*: release v1.2-rc1

.github/actions/setup-go/action.yml

@@ -6,4 +6,4 @@ runs:
     - name: Setup go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.22.5'
+        go-version: '1.23'

.github/workflows/codeql-analysis.yml

@@ -21,7 +21,7 @@ on:
     - cron: '18 19 * * 6'
 
 env:
-  GOLANG_VERSION: '1.22'
+  GOLANG_VERSION: '1.23'
 
 jobs:
   analyze:

.github/workflows/golangci-lint.yml

@@ -19,7 +19,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.59.1
+          version: v1.60.3
       - name: notify failure
         if: failure() && github.ref == 'refs/heads/main'
         env:

.golangci.yml

@@ -1,6 +1,6 @@
 run:
   timeout: 5m
-  go: "1.22.5"
+  go: "1.23"
 linters-settings:
   cyclop:
     max-complexity: 15
@@ -116,6 +116,12 @@ linters-settings:
       - expected-actual
     go-require:
       ignore-http-handlers: true
+  gosec:
+    excludes:
+      # Flags for potentially-unsafe casting of ints, seems good,
+      # but currently is really unstable with no clear way to make the linter pass.
+      # https://github.com/securego/gosec/issues/1187
+      - G115
 
 issues:
   fix: true
@@ -145,6 +151,7 @@ linters:
   enable-all: true
   disable:
     # Keep disabled
+    - intrange
     - containedctx
     - contextcheck
     - cyclop
@@ -158,7 +165,6 @@ linters:
     - gocyclo
     - godot
     - godox
-    - goerr113
     - gomnd
     - gomoddirectives
     - inamedparam
@@ -176,13 +182,5 @@ linters:
     - varnamelen
     - wsl
     # Deprecated
-    - deadcode
-    - exhaustivestruct
-    - golint
-    - ifshort
-    - interfacer
-    - maligned
-    - nosnakecase
-    - structcheck
-    - scopelint
-    - varcheck
+    - goerr113
+    - execinquery

.pre-commit-config.yaml

@@ -15,7 +15,7 @@ repos:
     rev: v0.0.3
     hooks:
       - id: check-go-version
-        args: [ -v=go1.22 ] # Only check minor version locally
+        args: [ -v=go1.23 ] # Only check minor version locally
         pass_filenames: false
         additional_dependencies: [ packaging ]
       - id: check-licence-header

.pre-commit/run_linter.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-VERSION="1.59.1"
+VERSION="1.60.3"
 
 if ! command -v golangci-lint &> /dev/null
 then

Dockerfile

@@ -1,14 +1,18 @@
 # Container for building Go binary.
-FROM golang:1.22.5-bookworm AS builder
+FROM golang:1.23.2-bookworm AS builder
 # Install dependencies
-RUN apt-get update && apt-get install -y build-essential git
+RUN apt-get update && apt-get install -y --no-install-recommends build-essential git
+
 # Prep and copy source
 WORKDIR /app/charon
+
 COPY . .
+
 # Populate GO_BUILD_FLAG with a build arg to provide an optional go build flag.
 ARG GO_BUILD_FLAG
 ENV GO_BUILD_FLAG=${GO_BUILD_FLAG}
 RUN echo "Building with GO_BUILD_FLAG='${GO_BUILD_FLAG}'"
+
 # Build with Go module and Go build caches.
 RUN \
    --mount=type=cache,target=/go/pkg \
@@ -18,30 +22,35 @@ RUN echo "Built charon version=$(./charon version)"
 
 # Copy final binary into light stage.
 FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y ca-certificates wget fio
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates fio wget \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 ARG GITHUB_SHA=local
 ENV GITHUB_SHA=${GITHUB_SHA}
+
 COPY --from=builder /app/charon/charon /usr/local/bin/
+
 # Don't run container as root
 ENV USER=charon
 ENV UID=1000
 ENV GID=1000
-RUN addgroup --gid "$GID" "$USER"
-RUN adduser \
+RUN addgroup --gid "$GID" "$USER" \
+  && adduser \
     --disabled-password \
     --gecos "charon" \
     --home "/opt/$USER" \
     --ingroup "$USER" \
     --no-create-home \
     --uid "$UID" \
-    "$USER"
-RUN chown charon /usr/local/bin/charon
-RUN chmod u+x /usr/local/bin/charon
+    "$USER" \
+  && chown "$USER" /usr/local/bin/charon \
+  && chmod u+x /usr/local/bin/charon
+
 WORKDIR "/opt/$USER"
-RUN chown charon "/opt/$USER"
 USER charon
+
 ENTRYPOINT ["/usr/local/bin/charon"]
 CMD ["run"]
+
 # Used by GitHub to associate container with repo.
 LABEL org.opencontainers.image.source="https://github.com/obolnetwork/charon"
 LABEL org.opencontainers.image.title="charon"

app/eth2wrap/eth2wrap_test.go

@@ -462,27 +462,27 @@ func TestLazyDomain(t *testing.T) {
 		{
 			name:   "mainnet fork",
 			in:     eth2util.Mainnet.GenesisForkVersionHex[2:],
-			expRes: "040000008c6ebbceb21209e6af5ab7db4a3027998c412c0eb0e15fbc1ee75617",
+			expRes: "04000000a39ec13dbafa3a331644f8d3a1513e57898fab998fec78f5ada4b8b0",
 		},
 		{
 			name:   "goerli fork",
 			in:     eth2util.Goerli.GenesisForkVersionHex[2:],
-			expRes: "04000000628941ef21d1fe8c7134720add10bb91e3b02c007e0046d2472c6695",
+			expRes: "04000000f1e25bda59286379f9a2b3ffeb090d650a4db4cfd089e1cc72388a33",
 		},
 		{
 			name:   "gnosis fork",
 			in:     eth2util.Gnosis.GenesisForkVersionHex[2:],
-			expRes: "04000000398beb768264920602d7d79f88da05cac0550ae4108753fd846408b5",
+			expRes: "040000007c97bfcba5d28a3cdef2ab010944574e387f4b3c7963c215eed87f32",
 		},
 		{
 			name:   "sepolia fork",
 			in:     eth2util.Sepolia.GenesisForkVersionHex[2:],
-			expRes: "040000007191d9b3c210dbffc7810b6ccb436c1b3897b6772452924b20f6f5f2",
+			expRes: "0400000005b54270938f654bd779212d3be2a63f806a4f58794d455393d8dad8",
 		},
 		{
 			name:   "holesky fork",
 			in:     eth2util.Holesky.GenesisForkVersionHex[2:],
-			expRes: "040000002b3e2c2d17a0d820f3099580a72d1bc743b17616ff7851f32aa303ad",
+			expRes: "0400000017e2dad36f1d3595152042a9ad23430197557e2e7e82bc7f7fc72972",
 		},
 		{
 			name:   "unknown fork",

app/eth2wrap/httpwrap.go

@@ -296,7 +296,6 @@ func httpPost(ctx context.Context, base string, endpoint string, body io.Reader,
 		return nil, errors.Wrap(err, "failed to read POST response")
 	}
 
-	//nolint:usestdlibvars // we should not replace 100 with http.StatusContinue, it makes it less readable
 	if res.StatusCode/100 != 2 {
 		return nil, errors.New("post failed", z.Int("status", res.StatusCode), z.Str("body", string(data)))
 	}

app/eth2wrap/synthproposer_test.go

@@ -67,15 +67,10 @@ func TestSynthProposer(t *testing.T) {
 		activeVals++
 		return cached(ctx)
 	}
-	signedBeaconBlock := bmock.SignedBeaconBlock
 	bmock.SignedBeaconBlockFunc = func(ctx context.Context, blockID string) (*eth2spec.VersionedSignedBeaconBlock, error) {
-		opts := &eth2api.SignedBeaconBlockOpts{Block: blockID}
-		resp, err := signedBeaconBlock(ctx, opts)
-		if err != nil {
-			return nil, err
-		}
+		resp := testutil.RandomCapellaVersionedSignedBeaconBlock()
 
-		return resp.Data, nil
+		return resp, nil
 	}
 
 	eth2Cl := eth2wrap.WithSyntheticDuties(bmock)

app/expbackoff/expbackoff.go

@@ -148,14 +148,14 @@ func Backoff(config Config, retries int) time.Duration {
 	}
 
 	backoff := float64(config.BaseDelay)
-	max := float64(config.MaxDelay)
+	maxVal := float64(config.MaxDelay)
 
-	for backoff < max && retries > 0 {
+	for backoff < maxVal && retries > 0 {
 		backoff *= config.Multiplier
 		retries--
 	}
-	if backoff > max {
-		backoff = max
+	if backoff > maxVal {
+		backoff = maxVal
 	}
 	// Randomize backoff delays so that if a cluster of requests start at
 	// the same time, they won't operate in lockstep.

app/health/checks.go

@@ -70,42 +70,42 @@ var checks = []check{
 		Description: "Beacon Node in syncing state.",
 		Severity:    severityCritical,
 		Func: func(q query, _ Metadata) (bool, error) {
-			max, err := q("app_monitoring_beacon_node_syncing", noLabels, gaugeMax)
+			maxVal, err := q("app_monitoring_beacon_node_syncing", noLabels, gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
-			return max == 1, nil
+			return maxVal == 1, nil
 		},
 	},
 	{
 		Name:        "insufficient_connected_peers",
 		Description: "Not connected to at least quorum peers. Check logs for networking issue or coordinate with peers.",
 		Severity:    severityCritical,
 		Func: func(q query, m Metadata) (bool, error) {
-			max, err := q("p2p_ping_success", countNonZeroLabels, gaugeMax)
+			maxVal, err := q("p2p_ping_success", countNonZeroLabels, gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
 			required := float64(m.QuorumPeers) - 1 // Exclude self
 
-			return max < required, nil
+			return maxVal < required, nil
 		},
 	},
 	{
 		Name:        "pending_validators",
 		Description: "Pending validators detected. Activate them to start validating.",
 		Severity:    severityInfo,
 		Func: func(q query, _ Metadata) (bool, error) {
-			max, err := q("core_scheduler_validator_status",
+			maxVal, err := q("core_scheduler_validator_status",
 				countLabels(l("status", "pending")),
 				gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
-			return max > 0, nil
+			return maxVal > 0, nil
 		},
 	},
 	{
@@ -140,12 +140,12 @@ var checks = []check{
 		Description: "Metrics reached high cardinality threshold. Please check metrics reported by app_health_metrics_high_cardinality.",
 		Severity:    severityWarning,
 		Func: func(q query, _ Metadata) (bool, error) {
-			max, err := q("app_health_metrics_high_cardinality", sumLabels(), gaugeMax)
+			maxVal, err := q("app_health_metrics_high_cardinality", sumLabels(), gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
-			return max > 0, nil
+			return maxVal > 0, nil
 		},
 	},
 }

app/health/checks_internal_test.go

@@ -407,19 +407,19 @@ func testCheck(t *testing.T, m Metadata, checkName string, expect bool, metrics
 		genGauge(genLabels("bar", "bar2"), 1, 1, 1),
 	)
 
-	var max int
-	if len(metrics) > max {
-		max = len(metrics)
+	var maxVal int
+	if len(metrics) > maxVal {
+		maxVal = len(metrics)
 	}
-	if len(randomFamFoo) > max {
-		max = len(randomFamFoo)
+	if len(randomFamFoo) > maxVal {
+		maxVal = len(randomFamFoo)
 	}
-	if len(randomFamBar) > max {
-		max = len(randomFamBar)
+	if len(randomFamBar) > maxVal {
+		maxVal = len(randomFamBar)
 	}
 
-	multiFams := make([][]*pb.MetricFamily, max)
-	for i := range max {
+	multiFams := make([][]*pb.MetricFamily, maxVal)
+	for i := range maxVal {
 		var fam []*pb.MetricFamily
 		if i < len(metrics) {
 			fam = append(fam, metrics[i])
@@ -455,14 +455,14 @@ func genFam(name string, metrics ...[]*pb.Metric) []*pb.MetricFamily {
 		typ = pb.MetricType_GAUGE
 	}
 
-	var max int
+	var maxVal int
 	for _, series := range metrics {
-		if len(series) > max {
-			max = len(series)
+		if len(series) > maxVal {
+			maxVal = len(series)
 		}
 	}
 
-	resp := make([]*pb.MetricFamily, max)
+	resp := make([]*pb.MetricFamily, maxVal)
 	for _, series := range metrics {
 		for i, metric := range series {
 			if resp[i] == nil {

app/health/reducers.go

@@ -29,16 +29,16 @@ func increase(samples []*pb.Metric) (float64, error) {
 
 // gaugeMax returns the maximum value in a time series of gauge metrics.
 func gaugeMax(samples []*pb.Metric) (float64, error) {
-	var max float64
+	var maxVal float64
 	for _, sample := range samples {
 		if sample.GetGauge() == nil {
 			return 0, errors.New("bug: non-gauge metric passed")
 		}
 
-		if sample.GetGauge().GetValue() > max {
-			max = sample.GetGauge().GetValue()
+		if sample.GetGauge().GetValue() > maxVal {
+			maxVal = sample.GetGauge().GetValue()
 		}
 	}
 
-	return max, nil
+	return maxVal, nil
 }

app/health/select.go

@@ -15,8 +15,8 @@
 // maxLabel returns the metric with the highest value.
 func maxLabel(metricsFam *pb.MetricFamily) *pb.Metric { //nolint: unused // This is used in the future.
 	var (
-		max  float64
-		resp *pb.Metric
+		maxVal float64
+		resp   *pb.Metric
 	)
 	for _, metric := range metricsFam.GetMetric() {
 		var val float64
@@ -29,8 +29,8 @@
 			panic("invalid metric type for simple value labelSelector")
 		}
 
-		if max == 0 || val > max {
-			max = val
+		if maxVal == 0 || val > maxVal {
+			maxVal = val
 			resp = metric
 		}
 	}

app/log/loki/client.go

@@ -210,7 +210,6 @@ func send(ctx context.Context, client *http.Client, endpoint string, batch *batc
 	}
 	defer resp.Body.Close()
 
-	//nolint:usestdlibvars // we should not replace 100 with http.StatusContinue, it makes it less readable
 	if resp.StatusCode/100 != 2 {
 		scanner := bufio.NewScanner(io.LimitReader(resp.Body, maxErrMsgLen))
 		line := ""