From d1a378436c29a564908f6610683c5f792f2ab7ff Mon Sep 17 00:00:00 2001 From: Fred Date: Mon, 14 Oct 2024 21:46:18 +0100 Subject: [PATCH] upgrade packages & fix lint issues --- .golangci.yml | 5 ++++ cmd/detect-latest-release/update.go | 2 ++ cmd/get-release/main.go | 21 +++++++++-------- gitea_source.go | 4 ++-- github_source.go | 4 ++-- go.mod | 18 +++++++-------- go.sum | 36 +++++++++++++++++------------ package.go | 7 +++++- update/hide_test.go | 2 +- update_test.go | 18 +++++++-------- validate.go | 2 +- validate_test.go | 9 +++++--- 12 files changed, 76 insertions(+), 52 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 8dec473..5a74aaa 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -20,3 +20,8 @@ linters: - unconvert - unparam - usestdlibvars + +linters-settings: + gosec: + excludes: + - G101 # Potential hardcoded credentials diff --git a/cmd/detect-latest-release/update.go b/cmd/detect-latest-release/update.go index 185fb94..e571d3f 100644 --- a/cmd/detect-latest-release/update.go +++ b/cmd/detect-latest-release/update.go @@ -10,6 +10,8 @@ import ( ) // keep this function here, this is the example from the README +// +//nolint:unused func update(version string) error { latest, found, err := selfupdate.DetectLatest(context.Background(), selfupdate.ParseSlug("creativeprojects/resticprofile")) if err != nil { diff --git a/cmd/get-release/main.go b/cmd/get-release/main.go index 39f3796..f8b1d5d 100644 --- a/cmd/get-release/main.go +++ b/cmd/get-release/main.go @@ -54,6 +54,7 @@ func main() { os.Exit(1) } + ctx := context.Background() updater, err := selfupdate.NewUpdater(selfupdate.Config{ Source: source, }) @@ -61,7 +62,7 @@ func main() { fmt.Fprintln(os.Stderr, err) os.Exit(1) } - latest, found, err := updater.DetectLatest(context.Background(), selfupdate.ParseSlug(slug)) + latest, found, err := updater.DetectLatest(ctx, selfupdate.ParseSlug(slug)) if err != nil { fmt.Fprintln(os.Stderr, "Error while detecting the latest version:", err) os.Exit(1) @@ -75,12 +76,12 @@ func main() { cmdPath := filepath.Join(build.Default.GOPATH, "bin", cmd) if _, err := os.Stat(cmdPath); err != nil { // When executable is not existing yet - if err := installFrom(latest.AssetURL, cmd, cmdPath); err != nil { + if err := installFrom(ctx, latest.AssetURL, cmd, cmdPath); err != nil { fmt.Fprintf(os.Stderr, "Error while installing the release binary from %s: %s\n", latest.AssetURL, err) os.Exit(1) } } else { - if err := updater.UpdateTo(context.Background(), latest, cmdPath); err != nil { + if err := updater.UpdateTo(ctx, latest, cmdPath); err != nil { fmt.Fprintf(os.Stderr, "Error while replacing the binary with %s: %s\n", latest.AssetURL, err) os.Exit(1) } @@ -105,20 +106,22 @@ Flags:`) } func getCommand(pkg string) string { - if strings.HasSuffix(pkg, "/") { - pkg = strings.TrimSuffix(pkg, "/") - } + pkg = strings.TrimSuffix(pkg, "/") _, cmd := filepath.Split(pkg) return cmd } -func installFrom(url, cmd, path string) error { - res, err := http.Get(url) +func installFrom(ctx context.Context, url, cmd, path string) error { + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody) + if err != nil { + return fmt.Errorf("failed to create request to download release binary from %s: %s", url, err) + } + res, err := http.DefaultClient.Do(req) if err != nil { return fmt.Errorf("failed to download release binary from %s: %s", url, err) } defer res.Body.Close() - if res.StatusCode != 200 { + if res.StatusCode != http.StatusOK { return fmt.Errorf("failed to download release binary from %s: Invalid response ", url) } executable, err := selfupdate.DecompressCommand(res.Body, url, cmd, runtime.GOOS, runtime.GOARCH) diff --git a/gitea_source.go b/gitea_source.go index 9163c8c..7ca6e2a 100644 --- a/gitea_source.go +++ b/gitea_source.go @@ -68,8 +68,8 @@ func (s *GiteaSource) ListReleases(ctx context.Context, repository Repository) ( s.api.SetContext(ctx) rels, res, err := s.api.ListReleases(owner, repo, gitea.ListReleasesOptions{}) if err != nil { - if res != nil && res.StatusCode == 404 { - // 404 means repository not found or release not found. It's not an error here. + if res != nil && res.StatusCode == http.StatusNotFound { + // repository not found or release not found. It's not an error here. log.Print("Repository or release not found") return nil, nil } diff --git a/github_source.go b/github_source.go index 1a84b45..9215e16 100644 --- a/github_source.go +++ b/github_source.go @@ -72,8 +72,8 @@ func (s *GitHubSource) ListReleases(ctx context.Context, repository Repository) } rels, res, err := s.api.Repositories.ListReleases(ctx, owner, repo, nil) if err != nil { - if res != nil && res.StatusCode == 404 { - // 404 means repository not found or release not found. It's not an error here. + if res != nil && res.StatusCode == http.StatusNotFound { + // repository not found or release not found. It's not an error here. log.Print("Repository or release not found") return nil, nil } diff --git a/go.mod b/go.mod index 96a1fb7..3c7270a 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,17 @@ module github.com/creativeprojects/go-selfupdate -go 1.18 +go 1.21 require ( - code.gitea.io/sdk/gitea v0.18.0 - github.com/Masterminds/semver/v3 v3.2.1 + code.gitea.io/sdk/gitea v0.19.0 + github.com/Masterminds/semver/v3 v3.3.0 github.com/google/go-github/v30 v30.1.0 github.com/stretchr/testify v1.9.0 github.com/ulikunitz/xz v0.5.12 - github.com/xanzy/go-gitlab v0.106.0 - golang.org/x/crypto v0.24.0 - golang.org/x/oauth2 v0.21.0 + github.com/xanzy/go-gitlab v0.112.0 + golang.org/x/crypto v0.28.0 + golang.org/x/oauth2 v0.23.0 + gopkg.in/yaml.v3 v3.0.1 ) require ( @@ -22,7 +23,6 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-version v1.7.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/time v0.7.0 // indirect ) diff --git a/go.sum b/go.sum index 29619ed..09b7576 100644 --- a/go.sum +++ b/go.sum @@ -1,17 +1,19 @@ -code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= -code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +code.gitea.io/sdk/gitea v0.19.0 h1:8I6s1s4RHgzxiPHhOQdgim1RWIRcr0LVMbHBjBFXq4Y= +code.gitea.io/sdk/gitea v0.19.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v30 v30.1.0 h1:VLDx+UolQICEOKu2m4uAoMti1SxuEBAl7RSEG16L+Oo= github.com/google/go-github/v30 v30.1.0/go.mod h1:n8jBpHl45a/rlBUtRJMOG4GhNADUQFEufcolZ95JfU8= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -20,42 +22,46 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= -github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= diff --git a/package.go b/package.go index eb4f320..a75fc5a 100644 --- a/package.go +++ b/package.go @@ -10,11 +10,13 @@ import ( // DetectLatest detects the latest release from the repository. // This function is a shortcut version of updater.DetectLatest with the DefaultUpdater. func DetectLatest(ctx context.Context, repository Repository) (*Release, bool, error) { + //nolint:contextcheck return DefaultUpdater().DetectLatest(ctx, repository) } // DetectVersion detects the given release from the repository. func DetectVersion(ctx context.Context, repository Repository, version string) (*Release, bool, error) { + //nolint:contextcheck return DefaultUpdater().DetectVersion(ctx, repository, version) } @@ -23,6 +25,7 @@ func DetectVersion(ctx context.Context, repository Repository, version string) ( // this function is not available to update a release for private repositories. // cmdPath is a file path to command executable. func UpdateTo(ctx context.Context, assetURL, assetFileName, cmdPath string) error { + //nolint:contextcheck up := DefaultUpdater() src, err := downloadReleaseAssetFromURL(ctx, assetURL) if err != nil { @@ -35,18 +38,20 @@ func UpdateTo(ctx context.Context, assetURL, assetFileName, cmdPath string) erro // UpdateCommand updates a given command binary to the latest version. // This function is a shortcut version of updater.UpdateCommand using a DefaultUpdater() func UpdateCommand(ctx context.Context, cmdPath string, current string, repository Repository) (*Release, error) { + //nolint:contextcheck return DefaultUpdater().UpdateCommand(ctx, cmdPath, current, repository) } // UpdateSelf updates the running executable itself to the latest version. // This function is a shortcut version of updater.UpdateSelf using a DefaultUpdater() func UpdateSelf(ctx context.Context, current string, repository Repository) (*Release, error) { + //nolint:contextcheck return DefaultUpdater().UpdateSelf(ctx, current, repository) } func downloadReleaseAssetFromURL(ctx context.Context, url string) (rc io.ReadCloser, err error) { client := http.DefaultClient - req, err := http.NewRequest("GET", url, nil) + req, err := http.NewRequest(http.MethodGet, url, nil) if err != nil { return nil, err } diff --git a/update/hide_test.go b/update/hide_test.go index 94c0f80..6125a45 100644 --- a/update/hide_test.go +++ b/update/hide_test.go @@ -12,7 +12,7 @@ func TestHideFile(t *testing.T) { t.Parallel() tempFile := filepath.Join(t.TempDir(), t.Name()) - err := os.WriteFile(tempFile, []byte("test"), 0o644) + err := os.WriteFile(tempFile, []byte("test"), 0o600) assert.NoError(t, err) err = hideFile(tempFile) diff --git a/update_test.go b/update_test.go index 9b398c5..ccaca70 100644 --- a/update_test.go +++ b/update_test.go @@ -22,17 +22,17 @@ func TestUpdateCommandWithWrongVersion(t *testing.T) { } func TestUpdateCommand(t *testing.T) { - current := "0.14.0" - new := "1.0.0" + currentVersion := "0.14.0" + newVersion := "1.0.0" source := mockSourceRepository(t) updater, err := NewUpdater(Config{Source: source}) require.NoError(t, err) filename := setupCurrentVersion(t) - rel, err := updater.UpdateCommand(context.Background(), filename, current, ParseSlug("creativeprojects/new_version")) + rel, err := updater.UpdateCommand(context.Background(), filename, currentVersion, ParseSlug("creativeprojects/new_version")) require.NoError(t, err) - assert.Equal(t, new, rel.Version()) + assert.Equal(t, newVersion, rel.Version()) assertNewVersion(t, filename) } @@ -42,8 +42,8 @@ func TestUpdateViaSymlink(t *testing.T) { t.Skip("skipping because creating symlink on windows requires admin privilege") } - current := "0.14.0" - new := "1.0.0" + currentVersion := "0.14.0" + newVersion := "1.0.0" source := mockSourceRepository(t) updater, err := NewUpdater(Config{Source: source}) require.NoError(t, err) @@ -54,9 +54,9 @@ func TestUpdateViaSymlink(t *testing.T) { err = os.Symlink(exePath, symPath) require.NoError(t, err) - rel, err := updater.UpdateCommand(context.Background(), symPath, current, ParseSlug("creativeprojects/new_version")) + rel, err := updater.UpdateCommand(context.Background(), symPath, currentVersion, ParseSlug("creativeprojects/new_version")) require.NoError(t, err) - assert.Equal(t, new, rel.Version()) + assert.Equal(t, newVersion, rel.Version()) // check actual file (not symlink) assertNewVersion(t, exePath) @@ -478,7 +478,7 @@ func setupCurrentVersion(t *testing.T) string { filename += ".exe" } - err := os.WriteFile(filename, []byte("old version"), 0o777) + err := os.WriteFile(filename, []byte("old version"), 0o600) require.NoError(t, err) return filename diff --git a/validate.go b/validate.go index 6898e06..aecd0c3 100644 --- a/validate.go +++ b/validate.go @@ -152,7 +152,7 @@ func (v *SHAValidator) Validate(filename string, release, asset []byte) error { return ErrIncorrectChecksumFile } - hash := fmt.Sprintf("%s", asset[:sha256.BlockSize]) + hash := string(asset[:sha256.BlockSize]) calculatedHash := fmt.Sprintf("%x", sha256.Sum256(release)) if equal, err := hexStringEquals(sha256.Size, calculatedHash, hash); !equal { diff --git a/validate_test.go b/validate_test.go index b08b764..84badbc 100644 --- a/validate_test.go +++ b/validate_test.go @@ -7,13 +7,14 @@ import ( "encoding/hex" "encoding/pem" "fmt" - "golang.org/x/crypto/openpgp" - "golang.org/x/crypto/openpgp/armor" + "io" "os" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "golang.org/x/crypto/openpgp" + "golang.org/x/crypto/openpgp/armor" ) func TestValidatorAssetNames(t *testing.T) { @@ -321,10 +322,12 @@ func TestPGPValidatorWithArmoredKeyRing(t *testing.T) { func getTestPGPKeyRing(t *testing.T) (PGPKeyRing []byte, entity *openpgp.Entity) { var err error + var armoredWriter io.WriteCloser entity, err = openpgp.NewEntity("go-selfupdate", "", "info@go-selfupdate.local", nil) + require.NoError(t, err) buffer := &bytes.Buffer{} - if armoredWriter, err := armor.Encode(buffer, openpgp.PublicKeyType, nil); err == nil { + if armoredWriter, err = armor.Encode(buffer, openpgp.PublicKeyType, nil); err == nil { if err = entity.Serialize(armoredWriter); err == nil { err = armoredWriter.Close() }