.forgejo/workflows/dco.yml

@@ -0,0 +1,21 @@
+name: DCO action
+on: [pull_request]
+
+jobs:
+  dco:
+    name: DCO
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+
+      - name: Run commit format checker
+        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v2
+        with:
+          from: 'origin/${{ github.event.pull_request.base.ref }}'

.forgejo/workflows/tests.yml

@@ -0,0 +1,73 @@
+name: Tests and linters
+on: [pull_request]
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+          cache: true
+
+      - name: Install linters
+        run: make lint-install
+
+      - name: Run linters
+        run: make lint
+
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go_versions: [ '1.20', '1.21' ]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '${{ matrix.go_versions }}'
+          cache: true
+
+      - name: Run tests
+        run: make test
+
+  tests-race:
+    name: Tests with -race
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+          cache: true
+
+      - name: Run tests
+        run: go test ./... -count=1 -race
+
+  staticcheck:
+    name: Staticcheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+          cache: true
+
+      - name: Install staticcheck
+        run: make staticcheck-install
+
+      - name: Run staticcheck
+        run: make staticcheck-run

.golangci.yml

@@ -47,7 +47,7 @@ linters:
     - durationcheck
     - exhaustive
     - exportloopref
-    - gofmt
+    - gofumpt
     - goimports
     - misspell
     - whitespace

.pre-commit-config.yaml

@@ -26,14 +26,17 @@ repos:
       exclude: ".key$"
 
   - repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.9.0.2
+    rev: v0.9.0.6
     hooks:
       - id: shellcheck
 
-  - repo: https://github.com/golangci/golangci-lint
+  - repo: local
-    rev: v1.51.2
     hooks:
-      - id: golangci-lint
+      - id: make-lint
+        name: Run Make Lint
+        entry: make lint
+        language: system
+        pass_filenames: false
 
   - repo: local
     hooks:
@@ -43,3 +46,9 @@ repos:
          pass_filenames: false
          types: [go]
          language: system
+
+  - repo: https://github.com/TekWizely/pre-commit-golang
+    rev: v1.0.0-rc.1
+    hooks:
+       - id: go-staticcheck-repo-mod
+       - id: go-mod-tidy

Makefile

@@ -0,0 +1,62 @@
+#!/usr/bin/make -f
+
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.2
+TMP_DIR := .cache
+OUTPUT_LINT_DIR ?= $(shell pwd)/bin
+LINT_VERSION ?= 1.55.1
+LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION)
+
+# Run all code formatters
+fmts: fmt imports
+
+# Reformat code
+fmt:
+	@echo "⇒ Processing gofmt check"
+	@gofumpt -s -w .
+
+# Reformat imports
+imports:
+	@echo "⇒ Processing goimports check"
+	@goimports -w .
+
+# Run Unit Test with go test
+test:
+	@echo "⇒ Running go test"
+	@go test ./... -count=1
+
+# Activate pre-commit hooks
+pre-commit:
+	pre-commit install -t pre-commit -t commit-msg
+
+# Deactivate pre-commit hooks
+unpre-commit:
+	pre-commit uninstall -t pre-commit -t commit-msg
+
+pre-commit-run:
+	@pre-commit run -a --hook-stage manual
+
+# Install linters
+lint-install:
+	@mkdir -p $(TMP_DIR)
+	@rm -rf $(TMP_DIR)/linters
+	@git -c advice.detachedHead=false clone --branch v$(TRUECLOUDLAB_LINT_VERSION) https://git.frostfs.info/TrueCloudLab/linters.git $(TMP_DIR)/linters
+	@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR)
+	@rm -rf $(TMP_DIR)/linters
+	@rmdir $(TMP_DIR) 2>/dev/null || true
+	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
+
+# Run linters
+lint:
+	@if [ ! -d "$(LINT_DIR)" ]; then \
+		echo "Run make lint-install"; \
+		exit 1; \
+	fi
+	@$(LINT_DIR)/golangci-lint run
+
+# Install staticcheck
+staticcheck-install:
+	@go install honnef.co/go/tools/cmd/staticcheck@latest
+
+# Run staticcheck
+staticcheck-run:
+	@staticcheck ./...

chain.go

@@ -101,7 +101,7 @@ func (c *Condition) Match(req Request) bool {
 
 	switch c.Op {
 	default:
-		panic(fmt.Sprintf("unimplemented: %s", c.Op))
+		panic(fmt.Sprintf("unimplemented: %d", c.Op))
 	case CondStringEquals:
 		return val == c.Value
 	case CondStringNotEquals:
@@ -150,15 +150,16 @@ func (r *Rule) matchCondition(obj Request) (status Status, matched bool) {
 	}
 	return r.matchAll(obj)
 }
+
 func (r *Rule) matchAny(obj Request) (status Status, matched bool) {
 	for i := range r.Condition {
 		if r.Condition[i].Match(obj) {
-
 			return r.Status, true
 		}
 	}
 	return NoRuleFound, false
 }
+
 func (r *Rule) matchAll(obj Request) (status Status, matched bool) {
 	for i := range r.Condition {
 		if !r.Condition[i].Match(obj) {

error.go

@@ -2,7 +2,7 @@ package policyengine
 
 import "fmt"
 
-// Status is the status for policy application
+// Status is the status for policy application.
 type Status byte
 
 const (

iam/converter.go

@@ -109,6 +109,7 @@ func (p Policy) ToChain() (*policyengine.Chain, error) {
 	return &chain, nil
 }
 
+//nolint:funlen
 func (c Conditions) ToChainCondition() ([]policyengine.Condition, error) {
 	var conditions []policyengine.Condition
 

inmemory.go

@@ -20,8 +20,7 @@ func NewInMemory() CachedChainStorage {
 	}
 }
 
-// TODO параметры для actor (IP)
+// IsAllowed implements the Engine interface.
-// TODO
 func (s *inmemory) IsAllowed(name Name, namespace string, r Request) (Status, bool) {
 	var ruleFound bool
 	if local, ok := s.local[name]; ok {