Enforce linting of leading and trailing whitespace in blocks

Signed-off-by: Donnie Adams <[email protected]>

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1,7 @@
 ### Checklist
 - [ ] The title of this PR would make a good line in Acorn's Release Note's Changelog
-- [ ] The title of this PR ends with a link to the main issue being address in paranthesis, like: `This is a title (#1216)`. [Here's an example](https://github.com/acorn-io/acorn/pull/1199)
-- [ ] All relevant issues are referenced in the PR description. *NOTE: don't use [GitHub keyworkds](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) that auto-close issues*
+- [ ] The title of this PR ends with a link to the main issue being address in parentheses, like: `This is a title (#1216)`. [Here's an example](https://github.com/acorn-io/acorn/pull/1199)
+- [ ] All relevant issues are referenced in the PR description. *NOTE: don't use [GitHub keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) that auto-close issues*
 - [ ] Commits follow [contributing guidance](https://github.com/acorn-io/acorn/blob/main/CONTRIBUTING.md#commits)
 - [ ] Automated tests added to cover the changes. If tests couldn't be added, an explanation is provided in the Verification and Testing section
 - [ ] Changes to user-facing functionality, API, CLI, and upgrade impacts are clearly called out in PR description

.golangci.yml

@@ -20,5 +20,6 @@ linters:
   - thelper
   - unused
   - goimports
+  - whitespace
   fast: false
   max-same-issues: 50

integration/client/computeclass/computeclass_test.go

@@ -158,7 +158,6 @@ func TestCreatingComputeClasses(t *testing.T) {
 					t.Fatal("expected an error to occur when creating an invalid ComputeClass but did not receive one")
 				}
 			}
-
 		})
 	}
 }

integration/client/images/images_test.go

@@ -408,5 +408,4 @@ func TestImageBadTag(t *testing.T) {
 
 	err = c.ImageTag(ctx, image.Name, "foo@@:badtag")
 	assert.Equal(t, "repository can only contain the characters `abcdefghijklmnopqrstuvwxyz0123456789_-./`: foo@@", err.Error())
-
 }

integration/client/volumes/volumeclasses_test.go

@@ -142,7 +142,6 @@ func TestProjectVolumeClassCreateValidation(t *testing.T) {
 			if err := kclient.Delete(ctx, &tt.volumeClass); err != nil && !apierrors.IsNotFound(err) {
 				t.Fatal(err)
 			}
-
 		})
 	}
 }
@@ -308,7 +307,6 @@ func TestClusterVolumeClassCreateValidation(t *testing.T) {
 			if err := kclient.Delete(ctx, &tt.volumeClass); err != nil && !apierrors.IsNotFound(err) {
 				t.Fatal(err)
 			}
-
 		})
 	}
 }

integration/secrets/secret_test.go

@@ -183,7 +183,6 @@ func TestEncryptionEndToEnd(t *testing.T) {
 	})
 
 	assert.Equal(t, plainTextData, string(secret.Data["key"]))
-
 }
 
 func TestNamespacedDecryption(t *testing.T) {

pkg/apis/internal.acorn.io/v1/imageallowrules.go

@@ -24,7 +24,6 @@ func (r *SignatureAnnotations) AsSelector() (labels.Selector, error) {
 	}
 
 	return metav1.LabelSelectorAsSelector(labelselector)
-
 }
 
 type SignatureRules struct {

pkg/apis/internal.acorn.io/v1/ports_test.go

@@ -30,7 +30,6 @@ func TestParseVolumesWithoutBinding(t *testing.T) {
 		Size:   "11G",
 		Class:  "aclass",
 	}, vs[1])
-
 }
 
 func TestParseVolumes(t *testing.T) {

pkg/apis/internal.admin.acorn.io/v1/computeclass.go

@@ -104,7 +104,6 @@ func ValidateComputeClass(wc ProjectComputeClassInstance, memory resource.Quanti
 		}
 		return fmt.Errorf("%w: defined memory %v exceeds the maximum memory for the ComputeClass %v of %v",
 			ErrInvalidMemoryForClass, memory.String(), wc.Name, parsedMemory.Max.String())
-
 	}
 	if min := parsedMemory.Min.Value(); memBytes != 0 && memBytes < min {
 		if memBytes == *memDefault {

pkg/appdefinition/appdefinition_test.go

@@ -573,7 +573,6 @@ containers: {
 			},
 		},
 	}, appSpec.Containers["a"].Environment)
-
 }
 
 func TestWorkdir(t *testing.T) {
@@ -1375,7 +1374,6 @@ secrets: {
 	assert.Equal(t, v1.Secret{
 		Type: "opaque",
 	}, appSpec.Secrets["opt"])
-
 }
 
 func TestImageDataOverride(t *testing.T) {

pkg/autoupgrade/daemon.go

@@ -165,7 +165,6 @@ func (d *daemon) determineAppsToRefresh(apps map[kclient.ObjectKey]v1.AppInstanc
 			}
 			imageKey := imageAndNamespaceKey{image: img, namespace: app.Namespace}
 			imagesToRefresh[imageKey] = append(imagesToRefresh[imageKey], appKey)
-
 		}
 	}
 

pkg/cli/builder/table/funcs.go

@@ -149,7 +149,6 @@ func cleanFields(obj any) any {
 		return ro
 	}
 	return obj
-
 }
 
 func FormatYAML(data any) (string, error) {

pkg/cli/check.go

@@ -32,7 +32,6 @@ type Check struct {
 }
 
 func (a *Check) Run(cmd *cobra.Command, args []string) error {
-
 	checkOpts := install.CheckOptions{RuntimeImage: a.Image, IngressClassName: a.IngressClassName, Namespace: a.TestNamespace}
 	checkresult := install.RunChecks(cmd.Context(), checkOpts,
 		install.CheckRBAC,

pkg/cli/completion.go

@@ -206,7 +206,6 @@ func imagesCompletion(allowDigest bool) completionFunc {
 					result = append(result, digest)
 				}
 			}
-
 		}
 
 		return result, nil

pkg/cli/info_test.go

@@ -165,7 +165,6 @@ func TestInfo(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			ctrl := gomock.NewController(t)
 			//Mocked client for cli's client calls.
 			mClient := mocks.NewMockClient(ctrl)

pkg/cli/log.go

@@ -18,7 +18,6 @@ func NewLogs(c CommandContext) *cobra.Command {
 		Args:              cobra.MaximumNArgs(1),
 		ValidArgsFunction: newCompletion(c.ClientFactory, appsThenContainersCompletion).withShouldCompleteOptions(onlyNumArgs(1)).complete,
 	})
-
 }
 
 type Logs struct {

pkg/cli/rm_helper.go

@@ -65,7 +65,6 @@ func getVolumesToDelete(arg string, client client.Client, cmd *cobra.Command) ([
 		if arg == volume.Status.AppName {
 			result = append(result, volume.Name)
 		}
-
 	}
 	return result, nil
 }
@@ -109,7 +108,6 @@ func removeContainer(arg string, c client.Client, cmd *cobra.Command, force bool
 
 		fmt.Println("Removed: " + con)
 		continue
-
 	}
 	return nil
 }
@@ -146,7 +144,6 @@ func removeVolume(arg string, c client.Client, cmd *cobra.Command, force bool) e
 		} else {
 			fmt.Printf("Error: No such volume: %s\n", vol)
 		}
-
 	}
 	return nil
 }

pkg/cli/run.go

@@ -288,7 +288,6 @@ func (s *Run) Run(cmd *cobra.Command, args []string) error {
 	}
 
 	if s.Interactive && isDir {
-
 		return dev.Dev(cmd.Context(), c, s.File, &dev.Options{
 			Args: args,
 			Build: client.AcornImageBuildOptions{

pkg/cli/secret_rm.go

@@ -24,7 +24,6 @@ type SecretDelete struct {
 }
 
 func (a *SecretDelete) Run(cmd *cobra.Command, args []string) error {
-
 	client, err := a.client.CreateDefault()
 	if err != nil {
 		return err

pkg/client/app.go

@@ -82,7 +82,6 @@ func (c *DefaultClient) AppUpdate(ctx context.Context, name string, opts *AppUpd
 }
 
 func ToAppUpdate(ctx context.Context, c Client, name string, opts *AppUpdateOptions) (*apiv1.App, error) {
-
 	app, err := c.AppGet(ctx, name)
 	if err != nil {
 		return nil, err

pkg/controller/appdefinition/checkimageallowed.go

@@ -16,7 +16,6 @@ import (
 // CheckImageAllowedHandler is a router handler that checks if the image is allowed by the image allow rules and sets a status field accordingly
 func CheckImageAllowedHandler(transport http.RoundTripper) router.HandlerFunc {
 	return func(req router.Request, resp router.Response) error {
-
 		appInstance := req.Object.(*v1.AppInstance)
 		cond := condition.Setter(appInstance, resp, v1.AppInstanceConditionImageAllowed)
 

pkg/controller/appdefinition/pullappimage_test.go

@@ -8,7 +8,6 @@ import (
 )
 
 func TestDetermineDesiredImage(t *testing.T) {
-
 	//// Auto-upgrade cases
 
 	// spec.Image is a pattern, status.image.ID not set, availableAppImage set. Expect the desiredImage to match availableAppImage

pkg/controller/appdefinition/pullsecrets.go

@@ -50,7 +50,6 @@ func (p *PullSecrets) ForAcorn(acornName, image string) []corev1.LocalObjectRefe
 			Image: image,
 		},
 	})
-
 }
 
 func (p *PullSecrets) ForContainer(containerName string, containers []corev1.Container) []corev1.LocalObjectReference {

pkg/controller/appdefinition/volume_bind.go

@@ -13,7 +13,6 @@ func ReleaseVolume(req router.Request, resp router.Response) error {
 	if pv.Labels[labels.AcornManaged] == "true" &&
 		pv.Status.Phase == corev1.VolumeReleased &&
 		pv.Spec.ClaimRef != nil {
-
 		app := &v1.AppInstance{}
 		err := req.Get(app, pv.Labels[labels.AcornAppNamespace], pv.Labels[labels.AcornAppName])
 		if apierror.IsNotFound(err) {

pkg/controller/tls/certs.go

@@ -41,7 +41,6 @@ func ProvisionWildcardCert(req router.Request, resp router.Response, domain, tok
 
 	// Generate wildcard certificate for domain
 	return leUser.provisionCertIfNotExists(req.Ctx, req.Client, wildcardDomain, system.Namespace, system.TLSSecretName)
-
 }
 
 // RequireSecretTypeTLS is a middleware that ensures that we only act on TLS-Type secrets
@@ -77,7 +76,6 @@ func RenewCert(req router.Request, resp router.Response) error {
 	domain := sec.Annotations[labels.AcornDomain]
 
 	go func() {
-
 		// Do not start a new challenge if we already have one in progress
 		if !lockDomain(domain) {
 			logrus.Debugf("not starting certificate renewal: %v: %s", ErrCertificateRequestInProgress, domain)
@@ -108,16 +106,13 @@ func RenewCert(req router.Request, resp router.Response) error {
 		}
 
 		logrus.Infof("TLS secret %s/%s renewed for domain %s", newSec.Namespace, newSec.Name, domain)
-
 	}()
 
 	return nil
-
 }
 
 // ProvisionCerts handles the provisioning of new TLS certificates for AppInstances
 func ProvisionCerts(req router.Request, resp router.Response) error {
-
 	cfg, err := config.Get(req.Ctx, req.Client)
 	if err != nil {
 		return err
@@ -225,7 +220,6 @@ func findExistingCertSecret(ctx context.Context, client kclient.Client, target s
 				return &sec, nil
 			}
 		}
-
 	}
 	return nil, nil
 }

pkg/controller/tls/letsencrypt.go

@@ -123,7 +123,6 @@ func (u *LEUser) register() error {
 	u.registration = reg
 
 	return nil
-
 }
 
 func (u *LEUser) toSecret() (*corev1.Secret, error) {
@@ -194,7 +193,6 @@ func (u *LEUser) toHash() string {
 }
 
 func ensureLEUser(ctx context.Context, client kclient.Client) (*LEUser, error) {
-
 	cfg, err := config.Get(ctx, client)
 	if err != nil {
 		return nil, err
@@ -269,7 +267,6 @@ func ensureLEUser(ctx context.Context, client kclient.Client) (*LEUser, error) {
 	logrus.Infof("Registered Let's Encrypt User: %s", newLEUser.email)
 
 	return newLEUser, nil
-
 }
 
 func (u *LEUser) certToSecret(cert *certificate.Resource, domain, namespace, name string) (*corev1.Secret, error) {
@@ -302,17 +299,14 @@ func (u *LEUser) certToSecret(cert *certificate.Resource, domain, namespace, nam
 	}
 
 	return sec, nil
-
 }
 
 func (u *LEUser) getCert(ctx context.Context, domain string) (*certificate.Resource, error) {
-
 	if strings.HasPrefix(domain, "*.") {
 		return u.dnsChallenge(ctx, domain)
 	}
 
 	return u.httpChallenge(ctx, domain)
-
 }
 
 func lockDomain(domain string) bool {
@@ -368,7 +362,6 @@ func stillValid(cert []byte) bool {
 
 // mustRenew returns true if the certificate must be renewed, either because the Let's Encrypt settings changed, the certificate is invalid or it's about to expire
 func (u *LEUser) mustRenew(sec *corev1.Secret) bool {
-
 	// (a) let's encrypt user settings changed -> renew
 	if sec.Annotations[labels.AcornLetsEncryptSettingsHash] != u.toHash() {
 		logrus.Infof("let's encrypt settings changed, must renew certificate for %s", sec.Annotations[labels.AcornDomain])
@@ -381,7 +374,6 @@ func (u *LEUser) mustRenew(sec *corev1.Secret) bool {
 	}
 
 	return false
-
 }
 
 func (u *LEUser) dnsChallenge(ctx context.Context, domain string) (*certificate.Resource, error) {
@@ -427,7 +419,6 @@ func (u *LEUser) dnsChallenge(ctx context.Context, domain string) (*certificate.
 	}
 
 	return client.Certificate.Obtain(request)
-
 }
 
 func (u *LEUser) httpChallenge(ctx context.Context, domain string) (*certificate.Resource, error) {

pkg/controller/tls/provider.go

@@ -64,7 +64,6 @@ func NewDNSClient(endpoint, domain, token string) DNSClient {
 }
 
 func (d *DNSClient) SetTXTRecord(domain, text string) error {
-
 	prefix := strings.TrimSuffix(strings.TrimSuffix(domain, "."), d.domain)
 
 	var requests []dns.RecordRequest

pkg/cosign/cosign.go

@@ -42,7 +42,6 @@ type VerifyOpts struct {
 
 // verifySignature checks if the image is signed with the given key and if the annotations match the given rules
 func VerifySignature(ctx context.Context, c client.Reader, opts VerifyOpts) error {
-
 	// --- image name to digest hash
 	imgRef, err := name.ParseReference(opts.ImageRef)
 	if err != nil {
@@ -98,7 +97,6 @@ func VerifySignature(ctx context.Context, c client.Reader, opts VerifyOpts) erro
 	logrus.Debugf("Signature %s has digest: %s", sigRefToUse.Name(), sigDigest)
 
 	if !opts.NoCache {
-
 		internalRepo, _, err := imagesystem.GetInternalRepoForNamespace(ctx, c, opts.Namespace)
 		if err != nil {
 			return fmt.Errorf("failed to get internal repo for namespace %s: %w", opts.Namespace, err)
@@ -187,7 +185,6 @@ func decodePEM(raw []byte, signatureAlgorithm crypto.Hash) (signature.Verifier,
 var ErrAnnotationsUnmatched = cosign.NewVerificationError("annotations unmatched")
 
 func checkAnnotations(payloads []payload.SimpleContainerImage, annotationRule v1.SignatureAnnotations) error {
-
 	sel, err := annotationRule.AsSelector()
 	if err != nil {
 		return fmt.Errorf("failed to parse annotation rule: %w", err)

pkg/cosign/cosign_test.go

@@ -80,12 +80,10 @@ func pushOCIDir(path string, ref name.Reference) error {
 	fmt.Println(h)
 
 	return nil
-
 }
 
 // TODO: mock oci registry and signatures
 func TestVerifySignature(t *testing.T) {
-
 	imgPath := "./testdata/img.oci"
 	imgDigestExpected := "sha256:245864d0312e7e33201eff111cfc071727f4eaa9edd10a395c367077e200cad2"
 
@@ -228,7 +226,5 @@ func TestVerifySignature(t *testing.T) {
 		if err == nil && tc.shouldError {
 			t.Fatalf("[%d] expected error but got none: %s", ti, tc.description)
 		}
-
 	}
-
 }

pkg/dns/helpers_test.go

@@ -29,7 +29,6 @@ func TestToRecordRequests(t *testing.T) {
 
 	// If the only hostname is "localhost", we can't actually CNAME to localhost, so expect an A record for 127.0.0.1
 	assrt(t, ".foo.com", []string{"app.foo.com"}, nil, nil, []string{"localhost"}, []RecordRequest{{"app", RecordTypeA, []string{"127.0.0.1"}}})
-
 }
 
 func assrt(t *testing.T, domain string, specRulesHosts, statusIPv4s, statusIPv6s, statusHosts []string, expectedRRs []RecordRequest) {