chore: update Go version to 1.24.2

.github/workflows/codeql.yml

@@ -47,7 +47,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/lint.yml

@@ -26,23 +26,23 @@ jobs:
     steps:
       - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
 
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Lint main module
-        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # 7.0.0
         if: ${{ matrix.app == 'main-module' }}
         with:
-          version: v1.60.3
+          version: v2.0.2
           only-new-issues: 'true'
 
       - name: Lint ${{ matrix.app }}
-        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # 7.0.0
         if: ${{ matrix.app != 'main-module' }}
         with:
           working-directory: app/${{ matrix.app }}
-          version: v1.60.3
+          version: v2.0.2
           only-new-issues: 'true'
 
   lint-protos:
@@ -62,11 +62,11 @@ jobs:
         run: |
           mkdir -p ~/.local/bin
           cd ~/.local
-          curl -L https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.15.1  sh
+          curl -L https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.18.1  sh
 
       - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
 
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
@@ -75,8 +75,8 @@ jobs:
           make -C extras/dagger module-init
 
       - name: Lint
-        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # 7.0.0
         with:
           working-directory: extras/dagger
-          version: v1.60.3
+          version: v2.0.2
           only-new-issues: 'true'

.github/workflows/release.yaml

@@ -74,7 +74,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
 
       # install qemu binaries for multiarch builds (needed by goreleaser/buildx)
       - name: Setup qemu

.github/workflows/test.yml

@@ -27,7 +27,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
           cache: true
           cache-dependency-path: go.sum
 

.golangci.yml

@@ -1,85 +1,91 @@
-run:
-  timeout: 10m
-
+version: "2"
 linters:
-  # Note that there are some linters enabled by default, see golang-ci linters
   enable:
-    - goheader
-    - dupl
-    - gofmt
-    - goimports
-    - misspell
-    - nakedret
-    - revive
-    - gosec
     - asciicheck
-    - whitespace
+    - copyloopvar
+    - dogsled
+    - dupl
     - errorlint
     - forbidigo
+    - goconst
     - gocritic
+    - gocyclo
+    - goheader
+    - goprintffuncname
+    - gosec
     - importas
+    - misspell
+    - nakedret
     - prealloc
-    - stylecheck
+    - revive
+    - staticcheck
     - unconvert
-    - dogsled
-    - goconst
-    - copyloopvar
-    - gocyclo
-    - goprintffuncname
-    # Can't enable it for now, it crashes https://github.com/ent/ent/pull/3315
-    # - unparam
-
-linters-settings:
-  gosec:
-    excludes:
-      # https://github.com/moby/moby/issues/48358
-      - G115
-      # We have the endpoint enabled on demand  
-      - G108
-  gofmt:
-    simplify: true
-  dupl:
-    threshold: 400
-  goheader:
-    template: |-
-      Copyright {{copyright-year}} The Chainloop Authors.
+    - whitespace
+  settings:
+    dupl:
+      threshold: 400
+    forbidigo:
+      forbid:
+        - pattern: ^print.*$
+        - pattern: ^t\.Error.*$(# forbid t.Error in favor of using testify\.)?
+        - pattern: ^t\.Fatal.*$(# forbid t.Fatal in favor of using testify\.)?
+    goheader:
+      values:
+        regexp:
+          copyright-year: 202[0-9](-202[0-9])?
+      template: |-
+        Copyright {{copyright-year}} The Chainloop Authors.
 
-      Licensed under the Apache License, Version 2.0 (the "License");
-      you may not use this file except in compliance with the License.
-      You may obtain a copy of the License at
+        Licensed under the Apache License, Version 2.0 (the "License");
+        you may not use this file except in compliance with the License.
+        You may obtain a copy of the License at
 
-          http://www.apache.org/licenses/LICENSE-2.0
+            http://www.apache.org/licenses/LICENSE-2.0
 
-      Unless required by applicable law or agreed to in writing, software
-      distributed under the License is distributed on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-      See the License for the specific language governing permissions and
-      limitations under the License.
-    values:
-      regexp:
-        # support of single or range-based years i.e 2024 2024-2025 2024-2026
-        copyright-year: "202[0-9](-202[0-9])?"
-  forbidigo:
-    forbid:
-      - ^print.*$
-      - '^t\.Error.*$(# forbid t.Error in favor of using testify\.)?'
-      - '^t\.Fatal.*$(# forbid t.Fatal in favor of using testify\.)?'
-  staticcheck:
-    # SAxxxx checks in https://staticcheck.io/docs/configuration/options/#checks
-    # Disable deprecation checks, note that we need to deprecate it because golangci-lint doesn't support
-    # setting a non-error exit code on info severity (setup below)
-    # https://github.com/golangci/golangci-lint/issues/1981
-    checks: ["all", "-SA1019"]
+        Unless required by applicable law or agreed to in writing, software
+        distributed under the License is distributed on an "AS IS" BASIS,
+        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+        See the License for the specific language governing permissions and
+        limitations under the License.
+    gosec:
+      excludes:
+        - G115
+        - G108
+    staticcheck:
+      checks:
+        - -SA1019
+        - all
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - path: _test\.go
+        text: Potential hardcoded credentials
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
 severity:
-  default-severity: error
-  # NOTE: this still makes the CLI exit with 1 hence the fact that we disabled the rule above as well
-  # https://github.com/golangci/golangci-lint/issues/1981
+  default: error
   rules:
     - linters:
         - staticcheck
-      text: "SA1019:"
+      text: 'SA1019:'
       severity: info
-issues:
-  exclude-rules:
-    - path: _test\.go
-      text: "Potential hardcoded credentials"
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    gofmt:
+      simplify: true
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

app/artifact-cas/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23@sha256:927112936d6b496ed95f55f362cc09da6e3e624ef868814c56d55bd7323e0959 AS builder
+FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder
 
 # Not linked libraries since it will be injected into a scratch container
 ENV CGO_ENABLED=0

app/artifact-cas/Dockerfile.goreleaser

@@ -1,4 +1,4 @@
-FROM golang:1.23@sha256:927112936d6b496ed95f55f362cc09da6e3e624ef868814c56d55bd7323e0959 AS builder
+FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder
 
 FROM scratch
 

app/cli/Dockerfile.goreleaser

@@ -1,4 +1,4 @@
-FROM golang:1.23@sha256:927112936d6b496ed95f55f362cc09da6e3e624ef868814c56d55bd7323e0959 AS builder
+FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder
 RUN mkdir -p /.config/chainloop
 
 FROM scratch

app/controlplane/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23@sha256:927112936d6b496ed95f55f362cc09da6e3e624ef868814c56d55bd7323e0959 AS builder
+FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder
 
 # Not linked libraries since it will be injected into a scratch container
 ENV CGO_ENABLED=0

app/controlplane/Dockerfile.goreleaser

@@ -1,4 +1,4 @@
-FROM golang:1.23@sha256:927112936d6b496ed95f55f362cc09da6e3e624ef868814c56d55bd7323e0959 AS builder
+FROM golang:1.24@sha256:991aa6a6e4431f2f01e869a812934bd60fbc87fb939e4a1ea54b8494ab9d2fc6 AS builder
 
 FROM scratch
 

app/controlplane/internal/service/attestationstate.go

@@ -97,7 +97,7 @@ func (s *AttestationStateService) Save(ctx context.Context, req *cpAPI.Attestati
 	err = s.attestationStateUseCase.Save(ctx, wf.ID.String(), req.WorkflowRunId, req.AttestationState, encryptionPassphrase, biz.WithAttStateBaseDigest(req.GetBaseDigest()))
 	if err != nil {
 		if biz.IsErrAttestationStateConflict(err) {
-			return nil, cpAPI.ErrorAttestationStateErrorConflict(err.Error())
+			return nil, cpAPI.ErrorAttestationStateErrorConflict("saving attestation: %s", err.Error())
 		}
 
 		return nil, handleUseCaseErr(err, s.log)

app/controlplane/internal/usercontext/allowlist_middleware.go

@@ -65,7 +65,7 @@ func CheckUserInAllowList(allowList *conf.Auth_AllowList) middleware.Middleware
 					msg = allowList.GetCustomMessage()
 				}
 
-				return nil, v1.ErrorAllowListErrorNotInList(msg)
+				return nil, v1.ErrorAllowListErrorNotInList("%s", msg)
 			}
 
 			return handler(ctx, req)

dagger.json

@@ -1,6 +1,8 @@
 {
   "name": "chainloop",
-  "engineVersion": "v0.15.1",
-  "sdk": "go",
+  "engineVersion": "v0.18.1",
+  "sdk": {
+    "source": "go"
+  },
   "source": "extras/dagger"
 }

docs/docs/getting-started/attestation-crafting.md

@@ -291,7 +291,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
 
       - name: Configure AWS credentials to push container images
         uses: aws-actions/configure-aws-credentials@v1

docs/examples/ci-workflows/github.yaml

@@ -41,7 +41,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.23.6"
+          go-version: "1.24.2"
 
       # Generate SBOM using syft in cycloneDX format
       - uses: anchore/sbom-action@v0

extras/dagger/.golangci.yml

@@ -1,29 +1,43 @@
-run:
-  skip-dirs:
-    internal
-  skip-files:
-    dagger.gen.go
-
+version: "2"
 linters:
   enable:
-    - dupl
-    - gofmt
-    - goimports
-    - misspell
-    - nakedret
-    - revive
-    - gosec
     - asciicheck
-    - whitespace
+    - dogsled
+    - dupl
     - errorlint
     - forbidigo
+    - goconst
     - gocritic
+    - gocyclo
+    - goprintffuncname
+    - gosec
     - importas
+    - misspell
+    - nakedret
     - prealloc
-    - stylecheck
+    - revive
+    - staticcheck
     - unconvert
-    - dogsled
-    - goconst
-    - exportloopref
-    - gocyclo
-    - goprintffuncname
+    - whitespace
+  exclusions:
+    paths-except:
+      - internal
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$