enforce nolint scope (#34851)

enable nolintlint scope requirement
add comments to new directives so it's more obvious why they are in
place

---

I can also toggle the mandatory comments on if that's something of
interest.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>

services/gitdiff/gitdiff.go

@@ -1356,7 +1356,7 @@ func SyncUserSpecificDiff(ctx context.Context, userID int64, pull *issues_model.
 	// But as that does not work for all potential errors, we simply mark all files as unchanged and drop the error which always works, even if not as good as possible
 	if err != nil {
 		log.Error("Could not get changed files between %s and %s for pull request %d in repo with path %s. Assuming no changes. Error: %w", review.CommitSHA, latestCommit, pull.Index, gitRepo.Path, err)
-		err = nil //nolint
+		err = nil //nolint:ineffassign,wastedassign
 	}
 
 	filesChangedSinceLastDiff := make(map[string]pull_model.ViewedState)

services/migrations/migrate.go

@@ -78,7 +78,7 @@ func IsMigrateURLAllowed(remoteURL string, doer *user_model.User) error {
 	hostName, _, err := net.SplitHostPort(u.Host)
 	if err != nil {
 		// u.Host can be "host" or "host:port"
-		err = nil //nolint
+		err = nil //nolint:ineffassign,wastedassign
 		hostName = u.Host
 	}
 

services/oauth2_provider/access_token.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2_provider //nolint
+package oauth2_provider
 
 import (
 	"context"

services/oauth2_provider/additional_scopes_test.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2_provider //nolint
+package oauth2_provider
 
 import (
 	"testing"

services/oauth2_provider/init.go

@@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2_provider //nolint
+package oauth2_provider
 
 import (
 	"context"

services/oauth2_provider/jwtsigningkey.go

@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2_provider //nolint
+package oauth2_provider
 
 import (
 	"crypto/ecdsa"

services/oauth2_provider/token.go

@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2_provider //nolint
+package oauth2_provider
 
 import (
 	"errors"

services/repository/files/file_test.go

@@ -10,9 +10,18 @@ import (
 )
 
 func TestCleanUploadFileName(t *testing.T) {
-	assert.Equal(t, "", CleanGitTreePath(""))  //nolint
-	assert.Equal(t, "", CleanGitTreePath(".")) //nolint
-	assert.Equal(t, "a/b", CleanGitTreePath("a/b"))
-	assert.Equal(t, "", CleanGitTreePath(".git/b")) //nolint
-	assert.Equal(t, "", CleanGitTreePath("a/.git")) //nolint
+	cases := []struct {
+		input, expected string
+	}{
+		{"", ""},
+		{".", ""},
+		{"a/./b", "a/b"},
+		{"a.git", "a.git"},
+		{".git/b", ""},
+		{"a/.git", ""},
+		{"/a/../../b", "b"},
+	}
+	for _, c := range cases {
+		assert.Equal(t, c.expected, CleanGitTreePath(c.input), "input: %q", c.input)
+	}
 }

services/user/update.go

@@ -137,7 +137,7 @@ func UpdateUser(ctx context.Context, u *user_model.User, opts *UpdateOptions) er
 		} else if !user_model.IsLastAdminUser(ctx, u) /* not the last admin */ {
 			u.IsAdmin = opts.IsAdmin.Value().FieldValue // it's safe to change it from false to true (not the last admin)
 			cols = append(cols, "is_admin")
-		} else /* IsAdmin=false but this is the last admin user */ { //nolint
+		} else /* IsAdmin=false but this is the last admin user */ { //nolint:gocritic // make it easier to read
 			if !opts.IsAdmin.Value().FromSync {
 				return user_model.ErrDeleteLastAdminUser{UID: u.ID}
 			}

services/versioned_migration/migration.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package versioned_migration //nolint
+package versioned_migration
 
 import (
 	"context"