feat!: upgrade to go 1.22 (zeta-chain#2460)

* use go-tss with go-libp2p fork

Use go 1.22

more go 1.22 upgrades

upgrade gosec

use upstream int overflow rule

Use zeta-chain-gosec

* exclude-generated

* more G115

* exclude testutil

* nosec updates

* G115 false positives

* changelog and nosec import fix

.github/actions/install-dependencies/action.yml

@@ -33,7 +33,7 @@ runs:
     - uses: actions/setup-go@v5
       if: ${{ inputs.skip_go == 'false' }}
       with:
-        go-version: '1.20'
+        go-version: '1.22'
         cache: false
 
     - uses: actions/setup-python@v4

.github/workflows/publish-release.yml

@@ -48,7 +48,7 @@ jobs:
         if: ${{ github.event.inputs.skip_checks != 'true' }}
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.22'
 
       - name: Run Gosec Security Scanner
         if: ${{ github.event.inputs.skip_checks != 'true' }}
@@ -79,7 +79,7 @@ jobs:
         if: ${{ github.event.inputs.skip_checks != 'true' }}
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.22'
 
       - name: Run Cosmos Gosec Security Scanner
         if: ${{ github.event.inputs.skip_checks != 'true' }}
@@ -109,7 +109,7 @@ jobs:
         if: ${{ github.event.inputs.skip_checks != 'true' }}
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.22'
 
       - name: Run golangci-lint
         if: ${{ github.event.inputs.skip_checks != 'true' }}

.github/workflows/sast-linters.yml

@@ -25,33 +25,10 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.20'
-
       - name: Run Gosec Security Scanner
-        uses: securego/[email protected]
-        with:
-          args: ./...
-
-  gosec-cosmos:
-    runs-on: ubuntu-22.04
-    env:
-      GO111MODULE: on
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: zeta-chain/[email protected]
         with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.20'
-
-      - name: Run Cosmos Gosec Security Scanner
-        run: make lint-cosmos-gosec
+          args: -exclude-generated -exclude-dir testutil ./...
 
   lint:
     runs-on: ubuntu-22.04
@@ -67,7 +44,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.22'
 
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v6

Dockerfile-localnet

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.7-labs
-FROM golang:1.20.14-bookworm AS base-build
+FROM golang:1.22.5-bookworm AS base-build
 
 ENV GOPATH /go
 ENV GOOS=linux
@@ -22,10 +22,10 @@ COPY --exclude=*.sh --exclude=*.md --exclude=*.yml . .
 RUN --mount=type=cache,target="/root/.cache/go-build" make install
 RUN --mount=type=cache,target="/root/.cache/go-build" make install-zetae2e
 
-FROM golang:1.20.14-bookworm AS cosmovisor-build
+FROM golang:1.22.5-bookworm AS cosmovisor-build
 RUN go install cosmossdk.io/tools/cosmovisor/cmd/[email protected]
 
-FROM golang:1.20.14-bookworm AS base-runtime
+FROM golang:1.22.5-bookworm AS base-runtime
 
 RUN apt update && \
     apt install -yq jq yq curl tmux python3 openssh-server iputils-ping iproute2 bind9-host && \

Makefile

@@ -139,8 +139,8 @@ lint-pre:
 lint: lint-pre
 	@golangci-lint run
 
-lint-cosmos-gosec:
-	@bash ./scripts/cosmos-gosec.sh
+lint-gosec:
+	@bash ./scripts/gosec.sh
 
 gosec:
 	gosec  -exclude-dir=localnet ./...

changelog.md

@@ -4,7 +4,7 @@
 
 ### Breaking Changes
 
-* [List of the breaking changes can be found in this document](docs/releases/v17_breaking_changes.md)
+* [2460](https://github.com/zeta-chain/node/pull/2460) - Upgrade to go 1.22. This required us to temporarily remove the QUIC backend from [go-libp2p](https://github.com/libp2p/go-libp2p). If you are a zetaclient operator and have configured quic peers, you need to switch to tcp peers.
 
 ### Features
 

cmd/zetae2e/stress.go

@@ -170,10 +170,10 @@ func StressTest(cmd *cobra.Command, _ []string) {
 	// Get current nonce on zevm for DeployerAddress - Need to keep track of nonce at client level
 	blockNum := must(e2eTest.ZEVMClient.BlockNumber(ctx))
 
-	// #nosec G701 e2eTest - always in range
+	// #nosec G115 e2eTest - always in range
 	nonce := must(e2eTest.ZEVMClient.NonceAt(ctx, deployerAccount.EVMAddress(), big.NewInt(int64(blockNum))))
 
-	// #nosec G701 e2e - always in range
+	// #nosec G115 e2e - always in range
 	zevmNonce = big.NewInt(int64(nonce))
 
 	// -------------- TEST BEGINS ------------------

cmd/zetatool/filterdeposit/btc.go

@@ -174,7 +174,7 @@ func getHashList(cfg *config.Config, tssAddress string) ([]Deposit, error) {
 			if strings.Compare("0014", scriptpubkey[:4]) == 0 && targetAddr == tssAddress {
 				entry := Deposit{
 					hash,
-					// #nosec G701 parsing json requires float64 type from blockstream
+					// #nosec G115 parsing json requires float64 type from blockstream
 					uint64(vout0["value"].(float64)),
 				}
 				list = append(list, entry)

cmd/zetatool/filterdeposit/evm.go

@@ -188,9 +188,9 @@ func getTSSDeposits(tssAddress string, startBlock uint64, endBlock uint64, apiKe
 	client := etherscan.New(etherscan.Mainnet, apiKey)
 	deposits := make([]Deposit, 0)
 
-	// #nosec G701 these block numbers need to be *int for this particular client package
+	// #nosec G115 these block numbers need to be *int for this particular client package
 	startInt := int(startBlock)
-	// #nosec G701
+	// #nosec G115
 	endInt := int(endBlock)
 	txns, err := client.NormalTxByAddress(tssAddress, &startInt, &endInt, 0, 0, true)
 	if err != nil {

contrib/rpctest/main.go

@@ -58,7 +58,7 @@ func main() {
 	if bn < 0 {
 		panic("Block number must be non-negative")
 	}
-	// #nosec G701 check as positive
+	// #nosec G115 check as positive
 	bnUint64 := uint64(bn)
 
 	if false {

e2e/e2etests/test_update_bytecode_zrc20.go

@@ -30,7 +30,7 @@ func TestUpdateBytecodeZRC20(r *runner.E2ERunner, _ []string) {
 		r.ZEVMAuth,
 		r.ZEVMClient,
 		big.NewInt(5),
-		// #nosec G701 test - always in range
+		// #nosec G115 test - always in range
 		uint8(coin.CoinType_Gas),
 	)
 	require.NoError(r, err)

e2e/runner/accounting.go

@@ -65,16 +65,16 @@ func (r *E2ERunner) CheckBtcTSSBalance() error {
 
 	// check the balance in TSS is greater than the total supply on ZetaChain
 	// the amount minted to initialize the pool is subtracted from the total supply
-	// #nosec G701 test - always in range
+	// #nosec G115 test - always in range
 	if int64(btcBalance*1e8) < (zrc20Supply.Int64() - 10000000) {
-		// #nosec G701 test - always in range
+		// #nosec G115 test - always in range
 		return fmt.Errorf(
 			"BTC: TSS Balance (%d) < ZRC20 TotalSupply (%d)",
 			int64(btcBalance*1e8),
 			zrc20Supply.Int64()-10000000,
 		)
 	}
-	// #nosec G701 test - always in range
+	// #nosec G115 test - always in range
 	r.Logger.Info(
 		"BTC: Balance (%d) >= ZRC20 TotalSupply (%d)",
 		int64(btcBalance*1e8),

e2e/runner/evm.go

@@ -183,7 +183,7 @@ func (r *E2ERunner) ProveEthTransaction(receipt *ethtypes.Receipt) {
 	txHash := receipt.TxHash
 	blockHash := receipt.BlockHash
 
-	// #nosec G701 test - always in range
+	// #nosec G115 test - always in range
 	txIndex := int(receipt.TransactionIndex)
 
 	block, err := r.EVMClient.BlockByHash(r.Ctx, blockHash)

go.mod

@@ -1,6 +1,6 @@
 module github.com/zeta-chain/zetacore
 
-go 1.20
+go 1.22
 
 require (
 	github.com/cosmos/cosmos-sdk v0.47.10
@@ -39,7 +39,7 @@ require (
 	github.com/frumioj/crypto11 v1.2.5-0.20210823151709-946ce662cc0e
 	github.com/pkg/errors v0.9.1
 	github.com/rakyll/statik v0.1.7
-	github.com/zeta-chain/go-tss v0.1.1-0.20240711114423-d6125e8b3b69
+	github.com/zeta-chain/go-tss v0.1.1-0.20240711225655-6ab1e42a0dee
 	github.com/zeta-chain/keystone/keys v0.0.0-20231105174229-903bc9405da2
 	github.com/zeta-chain/protocol-contracts v1.0.2-athens3.0.20240418181724-c222fd3ae1f5
 	google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0
@@ -96,20 +96,14 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/golang/glog v1.1.2 // indirect
-	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/iancoleman/orderedmap v0.3.0 // indirect
 	github.com/ipfs/boxo v0.10.0 // indirect
 	github.com/jmhodges/levigo v1.0.0 // indirect
 	github.com/libp2p/go-yamux/v4 v4.0.0 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
-	github.com/onsi/ginkgo/v2 v2.9.7 // indirect
+	github.com/onsi/gomega v1.27.7 // indirect
 	github.com/prometheus/tsdb v0.7.1 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.3.3 // indirect
-	github.com/quic-go/qtls-go1-20 v0.2.3 // indirect
-	github.com/quic-go/quic-go v0.33.0 // indirect
-	github.com/quic-go/webtransport-go v0.5.3 // indirect
 	github.com/rjeczalik/notify v0.9.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
@@ -157,7 +151,7 @@ require (
 	github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f // indirect
 	github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd // indirect
 	github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792 // indirect
-	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/cockroachdb/apd/v2 v2.0.2 // indirect
@@ -186,7 +180,6 @@ require (
 	github.com/elastic/gosigar v0.14.2 // indirect
 	github.com/felixge/httpsnoop v1.0.2 // indirect
 	github.com/flynn/noise v1.0.0 // indirect
-	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff // indirect
 	github.com/go-kit/kit v0.12.0 // indirect
@@ -195,7 +188,6 @@ require (
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -356,3 +348,5 @@ replace (
 replace github.com/cometbft/cometbft-db => github.com/notional-labs/cometbft-db v0.0.0-20230321185329-6dc7c0ca6345
 
 replace github.com/evmos/ethermint => github.com/zeta-chain/ethermint v0.0.0-20240531172701-61d040058c94
+
+replace github.com/libp2p/go-libp2p => github.com/zeta-chain/go-libp2p v0.0.0-20240710192637-567fbaacc2b4