diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b4bcbe97..abe4f11d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,9 +1,20 @@
 # Build packages for all supported OS / ARCH combinations
 
 stages:
+  - tests
   - build-one
   - build-all
 
+.tests-setup: &tests-setup
+  image: golang:1.14.4
+
+  rules:
+    - when: always
+
+  before_script:
+    - mkdir -p ${GOPATH}/src/github.com/NVIDIA/
+    - ln -s ${CI_PROJECT_DIR} ${GOPATH}/src/github.com/NVIDIA/${CI_PROJECT_NAME}
+
 .build-setup: &build-setup
   image: docker:19.03.8
 
@@ -17,6 +28,48 @@ stages:
   - apk add coreutils build-base sed git bash make
   - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes
 
+# Run a series of sanity-check tests over the code
+lint:
+  <<: *tests-setup
+  stage: tests
+  script:
+    - go get -u golang.org/x/lint/golint
+    - golint -set_exit_status github.com/NVIDIA/${CI_PROJECT_NAME}/pkg
+
+vet:
+  <<: *tests-setup
+  stage: tests
+  script:
+    - go vet github.com/NVIDIA/${CI_PROJECT_NAME}/pkg
+
+unit_test:
+  <<: *tests-setup
+  stage: tests
+  script:
+    - go test github.com/NVIDIA/${CI_PROJECT_NAME}/pkg
+
+fmt:
+  <<: *tests-setup
+  stage: tests
+  script:
+    - res=$(gofmt -l *.go)
+    - echo "$res"
+    - test -z "$res"
+
+ineffassign:
+  <<: *tests-setup
+  stage: tests
+  script:
+    - go get -u github.com/gordonklaus/ineffassign
+    - ineffassign pkg/*.go
+
+misspell:
+  <<: *tests-setup
+  stage: tests
+  script:
+    - go get -u github.com/client9/misspell/cmd/misspell
+    - misspell pkg/*.go
+
 # build-one jobs build packages for a single OS / ARCH combination.
 #
 # They are run during the first stage of the pipeline as a smoke test to ensure
diff --git a/pkg/container_config.go b/pkg/container_config.go
index c20a55e6..172a9a46 100644
--- a/pkg/container_config.go
+++ b/pkg/container_config.go
@@ -50,17 +50,20 @@ type containerConfig struct {
 	Nvidia *nvidiaConfig
 }
 
+// Root from OCI runtime spec
 // github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L94-L100
 type Root struct {
 	Path string `json:"path"`
 }
 
+// Process from OCI runtime spec
 // github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L30-L57
 type Process struct {
 	Env          []string         `json:"env,omitempty"`
 	Capabilities *json.RawMessage `json:"capabilities,omitempty" platform:"linux"`
 }
 
+// LinuxCapabilities from OCI runtime spec
 // https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L61
 type LinuxCapabilities struct {
 	Bounding    []string `json:"bounding,omitempty" platform:"linux"`
@@ -70,6 +73,7 @@ type LinuxCapabilities struct {
 	Ambient     []string `json:"ambient,omitempty" platform:"linux"`
 }
 
+// Spec from OCI runtime spec
 // We use pointers to structs, similarly to the latest version of runtime-spec:
 // https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L5-L28
 type Spec struct {
@@ -78,6 +82,7 @@ type Spec struct {
 	Root    *Root    `json:"root,omitempty"`
 }
 
+// HookState holds state information about the hook
 type HookState struct {
 	Pid int `json:"pid,omitempty"`
 	// After 17.06, runc is using the runtime spec:
@@ -174,7 +179,7 @@ func isPrivileged(s *Spec) bool {
 		// We only make sure that the bounding capabibility set has
 		// CAP_SYS_ADMIN. This allows us to make sure that the container was
 		// actually started as '--privileged', but also allow non-root users to
-		// access the priviliged NVIDIA capabilities.
+		// access the privileged NVIDIA capabilities.
 		caps = lc.Bounding
 	}
 
@@ -316,13 +321,15 @@ func getNvidiaConfig(env map[string]string, privileged bool) *nvidiaConfig {
 	}
 
 	var devices string
-	if d := getDevices(env); d == nil || len(*d) == 0 || *d == "void" {
+	d := getDevices(env)
+	if d == nil || len(*d) == 0 || *d == "void" {
 		// Environment variable unset or empty or "void": not a GPU container.
 		return nil
-	} else {
-		// Environment variable non-empty and not "void".
-		devices = *d
 	}
+
+	// Environment variable non-empty and not "void".
+	devices = *d
+
 	if devices == "none" {
 		devices = ""
 	}
diff --git a/pkg/hook_config.go b/pkg/hook_config.go
index eff2f3f4..3790fc46 100644
--- a/pkg/hook_config.go
+++ b/pkg/hook_config.go
@@ -18,7 +18,7 @@ var defaultPaths = [...]string{
 	configPath,
 }
 
-// CLIConfig: options for nvidia-container-cli.
+// CLIConfig : options for nvidia-container-cli.
 type CLIConfig struct {
 	Root                            *string  `toml:"root"`
 	Path                            *string  `toml:"path"`
@@ -33,6 +33,7 @@ type CLIConfig struct {
 	AlphaMergeVisibleDevicesEnvvars bool     `toml:"alpha-merge-visible-devices-envvars"`
 }
 
+// HookConfig : options for the nvidia-container-toolkit.
 type HookConfig struct {
 	DisableRequire bool    `toml:"disable-require"`
 	SwarmResource  *string `toml:"swarm-resource"`