Upgraded build pipeline

Go version changed to 1.14.4
Golangci-lint changed to 1.26.0
Bazel version changed to 3.0.0
Bazel rules_go version changed to 0.23.3
Bazel gazelle version changed to v0.21.0
Bazel build tools version changed to 0.25.1
Bazel skylib version changed to 1.0.2

pkg/api/BUILD.bazel

@@ -41,6 +41,7 @@ go_test(
     embed = [":go_default_library"],
     race = "on",
     deps = [
+        "//errors:go_default_library",
         "@com_github_chartmuseum_auth//:go_default_library",
         "@com_github_mitchellh_mapstructure//:go_default_library",
         "@com_github_nmcclain_ldap//:go_default_library",

pkg/api/auth.go

@@ -71,12 +71,13 @@ func bearerAuthHandler(c *Controller) mux.MiddlewareFunc {
 	}
 }
 
-// nolint (gocyclo) - we use closure making this a complex subroutine
+// nolint:gocyclo  // we use closure making this a complex subroutine
 func basicAuthHandler(c *Controller) mux.MiddlewareFunc {
 	realm := c.Config.HTTP.Realm
 	if realm == "" {
 		realm = "Authorization Required"
 	}
+
 	realm = "Basic realm=" + strconv.Quote(realm)
 
 	// no password based authN, if neither LDAP nor HTTP BASIC is enabled
@@ -97,7 +98,9 @@ func basicAuthHandler(c *Controller) mux.MiddlewareFunc {
 	}
 
 	credMap := make(map[string]string)
+
 	delay := c.Config.HTTP.Auth.FailDelay
+
 	var ldapClient *LDAPClient
 
 	if c.Config.HTTP.Auth != nil {
@@ -117,27 +120,36 @@ func basicAuthHandler(c *Controller) mux.MiddlewareFunc {
 				Log:                c.Log,
 				SubtreeSearch:      l.SubtreeSearch,
 			}
+
 			if c.Config.HTTP.Auth.LDAP.CACert != "" {
 				caCert, err := ioutil.ReadFile(c.Config.HTTP.Auth.LDAP.CACert)
+
 				if err != nil {
 					panic(err)
 				}
+
 				caCertPool := x509.NewCertPool()
+
 				if !caCertPool.AppendCertsFromPEM(caCert) {
 					panic(errors.ErrBadCACert)
 				}
+
 				ldapClient.ClientCAs = caCertPool
 			} else {
 				// default to system cert pool
 				caCertPool, err := x509.SystemCertPool()
+
 				if err != nil {
 					panic(errors.ErrBadCACert)
 				}
+
 				ldapClient.ClientCAs = caCertPool
 			}
 		}
+
 		if c.Config.HTTP.Auth.HTPasswd.Path != "" {
 			f, err := os.Open(c.Config.HTTP.Auth.HTPasswd.Path)
+
 			if err != nil {
 				panic(err)
 			}
@@ -170,6 +182,7 @@ func basicAuthHandler(c *Controller) mux.MiddlewareFunc {
 			}
 
 			s := strings.SplitN(basicAuth, " ", 2)
+
 			if len(s) != 2 || strings.ToLower(s[0]) != "basic" {
 				authFail(w, realm, delay)
 				return
@@ -182,6 +195,7 @@ func basicAuthHandler(c *Controller) mux.MiddlewareFunc {
 			}
 
 			pair := strings.SplitN(string(b), ":", 2)
+			// nolint:gomnd
 			if len(pair) != 2 {
 				authFail(w, realm, delay)
 				return
@@ -211,7 +225,6 @@ func basicAuthHandler(c *Controller) mux.MiddlewareFunc {
 			}
 
 			authFail(w, realm, delay)
-			return
 		})
 	}
 }

pkg/api/config.go

@@ -7,8 +7,8 @@ import (
 	dspec "github.com/opencontainers/distribution-spec"
 )
 
-//nolint (gochecknoglobals)
-var Commit string
+// Commit ...
+var Commit string //nolint: gochecknoglobals
 
 type StorageConfig struct {
 	RootDirectory string
@@ -85,7 +85,7 @@ func NewConfig() *Config {
 	}
 }
 
-// Sanitize makes a sanitized copy of the config removing any secrets
+// Sanitize makes a sanitized copy of the config removing any secrets.
 func (c *Config) Sanitize() *Config {
 	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
 		s := &Config{}

pkg/api/controller.go

@@ -87,7 +87,7 @@ func (c *Controller) Run() error {
 				PreferServerCipherSuites: true,
 				MinVersion:               tls.VersionTLS12,
 			}
-			server.TLSConfig.BuildNameToCertificate()
+			server.TLSConfig.BuildNameToCertificate() // nolint: staticcheck
 		}
 
 		return server.ServeTLS(l, c.Config.HTTP.TLS.Cert, c.Config.HTTP.TLS.Key)

pkg/api/controller_test.go

@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -20,6 +19,7 @@ import (
 
 	"golang.org/x/crypto/bcrypt"
 
+	"github.com/anuvu/zot/errors"
 	"github.com/anuvu/zot/pkg/api"
 	"github.com/chartmuseum/auth"
 	"github.com/mitchellh/mapstructure"
@@ -66,7 +66,7 @@ func makeHtpasswdFile() string {
 
 	// bcrypt(username="test", passwd="test")
 	content := []byte("test:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n")
-	if err := ioutil.WriteFile(f.Name(), content, 0644); err != nil {
+	if err := ioutil.WriteFile(f.Name(), content, 0600); err != nil {
 		panic(err)
 	}
 
@@ -81,7 +81,7 @@ func makeHtpasswdFileFromString(fileContent string) string {
 
 	// bcrypt(username="test", passwd="test")
 	content := []byte(fileContent)
-	if err := ioutil.WriteFile(f.Name(), content, 0644); err != nil {
+	if err := ioutil.WriteFile(f.Name(), content, 0600); err != nil {
 		panic(err)
 	}
 
@@ -935,7 +935,7 @@ func (l *testLDAPServer) Stop() {
 
 func (l *testLDAPServer) Bind(bindDN, bindSimplePw string, conn net.Conn) (vldap.LDAPResultCode, error) {
 	if bindDN == "" || bindSimplePw == "" {
-		return vldap.LDAPResultInappropriateAuthentication, errors.New("ldap: bind creds required")
+		return vldap.LDAPResultInappropriateAuthentication, errors.ErrRequireCred
 	}
 
 	if (bindDN == LDAPBindDN && bindSimplePw == LDAPBindPassword) ||
@@ -943,7 +943,7 @@ func (l *testLDAPServer) Bind(bindDN, bindSimplePw string, conn net.Conn) (vldap
 		return vldap.LDAPResultSuccess, nil
 	}
 
-	return vldap.LDAPResultInvalidCredentials, errors.New("ldap: invalid credentials")
+	return vldap.LDAPResultInvalidCredentials, errors.ErrInvalidCred
 }
 
 func (l *testLDAPServer) Search(boundDN string, req vldap.SearchRequest,

pkg/api/errors.go

@@ -17,7 +17,7 @@ type ErrorList struct {
 
 type ErrorCode int
 
-// nolint (golint)
+// nolint: golint, stylecheck
 const (
 	BLOB_UNKNOWN ErrorCode = iota
 	BLOB_UPLOAD_INVALID
@@ -58,7 +58,7 @@ func (e ErrorCode) String() string {
 	return m[e]
 }
 
-func NewError(code ErrorCode, detail ...interface{}) Error { //nolint (interfacer)
+func NewError(code ErrorCode, detail ...interface{}) Error { //nolint: interfacer
 	var errMap = map[ErrorCode]Error{
 		BLOB_UNKNOWN: {
 			Message: "blob unknown to registry",

pkg/api/ldap.go

@@ -55,12 +55,12 @@ func (lc *LDAPClient) Connect() error {
 			// Reconnect with TLS
 			if !lc.SkipTLS {
 				config := &tls.Config{
-					InsecureSkipVerify: lc.InsecureSkipVerify, // nolint (gosec): InsecureSkipVerify is not true by default
+					InsecureSkipVerify: lc.InsecureSkipVerify, // nolint: gosec // InsecureSkipVerify is not true by default
 					RootCAs:            lc.ClientCAs,
 				}
 				if lc.ClientCertificates != nil && len(lc.ClientCertificates) > 0 {
 					config.Certificates = lc.ClientCertificates
-					config.BuildNameToCertificate()
+					config.BuildNameToCertificate() // nolint: staticcheck
 				}
 
 				err = l.StartTLS(config)
@@ -72,13 +72,13 @@ func (lc *LDAPClient) Connect() error {
 			}
 		} else {
 			config := &tls.Config{
-				InsecureSkipVerify: lc.InsecureSkipVerify, // nolint (gosec): InsecureSkipVerify is not true by default
+				InsecureSkipVerify: lc.InsecureSkipVerify, // nolint: gosec // InsecureSkipVerify is not true by default
 				ServerName:         lc.ServerName,
 				RootCAs:            lc.ClientCAs,
 			}
 			if lc.ClientCertificates != nil && len(lc.ClientCertificates) > 0 {
 				config.Certificates = lc.ClientCertificates
-				config.BuildNameToCertificate()
+				config.BuildNameToCertificate() // nolint: staticcheck
 			}
 			l, err = goldap.DialTLS("tcp", address, config)
 			if err != nil {

pkg/api/regexp.go

@@ -2,7 +2,7 @@ package api
 
 import "regexp"
 
-// nolint (gochecknoglobals)
+// nolint: gochecknoglobals
 var (
 	// alphaNumericRegexp defines the alpha numeric atom, typically a
 	// component of names. This only allows lower case characters and digits.

pkg/api/routes.go

@@ -21,7 +21,7 @@ import (
 	"strconv"
 	"strings"
 
-	_ "github.com/anuvu/zot/docs" // nolint (golint) - as required by swaggo
+	_ "github.com/anuvu/zot/docs" // as required by swaggo
 	"github.com/anuvu/zot/errors"
 	"github.com/anuvu/zot/pkg/log"
 	"github.com/gorilla/mux"
@@ -50,7 +50,7 @@ func NewRouteHandler(c *Controller) *RouteHandler {
 	return rh
 }
 
-// blobRLockWrapper calls the real handler with read-lock held
+// blobRLockWrapper calls the real handler with read-lock held.
 func (rh *RouteHandler) blobRLockWrapper(f func(w http.ResponseWriter,
 	r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
@@ -60,7 +60,7 @@ func (rh *RouteHandler) blobRLockWrapper(f func(w http.ResponseWriter,
 	}
 }
 
-// blobLockWrapper calls the real handler with write-lock held
+// blobLockWrapper calls the real handler with write-lock held.
 func (rh *RouteHandler) blobLockWrapper(f func(w http.ResponseWriter,
 	r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
@@ -117,7 +117,7 @@ func (rh *RouteHandler) SetupRoutes() {
 // @Router 	/v2/ [get]
 // @Accept  json
 // @Produce json
-// @Success 200 {string} string	"ok"
+// @Success 200 {string} string	"ok".
 func (rh *RouteHandler) CheckVersionSupport(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set(DistAPIVersion, "registry/2.0")
 	// NOTE: compatibility workaround - return this header in "allowed-read" mode to allow for clients to
@@ -151,7 +151,7 @@ type ImageTags struct {
 // @Param 	last	 	 query 	 string 		true				"last tag value for pagination"
 // @Success 200 {object} 	api.ImageTags
 // @Failure 404 {string} 	string 				"not found"
-// @Failure 400 {string} 	string 				"bad request"
+// @Failure 400 {string} 	string 				"bad request".
 func (rh *RouteHandler) ListTags(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -260,7 +260,7 @@ func (rh *RouteHandler) ListTags(w http.ResponseWriter, r *http.Request) {
 // @Success 200 {string} string	"ok"
 // @Header  200 {object} api.DistContentDigestKey
 // @Failure 404 {string} string "not found"
-// @Failure 500 {string} string "internal server error"
+// @Failure 500 {string} string "internal server error".
 func (rh *RouteHandler) CheckManifest(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -299,7 +299,7 @@ func (rh *RouteHandler) CheckManifest(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
-// NOTE: https://github.com/swaggo/swag/issues/387
+// NOTE: https://github.com/swaggo/swag/issues/387.
 type ImageManifest struct {
 	ispec.Manifest
 }
@@ -315,7 +315,7 @@ type ImageManifest struct {
 // @Header  200 {object} api.DistContentDigestKey
 // @Failure 404 {string} string "not found"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/manifests/{reference} [get]
+// @Router /v2/{name}/manifests/{reference} [get].
 func (rh *RouteHandler) GetManifest(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -367,7 +367,7 @@ func (rh *RouteHandler) GetManifest(w http.ResponseWriter, r *http.Request) {
 // @Failure 400 {string} string "bad request"
 // @Failure 404 {string} string "not found"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/manifests/{reference} [put]
+// @Router /v2/{name}/manifests/{reference} [put].
 func (rh *RouteHandler) UpdateManifest(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -433,7 +433,7 @@ func (rh *RouteHandler) UpdateManifest(w http.ResponseWriter, r *http.Request) {
 // @Param   name     			path    string     true        "repository name"
 // @Param   reference     path    string     true        "image reference or digest"
 // @Success 200 {string} string	"ok"
-// @Router /v2/{name}/manifests/{reference} [delete]
+// @Router /v2/{name}/manifests/{reference} [delete].
 func (rh *RouteHandler) DeleteManifest(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -481,7 +481,7 @@ func (rh *RouteHandler) DeleteManifest(w http.ResponseWriter, r *http.Request) {
 // @Param   digest     	path    string     true        "blob/layer digest"
 // @Success 200 {object} api.ImageManifest
 // @Header  200 {object} api.DistContentDigestKey
-// @Router /v2/{name}/blobs/{digest} [head]
+// @Router /v2/{name}/blobs/{digest} [head].
 func (rh *RouteHandler) CheckBlob(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -535,7 +535,7 @@ func (rh *RouteHandler) CheckBlob(w http.ResponseWriter, r *http.Request) {
 // @Param   digest     	path    string     true        "blob/layer digest"
 // @Header  200 {object} api.DistContentDigestKey
 // @Success 200 {object} api.ImageManifest
-// @Router /v2/{name}/blobs/{digest} [get]
+// @Router /v2/{name}/blobs/{digest} [get].
 func (rh *RouteHandler) GetBlob(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -584,7 +584,7 @@ func (rh *RouteHandler) GetBlob(w http.ResponseWriter, r *http.Request) {
 // @Param   name				path    string     true        "repository name"
 // @Param   digest     	path    string     true        "blob/layer digest"
 // @Success 202 {string} string "accepted"
-// @Router /v2/{name}/blobs/{digest} [delete]
+// @Router /v2/{name}/blobs/{digest} [delete].
 func (rh *RouteHandler) DeleteBlob(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -631,7 +631,7 @@ func (rh *RouteHandler) DeleteBlob(w http.ResponseWriter, r *http.Request) {
 // @Header  202 {string} Range "bytes=0-0"
 // @Failure 404 {string} string "not found"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/blobs/uploads [post]
+// @Router /v2/{name}/blobs/uploads [post].
 func (rh *RouteHandler) CreateBlobUpload(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -736,7 +736,7 @@ func (rh *RouteHandler) CreateBlobUpload(w http.ResponseWriter, r *http.Request)
 // @Header  202 {string} Range "bytes=0-128"
 // @Failure 404 {string} string "not found"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/blobs/uploads/{session_id} [get]
+// @Router /v2/{name}/blobs/uploads/{session_id} [get].
 func (rh *RouteHandler) GetBlobUpload(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -795,7 +795,7 @@ func (rh *RouteHandler) GetBlobUpload(w http.ResponseWriter, r *http.Request) {
 // @Failure 404 {string} string "not found"
 // @Failure 416 {string} string "range not satisfiable"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/blobs/uploads/{session_id} [patch]
+// @Router /v2/{name}/blobs/uploads/{session_id} [patch].
 func (rh *RouteHandler) PatchBlobUpload(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -893,7 +893,7 @@ func (rh *RouteHandler) PatchBlobUpload(w http.ResponseWriter, r *http.Request)
 // @Header  200 {object} api.DistContentDigestKey
 // @Failure 404 {string} string "not found"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/blobs/uploads/{session_id} [put]
+// @Router /v2/{name}/blobs/uploads/{session_id} [put].
 func (rh *RouteHandler) UpdateBlobUpload(w http.ResponseWriter, r *http.Request) {
 	rh.c.Log.Info().Interface("headers", r.Header).Msg("HEADERS")
 	vars := mux.Vars(r)
@@ -1018,7 +1018,7 @@ finish:
 // @Success 200 {string} string "ok"
 // @Failure 404 {string} string "not found"
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/{name}/blobs/uploads/{session_id} [delete]
+// @Router /v2/{name}/blobs/uploads/{session_id} [delete].
 func (rh *RouteHandler) DeleteBlobUpload(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	name, ok := vars["name"]
@@ -1064,7 +1064,7 @@ type RepositoryList struct {
 // @Produce json
 // @Success 200 {object} 	api.RepositoryList
 // @Failure 500 {string} string "internal server error"
-// @Router /v2/_catalog [get]
+// @Router /v2/_catalog [get].
 func (rh *RouteHandler) ListRepositories(w http.ResponseWriter, r *http.Request) {
 	repos, err := rh.c.ImageStore.GetRepositories()
 	if err != nil {