From c222c8b57ad3c9b9721b1496c1305d7a8803896b Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Sat, 2 May 2026 17:35:45 +0000 Subject: [PATCH] =?UTF-8?q?ssh:=20fix=20staticcheck=20ST1008=20=E2=80=94?= =?UTF-8?q?=20error=20is=20last=20return=20from=20restoreFromBackups?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI's golangci-lint run on commit 636de7f ("ssh: pre-deploy snapshot + reload-failure rollback") caught a staticcheck ST1008 violation: restoreFromBackups returned (error, map[string]string) — error must be the last return value per Go convention. Reorder the return tuple to (map[string]string, error) and update the single caller in DeployCertificate. No behavior change; pure signature shuffle to satisfy the lint gate. Verified locally: - gofmt -l ./internal/connector/target/ssh/ clean - go vet ./internal/connector/target/ssh/ clean - go test -race -count=1 ./internal/connector/target/ssh/ green --- internal/connector/target/ssh/ssh.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/connector/target/ssh/ssh.go b/internal/connector/target/ssh/ssh.go index 9c23671..1875f0c 100644 --- a/internal/connector/target/ssh/ssh.go +++ b/internal/connector/target/ssh/ssh.go @@ -395,7 +395,7 @@ func (c *Connector) DeployCertificate(ctx context.Context, request target.Deploy for _, p := range writePaths { paths = append(paths, p.path) } - rollbackErr, restoreStatuses := c.restoreFromBackups(ctx, paths, backups, modes) + restoreStatuses, rollbackErr := c.restoreFromBackups(ctx, paths, backups, modes) // Merge per-key restore status into backupStatus so operators // see whether the rollback ran cleanly per file. restoreFromBackups // returns statuses keyed by metadata key (cert/key/chain), not @@ -487,12 +487,12 @@ func (c *Connector) DeployCertificate(ctx context.Context, request target.Deploy // restoreFromBackups walks the configured deploy paths and either restores // each path from the in-memory backup (when the file existed pre-deploy) or // Removes the new bytes (first-time-deploy partial state). Returns the -// first error encountered — caller surfaces the wrapped error to the -// operator. The per-path status map is always populated so callers can -// emit accurate Metadata. +// per-path status map (always populated, used by callers to emit accurate +// Metadata) and the first error encountered — caller surfaces the wrapped +// error to the operator. Per staticcheck ST1008, error is the last return. // // Bundle 6 of the 2026-05-02 deployment-target audit. -func (c *Connector) restoreFromBackups(ctx context.Context, paths []string, backups map[string][]byte, modes map[string]os.FileMode) (error, map[string]string) { +func (c *Connector) restoreFromBackups(ctx context.Context, paths []string, backups map[string][]byte, modes map[string]os.FileMode) (map[string]string, error) { statuses := make(map[string]string, len(paths)) pathToKey := map[string]string{ c.config.CertPath: "cert", @@ -544,7 +544,7 @@ func (c *Connector) restoreFromBackups(ctx context.Context, paths []string, back c.logger.Info("rollback removed first-time-deploy file", "path", path) } } - return firstErr, statuses + return statuses, firstErr } // buildMetadataWithBackup assembles the per-deploy Metadata map with the