATConfig{AllowedScopes: []string{"read_api", "read_reposotory"}}, //nolint:misspell //testing purpose
 			arguments: &commandargs.Shell{
 				GitlabKeyId: "invalidscope",
-				SshArgs:     []string{cmdname, "newtoken", "read_reposotory"},
+				SshArgs:     []string{cmdname, "newtoken", "read_reposotory"}, //nolint:misspell //testing purpose
 			},
 			expectedError: "Invalid scope: 'read_reposotory'. Valid scopes are: [\"api\", \"create_runner\", \"k8s_proxy\", \"read_api\", \"read_registry\", \"read_repository\", \"read_user\", \"write_registry\", \"write_repository\"]",
 		},

internal/command/shared/accessverifier/accessverifier.go

+// Package accessverifier handles the verification of access permission.
 package accessverifier
 
 import (
@@ -11,14 +12,17 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/v14/internal/gitlabnet/accessverifier"
 )
 
+// Response is an alias for accessverifier.Response, representing the result of an access verification.
 type Response = accessverifier.Response
 
+// Command handles access verification commands.
 type Command struct {
 	Config     *config.Config
 	Args       *commandargs.Shell
 	ReadWriter *readwriter.ReadWriter
 }
 
+// Verify checks access permissions and returns a response.
 func (c *Command) Verify(ctx context.Context, action commandargs.CommandType, repo string) (*Response, error) {
 	client, err := accessverifier.NewClient(c.Config)
 	if err != nil {

internal/command/shared/accessverifier/accessverifier_test.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -28,23 +29,23 @@ func setup(t *testing.T) (*Command, *bytes.Buffer, *bytes.Buffer) {
 			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				var requestBody *accessverifier.Request
 				err = json.Unmarshal(b, &requestBody)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				if requestBody.KeyID == "1" {
 					body := map[string]interface{}{
 						"gl_console_messages": []string{"console", "message"},
 					}
-					require.NoError(t, json.NewEncoder(w).Encode(body))
+					assert.NoError(t, json.NewEncoder(w).Encode(body))
 				} else {
 					body := map[string]interface{}{
 						"status":  false,
 						"message": "missing user",
 					}
-					require.NoError(t, json.NewEncoder(w).Encode(body))
+					assert.NoError(t, json.NewEncoder(w).Encode(body))
 				}
 			},
 		},

internal/command/shared/customaction/customaction_test.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"gitlab.com/gitlab-org/gitlab-shell/v14/client/testserver"
@@ -24,32 +25,32 @@ func TestExecuteEOFSent(t *testing.T) {
 			Path: "/geo/proxy/info_refs_receive_pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				var request *Request
-				require.NoError(t, json.Unmarshal(b, &request))
+				assert.NoError(t, json.Unmarshal(b, &request))
 
-				require.Equal(t, request.Data.UserID, who)
-				require.Empty(t, request.Output)
+				assert.Equal(t, request.Data.UserID, who)
+				assert.Empty(t, request.Output)
 
 				err = json.NewEncoder(w).Encode(Response{Result: []byte("custom")})
-				require.NoError(t, err)
+				assert.NoError(t, err)
 			},
 		},
 		{
 			Path: "/geo/proxy/receive_pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				var request *Request
-				require.NoError(t, json.Unmarshal(b, &request))
+				assert.NoError(t, json.Unmarshal(b, &request))
 
-				require.Equal(t, request.Data.UserID, who)
-				require.Equal(t, "0009input", string(request.Output))
+				assert.Equal(t, request.Data.UserID, who)
+				assert.Equal(t, "0009input", string(request.Output))
 
 				err = json.NewEncoder(w).Encode(Response{Result: []byte("output")})
-				require.NoError(t, err)
+				assert.NoError(t, err)
 			},
 		},
 	}
@@ -82,7 +83,7 @@ func TestExecuteEOFSent(t *testing.T) {
 
 	// expect printing of info message, "custom" string from the first request
 	// and "output" string from the second request
-	require.Equal(t, "customoutput", outBuf.String())
+	assert.Equal(t, "customoutput", outBuf.String())
 }
 
 func TestExecuteNoEOFSent(t *testing.T) {
@@ -93,32 +94,32 @@ func TestExecuteNoEOFSent(t *testing.T) {
 			Path: "/geo/proxy/info_refs_upload_pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				var request *Request
-				require.NoError(t, json.Unmarshal(b, &request))
+				assert.NoError(t, json.Unmarshal(b, &request))
 
-				require.Equal(t, request.Data.UserID, who)
-				require.Empty(t, request.Output)
+				assert.Equal(t, request.Data.UserID, who)
+				assert.Empty(t, request.Output)
 
 				err = json.NewEncoder(w).Encode(Response{Result: []byte("custom")})
-				require.NoError(t, err)
+				assert.NoError(t, err)
 			},
 		},
 		{
 			Path: "/geo/proxy/upload_pack",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := io.ReadAll(r.Body)
-				require.NoError(t, err)
+				assert.NoError(t, err)
 
 				var request *Request
-				require.NoError(t, json.Unmarshal(b, &request))
+				assert.NoError(t, json.Unmarshal(b, &request))
 
-				require.Equal(t, request.Data.UserID, who)
-				require.Equal(t, "0032want 343d70886785dc1f98aaf70f3b4ca87c93a5d0dd\n", string(request.Output))
+				assert.Equal(t, request.Data.UserID, who)
+				assert.Equal(t, "0032want 343d70886785dc1f98aaf70f3b4ca87c93a5d0dd\n", string(request.Output))
 
 				err = json.NewEncoder(w).Encode(Response{Result: []byte("output")})
-				require.NoError(t, err)
+				assert.NoError(t, err)
 			},
 		},
 	}
@@ -151,5 +152,5 @@ func TestExecuteNoEOFSent(t *testing.T) {
 
 	// expect printing of info message, "custom" string from the first request
 	// and "output" string from the second request
-	require.Equal(t, "customoutput", outBuf.String())
+	assert.Equal(t, "customoutput", outBuf.String())
 }