ARGOeu · themiszamani · Mar 26, 2026 · Nov 24, 2025 · Nov 25, 2025 · Jan 21, 2026
diff --git a/.github/workflows/staticcheck.yml b/.github/workflows/staticcheck.yml
@@ -0,0 +1,31 @@
+name: Staticcheck
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  staticcheck:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Run Staticcheck
+        uses: dominikh/staticcheck-action@v1
+        with:
+          version: "latest"
+          install-go: false
diff --git a/.github/workflows/trivy-master.yml b/.github/workflows/trivy-master.yml
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
diff --git a/.staticcheck.conf b/.staticcheck.conf
@@ -0,0 +1 @@
+checks = ["all", "-ST1000"]
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -63,8 +63,9 @@ pipeline {
                 gocover-cobertura < coverage.out > ${WORKSPACE}/coverage.xml
                 """
                 junit '**/junit.xml'
-                cobertura coberturaReportFile: '**/coverage.xml'
-
+                publishCoverage adapters: [
+                    coberturaAdapter('**/coverage.xml')
+                ]
             }
         }
         stage('Package') {

diff --git a/auth/acl.go b/auth/acl.go
@@ -58,7 +58,7 @@ func AppendToACL(ctx context.Context, projectUUID string, resourceType string, r
 	return store.AppendToACL(ctx, projectUUID, resourceType, resourceName, userUUIDs)
 }
 
-// AppendToACL is used to remove users from a topic's or sub's acl
+// RemoveFromACL is used to remove users from a topic's or sub's acl
 func RemoveFromACL(ctx context.Context, projectUUID string, resourceType string, resourceName string, acl []string, store stores.Store) error {
 
 	// Transform user name to user uuid

diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -538,6 +538,7 @@ func (suite *AuthTestSuite) TestAuth() {
 	qUsers1 = append(qUsers1, User{"uuid0", []ProjectRoles{{"ARGO", []string{"consumer", "publisher"}, []string{}, []string{}}}, "Test", "", "", "", "", "S3CR3T", "Test@test.com", []string{}, created, modified, ""})
 	// return all users
 	pu1, e1 := PaginatedFindUsers(suite.ctx, "", 0, "", true, true, store2)
+	suite.NoError(e1)
 
 	var qUsers2 []User
 	qUsers2 = append(qUsers2, User{"uuid8", []ProjectRoles{{"ARGO2", []string{"consumer", "publisher"}, []string{}, []string{}}}, "UserZ", "", "", "", "", "S3CR3T1", "foo-email", []string{}, created, modified, ""})
@@ -556,6 +557,7 @@ func (suite *AuthTestSuite) TestAuth() {
 
 	// return the first page with 2 users
 	pu2, e2 := PaginatedFindUsers(suite.ctx, "", 3, "", true, true, store2)
+	suite.NoError(e2)
 
 	var qUsers3 []User
 	qUsers3 = append(qUsers3, User{"uuid4", []ProjectRoles{{"ARGO", []string{"publisher", "consumer"}, []string{"topic2"}, []string{"sub3", "sub4"}}}, "UserZ", "", "", "", "", "S3CR3T4", "foo-email", []string{}, created, modified, "UserA"})
@@ -571,10 +573,6 @@ func (suite *AuthTestSuite) TestAuth() {
 	// invalid id
 	_, e5 := PaginatedFindUsers(suite.ctx, "invalid", 0, "", true, true, store2)
 
-	// check user list by project
-	var qUsersB []User
-	qUsersB = append(qUsersB, User{"uuid8", []ProjectRoles{{"ARGO2", []string{"consumer", "publisher"}, []string{}, []string{}}}, "UserZ", "", "", "", "", "S3CR3T1", "foo-email", []string{}, created, modified, ""})
-
 	// check user list by project and with unprivileged mode (token redacted)
 	var qUsersC []User
 	qUsersC = append(qUsersC, User{"uuid8", []ProjectRoles{{"ARGO2", []string{"consumer", "publisher"}, []string{}, []string{}}}, "UserZ", "", "", "", "", "", "foo-email", []string{}, created, modified, ""})
@@ -793,13 +791,13 @@ func (suite *AuthTestSuite) TestModACL() {
 	e1 := ModACL(suite.ctx, "argo_uuid", "topics", "topic1", []string{"UserX", "UserZ"}, store)
 	suite.Nil(e1)
 
-	tACL1, _ := store.TopicsACL["topic1"]
+	tACL1 := store.TopicsACL["topic1"]
 	suite.Equal([]string{"uuid3", "uuid4"}, tACL1.ACL)
 
 	e2 := ModACL(suite.ctx, "argo_uuid", "subscriptions", "sub1", []string{"UserX", "UserZ"}, store)
 	suite.Nil(e2)
 
-	sACL1, _ := store.SubsACL["sub1"]
+	sACL1 := store.SubsACL["sub1"]
 	suite.Equal([]string{"uuid3", "uuid4"}, sACL1.ACL)
 
 	e3 := ModACL(suite.ctx, "argo_uuid", "mistype", "sub1", []string{"UserX", "UserZ"}, store)
@@ -813,13 +811,13 @@ func (suite *AuthTestSuite) TestAppendToACL() {
 	e1 := AppendToACL(suite.ctx, "argo_uuid", "topics", "topic1", []string{"UserX", "UserZ", "UserZ"}, store)
 	suite.Nil(e1)
 
-	tACL1, _ := store.TopicsACL["topic1"]
+	tACL1 := store.TopicsACL["topic1"]
 	suite.Equal([]string{"uuid1", "uuid2", "uuid3", "uuid4"}, tACL1.ACL)
 
 	e2 := AppendToACL(suite.ctx, "argo_uuid", "subscriptions", "sub1", []string{"UserX", "UserZ", "UserZ"}, store)
 	suite.Nil(e2)
 
-	sACL1, _ := store.SubsACL["sub1"]
+	sACL1 := store.SubsACL["sub1"]
 	suite.Equal([]string{"uuid1", "uuid2", "uuid3", "uuid4"}, sACL1.ACL)
 
 	e3 := AppendToACL(suite.ctx, "argo_uuid", "mistype", "sub1", []string{"UserX", "UserZ"}, store)
@@ -833,13 +831,13 @@ func (suite *AuthTestSuite) TestRemoveFromACL() {
 	e1 := RemoveFromACL(suite.ctx, "argo_uuid", "topics", "topic1", []string{"UserA", "UserK"}, store)
 	suite.Nil(e1)
 
-	tACL1, _ := store.TopicsACL["topic1"]
+	tACL1 := store.TopicsACL["topic1"]
 	suite.Equal([]string{"uuid2"}, tACL1.ACL)
 
 	e2 := RemoveFromACL(suite.ctx, "argo_uuid", "subscriptions", "sub1", []string{"UserA", "UserK"}, store)
 	suite.Nil(e2)
 
-	sACL1, _ := store.SubsACL["sub1"]
+	sACL1 := store.SubsACL["sub1"]
 	suite.Equal([]string{"uuid2"}, sACL1.ACL)
 
 	e3 := RemoveFromACL(suite.ctx, "argo_uuid", "mistype", "sub1", []string{"UserX", "UserZ"}, store)

diff --git a/auth/users.go b/auth/users.go
@@ -109,7 +109,7 @@ func (us *Users) Empty() bool {
 
 // One returns the first user if a user list is not empty
 func (us *Users) One() User {
-	if us.Empty() == false {
+	if !us.Empty() {
 		return us.List[0]
 	}
 	return User{}
@@ -670,7 +670,7 @@ func UpdateUser(ctx context.Context, uuid, firstName, lastName, organization, de
 			// Check roles
 
 			for _, roleItem := range item.Roles {
-				if IsRoleValid(roleItem, validRoles) == false {
+				if !IsRoleValid(roleItem, validRoles) {
 					return User{}, errors.New("invalid role: " + roleItem)
 				}
 			}
@@ -681,9 +681,9 @@ func UpdateUser(ctx context.Context, uuid, firstName, lastName, organization, de
 		prList = nil
 	}
 
-	if serviceRoles != nil && len(serviceRoles) > 0 {
+	if len(serviceRoles) > 0 {
 		for _, roleItem := range serviceRoles {
-			if IsRoleValid(roleItem, validRoles) == false {
+			if !IsRoleValid(roleItem, validRoles) {
 				return User{}, errors.New("invalid role: " + roleItem)
 			}
 		}
@@ -740,16 +740,16 @@ func CreateUser(ctx context.Context, uuid string, name string, fname string, lna
 
 		// Check roles
 		for _, roleItem := range item.Roles {
-			if IsRoleValid(roleItem, validRoles) == false {
+			if !IsRoleValid(roleItem, validRoles) {
 				return User{}, errors.New("invalid role: " + roleItem)
 			}
 		}
 		prList = append(prList, stores.QProjectRoles{ProjectUUID: prUUID, Roles: item.Roles})
 	}
 
-	if serviceRoles != nil && len(serviceRoles) > 0 {
+	if len(serviceRoles) > 0 {
 		for _, roleItem := range serviceRoles {
-			if IsRoleValid(roleItem, validRoles) == false {
+			if !IsRoleValid(roleItem, validRoles) {
 				return User{}, errors.New("invalid role: " + roleItem)
 			}
 		}

diff --git a/brokers/broker.go b/brokers/broker.go
@@ -21,4 +21,4 @@ type Broker interface {
 	TimeToOffset(ctx context.Context, topic string, time time.Time) (int64, error)
 }
 
-var ErrOffsetOff = errors.New("Offset is off")
+var ErrOffsetOff = errors.New("offset is off")
diff --git a/brokers/kafka.go b/brokers/kafka.go
@@ -33,11 +33,11 @@ type KafkaBroker struct {
 func (b *KafkaBroker) lockForTopic(topic string) {
 	// Check if lock for topic exists
 	_, present := b.consumeLock[topic]
-	if present == false {
+	if !present {
 		// TopicLock is not in list so add it
 		b.createTopicLock.Lock()
 		_, nowPresent := b.consumeLock[topic]
-		if nowPresent == false {
+		if !nowPresent {
 			b.consumeLock[topic] = &topicLock{}
 			b.consumeLock[topic].Lock()
 		}
@@ -50,7 +50,7 @@ func (b *KafkaBroker) lockForTopic(topic string) {
 func (b *KafkaBroker) unlockForTopic(topic string) {
 	// Check if lock for topic exists
 	_, present := b.consumeLock[topic]
-	if present == false {
+	if !present {
 		return
 	}
 

diff --git a/brokers/mock.go b/brokers/mock.go
@@ -6,9 +6,10 @@ import (
 
 	"errors"
 	"fmt"
-	"github.com/ARGOeu/argo-messaging/messages"
 	"strings"
 	"time"
+
+	"github.com/ARGOeu/argo-messaging/messages"
 )
 
 // MockBroker struct
@@ -103,12 +104,12 @@ func (b *MockBroker) Publish(ctx context.Context, topic string, msg messages.Mes
 	return msgID, fmt.Sprintf("%s.%s", s[0], s[1]), 0, int64(len(b.MsgList)), nil
 }
 
-// GetOffset returns a current topic's offset
+// GetMaxOffset returns a current topic's offset
 func (b *MockBroker) GetMaxOffset(ctx context.Context, topic string) int64 {
 	return int64(len(b.MsgList) + 1)
 }
 
-// GetOffset returns a current topic's offset
+// GetMinOffset returns a current topic's offset
 func (b *MockBroker) GetMinOffset(ctx context.Context, topic string) int64 {
 	return int64(len(b.MsgList))
 }
@@ -118,7 +119,7 @@ func (b *MockBroker) Consume(ctx context.Context, topic string, offset int64, im
 	return b.MsgList, nil
 }
 
-// Delete topic from the broker
+// DeleteTopic remove the topic from the broker
 func (b *MockBroker) DeleteTopic(ctx context.Context, topic string) error {
 
 	_, ok := b.Topics[topic]