From 47fc33ea9bbf0e97ab4844fd7fbc57398125beac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 08:19:51 +0000 Subject: [PATCH 1/7] Bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/golang.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml index 0a7e07d9..24f3742d 100644 --- a/.github/workflows/golang.yaml +++ b/.github/workflows/golang.yaml @@ -40,7 +40,7 @@ jobs: with: go-version: ${{ env.GOLANG_VERSION }} - name: Lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@v7 with: version: latest args: -v --timeout 5m From bee1969bbf18ed9e869f48f402beedb6e09cff91 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 2 Apr 2025 14:02:11 +0200 Subject: [PATCH 2/7] [no-relnote] Migrate golangci-lint config to v2 Signed-off-by: Evan Lezar --- .golangci.yml | 101 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 65 insertions(+), 36 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index f1208798..e0204a44 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,43 +1,72 @@ -run: - timeout: 10m +# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +version: "2" linters: enable: - contextcheck - gocritic + - gosec + - misspell + - unconvert + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + # Exclude the gocritic dupSubExpr issue for cgo files. + - linters: + - gocritic + path: internal/dxcore/dxcore.go + text: dupSubExpr + # Exclude the checks for usage of returns to config.Delete(Path) in the + # crio and containerd config packages. + - linters: + - errcheck + path: pkg/config/engine/ + text: config.Delete + # RENDERD refers to the Render Device and not the past tense of render. + - linters: + - misspell + path: .*.go + text: '`RENDERD` is a misspelling of `RENDERED`' + # The legacy hook relies on spec.Hooks.Prestart, which is deprecated as of + # the v1.2.0 OCI runtime spec. + - path: (.+)\.go$ + text: SA1019:(.+).Prestart is deprecated(.+) + # TODO: We should address each of the following integer overflows. + - path: (.+)\.go$ + text: 'G115: integer overflow conversion(.+)' + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + enable: - gofmt - goimports - - gosec - - gosimple - - govet - - ineffassign - - misspell - - staticcheck - - unconvert - -linters-settings: - goimports: - local-prefixes: github.com/NVIDIA/nvidia-container-toolkit - -issues: - exclude: - # The legacy hook relies on spec.Hooks.Prestart, which is deprecated as of the v1.2.0 OCI runtime spec. - - "SA1019:(.+).Prestart is deprecated(.+)" - # TODO: We should address each of the following integer overflows. - - "G115: integer overflow conversion(.+)" - exclude-rules: - # Exclude the gocritic dupSubExpr issue for cgo files. - - path: internal/dxcore/dxcore.go - linters: - - gocritic - text: dupSubExpr - # Exclude the checks for usage of returns to config.Delete(Path) in the crio and containerd config packages. - - path: pkg/config/engine/ - linters: - - errcheck - text: config.Delete - # RENDERD refers to the Render Device and not the past tense of render. - - path: .*.go - linters: - - misspell - text: "`RENDERD` is a misspelling of `RENDERED`" + settings: + goimports: + local-prefixes: + - github.com/NVIDIA/nvidia-container-toolkit + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ From c1c6534b1fbc55cc7b92b1dd3aeb4b2ad2b1e7c8 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 2 Apr 2025 14:10:33 +0200 Subject: [PATCH 3/7] [no-relnote] Fix QF1008: could remove embedded field lint errors Signed-off-by: Evan Lezar --- internal/discover/symlinks.go | 2 +- internal/oci/spec_memory.go | 4 ++-- internal/oci/spec_memory_test.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/discover/symlinks.go b/internal/discover/symlinks.go index 0119de0d..b7637aa2 100644 --- a/internal/discover/symlinks.go +++ b/internal/discover/symlinks.go @@ -42,7 +42,7 @@ func WithDriverDotSoSymlinks(mounts Discover, version string, nvidiaCDIHookPath // Hooks returns a hook to create the additional symlinks based on the mounts. func (d *additionalSymlinks) Hooks() ([]Hook, error) { - mounts, err := d.Discover.Mounts() + mounts, err := d.Mounts() if err != nil { return nil, fmt.Errorf("failed to get library mounts: %v", err) } diff --git a/internal/oci/spec_memory.go b/internal/oci/spec_memory.go index 478db5a2..fd27bdad 100644 --- a/internal/oci/spec_memory.go +++ b/internal/oci/spec_memory.go @@ -61,11 +61,11 @@ func (s *memorySpec) Modify(m SpecModifier) error { // Otherwise the returned value will be empty and the boolean will // be false. func (s memorySpec) LookupEnv(key string) (string, bool) { - if s.Spec == nil || s.Spec.Process == nil { + if s.Spec == nil || s.Process == nil { return "", false } - for _, env := range s.Spec.Process.Env { + for _, env := range s.Process.Env { if !strings.HasPrefix(env, key) { continue } diff --git a/internal/oci/spec_memory_test.go b/internal/oci/spec_memory_test.go index 3e8ba0ed..ebf92e75 100644 --- a/internal/oci/spec_memory_test.go +++ b/internal/oci/spec_memory_test.go @@ -160,7 +160,7 @@ func TestModify(t *testing.T) { require.EqualValues(t, &specs.Spec{}, spec.Spec, "%d: %v", i, tc) default: require.NoError(t, err, "%d: %v", i, tc) - require.Equal(t, "updated", spec.Spec.Version, "%d: %v", i, tc) + require.Equal(t, "updated", spec.Version, "%d: %v", i, tc) } } } From be9d7b6db1e672f3555caed2f14bd1e4fe63c79a Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 2 Apr 2025 14:11:28 +0200 Subject: [PATCH 4/7] [no-relnote] Fix QF1002: could use tagged switch on info.SubType lint errors Signed-off-by: Evan Lezar --- internal/platform-support/dgpu/nvsandboxutils.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/platform-support/dgpu/nvsandboxutils.go b/internal/platform-support/dgpu/nvsandboxutils.go index 7022deab..ebeea7c8 100644 --- a/internal/platform-support/dgpu/nvsandboxutils.go +++ b/internal/platform-support/dgpu/nvsandboxutils.go @@ -71,13 +71,13 @@ func (d *nvsandboxutilsDGPU) Devices() ([]discover.Device, error) { var devices []discover.Device for _, info := range gpuFileInfos { - switch { - case info.SubType == nvsandboxutils.NV_DEV_DRI_CARD, info.SubType == nvsandboxutils.NV_DEV_DRI_RENDERD: + switch info.SubType { + case nvsandboxutils.NV_DEV_DRI_CARD, nvsandboxutils.NV_DEV_DRI_RENDERD: if d.isMig { continue } fallthrough - case info.SubType == nvsandboxutils.NV_DEV_NVIDIA, info.SubType == nvsandboxutils.NV_DEV_NVIDIA_CAPS_NVIDIA_CAP: + case nvsandboxutils.NV_DEV_NVIDIA, nvsandboxutils.NV_DEV_NVIDIA_CAPS_NVIDIA_CAP: containerPath := info.Path if d.devRoot != "/" { containerPath = strings.TrimPrefix(containerPath, d.devRoot) @@ -89,7 +89,7 @@ func (d *nvsandboxutilsDGPU) Devices() ([]discover.Device, error) { Path: containerPath, } devices = append(devices, device) - case info.SubType == nvsandboxutils.NV_DEV_DRI_CARD_SYMLINK, info.SubType == nvsandboxutils.NV_DEV_DRI_RENDERD_SYMLINK: + case nvsandboxutils.NV_DEV_DRI_CARD_SYMLINK, nvsandboxutils.NV_DEV_DRI_RENDERD_SYMLINK: if d.isMig { continue } From 80fb4dc0e91f0aef98140f0cb4b004ee913f3a01 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 2 Apr 2025 14:12:39 +0200 Subject: [PATCH 5/7] [no-relnote] Fix ST1019: package tags.cncf.io/container-device-interface/specs-go is being imported more than once lint errors Signed-off-by: Evan Lezar --- pkg/nvcdi/spec/builder.go | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkg/nvcdi/spec/builder.go b/pkg/nvcdi/spec/builder.go index 65717452..337a1dd1 100644 --- a/pkg/nvcdi/spec/builder.go +++ b/pkg/nvcdi/spec/builder.go @@ -21,19 +21,18 @@ import ( "os" "tags.cncf.io/container-device-interface/pkg/parser" - "tags.cncf.io/container-device-interface/specs-go" cdi "tags.cncf.io/container-device-interface/specs-go" "github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform" ) type builder struct { - raw *specs.Spec + raw *cdi.Spec version string vendor string class string - deviceSpecs []specs.Device - edits specs.ContainerEdits + deviceSpecs []cdi.Device + edits cdi.ContainerEdits format string mergedDeviceOptions []transform.MergedDeviceOption @@ -86,7 +85,7 @@ func newBuilder(opts ...Option) *builder { func (o *builder) Build() (*spec, error) { raw := o.raw if raw == nil { - raw = &specs.Spec{ + raw = &cdi.Spec{ Version: o.version, Kind: fmt.Sprintf("%s/%s", o.vendor, o.class), Devices: o.deviceSpecs, @@ -127,14 +126,14 @@ func (o *builder) Build() (*spec, error) { type Option func(*builder) // WithDeviceSpecs sets the device specs for the spec builder -func WithDeviceSpecs(deviceSpecs []specs.Device) Option { +func WithDeviceSpecs(deviceSpecs []cdi.Device) Option { return func(o *builder) { o.deviceSpecs = deviceSpecs } } // WithEdits sets the container edits for the spec builder -func WithEdits(edits specs.ContainerEdits) Option { +func WithEdits(edits cdi.ContainerEdits) Option { return func(o *builder) { o.edits = edits } @@ -176,7 +175,7 @@ func WithNoSimplify(noSimplify bool) Option { } // WithRawSpec sets the raw spec for the spec builder -func WithRawSpec(raw *specs.Spec) Option { +func WithRawSpec(raw *cdi.Spec) Option { return func(o *builder) { o.raw = raw } From 3913a6392b16dad22fa284ec9147d40591139a99 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 2 Apr 2025 14:13:54 +0200 Subject: [PATCH 6/7] [no-relnote] Fix QF1012: Use fmt.Fprintf(...) instead of WriteString(fmt.Sprintf(...)) lint errors Signed-off-by: Evan Lezar --- cmd/nvidia-cdi-hook/cudacompat/cudacompat.go | 2 +- cmd/nvidia-cdi-hook/update-ldcache/update-ldcache.go | 2 +- cmd/nvidia-container-runtime-hook/hook_config_test.go | 2 +- cmd/nvidia-ctk-installer/main.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/nvidia-cdi-hook/cudacompat/cudacompat.go b/cmd/nvidia-cdi-hook/cudacompat/cudacompat.go index 0cecd6c1..fff06fec 100644 --- a/cmd/nvidia-cdi-hook/cudacompat/cudacompat.go +++ b/cmd/nvidia-cdi-hook/cudacompat/cudacompat.go @@ -199,7 +199,7 @@ func (m command) createLdsoconfdFile(in containerRoot, pattern string, dirs ...s if added[dir] { continue } - _, err = configFile.WriteString(fmt.Sprintf("%s\n", dir)) + _, err = fmt.Fprintf(configFile, "%s\n", dir) if err != nil { return fmt.Errorf("failed to update config file: %w", err) } diff --git a/cmd/nvidia-cdi-hook/update-ldcache/update-ldcache.go b/cmd/nvidia-cdi-hook/update-ldcache/update-ldcache.go index e35da8ae..4118ad9c 100644 --- a/cmd/nvidia-cdi-hook/update-ldcache/update-ldcache.go +++ b/cmd/nvidia-cdi-hook/update-ldcache/update-ldcache.go @@ -184,7 +184,7 @@ func (m command) createLdsoconfdFile(in containerRoot, pattern string, dirs ...s if added[dir] { continue } - _, err = configFile.WriteString(fmt.Sprintf("%s\n", dir)) + _, err = fmt.Fprintf(configFile, "%s\n", dir) if err != nil { return fmt.Errorf("failed to update config file: %w", err) } diff --git a/cmd/nvidia-container-runtime-hook/hook_config_test.go b/cmd/nvidia-container-runtime-hook/hook_config_test.go index ade45d27..19147ecf 100644 --- a/cmd/nvidia-container-runtime-hook/hook_config_test.go +++ b/cmd/nvidia-container-runtime-hook/hook_config_test.go @@ -85,7 +85,7 @@ func TestGetHookConfig(t *testing.T) { configflag = &filename for _, line := range tc.lines { - _, err := configFile.WriteString(fmt.Sprintf("%s\n", line)) + _, err := fmt.Fprintf(configFile, "%s\n", line) require.NoError(t, err) } } diff --git a/cmd/nvidia-ctk-installer/main.go b/cmd/nvidia-ctk-installer/main.go index fce109aa..fa1dabad 100644 --- a/cmd/nvidia-ctk-installer/main.go +++ b/cmd/nvidia-ctk-installer/main.go @@ -240,7 +240,7 @@ func (a *app) initialize(pidFile string) error { return fmt.Errorf("unable to get flock on pidfile: %v", err) } - _, err = f.WriteString(fmt.Sprintf("%v\n", os.Getpid())) + _, err = fmt.Fprintf(f, "%v\n", os.Getpid()) if err != nil { return fmt.Errorf("unable to write PID to pidfile: %v", err) } From 0fb3eec1bb9e192650d4befd02b6dd1d43904fba Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 2 Apr 2025 14:14:54 +0200 Subject: [PATCH 7/7] [no-relnote] Fix ST1005: error strings should not be capitalized lint errors Signed-off-by: Evan Lezar --- pkg/nvcdi/lib-csv.go | 2 +- pkg/nvcdi/lib-wsl.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/nvcdi/lib-csv.go b/pkg/nvcdi/lib-csv.go index 649b801a..75ad00a4 100644 --- a/pkg/nvcdi/lib-csv.go +++ b/pkg/nvcdi/lib-csv.go @@ -35,7 +35,7 @@ var _ Interface = (*csvlib)(nil) // GetSpec should not be called for wsllib func (l *csvlib) GetSpec() (spec.Interface, error) { - return nil, fmt.Errorf("Unexpected call to csvlib.GetSpec()") + return nil, fmt.Errorf("unexpected call to csvlib.GetSpec()") } // GetAllDeviceSpecs returns the device specs for all available devices. diff --git a/pkg/nvcdi/lib-wsl.go b/pkg/nvcdi/lib-wsl.go index 1c96c538..dd0e8db0 100644 --- a/pkg/nvcdi/lib-wsl.go +++ b/pkg/nvcdi/lib-wsl.go @@ -33,7 +33,7 @@ var _ Interface = (*wsllib)(nil) // GetSpec should not be called for wsllib func (l *wsllib) GetSpec() (spec.Interface, error) { - return nil, fmt.Errorf("Unexpected call to wsllib.GetSpec()") + return nil, fmt.Errorf("unexpected call to wsllib.GetSpec()") } // GetAllDeviceSpecs returns the device specs for all available devices.