Update repository

.github/workflows/build-publish-cfg.yaml

@@ -39,7 +39,7 @@ env:
 
 jobs:
   build-and-publish-with-cfg:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write

.github/workflows/build-publish.yaml

@@ -22,7 +22,7 @@ on:
 
 jobs:
   build-www:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -141,7 +141,7 @@ jobs:
       template-file: ${{ matrix.template-file }}
 
   generate-sbom:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4

.github/workflows/builds.yml

@@ -14,7 +14,7 @@ jobs:
           # check support for oldest supported golang version
           - name: go1.22
             go-version: "~1.22"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4

.github/workflows/checkFormat.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   format:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: CPU Info

.github/workflows/ghcr-cleanup.yaml

@@ -10,7 +10,7 @@ jobs:
   pull-request-ghcr-cleanup:
     if: ${{ github.event_name == 'pull_request' }}
     name: Delete images related to closed PR
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Delete images related to closed PR (1)
         id: run-1
@@ -51,7 +51,7 @@ jobs:
   nightly-ghcr-cleanup:
     if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
     name: Delete stale or untagged images
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:

.github/workflows/golangci-lint.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   golangci:
     name: lint
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: CPU Info
         run: |
@@ -32,5 +32,5 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: latest
+          version: v1.61 # switch to latest if development is unfreezed
           args: --timeout=5m

.github/workflows/measureMemory.yml

@@ -26,7 +26,7 @@ jobs:
   # This workflow contains a single job called "build"
   generateSummary:
     needs: coapGateway
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Download artifacts
         uses: actions/download-artifact@v4
@@ -58,7 +58,7 @@ jobs:
 
   coapGateway:
     # The type of runner that the job will run on
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       # max number of running jobs is 20 for a single organization, so lets keep at least 4 available to all other repositories

.github/workflows/publishDockerImagesGhcr.yml

@@ -29,7 +29,7 @@ env:
 
 jobs:
   build-and-publish-image:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:

.github/workflows/releaseHelmCharts.yml

@@ -5,7 +5,7 @@ on:
 
 jobs:
   release-charts:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: CPU Info
         run: |

.github/workflows/run-bundle.yml

@@ -33,7 +33,7 @@ env:
 
 jobs:
   run-bundle:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     concurrency:
       group: ${{ github.workflow }}
       cancel-in-progress: ${{ github.ref_name != 'main' }}

.github/workflows/staticAnalysis.yml

@@ -9,7 +9,7 @@ on:
 
 jobs:
   analysis:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: CPU Info
@@ -27,19 +27,6 @@ jobs:
       - name: Run go vet
         run: go vet ./...
 
-      - name: Install and run gocyclo
-        run: |
-          export PATH=${PATH}:`go env GOPATH`/bin
-          go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
-          gocyclo -over 15 -ignore ".pb(.gw)?.go$|_test.go$|wsproxy" . || echo "gocyclo detected too complex functions"
-
-      - name: Install and run misspell
-        run: |
-          # check misspelling in all files in repository
-          export PATH=${PATH}:`go env GOPATH`/bin
-          go install github.com/client9/misspell/cmd/misspell@latest
-          find . -type f -exec misspell {} \;
-
       - name: Check yaml field names and yaml tags
         run: tools/validate/validateYaml.py || echo "invalid yaml field name(s) detected"
 

.github/workflows/test.yml

@@ -21,7 +21,7 @@ jobs:
   # This workflow contains a single job called "build"
   test:
     # The type of runner that the job will run on
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -153,7 +153,7 @@ jobs:
           if-no-files-found: warn
 
   test-helm:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
@@ -202,7 +202,7 @@ jobs:
   coverage-sonar-cloud-scan:
     needs: test
     # The type of runner that the job will run on
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4

.golangci.yml

@@ -9,6 +9,10 @@ linters-settings:
         - github.com/pkg/errors:
             recommendations:
               - errors
+  gomoddirectives:
+    replace-allow-list:
+      - github.com/go-json-experiment/json
+      - golang.org/x/exp
   gosec:
     excludes:
       - G402
@@ -48,7 +52,7 @@ linters:
     - gofumpt          # Gofumpt checks whether code was gofumpt-ed.
     - goheader         # Checks is file header matches to pattern
     - goimports        # Goimports does everything that gofmt does. Additionally it checks unused imports
-    # - gomoddirectives  # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
+    - gomoddirectives  # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
     - gomodguard       # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
     - goprintffuncname # Checks that printf-like functions are named with `f` at the end
     - gosec            # Inspects source code for security problems

Dockerfile.test

@@ -8,7 +8,7 @@ WORKDIR /
 # apt: ca-certificates git make sudo
 RUN git clone https://github.com/udhos/update-golang.git \
     && cd update-golang \
-    && sudo RELEASE=1.22.3 ./update-golang.sh \
+    && sudo RELEASE=1.22.7 ./update-golang.sh \
     && ln -s /usr/local/go/bin/go /usr/bin/go
 WORKDIR $GOPATH/src/github.com/plgd-dev/hub
 COPY go.mod go.sum ./

bundle/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1
-FROM golang:1.22.3-alpine AS build
+FROM golang:1.22.7-alpine AS build
 RUN apk add --no-cache build-base curl git
 WORKDIR $GOPATH/src/github.com/plgd-dev/hub
 COPY go.mod go.sum ./
@@ -299,7 +299,7 @@
 ENV OPEN_TELEMETRY_EXPORTER_ENABLED=false
 ENV OPEN_TELEMETRY_EXPORTER_ADDRESS="localhost:4317"
 ENV OPEN_TELEMETRY_EXPORTER_CERT_FILE="/certs/otel/cert.crt"
 ENV OPEN_TELEMETRY_EXPORTER_KEY_FILE="/certs/otel/cert.key"
 ENV OPEN_TELEMETRY_EXPORTER_CA_POOL="/certs/otel/rootca.crt"
 
 # global - certificates generated by cert-tool
@@ -347,6 +347,6 @@
 ENV DEVICE_PROVIDER=plgd
 ENV DEVICE_OAUTH_SCOPES="offline_access"
 ENV OWNER_CLAIM="sub"
 ENV MOCK_OAUTH_SERVER_ACCESS_TOKEN_LIFETIME="0s"
 
 ENTRYPOINT ["/usr/local/bin/run.sh"]

go.mod

@@ -32,8 +32,8 @@ require (
 	github.com/panjf2000/ants/v2 v2.10.0
 	github.com/pion/dtls/v3 v3.0.2
 	github.com/pion/logging v0.2.2
-	github.com/plgd-dev/device/v2 v2.5.3-0.20240913103315-5b20bc19b159
-	github.com/plgd-dev/go-coap/v3 v3.3.5-0.20240913102221-c784b43f59a1
+	github.com/plgd-dev/device/v2 v2.5.3-0.20240916150018-cc07b737d112
+	github.com/plgd-dev/go-coap/v3 v3.3.5
 	github.com/plgd-dev/kit/v2 v2.0.0-20211006190727-057b33161b90
 	github.com/pseudomuto/protoc-gen-doc v1.5.1
 	github.com/sirupsen/logrus v1.9.3
@@ -44,23 +44,23 @@ require (
 	github.com/vincent-petithory/dataurl v1.0.0
 	github.com/web-of-things-open-source/thingdescription-go v0.0.0-20240513190706-79b5f39190eb
 	go.mongodb.org/mongo-driver v1.16.1
-	go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo v0.54.0
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0
-	go.opentelemetry.io/otel v1.29.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0
-	go.opentelemetry.io/otel/metric v1.29.0
-	go.opentelemetry.io/otel/sdk v1.29.0
-	go.opentelemetry.io/otel/trace v1.29.0
+	go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo v0.55.0
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0
+	go.opentelemetry.io/otel v1.30.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0
+	go.opentelemetry.io/otel/metric v1.30.0
+	go.opentelemetry.io/otel/sdk v1.30.0
+	go.opentelemetry.io/otel/trace v1.30.0
 	go.uber.org/atomic v1.11.0
 	go.uber.org/zap v1.27.0
 	golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
-	golang.org/x/net v0.28.0
+	golang.org/x/net v0.29.0
 	golang.org/x/oauth2 v0.23.0
 	golang.org/x/sync v0.8.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1
-	google.golang.org/grpc v1.66.0
+	google.golang.org/grpc v1.66.2
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v3 v3.0.1
@@ -94,7 +94,7 @@ require (
 	github.com/imdario/mergo v0.3.4 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/itchyny/timefmt-go v0.1.6 // indirect
-	github.com/jhump/protoreflect v1.16.0 // indirect
+	github.com/jhump/protoreflect v1.17.0 // indirect
 	github.com/jonboulle/clockwork v0.4.0 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
@@ -135,16 +135,19 @@ require (
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
 	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/text v0.18.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-// last version for Go 1.22
-replace github.com/go-json-experiment/json => github.com/go-json-experiment/json v0.0.0-20240815174924-0599f16bf0e2
+// last versions for Go 1.22.0
+replace (
+	github.com/go-json-experiment/json => github.com/go-json-experiment/json v0.0.0-20240815174924-0599f16bf0e2
+	golang.org/x/exp => golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
+)