chore: enable nolintlint (#21559)

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
2026-02-20 01:28:45 +01:00 · 2025-01-21 19:49:14 +01:00
parent f258c450b8
commit 5ef4faa8a4
37 changed files with 59 additions and 88 deletions
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -20,6 +20,7 @@ linters:
    - importas
    - ineffassign
    - misspell
+    - nolintlint
    - perfsprint
    - revive
    - staticcheck
@@ -74,6 +75,8 @@ linters-settings:
        pkg: k8s.io/client-go/informers/core/v1
      - alias: stderrors
        pkg: errors
+  nolintlint:
+    require-specific: true
  perfsprint:
    # Optimizes even if it requires an int or uint type cast.
    int-conversion: true
--- a/applicationset/utils/clusterUtils.go
+++ b/applicationset/utils/clusterUtils.go
@@ -68,12 +68,12 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster {
 	initLocalCluster.Do(func() {
 		info, err := clientset.Discovery().ServerVersion()
 		if err == nil {
-			// nolint:staticcheck
+			//nolint:staticcheck
 			localCluster.ServerVersion = fmt.Sprintf("%s.%s", info.Major, info.Minor)
-			// nolint:staticcheck
+			//nolint:staticcheck
 			localCluster.ConnectionState = appv1.ConnectionState{Status: appv1.ConnectionStatusSuccessful}
 		} else {
-			// nolint:staticcheck
+			//nolint:staticcheck
 			localCluster.ConnectionState = appv1.ConnectionState{
 				Status:  appv1.ConnectionStatusFailed,
 				Message: err.Error(),
@@ -82,7 +82,7 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster {
 	})
 	cluster := localCluster.DeepCopy()
 	now := metav1.Now()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	cluster.ConnectionState.ModifiedAt = &now
 	return cluster
 }
--- a/cmd/argocd/commands/admin/cluster.go
+++ b/cmd/argocd/commands/admin/cluster.go
@@ -229,7 +229,7 @@ func NewClusterShardsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm

 	// parse all added flags so far to get the redis-compression flag that was added by AddCacheFlagsToCmd() above
 	// we can ignore unchecked error here as the command will be parsed again and checked when command.Execute() is run later
-	// nolint:errcheck
+	//nolint:errcheck
 	command.ParseFlags(os.Args[1:])
 	redisCompressionStr, _ = command.Flags().GetString(cacheutil.CLIFlagRedisCompress)
 	return &command
@@ -517,7 +517,7 @@ argocd admin cluster stats target-cluster`,

 	// parse all added flags so far to get the redis-compression flag that was added by AddCacheFlagsToCmd() above
 	// we can ignore unchecked error here as the command will be parsed again and checked when command.Execute() is run later
-	// nolint:errcheck
+	//nolint:errcheck
 	command.ParseFlags(os.Args[1:])
 	redisCompressionStr, _ = command.Flags().GetString(cacheutil.CLIFlagRedisCompress)
 	return &command
--- a/cmd/argocd/commands/admin/cluster_test.go
+++ b/cmd/argocd/commands/admin/cluster_test.go
@@ -70,11 +70,9 @@ func Test_loadClusters(t *testing.T) {
 			ID:     "",
 			Server: "https://kubernetes.default.svc",
 			Name:   "in-cluster",
-			//nolint:staticcheck
 			ConnectionState: v1alpha1.ConnectionState{
 				Status: "Successful",
 			},
-			//nolint:staticcheck
 			ServerVersion: ".",
 			Shard:         ptr.To(int64(0)),
 		},
--- a/cmd/argocd/commands/admin/settings_test.go
+++ b/cmd/argocd/commands/admin/settings_test.go
@@ -68,7 +68,7 @@ func newSettingsManager(data map[string]string) *settings.SettingsManager {

 type fakeCmdContext struct {
 	mgr *settings.SettingsManager
-	// nolint:unused,structcheck
+	//nolint:unused,structcheck
 	out bytes.Buffer
 }

--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -3031,7 +3031,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob
 					errors.CheckError(err)

 					proj := getProject(ctx, c, clientOpts, app.Spec.Project)
-					// nolint:staticcheck
+					//nolint:staticcheck
 					unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod)
 				} else if len(revisions) > 0 && len(sourcePositions) > 0 {
 					q := application.ApplicationManifestQuery{
--- a/cmd/argocd/commands/cluster.go
+++ b/cmd/argocd/commands/cluster.go
@@ -371,7 +371,7 @@ func printClusterDetails(clusters []argoappv1.Cluster) {
 		fmt.Printf("Cluster information\n\n")
 		fmt.Printf("  Server URL:            %s\n", cluster.Server)
 		fmt.Printf("  Server Name:           %s\n", strWithDefault(cluster.Name, "-"))
-		// nolint:staticcheck
+		//nolint:staticcheck
 		fmt.Printf("  Server Version:        %s\n", cluster.ServerVersion)
 		fmt.Printf("  Namespaces:        	 %s\n", formatNamespaces(cluster))
 		fmt.Printf("\nTLS configuration\n\n")
@@ -466,7 +466,7 @@ func printClusterTable(clusters []argoappv1.Cluster) {
 		if len(c.Namespaces) > 0 {
 			server = fmt.Sprintf("%s (%d namespaces)", c.Server, len(c.Namespaces))
 		}
-		// nolint:staticcheck
+		//nolint:staticcheck
 		_, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\n", server, c.Name, c.ServerVersion, c.ConnectionState.Status, c.ConnectionState.Message, c.Project)
 	}
 	_ = w.Flush()
--- a/commitserver/apiclient/clientset.go
+++ b/commitserver/apiclient/clientset.go
@@ -34,7 +34,7 @@ func NewConnection(address string) (*grpc.ClientConn, error) {
 	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))

 	// TODO: switch to grpc.NewClient.
-	// nolint:staticcheck
+	//nolint:staticcheck
 	conn, err := grpc.Dial(address, opts...)
 	if err != nil {
 		log.Errorf("Unable to connect to commit service with address %s", address)
--- a/controller/cache/cache_test.go
+++ b/controller/cache/cache_test.go
@@ -152,7 +152,7 @@ func TestHandleDeleteEvent_CacheDeadlock(t *testing.T) {
 		clusterSharding: sharding.NewClusterSharding(db, 0, 1, common.DefaultShardingAlgorithm),
 		settingsMgr:     settingsMgr,
 		// Set the lock here so we can reference it later
-		// nolint We need to overwrite here to have access to the lock
+		//nolint:govet // We need to overwrite here to have access to the lock
 		lock: liveStateCacheLock,
 	}
 	channel := make(chan string)
--- a/controller/metrics/clustercollector.go
+++ b/controller/metrics/clustercollector.go
@@ -61,7 +61,7 @@ type clusterCollector struct {

 func (c *clusterCollector) Run(ctx context.Context) {
 	// FIXME: complains about SA1015
-	// nolint:staticcheck
+	//nolint:staticcheck
 	tick := time.Tick(metricsCollectionInterval)
 	for {
 		select {
--- a/pkg/apiclient/application/forwarder_overwrite.go
+++ b/pkg/apiclient/application/forwarder_overwrite.go
@@ -12,7 +12,7 @@ import (
 	"github.com/argoproj/pkg/grpc/http"
 	"github.com/grpc-ecosystem/grpc-gateway/runtime"

-	// nolint:staticcheck
+	//nolint:staticcheck
 	"github.com/golang/protobuf/proto"

 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -1270,8 +1270,7 @@ type SyncOperationResource struct {
 	Kind      string `json:"kind" protobuf:"bytes,2,opt,name=kind"`
 	Name      string `json:"name" protobuf:"bytes,3,opt,name=name"`
 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"`
-	// nolint:govet
-	Exclude bool `json:"-"`
+	Exclude   bool   `json:"-"`
 }

 // RevisionHistories is a array of history, oldest first and newest last
--- a/pkg/apis/application/v1alpha1/types_test.go
+++ b/pkg/apis/application/v1alpha1/types_test.go
@@ -3928,7 +3928,6 @@ func TestOptionalArrayEquality(t *testing.T) {
 	err := json.Unmarshal([]byte(presentButEmpty), &param)
 	require.NoError(t, err)
 	jsonPresentButEmpty := param.OptionalArray
-	// nolint:testifylint
 	require.Equal(t, &OptionalArray{Array: []string{}}, jsonPresentButEmpty)

 	// We won't simulate the protobuf unmarshalling of an empty array parameter. By experimentation, this is how it's
@@ -3972,7 +3971,6 @@ func TestOptionalMapEquality(t *testing.T) {
 	err := json.Unmarshal([]byte(presentButEmpty), &param)
 	require.NoError(t, err)
 	jsonPresentButEmpty := param.OptionalMap
-	// nolint:testifylint
 	require.Equal(t, &OptionalMap{Map: map[string]string{}}, jsonPresentButEmpty)

 	// We won't simulate the protobuf unmarshalling of an empty map parameter. By experimentation, this is how it's
--- a/reposerver/apiclient/clientset.go
+++ b/reposerver/apiclient/clientset.go
@@ -82,7 +82,7 @@ func NewConnection(address string, timeoutSeconds int, tlsConfig *TLSConfigurati
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	}

-	// nolint:staticcheck
+	//nolint:staticcheck
 	conn, err := grpc.Dial(address, opts...)
 	if err != nil {
 		log.Errorf("Unable to connect to repository service with address %s", address)
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -2496,7 +2496,6 @@ func directoryPermissionInitializer(rootPath string) goio.Closer {

 // checkoutRevision is a convenience function to initialize a repo, fetch, and checkout a revision
 // Returns the 40 character commit SHA after the checkout has been performed
-// nolint:unparam
 func (s *Service) checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bool) (goio.Closer, error) {
 	closer := s.gitRepoInitializer(gitClient.Root())
 	err := checkoutRevision(gitClient, revision, submoduleEnabled)
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -859,30 +859,22 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) {
 					require.False(t, isCachedError)

 					require.NotNil(t, cachedManifestResponse)
-					// nolint:staticcheck
 					assert.Nil(t, cachedManifestResponse.ManifestResponse)
-					// nolint:staticcheck
 					assert.NotEqual(t, 0, cachedManifestResponse.FirstFailureTimestamp)

 					// Internal cache consec failures value should increase with invocations, cached response should stay the same,
-					// nolint:staticcheck
 					assert.Equal(t, cachedManifestResponse.NumberOfConsecutiveFailures, adjustedInvocation+1)
-					// nolint:staticcheck
 					assert.Equal(t, 0, cachedManifestResponse.NumberOfCachedResponsesReturned)
 				} else {
 					// GenerateManifest SHOULD return cached errors for the next X responses, where X is the
 					// PauseGenerationOnFailureForRequests constant
 					assert.True(t, isCachedError)
 					require.NotNil(t, cachedManifestResponse)
-					// nolint:staticcheck
 					assert.Nil(t, cachedManifestResponse.ManifestResponse)
-					// nolint:staticcheck
 					assert.NotEqual(t, 0, cachedManifestResponse.FirstFailureTimestamp)

 					// Internal cache values should update correctly based on number of return cache entries, consecutive failures should stay the same
-					// nolint:staticcheck
 					assert.Equal(t, cachedManifestResponse.NumberOfConsecutiveFailures, service.initConstants.PauseGenerationAfterFailedGenerationAttempts)
-					// nolint:staticcheck
 					assert.Equal(t, cachedManifestResponse.NumberOfCachedResponsesReturned, (adjustedInvocation - service.initConstants.PauseGenerationAfterFailedGenerationAttempts + 1))
 				}
 			}
--- a/server/account/account_test.go
+++ b/server/account/account_test.go
@@ -82,12 +82,12 @@ func getAdminAccount(mgr *settings.SettingsManager) (*settings.Account, error) {
 }

 func adminContext(ctx context.Context) context.Context {
-	// nolint:staticcheck
+	//nolint:staticcheck
 	return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin", Issuer: sessionutil.SessionManagerClaimsIssuer})
 }

 func ssoAdminContext(ctx context.Context, iat time.Time) context.Context {
-	// nolint:staticcheck
+	//nolint:staticcheck
 	return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{
 		Subject:  "admin",
 		Issuer:   "https://myargocdhost.com/api/dex",
@@ -96,7 +96,7 @@ func ssoAdminContext(ctx context.Context, iat time.Time) context.Context {
 }

 func projTokenContext(ctx context.Context) context.Context {
-	// nolint:staticcheck
+	//nolint:staticcheck
 	return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{
 		Subject: "proj:demo:deployer",
 		Issuer:  sessionutil.SessionManagerClaimsIssuer,
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -782,20 +782,16 @@ func TestNoAppEnumeration(t *testing.T) {
 	appServer := newTestAppServerWithEnforcerConfigure(t, f, map[string]string{}, testApp, testHelmApp, testAppMulti, testDeployment)

 	noRoleCtx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	adminCtx := context.WithValue(noRoleCtx, "claims", &jwt.MapClaims{"groups": []string{"admin"}})

 	t.Run("Get", func(t *testing.T) {
-		// nolint:staticcheck
 		_, err := appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("test")})
 		require.NoError(t, err)
-		// nolint:staticcheck
 		_, err = appServer.Get(noRoleCtx, &application.ApplicationQuery{Name: ptr.To("test")})
 		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
-		// nolint:staticcheck
 		_, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist")})
 		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
-		// nolint:staticcheck
 		_, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist"), Project: []string{"test"}})
 		assert.EqualError(t, err, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", "when the request specifies a project, we can return the standard k8s error message")
 	})
@@ -1301,7 +1297,7 @@ func TestCoupleAppsListApps(t *testing.T) {
 	for i := 0; i < 50; i++ {
 		groups = append(groups, fmt.Sprintf("group-%d", i))
 	}
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(ctx, "claims", &jwt.MapClaims{"groups": groups})
 	for projectId := 0; projectId < 100; projectId++ {
 		projectName := fmt.Sprintf("proj-%d", projectId)
@@ -1629,7 +1625,7 @@ func TestDeleteApp(t *testing.T) {

 func TestDeleteResourcesRBAC(t *testing.T) {
 	ctx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "test-user"})
 	testApp := newTestApp()
 	appServer := newTestAppServer(t, testApp)
@@ -1722,7 +1718,7 @@ p, test-user, applications, delete/fake.io/PodTest/*, default/test-app, deny

 func TestPatchResourcesRBAC(t *testing.T) {
 	ctx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "test-user"})
 	testApp := newTestApp()
 	appServer := newTestAppServer(t, testApp)
@@ -1930,7 +1926,7 @@ func TestRollbackApp(t *testing.T) {
 func TestUpdateAppProject(t *testing.T) {
 	testApp := newTestApp()
 	ctx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"})
 	appServer := newTestAppServer(t, testApp)
 	appServer.enf.SetDefaultRole("")
@@ -1994,7 +1990,7 @@ p, admin, applications, update, my-proj/test-app, allow
 func TestAppJsonPatch(t *testing.T) {
 	testApp := newTestAppWithAnnotations()
 	ctx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"})
 	appServer := newTestAppServer(t, testApp)
 	appServer.enf.SetDefaultRole("")
@@ -2019,7 +2015,7 @@ func TestAppJsonPatch(t *testing.T) {
 func TestAppMergePatch(t *testing.T) {
 	testApp := newTestApp()
 	ctx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"})
 	appServer := newTestAppServer(t, testApp)
 	appServer.enf.SetDefaultRole("")
@@ -2310,7 +2306,7 @@ func createAppServerWithMaxLodLogs(t *testing.T, podNumber int, maxPodLogsToRend
 	runtimeObjects[podNumber] = testApp

 	noRoleCtx := context.Background()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	adminCtx := context.WithValue(noRoleCtx, "claims", &jwt.MapClaims{"groups": []string{"admin"}})

 	if len(maxPodLogsToRender) > 0 {
--- a/server/application/websocket_test.go
+++ b/server/application/websocket_test.go
@@ -136,7 +136,7 @@ func TestValidateWithAdminPermissions(t *testing.T) {
 		ts := newTestTerminalSession(w, r)
 		ts.terminalOpts = &TerminalOptions{Enf: enf}
 		ts.appRBACName = "test"
-		// nolint:staticcheck
+		//nolint:staticcheck
 		ts.ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"admin"}})
 		_, err := ts.validatePermissions([]byte{})
 		require.NoError(t, err)
@@ -156,7 +156,7 @@ func TestValidateWithoutPermissions(t *testing.T) {
 		ts := newTestTerminalSession(w, r)
 		ts.terminalOpts = &TerminalOptions{Enf: enf}
 		ts.appRBACName = "test"
-		// nolint:staticcheck
+		//nolint:staticcheck
 		ts.ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"test"}})
 		_, err := ts.validatePermissions([]byte{})
 		require.Error(t, err)
--- a/server/cluster/cluster.go
+++ b/server/cluster/cluster.go
@@ -487,9 +487,9 @@ func (s *Server) toAPIResponse(clust *appv1.Cluster) *appv1.Cluster {
 		clust.Config.ExecProviderConfig.Args = nil
 	}
 	// populate deprecated fields for backward compatibility
-	// nolint:staticcheck
+	//nolint:staticcheck
 	clust.ServerVersion = clust.Info.ServerVersion
-	// nolint:staticcheck
+	//nolint:staticcheck
 	clust.ConnectionState = clust.Info.ConnectionState
 	return clust
 }
--- a/server/project/project_test.go
+++ b/server/project/project_test.go
@@ -362,7 +362,7 @@ func TestProjectServer(t *testing.T) {
 	enforcer = newEnforcer(kubeclientset)
 	_ = enforcer.SetBuiltinPolicy(`p, *, *, *, *, deny`)
 	enforcer.SetClaimsEnforcerFunc(nil)
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"my-group"}})
 	policyEnf := rbacpolicy.NewRBACPolicyEnforcer(enforcer, nil)
 	policyEnf.SetScopes([]string{"groups"})
@@ -731,7 +731,7 @@ p, role:admin, projects, update, *, allow`)
 		enforcer = newEnforcer(kubeclientset)
 		_ = enforcer.SetBuiltinPolicy(`p, *, *, *, *, deny`)
 		enforcer.SetClaimsEnforcerFunc(nil)
-		// nolint:staticcheck
+		//nolint:staticcheck
 		ctx := context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"my-group"}})

 		sessionMgr := session.NewSessionManager(settingsMgr, test.NewFakeProjLister(), "", nil, session.NewUserStateStorage(nil))
--- a/server/server.go
+++ b/server/server.go
@@ -26,7 +26,7 @@ import (
 	"syscall"
 	"time"

-	// nolint:staticcheck
+	//nolint:staticcheck
 	golang_proto "github.com/golang/protobuf/proto"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -521,7 +521,7 @@ func (server *ArgoCDServer) Listen() (*Listeners, error) {
 	} else {
 		dOpts = append(dOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	}
-	// nolint:staticcheck
+	//nolint:staticcheck
 	conn, err := grpc.Dial(fmt.Sprintf("localhost:%d", server.ListenPort), dOpts...)
 	if err != nil {
 		io.Close(mainLn)
@@ -1477,7 +1477,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context,
 	claims, newToken, claimsErr := server.getClaims(ctx)
 	if claims != nil {
 		// Add claims to the context to inspect for RBAC
-		// nolint:staticcheck
+		//nolint:staticcheck
 		ctx = context.WithValue(ctx, "claims", claims)
 		if newToken != "" {
 			// Session tokens that are expiring soon should be regenerated if user stays active.
@@ -1489,7 +1489,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context,
 		}
 	}
 	if claimsErr != nil {
-		// nolint:staticcheck
+		//nolint:staticcheck
 		ctx = context.WithValue(ctx, util_session.AuthErrorCtxKey, claimsErr)
 	}

@@ -1501,7 +1501,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context,
 		if !argoCDSettings.AnonymousUserEnabled {
 			return ctx, claimsErr
 		}
-		// nolint:staticcheck
+		//nolint:staticcheck
 		ctx = context.WithValue(ctx, "claims", "")
 	}

--- a/server/server_test.go
+++ b/server/server_test.go
@@ -897,7 +897,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) {
 			t.Parallel()

 			// Must be declared here to avoid race.
-			ctx := context.Background() //nolint:ineffassign,staticcheck
+			ctx := context.Background() //nolint:staticcheck

 			argocd, oidcURL := getTestServer(t, testDataCopy.anonymousEnabled, true, testDataCopy.useDex, settings_util.OIDCConfig{})

--- a/test/e2e/fixture/fixture.go
+++ b/test/e2e/fixture/fixture.go
@@ -886,7 +886,7 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) {
 			}
 			prevGnuPGHome := os.Getenv("GNUPGHOME")
 			os.Setenv("GNUPGHOME", TmpDir+"/gpg")
-			// nolint:errcheck
+			//nolint:errcheck
 			Run("", "pkill", "-9", "gpg-agent")
 			_, err = Run("", "gpg", "--import", "../fixture/gpg/signingkey.asc")
 			if err != nil {
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -334,7 +334,7 @@ func ValidateRepo(
 	if err != nil {
 		return nil, fmt.Errorf("error getting cluster REST config: %w", err)
 	}
-	// nolint:staticcheck
+	//nolint:staticcheck
 	destCluster.ServerVersion, err = kubectl.GetServerVersion(config)
 	if err != nil {
 		return nil, fmt.Errorf("error getting k8s server version: %w", err)
@@ -437,7 +437,7 @@ func validateRepo(ctx context.Context,
 		proj,
 		sources,
 		repoClient,
-		// nolint:staticcheck
+		//nolint:staticcheck
 		cluster.ServerVersion,
 		APIResourcesToStrings(apiGroups, true),
 		permittedHelmCredentials,
--- a/util/argo/diff/ignore_test.go
+++ b/util/argo/diff/ignore_test.go
@@ -51,7 +51,6 @@ func TestIgnoreDiffConfig_HasIgnoreDifference(t *testing.T) {
 		assert.True(t, ok)
 		assert.NotNil(t, actual)
 		assert.Equal(t, expectedManagedFields, actual.ManagedFieldsManagers)
-		// nolint:testifylint
 		assert.Equal(t, expectedJSONPointers, actual.JSONPointers)
 		assert.Equal(t, expectedJQExpression, actual.JQPathExpressions)
 	})
@@ -73,7 +72,6 @@ func TestIgnoreDiffConfig_HasIgnoreDifference(t *testing.T) {
 		assert.True(t, ok)
 		assert.NotNil(t, actual)
 		assert.Equal(t, expectedManagedFields, actual.ManagedFieldsManagers)
-		// nolint:testifylint
 		assert.Equal(t, expectedJSONPointers, actual.JSONPointers)
 		assert.Equal(t, expectedJQExpression, actual.JQPathExpressions)
 	})
--- a/util/argo/normalizers/knowntypes_normalizer_test.go
+++ b/util/argo/normalizers/knowntypes_normalizer_test.go
@@ -49,7 +49,6 @@ func mustUnmarshalYAML(yamlStr string) *unstructured.Unstructured {
 	return un
 }

-// nolint:unparam
 func nestedSliceMap(obj map[string]any, i int, path ...string) (map[string]any, error) {
 	items, ok, err := unstructured.NestedSlice(obj, path...)
 	if err != nil {
--- a/util/db/cluster.go
+++ b/util/db/cluster.go
@@ -37,12 +37,12 @@ func (db *db) getLocalCluster() *appv1.Cluster {
 	initLocalCluster.Do(func() {
 		info, err := db.kubeclientset.Discovery().ServerVersion()
 		if err == nil {
-			// nolint:staticcheck
+			//nolint:staticcheck
 			localCluster.ServerVersion = fmt.Sprintf("%s.%s", info.Major, info.Minor)
-			// nolint:staticcheck
+			//nolint:staticcheck
 			localCluster.ConnectionState = appv1.ConnectionState{Status: appv1.ConnectionStatusSuccessful}
 		} else {
-			// nolint:staticcheck
+			//nolint:staticcheck
 			localCluster.ConnectionState = appv1.ConnectionState{
 				Status:  appv1.ConnectionStatusFailed,
 				Message: err.Error(),
@@ -51,7 +51,7 @@ func (db *db) getLocalCluster() *appv1.Cluster {
 	})
 	cluster := localCluster.DeepCopy()
 	now := metav1.Now()
-	// nolint:staticcheck
+	//nolint:staticcheck
 	cluster.ConnectionState.ModifiedAt = &now
 	return cluster
 }
--- a/util/env/env.go
+++ b/util/env/env.go
@@ -13,8 +13,6 @@ import (
 // Helper function to parse a number from an environment variable. Returns a
 // default if env is not set, is not parseable to a number, exceeds max (if
 // max is greater than 0) or is less than min.
-//
-// nolint:unparam
 func ParseNumFromEnv(env string, defaultValue, min, max int) int {
 	str := os.Getenv(env)
 	if str == "" {
@@ -43,8 +41,6 @@ func ParseNumFromEnv(env string, defaultValue, min, max int) int {
 // Helper function to parse a int64 from an environment variable. Returns a
 // default if env is not set, is not parseable to a number, exceeds max (if
 // max is greater than 0) or is less than min.
-//
-// nolint:unparam
 func ParseInt64FromEnv(env string, defaultValue, min, max int64) int64 {
 	str := os.Getenv(env)
 	if str == "" {
@@ -70,8 +66,6 @@ func ParseInt64FromEnv(env string, defaultValue, min, max int64) int64 {
 // Helper function to parse a float32 from an environment variable. Returns a
 // default if env is not set, is not parseable to a number, exceeds max (if
 // max is greater than 0) or is less than min (and min is greater than 0).
-//
-// nolint:unparam
 func ParseFloatFromEnv(env string, defaultValue, min, max float32) float32 {
 	str := os.Getenv(env)
 	if str == "" {
@@ -97,8 +91,6 @@ func ParseFloatFromEnv(env string, defaultValue, min, max float32) float32 {
 // Helper function to parse a float64 from an environment variable. Returns a
 // default if env is not set, is not parseable to a number, exceeds max (if
 // max is greater than 0) or is less than min (and min is greater than 0).
-//
-// nolint:unparam
 func ParseFloat64FromEnv(env string, defaultValue, min, max float64) float64 {
 	str := os.Getenv(env)
 	if str == "" {
--- a/util/git/client.go
+++ b/util/git/client.go
@@ -958,7 +958,6 @@ func (m *nativeGitClient) runCmd(args ...string) (string, error) {
 }

 // runCredentialedCmd is a convenience function to run a git command with username/password credentials
-// nolint:unparam
 func (m *nativeGitClient) runCredentialedCmd(args ...string) error {
 	closer, environ, err := m.creds.Environ()
 	if err != nil {
--- a/util/grpc/grpc.go
+++ b/util/grpc/grpc.go
@@ -86,15 +86,15 @@ func BlockingDial(ctx context.Context, network, address string, creds credential
 	// channel to either get the channel or fail-fast.
 	go func() {
 		opts = append(opts,
-			// nolint:staticcheck
+			//nolint:staticcheck
 			grpc.WithBlock(),
-			// nolint:staticcheck
+			//nolint:staticcheck
 			grpc.FailOnNonTempDialError(true),
 			grpc.WithContextDialer(dialer),
 			grpc.WithTransportCredentials(insecure.NewCredentials()), // we are handling TLS, so tell grpc not to
 			grpc.WithKeepaliveParams(keepalive.ClientParameters{Time: common.GetGRPCKeepAliveTime()}),
 		)
-		// nolint:staticcheck
+		//nolint:staticcheck
 		conn, err := grpc.DialContext(ctx, address, opts...)
 		var res any
 		if err != nil {
--- a/util/helm/client.go
+++ b/util/helm/client.go
@@ -369,7 +369,7 @@ func newTLSConfig(creds Creds) (*tls.Config, error) {
 		}
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
-	// nolint:staticcheck
+	//nolint:staticcheck
 	tlsConfig.BuildNameToCertificate()

 	return tlsConfig, nil
--- a/util/kube/failureretrywrapper.go
+++ b/util/kube/failureretrywrapper.go
@@ -16,7 +16,6 @@ type failureRetryRoundTripper struct {
 	failureRetryPeriodMilliSeconds int
 }

-// nolint:unparam
 func shouldRetry(counter int, _ *http.Request, response *http.Response, err error) bool {
 	if counter <= 0 {
 		return false
--- a/util/kube/util_test.go
+++ b/util/kube/util_test.go
@@ -12,7 +12,6 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 )

-// nolint:unparam
 func getSecret(client kubernetes.Interface, ns, name string) (*corev1.Secret, error) {
 	s, err := client.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{})
 	if err != nil {
--- a/util/rbac/rbac_test.go
+++ b/util/rbac/rbac_test.go
@@ -363,7 +363,7 @@ func TestEnforceErrorMessage(t *testing.T) {
 	require.Error(t, err)
 	assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied", err.Error())

-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx := context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin"})
 	err = enf.EnforceErr(ctx.Value("claims"), "project")
 	require.Error(t, err)
@@ -371,19 +371,19 @@ func TestEnforceErrorMessage(t *testing.T) {

 	iat := time.Unix(int64(1593035962), 0).Format(time.RFC3339)
 	exp := "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin, iat: " + iat
-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: jwt.NewNumericDate(time.Unix(int64(1593035962), 0))})
 	err = enf.EnforceErr(ctx.Value("claims"), "project")
 	require.Error(t, err)
 	assert.Equal(t, exp, err.Error())

-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{ExpiresAt: jwt.NewNumericDate(time.Now())})
 	err = enf.EnforceErr(ctx.Value("claims"), "project")
 	require.Error(t, err)
 	assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project", err.Error())

-	// nolint:staticcheck
+	//nolint:staticcheck
 	ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: nil})
 	err = enf.EnforceErr(ctx.Value("claims"), "project")
 	require.Error(t, err)
--- a/util/session/sessionmanager.go
+++ b/util/session/sessionmanager.go
@@ -503,7 +503,7 @@ func WithAuthMiddleware(disabled bool, authn TokenVerifier, next http.Handler) h
 			}
 			ctx := r.Context()
 			// Add claims to the context to inspect for RBAC
-			// nolint:staticcheck
+			//nolint:staticcheck
 			ctx = context.WithValue(ctx, "claims", claims)
 			r = r.WithContext(ctx)
 		}
--- a/util/session/sessionmanager_test.go
+++ b/util/session/sessionmanager_test.go
@@ -340,7 +340,7 @@ func TestSessionManager_WithAuthMiddleware(t *testing.T) {

 var loggedOutContext = context.Background()

-// nolint:staticcheck
+//nolint:staticcheck
 var loggedInContext = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "bar", "groups": []string{"baz"}})

 func TestIss(t *testing.T) {