ci: add golangci-lint with config and fixes

.github/workflows/package-ci.yml

@@ -8,6 +8,101 @@ on:
   workflow_dispatch:
 
 jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Install BPF build dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang llvm libbpf-dev build-essential pkg-config zlib1g-dev
+          has_working_bpftool() {
+            local output
+            [[ -x "${1:-}" ]] || return 1
+            output="$("${1}" version 2>/dev/null)" || return 1
+            [[ "${output}" == *"libbpf"* ]]
+          }
+          first_working_bpftool() {
+            for candidate in "$@"; do
+              if has_working_bpftool "${candidate}"; then
+                echo "${candidate}"
+                return 0
+              fi
+            done
+            return 1
+          }
+          BPFTOOL_CMD=""
+          if candidate="$(command -v bpftool 2>/dev/null)" && has_working_bpftool "${candidate}"; then
+            BPFTOOL_CMD="${candidate}"
+          fi
+          for pkg in \
+            bpftool \
+            "linux-tools-$(uname -r)" \
+            "linux-cloud-tools-$(uname -r)" \
+            linux-tools-generic \
+            linux-cloud-tools-generic \
+            linux-tools-azure \
+            linux-cloud-tools-azure \
+            linux-tools-common
+          do
+            if [[ -n "${BPFTOOL_CMD}" ]]; then
+              break
+            fi
+            sudo apt-get install -y "${pkg}" || true
+            mapfile -t BPFTOOL_CANDIDATES < <(find /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /usr/lib -type f -name 'bpftool*' 2>/dev/null | sort -u)
+            if candidate="$(first_working_bpftool "${BPFTOOL_CANDIDATES[@]}")"; then
+              BPFTOOL_CMD="${candidate}"
+            fi
+          done
+          if [[ -z "${BPFTOOL_CMD}" ]]; then
+            case "$(uname -m)" in
+              x86_64|amd64) BPFTOOL_ARCH="amd64" ;;
+              aarch64|arm64) BPFTOOL_ARCH="arm64" ;;
+              *) BPFTOOL_ARCH="" ;;
+            esac
+            if [[ -n "${BPFTOOL_ARCH}" ]]; then
+              BPFTOOL_VERSION="v7.6.0"
+              BPFTOOL_URL="https://github.com/libbpf/bpftool/releases/download/${BPFTOOL_VERSION}/bpftool-${BPFTOOL_VERSION}-${BPFTOOL_ARCH}.tar.gz"
+              tmpdir="$(mktemp -d)"
+              if curl -fsSL "${BPFTOOL_URL}" -o "${tmpdir}/bpftool.tgz" && tar -xzf "${tmpdir}/bpftool.tgz" -C "${tmpdir}"; then
+                mapfile -t BPFTOOL_CANDIDATES < <(find "${tmpdir}" -type f -perm -111 2>/dev/null | sort -u)
+                if candidate="$(first_working_bpftool "${BPFTOOL_CANDIDATES[@]}")"; then
+                  sudo install -m 0755 "${candidate}" /usr/local/bin/bpftool-ci
+                  BPFTOOL_CMD="/usr/local/bin/bpftool-ci"
+                fi
+              fi
+              rm -rf "${tmpdir}"
+            fi
+          fi
+          if [[ -z "${BPFTOOL_CMD}" ]]; then
+            echo "Unable to locate a working bpftool binary"
+            exit 1
+          fi
+          echo "BPFTOOL_CMD=${BPFTOOL_CMD}" >> "${GITHUB_ENV}"
+          "${BPFTOOL_CMD}" version
+
+      - name: Generate eBPF bindings
+        run: |
+          mkdir -p lib/provider/ebpf/bpf/headers
+          "${BPFTOOL_CMD:-bpftool}" btf dump file /sys/kernel/btf/vmlinux format c > lib/provider/ebpf/bpf/vmlinux.h
+          go generate ./lib/provider/ebpf
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.64
+          args: --timeout=5m
+
   test:
     name: Test (${{ matrix.runner }})
     runs-on: ${{ matrix.runner }}

.gitignore

@@ -31,3 +31,12 @@ go.work.sum
 # .idea/
 # .vscode/
 .claude/settings.local.json
+
+# Compiled binaries
+/aurora
+/aurora-util
+
+# Generated eBPF files (produced by go generate)
+lib/provider/ebpf/bpf/headers/
+lib/provider/ebpf/*_bpfel.go
+lib/provider/ebpf/*_bpfel.o

.golangci.yml

@@ -0,0 +1,112 @@
+# golangci-lint configuration for Aurora Linux
+# https://golangci-lint.run/usage/configuration/
+
+run:
+  # Timeout for analysis
+  timeout: 5m
+  # Include test files
+  tests: true
+
+linters:
+  # Disable all linters by default and enable explicitly
+  disable-all: true
+  enable:
+    # Default/core linters
+    - errcheck      # Check for unchecked errors
+    - govet         # Go vet examines Go source code
+    - staticcheck   # Static analysis checks
+    - gosimple      # Simplify code
+    - unused        # Find unused code
+    - ineffassign   # Detect ineffectual assignments
+
+    # Additional quality linters
+    - misspell      # Find misspelled words
+    - gofumpt       # Stricter gofmt
+    - revive        # Fast, configurable linter
+    - gocritic      # Highly extensible Go linter
+    - gocyclo       # Cyclomatic complexity checker
+
+linters-settings:
+  gocyclo:
+    # Aurora has some inherently complex functions (eBPF event handling,
+    # config parsing, validation logic) that are best kept as single functions
+    min-complexity: 50
+
+  gofumpt:
+    # Only check new code, don't enforce reformatting existing code yet
+    extra-rules: false
+
+  errcheck:
+    # Exclude common patterns where errors are intentionally ignored
+    exclude-functions:
+      # Close errors are almost never actionable
+      - (io.Closer).Close
+      - (*os.File).Close
+      - (*compress/gzip.Reader).Close
+      - (*archive/zip.ReadCloser).Close
+      # Cleanup in defer is best-effort
+      - os.RemoveAll
+      # SetDeadline errors are usually fine to ignore in tests
+      - (net.PacketConn).SetReadDeadline
+      - (net.Conn).SetReadDeadline
+      # Print functions rarely fail meaningfully
+      - fmt.Fprintln
+      - fmt.Fprintf
+      # Syscall close in cleanup
+      - syscall.Close
+
+  gocritic:
+    # Enable only diagnostic checks for now; style/perf can be added later
+    enabled-tags:
+      - diagnostic
+    disabled-checks:
+      # These are too noisy for initial adoption
+      - appendAssign
+      - commentFormatting
+
+  revive:
+    # Start with a minimal set of rules
+    rules:
+      - name: blank-imports
+      - name: context-as-argument
+      - name: context-keys-type
+      - name: error-return
+      - name: error-strings
+      - name: error-naming
+      - name: increment-decrement
+      - name: var-naming
+      - name: range
+      - name: receiver-naming
+      - name: time-naming
+      - name: indent-error-flow
+      - name: errorf
+
+issues:
+  # Exclusion rules
+  exclude-rules:
+    # Exclude errcheck in test files - tests often ignore errors intentionally
+    - path: _test\.go
+      linters:
+        - errcheck
+    # Exclude generated eBPF files from most checks
+    - path: "lib/provider/ebpf/.*_bpfel\\.go$"
+      linters:
+        - unused
+        - govet
+    # Existing code has different formatting - exclude gofumpt for now
+    # TODO: Run gofumpt on entire codebase in a separate PR
+    - path: \.go$
+      linters:
+        - gofumpt
+    # Exclude gocritic style suggestions that would require larger refactors
+    - linters:
+        - gocritic
+      text: "(paramTypeCombine|unnamedResult|httpNoBody|octalLiteral|unnecessaryDefer|filepathJoin|stringConcatSimplify)"
+    # Revive warnings for existing code patterns
+    - linters:
+        - revive
+      text: "(stutters|exported:|should have comment|var-naming|increment-decrement)"
+
+  # Don't limit the number of issues per linter
+  max-issues-per-linter: 0
+  max-same-issues: 0