Merge branch 'master' into vz-block-device-sharing

Signed-off-by: Nick Sweeting <github@sweeting.me>

Author: pirate

.github/workflows/codeql.yaml

@@ -43,7 +43,7 @@ jobs:
         persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7  # v4.35.3
+      uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa  # v4.36.0
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -59,6 +59,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7  # v4.35.3
+      uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa  # v4.36.0
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/scorecard.yml

@@ -60,6 +60,6 @@ jobs:
     # Upload the results to GitHub's code scanning dashboard (optional).
     # Commenting out will disable upload of results to your repo's Code Scanning dashboard
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7  # v4.35.3
+      uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa  # v4.36.0
       with:
         sarif_file: results.sarif

.github/workflows/test.yml

@@ -42,28 +42,21 @@ jobs:
     - name: Verify generated files
       run: make generate check-generated
     - name: Run nobin
-      run: >-
-        go tool -modfile=./hack/tools/go.mod nobin
-        --allow-emoji
-        --allow-escape
-        --gitignore
-        --skip-ext pb.desc
-        --skip 'website/static/images/**/*.{gif,png}'
-        --skip 'docs/reports/**/*.pdf'
+      run: make nobin
     - name: Run editorconfig-checker
-      run: go tool -modfile=./hack/tools/go.mod editorconfig-checker
+      run: make editorconfig-checker
     - name: Run yamllint
-      run: yamllint .
+      run: make yamllint
     - name: Install shellcheck
       run: |
         sudo apt-get update
         sudo apt-get install -y shellcheck
     - name: Run file and directory name linter
       uses: ls-lint/action@02e380fe8733d499cbfc9e22276de5085508a5bd  # v2.3.1
     - name: Run shellcheck
-      run: find . -name '*.sh' | xargs shellcheck
+      run: make shellcheck
     - name: Run shfmt
-      run: find . -name '*.sh' | xargs go tool -modfile=./hack/tools/go.mod shfmt -s -d
+      run: make shfmt
     - name: Check hyperlinks
       uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411  # v2.8.0
       with:
@@ -79,16 +72,13 @@ jobs:
       # TODO: move to `go tool` after upgrading to v2
       run: go install github.com/google/go-licenses@v1.6.0
     - name: Check licenses
-      # the allow list corresponds to https://github.com/cncf/foundation/blob/e5db022a0009f4db52b89d9875640cf3137153fe/allowed-third-party-license-policy.md
-      # hashicorp/hcl/v2 is MPL-2.0; covered by the CNCF license exception for hashicorp/hcl
-      # see also https://github.com/cncf/foundation/issues/1242
-      run: go-licenses check --include_tests --ignore github.com/hashicorp/hcl/v2 ./... --allowed_licenses=$(cat ./hack/allowed-licenses.txt)
+      run: make go-licenses
     - name: Check license boilerplates
-      run: go tool -modfile=./hack/tools/go.mod ltag -t ./hack/ltag --check -v
+      run: make ltag
     - name: Check protobuf files
-      run: go tool -modfile=./hack/tools/go.mod protolint .
+      run: make protolint
     - name: Run zizmor
-      uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e  # v0.5.3
+      uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d  # v0.5.6
       with:
         # No need to hide the result in https://github.com/lima-vm/lima/security (private),
         # as anybody can already run zizmor locally to find vulnerabilities.
@@ -123,10 +113,11 @@ jobs:
       run: |
         echo "GOLANGCI_LINT_VERSION=$(go list -m -f '{{.Version}}' github.com/golangci/golangci-lint/v2)" >> $GITHUB_OUTPUT
     - name: Run golangci-lint
-      uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20  # v9.2.0
+      uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee  # v9.2.1
       with:
         version: ${{ steps.golangci-lint-version.outputs.GOLANGCI_LINT_VERSION }}
         args: --verbose
+        skip-cache: true
 
   security:
     name: "Vulncheck"
@@ -245,10 +236,7 @@ jobs:
       run: make
     - name: Install QEMU
       run: |
-        # Pin to 10.2.0: QEMU 11.0.0 TCG breaks systemd boot on the Windows
-        # runner with "Failed to fork off sandboxing environment: Protocol
-        # error", blocking SSH.
-        winget install --silent --accept-source-agreements --accept-package-agreements --disable-interactivity SoftwareFreedomConservancy.QEMU --version 10.2.0
+        winget install --silent --accept-source-agreements --accept-package-agreements --disable-interactivity SoftwareFreedomConservancy.QEMU
     - name: Integration tests (QEMU, Windows host)
       run: |
         $env:PATH = "$pwd\_output\bin;" + 'C:\msys64\usr\bin;' + 'C:\Program Files\QEMU;' + $env:PATH

.golangci.yml

@@ -29,6 +29,7 @@ linters:
   - unconvert
   - unused
   - usetesting
+  - usestdlibvars
   - whitespace
   settings:
     depguard:
@@ -133,6 +134,10 @@ linters:
       - -ST1000
       - -ST1001  # duplicates revive.dot-imports
       - -ST1022
+    usestdlibvars:
+      http-method: false
+      time-date-month: true
+      time-layout: true
     usetesting:
       os-temp-dir: true
       context-background: true

Makefile

@@ -607,21 +607,53 @@ check-generated:
 bats: native limactl-plugins
 	PATH=$$PWD/_output/bin:$$PATH ./hack/bats/lib/bats-core/bin/bats --timing ./hack/bats/tests
 
-.PHONY: lint
-lint: check-generated
-	nobin --allow-emoji --allow-escape --gitignore --skip-ext pb.desc --skip 'website/static/images/**/*.{gif,png}' --skip 'docs/reports/**/*.pdf'
-	editorconfig-checker
-	golangci-lint run ./...
+# Linting targets - individual stages
+.PHONY: nobin
+nobin:
+	$(GO) run -modfile=./hack/tools/go.mod github.com/jandubois/nobin --allow-emoji --allow-escape --gitignore --skip-ext pb.desc --skip 'website/static/images/**/*.{gif,png}' --skip 'docs/reports/**/*.pdf'
+
+.PHONY: editorconfig-checker
+editorconfig-checker:
+	$(GO) run -modfile=./hack/tools/go.mod github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker
+
+.PHONY: golangci-lint
+golangci-lint:
+	$(GO) run -modfile=./hack/tools/go.mod github.com/golangci/golangci-lint/v2/cmd/golangci-lint run ./...
+
+.PHONY: yamllint
+yamllint:
 	yamllint .
+
+.PHONY: ls-lint
+ls-lint:
 	ls-lint
+
+.PHONY: shellcheck
+shellcheck:
 	find . -name '*.sh' ! -path "./.git/*" | xargs shellcheck
-	find . -name '*.sh' ! -path "./.git/*" | xargs shfmt -s -d
+
+.PHONY: shfmt
+shfmt:
+	find . -name '*.sh' ! -path "./.git/*" | xargs $(GO) run -modfile=./hack/tools/go.mod mvdan.cc/sh/v3/cmd/shfmt -s -d
+
+.PHONY: go-licenses
+go-licenses:
 	# the allow list corresponds to https://github.com/cncf/foundation/blob/e5db022a0009f4db52b89d9875640cf3137153fe/allowed-third-party-license-policy.md
 	# hashicorp/hcl/v2 is MPL-2.0; covered by the CNCF license exception for hashicorp/hcl
 	# see also https://github.com/cncf/foundation/issues/1242
 	go-licenses check --include_tests --ignore github.com/hashicorp/hcl/v2 ./... --allowed_licenses=$$(cat ./hack/allowed-licenses.txt)
-	ltag -t ./hack/ltag --check -v
-	protolint .
+
+.PHONY: ltag
+ltag:
+	$(GO) run -modfile=./hack/tools/go.mod github.com/containerd/ltag -t ./hack/ltag --check -v
+
+.PHONY: protolint
+protolint:
+	$(GO) run -modfile=./hack/tools/go.mod github.com/yoheimuta/protolint/cmd/protolint .
+
+# Main lint target - runs all linting stages
+.PHONY: lint
+lint: check-generated nobin editorconfig-checker golangci-lint yamllint ls-lint shellcheck shfmt go-licenses ltag protolint
 
 .PHONY: clean
 clean:

cmd/lima-guestagent/daemon_linux.go

@@ -142,7 +142,7 @@ func daemonAction(cmd *cobra.Command, _ []string) error {
 			return err
 		}
 		l = socketL
-		logrus.Infof("serving the guest agent on %q", socket)
+		logrus.Infof("serving the guest agent on %#q", socket)
 	}
 	defer logrus.Debug("exiting lima-guestagent daemon")
 	return server.StartServer(ctx, l, &server.GuestServer{Agent: agent, TunnelS: portfwdserver.NewTunnelServer()})

cmd/lima-guestagent/install_systemd_linux.go

@@ -58,10 +58,10 @@ func installSystemdAction(cmd *cobra.Command, _ []string) error {
 	unitFileChanged := true
 	if _, err := os.Stat(unitPath); !errors.Is(err, os.ErrNotExist) {
 		if existingUnit, err := os.ReadFile(unitPath); err == nil && bytes.Equal(unit, existingUnit) {
-			logrus.Infof("File %q is up-to-date", unitPath)
+			logrus.Infof("File %#q is up-to-date", unitPath)
 			unitFileChanged = false
 		} else {
-			logrus.Infof("File %q needs update", unitPath)
+			logrus.Infof("File %#q needs update", unitPath)
 		}
 	} else {
 		unitDir := filepath.Dir(unitPath)
@@ -73,7 +73,7 @@ func installSystemdAction(cmd *cobra.Command, _ []string) error {
 		if err := os.WriteFile(unitPath, unit, 0o644); err != nil {
 			return err
 		}
-		logrus.Infof("Written file %q", unitPath)
+		logrus.Infof("Written file %#q", unitPath)
 	} else if !guestAgentUpdated {
 		logrus.Info("lima-guestagent.service already up-to-date")
 		return nil

cmd/limactl/clone.go

@@ -67,7 +67,7 @@ func cloneOrRenameAction(cmd *cobra.Command, args []string) error {
 	oldInst, err := store.Inspect(ctx, oldInstName)
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("instance %q not found", oldInstName)
+			return fmt.Errorf("instance %#q not found", oldInstName)
 		}
 		return err
 	}
@@ -89,7 +89,7 @@ func cloneOrRenameAction(cmd *cobra.Command, args []string) error {
 		if err != nil {
 			return err
 		}
-		yBytes, err := yqutil.EvaluateExpression(yq, yContent)
+		yBytes, err := yqutil.EvaluateExpression(ctx, yq, yContent)
 		if err != nil {
 			return err
 		}
@@ -98,7 +98,7 @@ func cloneOrRenameAction(cmd *cobra.Command, args []string) error {
 			return err
 		}
 		if err := driverutil.ResolveVMType(ctx, y, filePath); err != nil {
-			return fmt.Errorf("failed to resolve vm for %q: %w", filePath, err)
+			return fmt.Errorf("failed to resolve vm for %#q: %w", filePath, err)
 		}
 		if err := limayaml.Validate(y, true); err != nil {
 			return saveRejectedYAML(yBytes, err)

cmd/limactl/copy.go

@@ -91,7 +91,7 @@ func copyAction(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	logrus.Debugf("using copy tool %q", cpTool.Name())
+	logrus.Debugf("using copy tool %#q", cpTool.Name())
 
 	copyCmd, err := cpTool.Command(ctx, args, nil)
 	if err != nil {

cmd/limactl/delete.go

@@ -41,26 +41,26 @@ func deleteAction(cmd *cobra.Command, args []string) error {
 		inst, err := store.Inspect(ctx, instName)
 		if err != nil {
 			if errors.Is(err, os.ErrNotExist) {
-				logrus.Warnf("Ignoring non-existent instance %q", instName)
+				logrus.Warnf("Ignoring non-existent instance %#q", instName)
 				continue
 			}
 			return err
 		}
-		if err := instance.Delete(cmd.Context(), inst, force); err != nil {
-			return fmt.Errorf("failed to delete instance %q: %w", instName, err)
+		if err := instance.Delete(ctx, inst, force); err != nil {
+			return fmt.Errorf("failed to delete instance %#q: %w", instName, err)
 		}
 		if registered, err := autostart.IsRegistered(ctx, inst); err != nil && !errors.Is(err, autostart.ErrNotSupported) {
-			logrus.WithError(err).Warnf("Failed to check if the autostart entry for instance %q is registered", instName)
+			logrus.WithError(err).Warnf("Failed to check if the autostart entry for instance %#q is registered", instName)
 		} else if registered {
 			if err := autostart.UnregisterFromStartAtLogin(ctx, inst); err != nil {
-				logrus.WithError(err).Warnf("Failed to unregister the autostart entry for instance %q", instName)
+				logrus.WithError(err).Warnf("Failed to unregister the autostart entry for instance %#q", instName)
 			} else {
-				logrus.Infof("The autostart entry for instance %q has been unregistered", instName)
+				logrus.Infof("The autostart entry for instance %#q has been unregistered", instName)
 			}
 		}
-		logrus.Infof("Deleted %q (%q)", instName, inst.Dir)
+		logrus.Infof("Deleted %#q (%#q)", instName, inst.Dir)
 	}
-	return reconcile.Reconcile(cmd.Context(), "")
+	return reconcile.Reconcile(ctx, "")
 }
 
 func deleteBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {