*: release v1.2-rc1 (#3386)

Cherry-picked commits for v1.2-rc1.

**Test command**

- Add cluster lock and definition files to test peers [#3368](#3368)
- Beacon node simulation [#3361](#3361)
- General UX [#3370](#3370)
- Create real blocks with MEV test [#3378](#3378)
- Version check on beacon tests [#3379](#3379)
- Rename test performance to test infra [#3380](#3380)
- Output file improvements [#3384](#3384)
- Custom number of validators for beacon node simulation [#3385](#3385)

**Charon exit --all**

- initial refactor [#3248](#3248)
- add --all flag [#3272](#3272)
- broadcast all exits [#3288](#3288)
- fetch all exits [#3291](#3291)
- enable exit all [#3296](#3296)
- add custom testnet flags (to enable kurtosis testing) [#3317](#3317)
- improve logging and error handling [#3347](#3347)
- increase default Obol API timeout [#3353](#3353)

**Misc**

- Log leader index [#3334](#3334)
- Add third Charon relay [#3227](#3227)
- Fix promrated network overview stats [#3234](#3234)
- Harden threshold parameter checks [#3242](#3242), [#3297](#3297)
- Dependabot to bump only patch versions for our BLS library [#3352](#3352)
- Optimize Dockerfile [#3281](#3281)

**Tests / pipelines**

- Fix flaky tests [#3309](#3309),  [#3316](#3316), [#3332](#3332)
- Disable intrange linter [#3282](#3282)
- Create automate PR for release [#3310](#3310)
- Use minor versions in pipelines [#3321](#3321)
- Fix trigger-dispatch for release [#3351](#3351) [#3381](#3381)
- Fix linter [#3307](#3307) (partially)

**Docs**

- Launchpad link broken [#3231](#3231)
- Docs typos [#3236](#3236) [#3367](#3367) [#3369](#3369)

All of the rest are tens of PRs with simple version bumps across the stack.

category: misc
ticket: none

.github/actions/setup-go/action.yml

@@ -6,4 +6,4 @@ runs:
     - name: Setup go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.22.5'
+        go-version: '1.23'

.github/dependabot.yml

@@ -4,6 +4,9 @@ updates:
   directory: "/"
   schedule:
     interval: "daily"
+  ignore:
+  - dependency-name: "github.com/herumi/bls-eth-go-binary"
+    update-types: ["version-update:semver-major","version-update:semver-minor"]
 - package-ecosystem: "docker"
   directories:
     - "/"

.github/workflows/build-push-deploy.yml

@@ -92,6 +92,6 @@ jobs:
       uses: peter-evans/repository-dispatch@v2
       with:
         token: ${{ secrets.CHARON_K8S_REPO_ACCESS_TOKEN }}
-        repository: ObolNetwork/charon-k8s
+        repository: ObolNetwork/obol-infrastructure
         event-type: charon-package-published
         client-payload: '{"sha": "${{ github.sha }}"}'

.github/workflows/codeql-analysis.yml

@@ -21,7 +21,7 @@ on:
     - cron: '18 19 * * 6'
 
 env:
-  GOLANG_VERSION: '1.22'
+  GOLANG_VERSION: '1.23'
 
 jobs:
   analyze:

.github/workflows/golangci-lint.yml

@@ -19,7 +19,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.59.1
+          version: v1.61.0
       - name: notify failure
         if: failure() && github.ref == 'refs/heads/main'
         env:

.github/workflows/govulncheck.yml

@@ -13,5 +13,5 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/setup-go
-      - run: go install golang.org/x/vuln/cmd/[email protected].0
+      - run: go install golang.org/x/vuln/cmd/[email protected].3
       - run: govulncheck -show=traces -test ./...

.github/workflows/release.yml

@@ -10,15 +10,55 @@ jobs:
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0 # Disable shallow checkout
-    - uses: ./.github/actions/setup-go
-    - run: go run . --help > cli-reference.txt
-    - run: go run testutil/genchangelog/main.go
-    - uses: softprops/action-gh-release@v1
-      with:
-        draft: true
-        files: cli-reference.txt
-        body_path: changelog.md
-        token: ${{ secrets.RELEASE_SECRET }}
+      - name: Checkout repository
+        uses: actions /checkout@v4
+        with:
+          fetch-depth: 0 # Disable shallow checkout
+
+      - name: Setup Go environment
+        uses: ./.github/actions/setup-go
+
+      - name: Generate CLI reference
+        run: go run . --help > cli-reference.txt
+
+      - name: Generate changelog
+        run: go run testutil/genchangelog/main.go
+
+      - name: Create GitHub release draft
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          files: cli-reference.txt
+          body_path: changelog.md
+          token: ${{ secrets.RELEASE_SECRET }}
+
+  trigger-dispatch:
+    needs: release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Extract tag name
+        run: echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
+
+      - name: Trigger dispatch for obol-docs
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.OBOL_PLATFORM_PAT }}
+          repository: ObolNetwork/obol-docs
+          event-type: update-version
+          client-payload: '{"tag": "${{ env.TAG_NAME }}"}'
+
+      - name: Trigger dispatch for helm-charts
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.OBOL_PLATFORM_PAT }}
+          repository: ObolNetwork/helm-charts
+          event-type: update-version
+          client-payload: '{"tag": "${{ env.TAG_NAME }}"}'
+
+      - name: Trigger dispatch for obol-ansible
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.OBOL_PLATFORM_PAT }}
+          repository: ObolNetwork/obol-ansible
+          event-type: update-version
+          client-payload: '{"tag": "${{ env.TAG_NAME }}"}'

.golangci.yml

@@ -1,6 +1,6 @@
 run:
   timeout: 5m
-  go: "1.22.5"
+  go: "1.23"
 linters-settings:
   cyclop:
     max-complexity: 15
@@ -116,6 +116,12 @@ linters-settings:
       - expected-actual
     go-require:
       ignore-http-handlers: true
+  gosec:
+    excludes:
+      # Flags for potentially-unsafe casting of ints, seems good,
+      # but currently is really unstable with no clear way to make the linter pass.
+      # https://github.com/securego/gosec/issues/1187
+      - G115
 
 issues:
   fix: true
@@ -145,6 +151,7 @@ linters:
   enable-all: true
   disable:
     # Keep disabled
+    - intrange
     - containedctx
     - contextcheck
     - cyclop
@@ -158,7 +165,6 @@ linters:
     - gocyclo
     - godot
     - godox
-    - goerr113
     - gomnd
     - gomoddirectives
     - inamedparam
@@ -176,13 +182,5 @@ linters:
     - varnamelen
     - wsl
     # Deprecated
-    - deadcode
-    - exhaustivestruct
-    - golint
-    - ifshort
-    - interfacer
-    - maligned
-    - nosnakecase
-    - structcheck
-    - scopelint
-    - varcheck
+    - goerr113
+    - execinquery

.pre-commit-config.yaml

@@ -15,7 +15,7 @@ repos:
     rev: v0.0.3
     hooks:
       - id: check-go-version
-        args: [ -v=go1.22 ] # Only check minor version locally
+        args: [ -v=go1.23 ] # Only check minor version locally
         pass_filenames: false
         additional_dependencies: [ packaging ]
       - id: check-licence-header

.pre-commit/run_linter.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-VERSION="1.59.1"
+VERSION="1.61.0"
 
 if ! command -v golangci-lint &> /dev/null
 then

Dockerfile

@@ -1,14 +1,18 @@
 # Container for building Go binary.
-FROM golang:1.22.5-bookworm AS builder
+FROM golang:1.23.3-bookworm AS builder
 # Install dependencies
-RUN apt-get update && apt-get install -y build-essential git
+RUN apt-get update && apt-get install -y --no-install-recommends build-essential git
+
 # Prep and copy source
 WORKDIR /app/charon
+
 COPY . .
+
 # Populate GO_BUILD_FLAG with a build arg to provide an optional go build flag.
 ARG GO_BUILD_FLAG
 ENV GO_BUILD_FLAG=${GO_BUILD_FLAG}
 RUN echo "Building with GO_BUILD_FLAG='${GO_BUILD_FLAG}'"
+
 # Build with Go module and Go build caches.
 RUN \
    --mount=type=cache,target=/go/pkg \
@@ -18,30 +22,35 @@ RUN echo "Built charon version=$(./charon version)"
 
 # Copy final binary into light stage.
 FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y ca-certificates wget fio
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates fio wget \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 ARG GITHUB_SHA=local
 ENV GITHUB_SHA=${GITHUB_SHA}
+
 COPY --from=builder /app/charon/charon /usr/local/bin/
+
 # Don't run container as root
 ENV USER=charon
 ENV UID=1000
 ENV GID=1000
-RUN addgroup --gid "$GID" "$USER"
-RUN adduser \
+RUN addgroup --gid "$GID" "$USER" \
+  && adduser \
     --disabled-password \
     --gecos "charon" \
     --home "/opt/$USER" \
     --ingroup "$USER" \
     --no-create-home \
     --uid "$UID" \
-    "$USER"
-RUN chown charon /usr/local/bin/charon
-RUN chmod u+x /usr/local/bin/charon
+    "$USER" \
+  && chown "$USER" /usr/local/bin/charon \
+  && chmod u+x /usr/local/bin/charon
+
 WORKDIR "/opt/$USER"
-RUN chown charon "/opt/$USER"
 USER charon
+
 ENTRYPOINT ["/usr/local/bin/charon"]
 CMD ["run"]
+
 # Used by GitHub to associate container with repo.
 LABEL org.opencontainers.image.source="https://github.com/obolnetwork/charon"
 LABEL org.opencontainers.image.title="charon"

README.md

@@ -9,7 +9,7 @@
 
 This repo contains the source code for the distributed validator client _Charon_ (pronounced 'kharon'); a HTTP middleware client for Ethereum Staking that enables you to safely run a single validator across a group of independent nodes.
 
-Charon is accompanied by a webapp called the [Distributed Validator Launchpad](https://goerli.launchpad.obol.tech/) for distributed validator key creation.
+Charon is accompanied by a webapp called the [Distributed Validator Launchpad](https://holesky.launchpad.obol.tech/) for distributed validator key creation.
 
 Charon is used by stakers to distribute the responsibility of running Ethereum Validators across a number of different instances and client implementations.
 

app/eth2wrap/httpwrap.go

@@ -296,7 +296,6 @@ func httpPost(ctx context.Context, base string, endpoint string, body io.Reader,
 		return nil, errors.Wrap(err, "failed to read POST response")
 	}
 
-	//nolint:usestdlibvars // we should not replace 100 with http.StatusContinue, it makes it less readable
 	if res.StatusCode/100 != 2 {
 		return nil, errors.New("post failed", z.Int("status", res.StatusCode), z.Str("body", string(data)))
 	}

app/expbackoff/expbackoff.go

@@ -148,14 +148,14 @@ func Backoff(config Config, retries int) time.Duration {
 	}
 
 	backoff := float64(config.BaseDelay)
-	max := float64(config.MaxDelay)
+	maxVal := float64(config.MaxDelay)
 
-	for backoff < max && retries > 0 {
+	for backoff < maxVal && retries > 0 {
 		backoff *= config.Multiplier
 		retries--
 	}
-	if backoff > max {
-		backoff = max
+	if backoff > maxVal {
+		backoff = maxVal
 	}
 	// Randomize backoff delays so that if a cluster of requests start at
 	// the same time, they won't operate in lockstep.

app/health/checks.go

@@ -70,42 +70,42 @@ var checks = []check{
 		Description: "Beacon Node in syncing state.",
 		Severity:    severityCritical,
 		Func: func(q query, _ Metadata) (bool, error) {
-			max, err := q("app_monitoring_beacon_node_syncing", noLabels, gaugeMax)
+			maxVal, err := q("app_monitoring_beacon_node_syncing", noLabels, gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
-			return max == 1, nil
+			return maxVal == 1, nil
 		},
 	},
 	{
 		Name:        "insufficient_connected_peers",
 		Description: "Not connected to at least quorum peers. Check logs for networking issue or coordinate with peers.",
 		Severity:    severityCritical,
 		Func: func(q query, m Metadata) (bool, error) {
-			max, err := q("p2p_ping_success", countNonZeroLabels, gaugeMax)
+			maxVal, err := q("p2p_ping_success", countNonZeroLabels, gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
 			required := float64(m.QuorumPeers) - 1 // Exclude self
 
-			return max < required, nil
+			return maxVal < required, nil
 		},
 	},
 	{
 		Name:        "pending_validators",
 		Description: "Pending validators detected. Activate them to start validating.",
 		Severity:    severityInfo,
 		Func: func(q query, _ Metadata) (bool, error) {
-			max, err := q("core_scheduler_validator_status",
+			maxVal, err := q("core_scheduler_validator_status",
 				countLabels(l("status", "pending")),
 				gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
-			return max > 0, nil
+			return maxVal > 0, nil
 		},
 	},
 	{
@@ -140,12 +140,12 @@ var checks = []check{
 		Description: "Metrics reached high cardinality threshold. Please check metrics reported by app_health_metrics_high_cardinality.",
 		Severity:    severityWarning,
 		Func: func(q query, _ Metadata) (bool, error) {
-			max, err := q("app_health_metrics_high_cardinality", sumLabels(), gaugeMax)
+			maxVal, err := q("app_health_metrics_high_cardinality", sumLabels(), gaugeMax)
 			if err != nil {
 				return false, err
 			}
 
-			return max > 0, nil
+			return maxVal > 0, nil
 		},
 	},
 }

app/health/checks_internal_test.go

@@ -407,19 +407,19 @@ func testCheck(t *testing.T, m Metadata, checkName string, expect bool, metrics
 		genGauge(genLabels("bar", "bar2"), 1, 1, 1),
 	)
 
-	var max int
-	if len(metrics) > max {
-		max = len(metrics)
+	var maxVal int
+	if len(metrics) > maxVal {
+		maxVal = len(metrics)
 	}
-	if len(randomFamFoo) > max {
-		max = len(randomFamFoo)
+	if len(randomFamFoo) > maxVal {
+		maxVal = len(randomFamFoo)
 	}
-	if len(randomFamBar) > max {
-		max = len(randomFamBar)
+	if len(randomFamBar) > maxVal {
+		maxVal = len(randomFamBar)
 	}
 
-	multiFams := make([][]*pb.MetricFamily, max)
-	for i := range max {
+	multiFams := make([][]*pb.MetricFamily, maxVal)
+	for i := range maxVal {
 		var fam []*pb.MetricFamily
 		if i < len(metrics) {
 			fam = append(fam, metrics[i])
@@ -455,14 +455,14 @@ func genFam(name string, metrics ...[]*pb.Metric) []*pb.MetricFamily {
 		typ = pb.MetricType_GAUGE
 	}
 
-	var max int
+	var maxVal int
 	for _, series := range metrics {
-		if len(series) > max {
-			max = len(series)
+		if len(series) > maxVal {
+			maxVal = len(series)
 		}
 	}
 
-	resp := make([]*pb.MetricFamily, max)
+	resp := make([]*pb.MetricFamily, maxVal)
 	for _, series := range metrics {
 		for i, metric := range series {
 			if resp[i] == nil {