feat: add config for CI linting and code quality improvements

[djach7]

This PR addresses issue #24 by implementing a complete golangci-lint configuration
and fixing the majority of identified linting issues.

Summary

• Created .golangci.yml configuration with recommended linters
• Reduced linting issues from 59 to 15 (75% reduction)
• Added comprehensive package and API documentation
• Fixed code style and formatting issues

Changes Made

1. Linting Configuration (.golangci.yml)

• Enabled linters: errcheck, govet, staticcheck, misspell, gocritic, revive,
  ineffassign, unused, gocyclo
• Did not enable gosec: Too many false positives for CLI file processing tools

2. Documentation Improvements

• Added package documentation for all packages (main, common, tar_diff, tar_patch)
• Added comprehensive comments for all exported types and functions:
  • Options struct and methods in pkg/tar-diff/diff.go
  • DataSource interface and FilesystemDataSource in pkg/tar-patch/apply.go
  • Delta operation constants in pkg/common/common.go
  • Version variable in pkg/common/version.go

3. Code Style Fixes

• Fixed comment formatting: //var db → // var db
• Improved assignment operators: x = x + y → x += y
• Simplified increment operations: x += 1 → x++
• Cleaned up variable declarations: var err error = nil → var err error

4. Results

Before: 59 linting issues

• gocritic: 7 issues
• gocyclo: 1 issue
• gosec: 20 issues (false positives)
• revive: 31 issues

After: 15 linting issues

• gocritic: 4 issues (complex refactoring required)
• gocyclo: 1 issue (high complexity function)
• revive: 10 issues (complex style issues)

Remaining Issues

The remaining 15 issues are primarily:

• Complex if-else chains that would benefit from refactoring but don't affect
  functionality
• One high-complexity function (bsdiff) that would require significant
  architectural changes
• Style preferences around error handling patterns and naming conventions

Closes #24

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's code quality and maintainability by integrating a robust linting setup and improving documentation. The changes ensure a more consistent code style, reduce potential errors, and make the codebase easier to understand and contribute to, setting a higher standard for future development.

Highlights

• Linting Configuration: A new .golangci.yml configuration file was added, enabling a comprehensive set of linters including errcheck, govet, staticcheck, misspell, gocritic, revive, ineffassign, unused, and gocyclo.
• Code Quality Improvement: The number of linting issues was significantly reduced from 59 to 15, representing a 75% reduction across the codebase.
• Documentation Enhancement: Comprehensive package and API documentation were added for all packages (main, common, tar_diff, tar_patch), including comments for exported types, functions, constants, and variables.
• Code Style and Formatting: Various code style and formatting issues were addressed, such as fixing comment formatting, improving assignment operators (e.g., x = x + y to x += y), simplifying increment operations (x += 1 to x++), and cleaning up variable declarations (e.g., var err error = nil to var err error).

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .golangci.yml
  • Added a new configuration file for golangci-lint
  • Enabled a set of recommended linters including errcheck, govet, staticcheck, misspell, gocritic, revive, ineffassign, unused, and gocyclo
  • Configured issue thresholds to zero for max-issues-per-linter and max-same-issues
• cmd/tar-diff/main.go
  • Added package documentation explaining the tool's purpose
• cmd/tar-patch/main.go
  • Added package documentation explaining the tool's purpose
• pkg/common/common.go
  • Added package documentation for the common package
  • Provided comments for DeltaOpData, DeltaOpOpen, DeltaOpCopy, DeltaOpAddData, and DeltaOpSeek constants
  • Added a comment for the DeltaHeader variable
• pkg/common/version.go
  • Added a comment explaining the VERSION variable
• pkg/tar-diff/analysis.go
  • Added package documentation for the tar_diff package
• pkg/tar-diff/bsdiff.go
  • Corrected comment formatting from //var db to // var db
• pkg/tar-diff/diff.go
  • Documented the Options struct
  • Documented the SetCompressionLevel method
  • Documented the SetMaxBsdiffFileSize method
  • Documented the NewOptions function
  • Documented the Diff function
• pkg/tar-diff/rollsum.go
  • Simplified increment operation r.blobSize += 1 to r.blobSize++
  • Simplified assignment operation r.blobStart = r.blobStart + r.blobSize to r.blobStart += r.blobSize
• pkg/tar-diff/stealerreader.go
  • Simplified variable declaration from var writeErr error = nil to var writeErr error
• pkg/tar-patch/apply.go
  • Added package documentation for the tar_patch package
  • Documented the DataSource interface
  • Documented the FilesystemDataSource struct
  • Documented the NewFilesystemDataSource function
  • Documented the Close method
  • Documented the Read method
  • Documented the SetCurrentFile method
  • Documented the Seek method
  • Documented the Apply function
  • Simplified assignment operation addBytes[i] = addBytes[i] + addBytes2[i] to addBytes[i] += addBytes2[i]

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a golangci-lint configuration and applies many of the resulting code quality and style fixes, which is a great step towards improving code maintainability. However, a security audit identified two significant vulnerabilities in the pkg/tar-patch/apply.go file: a high-severity path traversal vulnerability on Windows due to improper path sanitization in cleanPath, and a medium-severity denial-of-service vulnerability because the Apply function allocates memory based on unvalidated size values from untrusted delta files. Addressing these issues is crucial for the security and robustness of the tool, especially when processing patches from untrusted sources. Additionally, there are a few minor code quality improvements to consider, such as a missing newline in the new config file, a comment with trailing whitespace, and a couple of non-idiomatic package names.