Upgrade baton-sdk to v0.4.0.

.github/workflows/ci.yaml

@@ -4,31 +4,30 @@ jobs:
   go-lint:
     runs-on: ubuntu-latest
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: 1.23.x
-    - name: Checkout code
-      uses: actions/checkout@v4
+        go-version-file: go.mod
     - name: Run linters
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v8
       with:
-        version: latest
+        version: v2.4
         args: --timeout=3m
   go-test:
     strategy:
       matrix:
-        go-version: [ 1.23.x ]
         platform: [ ubuntu-latest ]
     runs-on: ${{ matrix.platform }}
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
     - name: Install Go
       if: success()
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ matrix.go-version }}
-    - name: Checkout code
-      uses: actions/checkout@v4
+        go-version-file: go.mod
     - name: go tests
       run: go test -v -covermode=count -json ./... > test.json
     - name: annotate go tests

.github/workflows/main.yaml

@@ -7,31 +7,31 @@ jobs:
   go-lint:
     runs-on: ubuntu-latest
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: 1.23.x
-    - name: Checkout code
-      uses: actions/checkout@v4
+        go-version-file: go.mod
     - name: Run linters
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v8
       with:
-        version: latest
+        version: v2.4
         args: --timeout=3m
   go-test:
     strategy:
       matrix:
-        go-version: [ 1.23.x ]
+        go-version: [ 1.25.x ]
         platform: [ ubuntu-latest ]
     runs-on: ${{ matrix.platform }}
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
     - name: Install Go
       if: success()
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ matrix.go-version }}
-    - name: Checkout code
-      uses: actions/checkout@v4
+        go-version-file: go.mod
     - name: go tests
       run: go test -v -covermode=count -json ./... > test.json
     - name: annotate go tests

.github/workflows/release.yaml

@@ -3,59 +3,17 @@ name: Release
 on:
   push:
     tags:
-    - '*'
+      - "*"
 
 jobs:
-  goreleaser:
-    runs-on: macos-latest
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: 1.23.x
-    - name: Set up Gon
-      run: brew tap conductorone/gon && brew install conductorone/gon/gon
-    - name: Import Keychain Certs
-      uses: apple-actions/import-codesign-certs@v1
-      with:
-        p12-file-base64: ${{ secrets.APPLE_SIGNING_KEY_P12 }}
-        p12-password: ${{ secrets.APPLE_SIGNING_KEY_P12_PASSWORD }}
-    - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@v6
-      with:
-        version: "~> v2"
-        args: release --clean
-      env:
-        GITHUB_TOKEN: ${{ secrets.RELENG_GITHUB_TOKEN }}
-        AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-        AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
-  goreleaser-docker:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: 1.23.x
-    - name: Docker Login
-      uses: docker/login-action@v1
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.RELENG_GITHUB_TOKEN }}
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-    - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@v6
-      with:
-        version: "~> v2"
-        args: release --clean -f .goreleaser.docker.yaml
-      env:
-        GITHUB_TOKEN: ${{ secrets.RELENG_GITHUB_TOKEN }}
+  release:
+    uses: ConductorOne/github-workflows/.github/workflows/release.yaml@v2
+    with:
+      tag: ${{ github.ref_name }}
+    secrets:
+      RELENG_GITHUB_TOKEN: ${{ secrets.RELENG_GITHUB_TOKEN }}
+      APPLE_SIGNING_KEY_P12: ${{ secrets.APPLE_SIGNING_KEY_P12 }}
+      APPLE_SIGNING_KEY_P12_PASSWORD: ${{ secrets.APPLE_SIGNING_KEY_P12_PASSWORD }}
+      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+      AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
+      DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}

.golangci.yml

@@ -1,103 +1,118 @@
-linters-settings:
-  exhaustive:
-    default-signifies-exhaustive: true
-
-  gocritic:
-    # The list of supported checkers can be find in https://go-critic.github.io/overview.
-    settings:
-      underef:
-        # Whether to skip (*x).method() calls where x is a pointer receiver.
-        skipRecvDeref: false
-
-  govet:
-    enable-all: true
-    disable:
-      - fieldalignment # too strict
-      - shadow # complains too much about shadowing errors. All research points to this being fine.
-
-  nakedret:
-    max-func-lines: 0
-
-  nolintlint:
-    allow-no-explanation: [ forbidigo, tracecheck, gomnd, gochecknoinits, makezero ]
-    require-explanation: true
-    require-specific: true
-
-  revive:
-    ignore-generated-header: true
-    severity: error
-    rules:
-      - name: atomic
-      - name: line-length-limit
-        arguments: [ 200 ]
-      # These are functions that we use without checking the errors often. Most of these can't return an error even
-      # though they implement an interface that can.
-      - name: unhandled-error
-        arguments:
-          - fmt.Printf
-          - fmt.Println
-          - fmt.Fprintf
-          - fmt.Fprintln
-          - os.Stderr.Sync
-          - sb.WriteString
-          - buf.WriteString
-          - hasher.Write
-          - os.Setenv
-          - os.RemoveAll
-      - name: var-naming
-        arguments: [["ID", "URL", "HTTP", "API"], []]
-
-  tenv:
-    all: true
-
-  varcheck:
-    exported-fields: false # this appears to improperly detect exported variables as unused when they are used from a package with the same name
-
-
+version: "2"
 linters:
-  disable-all: true
+  default: none
   enable:
-    - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
-    - gosimple # Linter for Go source code that specializes in simplifying a code
-    - govet # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
-    - ineffassign # Detects when assignments to existing variables are not used
-    - staticcheck # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code
-    - unused # Checks Go code for unused constants, variables, functions and types
-    - asasalint # Check for pass []any as any in variadic func(...any)
-    - asciicheck # Simple linter to check that your code does not contain non-ASCII identifiers
-    - bidichk # Checks for dangerous unicode character sequences
-    - bodyclose # checks whether HTTP response body is closed successfully
-    - durationcheck # check for two durations multiplied together
-    - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    - exhaustive # check exhaustiveness of enum switch statements
-    - forbidigo # Forbids identifiers
-    - gochecknoinits # Checks that no init functions are present in Go code
-    - goconst # Finds repeated strings that could be replaced by a constant
-    - gocritic # Provides diagnostics that check for bugs, performance and style issues.
-    - godot # Check if comments end in a period
-    - goimports # In addition to fixing imports, goimports also formats your code in the same style as gofmt.
-    - gomoddirectives # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
-    - goprintffuncname # Checks that printf-like functions are named with f at the end
-    - gosec # Inspects source code for security problems
-    - nakedret # Finds naked returns in functions greater than a specified function length
-    - nilerr # Finds the code that returns nil even if it checks that the error is not nil.
-    - noctx # noctx finds sending http request without context.Context
-    - nolintlint # Reports ill-formed or insufficient nolint directives
-    - nonamedreturns # Reports all named returns
-    - nosprintfhostport # Checks for misuse of Sprintf to construct a host with port in a URL.
-    - predeclared # find code that shadows one of Go's predeclared identifiers
-    - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
-    - tenv # tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
-    - tparallel # tparallel detects inappropriate usage of t.Parallel() method in your Go test codes
-    - unconvert # Remove unnecessary type conversions
-    - usestdlibvars # detect the possibility to use variables/constants from the Go standard library
-    - whitespace # Tool for detection of leading and trailing whitespace
-
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - durationcheck
+    - errcheck
+    - errorlint
+    - exhaustive
+    - forbidigo
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - godot
+    - gomoddirectives
+    - goprintffuncname
+    - gosec
+    - govet
+    - ineffassign
+    - nakedret
+    - nilerr
+    - noctx
+    - nolintlint
+    - nonamedreturns
+    - nosprintfhostport
+    - predeclared
+    - revive
+    - staticcheck
+    - tparallel
+    - unconvert
+    - unused
+    - usestdlibvars
+    - whitespace
+  settings:
+    exhaustive:
+      default-signifies-exhaustive: true
+    gocritic:
+      enabled-checks:
+        - ruleguard
+      settings:
+        ruleguard:
+          rules: ${base-path}/tools/rules.go
+        underef:
+          skipRecvDeref: false
+    govet:
+      disable:
+        - fieldalignment
+        - shadow
+      enable-all: true
+    nakedret:
+      max-func-lines: 0
+    nolintlint:
+      require-explanation: true
+      require-specific: true
+      allow-no-explanation:
+        - forbidigo
+        - tracecheck
+        - gomnd
+        - gochecknoinits
+        - makezero
+    revive:
+      severity: error
+      rules:
+        - name: atomic
+        - name: line-length-limit
+          arguments:
+            - 200
+          exclude:
+            - pkg/bcb/generate.go
+        - name: unhandled-error
+          arguments:
+            - fmt.Printf
+            - fmt.Println
+            - fmt.Fprint
+            - fmt.Fprintf
+            - fmt.Fprintln
+            - os.Stderr.Sync
+            - sb.WriteString
+            - buf.WriteString
+            - hasher.Write
+            - os.Setenv
+            - os.RemoveAll
+        - name: var-naming
+          arguments:
+            - - ID
+              - URL
+              - HTTP
+              - API
+            - []
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - godot
+        source: (TODO)
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
 issues:
   max-same-issues: 50
-
-  exclude-rules:
-    # Don't require TODO comments to end in a period
-    - source: "(TODO)"
-      linters: [ godot ]
+formatters:
+  enable:
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$