fix: resolve linting issues and modernize code (#109)

* fix: resolve linting issues and modernize code

- Replace deprecated io/ioutil with io package
- Fix ineffectual assignments in configmaps.go and configmaps_test.go
- Optimize loop condition in WithRetry function
- Update Makefile with better target organization and dependencies

All tests passing with 92.5% coverage.

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

* chore: add lint workflow

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

* fix: update lint enforcement

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

* fix: update license check

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

* fix: improve security check

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

* chore: upload gosec artifact

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

---------

Signed-off-by: Todd Ekenstam <tekenstam@gmail.com>

Author: tekenstam

.github/workflows/lint.yml

@@ -0,0 +1,119 @@
+name: Lint and Scan
+
+on:
+  # Only run on PRs targeting master
+  pull_request:
+    branches: [ master ]
+    types: [opened, synchronize, reopened]
+  # For direct pushes to master only
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+      - '.github/**'
+      - '!.github/workflows/lint.yml'
+
+# Prevent duplicate workflow runs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  golangci:
+    name: Go Linting
+    runs-on: ubuntu-latest
+    # Allow job to succeed even with lint issues for now
+    continue-on-error: true
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.24.x
+          cache: true
+
+      # Simple linting first using standard go tools
+      - name: Run go fmt
+        run: |
+          go fmt ./...
+      
+      - name: Run go vet
+        run: |
+          go vet ./...
+
+      - name: Run golangci-lint
+        id: lint
+        uses: golangci/golangci-lint-action@v7
+        with:
+          version: latest
+          
+  gosec-issues:
+    name: Security Scan Issues
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        
+      # Fail only on high severity issues
+      - name: Run gosec security scan
+        uses: securego/gosec@master
+        with:
+          args: -exclude-generated -fmt=json -out=results.json ./...
+          
+      - name: Check for high severity issues
+        run: |
+          if [ ! -f results.json ]; then
+            echo "Error: gosec scan results not found"
+            exit 1
+          fi
+          
+          # Check if any high severity issues exist (level 3)
+          HIGH_ISSUES=$(cat results.json | grep -c '"severity":"HIGH"' || true)
+          if [ "$HIGH_ISSUES" -gt 0 ]; then
+            echo "Found $HIGH_ISSUES high severity security issues!"
+            cat results.json | grep -A 5 -B 5 '"severity":"HIGH"'
+            exit 1
+          else
+            echo "No high severity security issues found."
+          fi
+          
+      - name: Upload security scan results
+        if: always()  # Run even if previous steps failed
+        uses: actions/upload-artifact@v4
+        with:
+          name: gosec-results
+          path: results.json
+          retention-days: 7
+          if-no-files-found: warn
+
+  license-check:
+    name: License Compliance
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.24.x
+          
+      - name: Check License Headers
+        run: |
+          # Only check Go files that aren't in vendor or generated
+          echo "Checking for Apache License headers in Go files..."
+          # Store files missing license in a variable
+          MISSING_LICENSE=$(find . -name "*.go" -type f -not -path "*/vendor/*" -not -path "*/mocks/*" | xargs grep -L "Licensed under the Apache License" || true)
+          
+          # If any files are missing license headers, report and exit with error
+          if [ -n "$MISSING_LICENSE" ]; then
+            echo "ERROR: The following files are missing Apache License headers:"
+            echo "$MISSING_LICENSE"
+            echo "License check failed. Please add the appropriate license headers."
+            exit 1
+          else
+            echo "License check passed. All files have proper license headers."
+          fi

.gitignore

@@ -1,5 +1,6 @@
 bin/*
 coverage.txt
 coverage.html
+results.json
 dist/
 .windsurfrules

Makefile

@@ -10,16 +10,45 @@ LDFLAGS=-ldflags "-X ${LDFLAG_LOCATION}.buildDate=${BUILD} -X ${LDFLAG_LOCATION}
 GIT_TAG=$(shell git rev-parse --short HEAD)
 IMAGE ?= aws-auth:latest
 
+all: lint test build
+
 build:
 	CGO_ENABLED=0 go build ${LDFLAGS} -o bin/aws-auth github.com/keikoproj/aws-auth
 	chmod +x bin/aws-auth
 
-test:
+test: fmt vet
 	go test -v ./... -coverprofile coverage.txt
 	go tool cover -html=coverage.txt -o coverage.html
 
+# Run go fmt against code
+fmt:
+	go fmt ./...
+
+# Run go vet against code
+vet:
+	go vet ./...
+
 docker-build:
 	docker build -t $(IMAGE) .
 
 docker-push:
-	docker push ${IMAGE}
+	docker push ${IMAGE}
+
+LOCALBIN = $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+GOLANGCI_LINT_VERSION := v2.1.1
+GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
+.PHONY: golangci-lint
+$(GOLANGCI_LINT): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+
+.PHONY: lint
+lint: $(GOLANGCI_LINT)
+	@echo "Running golangci-lint"
+	$(GOLANGCI_LINT) run ./...
+
+.PHONY: clean
+clean:
+	@rm -rf ./bin

example/example.go

@@ -1,3 +1,18 @@
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package main
 
 import (

pkg/mapper/configmaps.go

@@ -91,7 +91,7 @@ func UpdateAuthMap(k kubernetes.Interface, authData AwsAuthData, cm *v1.ConfigMa
 		"mapUsers": string(mapUsers),
 	}
 
-	cm, err = k.CoreV1().ConfigMaps(AwsAuthNamespace).Update(context.Background(), cm, metav1.UpdateOptions{})
+	_, err = k.CoreV1().ConfigMaps(AwsAuthNamespace).Update(context.Background(), cm, metav1.UpdateOptions{})
 	if err != nil {
 		return err
 	}

pkg/mapper/configmaps_test.go

@@ -88,7 +88,7 @@ func TestConfigMaps_Update(t *testing.T) {
 	err = UpdateAuthMap(client, auth, cm)
 	g.Expect(err).NotTo(gomega.HaveOccurred())
 
-	auth, cm, err = ReadAuthMap(client)
+	auth, _, err = ReadAuthMap(client)
 	g.Expect(err).NotTo(gomega.HaveOccurred())
 
 	fmt.Println(auth.MapRoles[0])

pkg/mapper/types.go

@@ -17,7 +17,7 @@ package mapper
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"strings"
 	"time"
@@ -42,7 +42,7 @@ func New(client kubernetes.Interface, isCommandline bool) *AuthMapper {
 	mapper.KubernetesClient = client
 
 	if !isCommandline {
-		log.SetOutput(ioutil.Discard)
+		log.SetOutput(io.Discard)
 	}
 	return mapper
 }
@@ -246,10 +246,7 @@ func WithRetry(fn RetriableFunction, args *MapperArguments) (interface{}, error)
 		}
 	)
 
-	for {
-		if counter >= args.MaxRetryCount {
-			break
-		}
+	for counter < args.MaxRetryCount {
 
 		if out, err = fn(); err != nil {
 			d := bkoff.Duration()