Update github-actions (#70)

* Update github-actions

* fix after linting + simplify I2OSP

Signed-off-by: bytemare <[email protected]>

---------

Signed-off-by: bytemare <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: bytemare <[email protected]>

.github/.golangci.yml

@@ -5,59 +5,66 @@ linters:
     - asciicheck
     - bidichk
     - bodyclose
+    - canonicalheader
     - containedctx
     - contextcheck
+    - copyloopvar
     - cyclop
     - decorder
     #- depguard
     - dogsled
     - dupl
     - dupword
     - durationcheck
+    - err113
     - errcheck
     - errchkjson
     - errname
     - errorlint
-    - execinquery
     - exhaustive
     - exhaustruct
-    - exportloopref
+    - fatcontext
     - forbidigo
     - forcetypeassert
     - funlen
     - gci
     - ginkgolinter
+    - gocheckcompilerdirectives
     #- gochecknoglobals
     #- gochecknoinits
+    - gochecksumtype
     - gocognit
     - goconst
     - gocritic
     - gocyclo
     - godot
     - godox
-    - goerr113
     - gofmt
     - gofumpt
     - goheader
     - goimports
-    #- gomnd
     - gomoddirectives
     - gomodguard
     - goprintffuncname
     - gosec
-    - gosmopolitan
     - gosimple
+    - gosmopolitan
     - govet
     - grouper
     - importas
+    - inamedparam
     - ineffassign
     - interfacebloat
+    - intrange
     - ireturn
     - lll
-    - logrlint
+    - loggercheck
     - maintidx
     - makezero
+    - mirror
     - misspell
+    #- mnd
+    - musttag
     - nakedret
     - nestif
     - nilerr
@@ -67,21 +74,25 @@ linters:
     - nolintlint
     #- nonamedreturns
     - nosprintfhostport
-    - musttag
     - paralleltest
+    - perfsprint
     - prealloc
     - predeclared
     - promlinter
+    - protogetter
     - reassign
     - revive
     - rowserrcheck
+    - sloglint
+    - spancheck
     - sqlclosecheck
     - staticcheck
     - stylecheck
     - tagalign
     - tagliatelle
     - tenv
     - testableexamples
+    - testifylint
     - testpackage
     - thelper
     - tparallel
@@ -96,12 +107,11 @@ linters:
     - wrapcheck
     - wsl
     - zerologlint
-  presets:
-    - bugs
-    - unused
-  fast: false
 
 linters-settings:
+  cyclop:
+    max-complexity: 15
+    skip-tests: true
   dupl:
     threshold: 100
   errcheck:
@@ -136,6 +146,8 @@ linters-settings:
       - opinionated
       - performance
       - style
+    disabled-checks:
+      - sloppyReassign
   gocyclo:
     min-complexity: 15
   godox:
@@ -163,10 +175,19 @@ linters-settings:
       - 'encoding.I2OSP'
       - 'encoding.OS2IP'
       - 'make'
+  gosec:
+    excludes:
+      - G115
+    config:
+      G602:
+        frost:
+          - encodedLength
   gosimple:
     checks: [ "all" ]
   govet:
-    check-shadowing: true
+    settings:
+      shadow:
+        strict: true
     disable-all: true
     enable:
       - asmdecl
@@ -211,13 +232,23 @@ linters-settings:
     tab-width: 4
   misspell:
     locale: US
+  mnd:
+    checks:
+      - argument
+      - case
+      - condition
+      - operation
+      - return
+      - assign
+    #ignored-functions:
+    #  - 'nist.setMapping'
+    #  - 'big.NewInt'
+    #  - 'hash2curve.HashToFieldXMD'
   nlreturn:
     block-size: 2
   prealloc:
     simple: false
     for-loops: true
-  unused:
-    check-exported: false
   whitespace:
     multi-if: false
     multi-func: false
@@ -238,8 +269,10 @@ issues:
   # But independently from this option we use default exclude patterns,
   # it can be disabled by `exclude-use-default: false`. To list all
   # excluded by default patterns execute `golangci-lint run --help`
-  exclude:
-    - "should have a package comment, unless it's in another file for this package"
+  #exclude:
+  #- "should have a package comment, unless it's in another file for this package"
+  #- "do not define dynamic errors, use wrapped static errors instead"
+  #- "missing cases in switch of type Group: maxID"
 
   exclude-rules:
     - path: internal/hash.go
@@ -262,4 +295,5 @@ run:
   tests: false
 
 output:
- format: github-actions
+ formats:
+  - format: colored-line-number

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
+      - uses: step-security/harden-runner@18f6947f131da60743dc12d2a22ff28c2b4ea87f
         with:
           disable-sudo: true
           egress-policy: block
@@ -24,17 +24,17 @@ jobs:
             raw.githubusercontent.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@3d10edb4c2d9ac9923e94a5ec73fa063078e9234
         with:
           go-version-file: ./go.mod
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc
+        uses: golangci/golangci-lint-action@a7b658d2951c9acd466331cdf290b5dbac3bcce6
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -48,7 +48,7 @@ jobs:
       matrix:
         go: [ '1.22', '1.21' ]
     steps:
-      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
+      - uses: step-security/harden-runner@18f6947f131da60743dc12d2a22ff28c2b4ea87f
         with:
           disable-sudo: true
           egress-policy: block
@@ -59,11 +59,11 @@ jobs:
             sum.golang.org:443
 
       - name: Checkout repo
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@3d10edb4c2d9ac9923e94a5ec73fa063078e9234
         with:
           go-version: ${{ matrix.go }}
 
@@ -75,7 +75,7 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
+      - uses: step-security/harden-runner@18f6947f131da60743dc12d2a22ff28c2b4ea87f
         with:
           disable-sudo: true
           egress-policy: block
@@ -92,11 +92,11 @@ jobs:
             storage.googleapis.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@3d10edb4c2d9ac9923e94a5ec73fa063078e9234
         with:
           go-version-file: ./go.mod
 
@@ -106,22 +106,22 @@ jobs:
 
       # Codecov
       - name: Codecov
-        uses: codecov/codecov-action@dad251dcaf4fdaa10dfaa1c32aab58f9cb23a448
+        uses: codecov/codecov-action@25fe46e17d692bac1908f2f457f98d2c936d894d
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:
           file: .github/coverage.out
 
       # Sonar
       - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@6bbd64e0cb2194e04addb429d669a9ee873eeeef
+        uses: SonarSource/sonarcloud-github-action@02ef91109b2d589e757aefcfb2854c2783fd7b19
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
           args: >
-            -Dsonar.organization=bytemare-github
-            -Dsonar.projectKey=bytemare_opaque
+            -Dsonar.organization=bytemare
+            -Dsonar.projectKey=opaque
             -Dsonar.go.coverage.reportPaths=.github/coverage.out
             -Dsonar.sources=.
             -Dsonar.exclusions=examples_test.go

.github/workflows/codeql.yml

@@ -26,24 +26,24 @@ jobs:
       fail-fast: false
 
     steps:
-      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
+      - uses: step-security/harden-runner@18f6947f131da60743dc12d2a22ff28c2b4ea87f
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443
 
       - name: Checkout repository
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@8fcfedf57053e09257688fce7a0beeb18b1b9ae3
+        uses: github/codeql-action/init@0f1559aeaf806072ddd427d1b11e1c956e4851a0
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@8fcfedf57053e09257688fce7a0beeb18b1b9ae3
+        uses: github/codeql-action/autobuild@0f1559aeaf806072ddd427d1b11e1c956e4851a0
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8fcfedf57053e09257688fce7a0beeb18b1b9ae3
+        uses: github/codeql-action/analyze@0f1559aeaf806072ddd427d1b11e1c956e4851a0

.github/workflows/scorecards.yml

@@ -22,7 +22,7 @@ jobs:
       id-token: write
 
     steps:
-      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
+      - uses: step-security/harden-runner@18f6947f131da60743dc12d2a22ff28c2b4ea87f
         with:
           disable-sudo: true
           egress-policy: block
@@ -38,12 +38,12 @@ jobs:
             www.bestpractices.dev:443
 
       - name: "Checkout code"
-        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@fad9a3cc533bb069b1f01f272f1f630895cd690a
+        uses: ossf/scorecard-action@e48dbb732fab761267783321dfa71e2a5c6e263d
         with:
           results_file: results.sarif
           results_format: sarif
@@ -61,14 +61,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@552bf3722c16e81001aea7db72d8cedf64eb5f68
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3
+        uses: github/codeql-action/upload-sarif@0f1559aeaf806072ddd427d1b11e1c956e4851a0
         with:
           sarif_file: results.sarif

.github/workflows/snyk.yml

@@ -17,7 +17,7 @@ jobs:
     name: Snyk
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
+      - uses: step-security/harden-runner@18f6947f131da60743dc12d2a22ff28c2b4ea87f
         with:
           disable-sudo: true
           egress-policy: block
@@ -26,9 +26,9 @@ jobs:
             github.com:443
             proxy.golang.org:443
 
-      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8
+        uses: snyk/actions/golang@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with: