chore: migrate lint/test to docker-based tooling

.github/workflows/golang.yaml

@@ -9,25 +9,21 @@ jobs:
     name: GoLang Basics
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of Sonar scan
-      - name: FS Permissions
-        # workaround for permissions with contaner attempting to create directories
-        run: chmod 777 -R "$(pwd)"
       - name: Dep
         run: make dep
       - name: Lint
         run: make lint
-      - name: Coverage Setup 
-        # workaround for permissions with container attempting to create directory
-        run: mkdir .coverage && chmod 777 .coverage
+      - name: Coverage Setup
+        run: mkdir -p .coverage/unit
       - name: Unit Tests
         run: make test
       - name: Integration Tests
         run: make integration
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5
+        uses: SonarSource/sonarqube-scan-action@v7
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         # run on PRs and once we merge to main, as we need baseline runs for main in Sonar

.golangci.yaml

@@ -0,0 +1,89 @@
+version: "2"
+run:
+  build-tags:
+    - integration
+  issues-exit-code: 1
+  tests: true
+  timeout: 5m
+output:
+  formats:
+    text:
+      path: stdout
+      print-linter-name: true
+      print-issued-lines: true
+linters:
+  default: none
+  enable:
+    - depguard
+    - errcheck
+    - gochecknoinits
+    - goconst
+    - gocyclo
+    - gosec
+    - govet
+    - ineffassign
+    - misspell
+    - nakedret
+    - prealloc
+    - revive
+    - staticcheck
+    - unconvert
+    - unparam
+    - unused
+  settings:
+    depguard:
+      rules:
+        main:
+          deny:
+            - pkg: github.com/davecgh/go-spew/spew
+              desc: not allowed to use spew
+    govet:
+      enable:
+        - shadow # Check for possible unintended shadowing of variables.
+    misspell:
+      locale: US
+    prealloc:
+      for-loops: true
+    revive:
+      rules:
+        - name: package-comments
+          disabled: true
+    unparam:
+      check-exported: false
+  exclusions:
+    generated: lax
+    rules:
+      - path: (.+)\.go$
+        text: Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
+      - path: (.+)\.go$
+        text: (possible misuse of unsafe.Pointer|should have signature)
+      - path: (.+)\.go$
+        text: ineffective break statement. Did you mean to break out of the outer loop
+      - path: (.+)\.go$
+        text: Use of unsafe calls should be audited
+      - path: (.+)\.go$
+        text: Subprocess launch(ed with variable|ing should be audited)
+      - path: (.+)\.go$
+        text: G104
+      - path: (.+)\.go$
+        text: (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+      - path: (.+)\.go$
+        text: Potential file inclusion via variable
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    gofmt:
+      simplify: false
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+

Dockerfile

@@ -0,0 +1,8 @@
+# syntax=docker/dockerfile:1
+
+# Build a local Go toolchain image
+FROM golang:1.24 AS go
+USER root
+# Intentionally empty: this stage serves as a runnable Go toolchain container
+
+

Makefile

@@ -1,23 +1,41 @@
+.PHONY: docker-build-go docker-build-lint docker-build dep lint coverage test
+
 TAG := $(shell git rev-parse --short HEAD)
 DIR := $(shell pwd -L)
-
-SDCLI_VERSION :=v1.5
-SDCLI=docker run --rm -v "$(DIR):$(DIR)" -w "$(DIR)" asecurityteam/sdcli:$(SDCLI_VERSION)
-
-dep:
-	$(SDCLI) go dep
-
-lint:
-	$(SDCLI) go lint
-
-test:
-	$(SDCLI) go test
-
-integration:
-	$(SDCLI) go integration
-
-coverage:
-	$(SDCLI) go coverage
+LOCAL_GO_IMAGE ?= component-accesslog-go
+LOCAL_LINT_IMAGE ?= component-accesslog-golangci-lint
+GODOCKER = docker run --rm -v "$(DIR):$(DIR)" -w "$(DIR)" $(LOCAL_GO_IMAGE)
+LINTDOCKER = docker run --rm -v "$(DIR):$(DIR)" -w "$(DIR)" $(LOCAL_LINT_IMAGE)
+
+COVERAGE_DIR := .coverage
+UNIT_COVERAGE_DIR := $(COVERAGE_DIR)/unit
+UNIT_COVERAGE_FILE := $(UNIT_COVERAGE_DIR)/unit.cover.out
+
+docker-build-go:
+	docker build --target go -t $(LOCAL_GO_IMAGE) .
+
+docker-build-lint:
+	docker build --target lint -t $(LOCAL_LINT_IMAGE) -f linter.Dockerfile .
+
+docker-build: docker-build-go docker-build-lint
+
+dep: docker-build-go
+	$(GODOCKER) go mod vendor
+
+lint: docker-build-lint
+	$(LINTDOCKER) golangci-lint run --config .golangci.yaml ./... -v
+
+coverage-setup:
+	mkdir -p $(UNIT_COVERAGE_DIR)
+	touch $(UNIT_COVERAGE_FILE)
+
+test: coverage-setup docker-build-go
+	$(GODOCKER) go test -coverprofile=$(UNIT_COVERAGE_FILE) -v -race ./...
+
+integration: ;
+
+coverage: docker-build-go
+	$(GODOCKER) go tool cover -func=$(UNIT_COVERAGE_FILE)
 
 doc: ;
 

linter.Dockerfile

@@ -0,0 +1,8 @@
+# syntax=docker/dockerfile:1
+
+# Build a local golangci-lint image
+FROM golangci/golangci-lint:v2.6 AS lint
+USER root
+# Intentionally empty: this stage serves as a runnable golangci-lint container
+
+