chore: bump to Go 1.26 massive cleanup in ory/x

GitOrigin-RevId: 7b23d25f2953d72bc2480bb8a8cac8f7cb08e0fb

Author: alnr

.docker/Dockerfile-local-build

@@ -1,4 +1,4 @@
-FROM golang:1.25 AS builder
+FROM golang:1.26 AS builder
 
 WORKDIR /go/src/github.com/ory/hydra
 

.docker/Dockerfile-test-hsm

@@ -1,14 +1,18 @@
-FROM golang:1.25-alpine3.21 AS builder
+FROM golang:1.26-alpine3.23 AS builder
 
 RUN apk add --no-cache build-base git gcc bash
 
 WORKDIR /go/src/github.com/ory/hydra
 RUN mkdir -p ./internal/httpclient
 
+COPY oryx/go.mod oryx/go.mod
+COPY oryx/go.sum oryx/go.sum
+                
+
 COPY go.mod go.sum ./
 COPY internal/httpclient/go.* ./internal/httpclient
 
-ENV CGO_ENABLED 1
+ENV CGO_ENABLED=1
 
 RUN go mod download
 COPY . .
@@ -23,7 +27,7 @@ ENV HSM_PIN=1234
 RUN apk add --no-cache softhsm opensc
 RUN pkcs11-tool --module "$HSM_LIBRARY" --slot 0 --init-token --so-pin 0000 --init-pin --pin "$HSM_PIN" --label "$HSM_TOKEN_LABEL"
 
-FROM builder as test-hsm
+FROM builder AS test-hsm
 
 RUN go test -p 1 -failfast -short -tags=sqlite,hsm ./...
 

.github/workflows/ci.yaml

@@ -26,7 +26,8 @@ jobs:
           fetch-depth: 2
       - uses: actions/setup-go@v6
         with:
-          go-version: "1.25"
+          check-latest: true
+          go-version-file: go.mod
       - name: Start service
         run: ./test/conformance/start.sh
       - name: Run tests
@@ -65,7 +66,8 @@ jobs:
           fetch-depth: 2
       - uses: actions/setup-go@v6
         with:
-          go-version: "1.25"
+          check-latest: true
+          go-version-file: go.mod
       - run: go list -json > go.list
       - name: Run nancy
         uses: sonatype-nexus-community/nancy-github-action@v1.0.3
@@ -101,7 +103,8 @@ jobs:
       - uses: ory/ci/checkout@master
       - uses: actions/setup-go@v6
         with:
-          go-version: "1.25"
+          check-latest: true
+          go-version-file: go.mod
       - name: Setup HSM libs and packages
         run: |
           sudo apt install -y softhsm2 opensc
@@ -150,7 +153,8 @@ jobs:
       - uses: ory/ci/checkout@master
       - uses: actions/setup-go@v6
         with:
-          go-version: "1.25"
+          check-latest: true
+          go-version-file: go.mod
       - uses: actions/cache@v5
         with:
           path: ./test/e2e/hydra

.github/workflows/codeql-analysis.yml

@@ -44,7 +44,8 @@ jobs:
 
       - uses: actions/setup-go@v6
         with:
-          go-version: "1.25"
+          check-latest: true
+          go-version-file: go.mod
       - run: go version
 
       # Initializes the CodeQL tools for scanning.

.github/workflows/format.yml

@@ -12,7 +12,8 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
-          go-version: "1.25"
+          check-latest: true
+          go-version-file: go.mod
       - run: make format
       - name: Indicate formatting issues
         run: git diff HEAD --exit-code --color

.golangci.yml

@@ -2,7 +2,6 @@ version: "2"
 
 linters:
   enable:
-    - gosec
     - errcheck
     - ineffassign
     - staticcheck
@@ -11,6 +10,7 @@ linters:
     staticcheck:
       checks:
         - "-SA1019"
+
   exclusions:
     rules:
       - path: '_test\.go'

DEVELOP.md

@@ -26,7 +26,7 @@ We encourage all contributions. Before opening a pull request, read the
 
 ## Prerequisites
 
-You need Go 1.13+ with `GO111MODULE=on` and, for the test suites:
+You need Go 1.26+. For the test suites:
 
 - Docker and Docker Compose
 - Makefile

Makefile

@@ -4,7 +4,7 @@ export PATH 		:= .bin:${PATH}
 export PWD 			:= $(shell pwd)
 export IMAGE_TAG 	:= $(if $(IMAGE_TAG),$(IMAGE_TAG),latest)
 
-GOLANGCI_LINT_VERSION = 2.4.0
+GOLANGCI_LINT_VERSION = 2.10.1
 
 .bin/golangci-lint: Makefile
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b .bin v$(GOLANGCI_LINT_VERSION)
@@ -72,12 +72,12 @@ quicktest:
 
 .PHONY: quicktest-hsm
 quicktest-hsm:
-	DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-test-hsm  --target test-hsm -t oryd/hydra:${IMAGE_TAG} --target test-hsm .
+	DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-test-hsm --target test-hsm -t oryd/hydra:${IMAGE_TAG} --target test-hsm .
 
 .PHONY: test-refresh
 test-refresh:
 	UPDATE_SNAPSHOTS=true go test -short -tags sqlite,sqlite_omit_load_extension ./...
-	DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-test-hsm  --target test-refresh-hsm -t oryd/hydra:${IMAGE_TAG} --target test-refresh-hsm .
+	DOCKER_CONTENT_TRUST=1 docker build --progress=plain -f .docker/Dockerfile-test-hsm --target test-refresh-hsm -t oryd/hydra:${IMAGE_TAG} --target test-refresh-hsm .
 
 authors:  # updates the AUTHORS file
 	curl --retry 7 --retry-connrefused https://raw.githubusercontent.com/ory/ci/master/authors/authors.sh | env PRODUCT="Ory Hydra" bash

client/sdk_test.go

@@ -32,28 +32,28 @@ import (
 
 func createTestClient(prefix string) hydra.OAuth2Client {
 	return hydra.OAuth2Client{
-		ClientName:                pointerx.Ptr(prefix + "name"),
-		ClientSecret:              pointerx.Ptr(prefix + "secret"),
-		ClientUri:                 pointerx.Ptr("https://example.org/" + prefix + "uri"),
+		ClientName:                new(prefix + "name"),
+		ClientSecret:              new(prefix + "secret"),
+		ClientUri:                 new("https://example.org/" + prefix + "uri"),
 		Contacts:                  []string{prefix + "peter", prefix + "pan"},
 		GrantTypes:                []string{prefix + "client_credentials", prefix + "authorize_code"},
-		LogoUri:                   pointerx.Ptr("https://example.org/" + prefix + "logo"),
-		Owner:                     pointerx.Ptr(prefix + "an-owner"),
-		PolicyUri:                 pointerx.Ptr("https://example.org/" + prefix + "policy-uri"),
-		Scope:                     pointerx.Ptr(prefix + "foo bar baz"),
-		TosUri:                    pointerx.Ptr("https://example.org/" + prefix + "tos"),
+		LogoUri:                   new("https://example.org/" + prefix + "logo"),
+		Owner:                     new(prefix + "an-owner"),
+		PolicyUri:                 new("https://example.org/" + prefix + "policy-uri"),
+		Scope:                     new(prefix + "foo bar baz"),
+		TosUri:                    new("https://example.org/" + prefix + "tos"),
 		ResponseTypes:             []string{prefix + "id_token", prefix + "code"},
 		RedirectUris:              []string{"https://" + prefix + "redirect-url", "https://" + prefix + "redirect-uri"},
-		ClientSecretExpiresAt:     pointerx.Ptr[int64](0),
-		TokenEndpointAuthMethod:   pointerx.Ptr("client_secret_basic"),
-		UserinfoSignedResponseAlg: pointerx.Ptr("none"),
-		SubjectType:               pointerx.Ptr("public"),
+		ClientSecretExpiresAt:     new(int64(0)),
+		TokenEndpointAuthMethod:   new("client_secret_basic"),
+		UserinfoSignedResponseAlg: new("none"),
+		SubjectType:               new("public"),
 		Metadata:                  map[string]interface{}{"foo": "bar"},
 		// because these values are not nullable in the SQL schema, we have to set them not nil
 		AllowedCorsOrigins: []string{},
 		Audience:           []string{},
 		Jwks:               &hydra.JsonWebKeySet{},
-		SkipConsent:        pointerx.Ptr(false),
+		SkipConsent:        new(false),
 	}
 }
 
@@ -118,7 +118,7 @@ func TestClientSDK(t *testing.T) {
 		assert.EqualValues(t, "bar", result.Metadata.(map[string]interface{})["foo"])
 
 		// secret is not returned on GetOAuth2Client
-		compareClient.ClientSecret = pointerx.Ptr("")
+		compareClient.ClientSecret = new("")
 		gresult, _, err := c.OAuth2API.GetOAuth2Client(context.Background(), *createClient.ClientId).Execute()
 		require.NoError(t, err)
 		assertx.EqualAsJSONExcept(t, compareClient, gresult, append(defaultIgnoreFields, "client_secret"))
@@ -151,7 +151,7 @@ func TestClientSDK(t *testing.T) {
 
 		// again, test if secret is not returned on Get
 		compareClient = updateClient
-		compareClient.ClientSecret = pointerx.Ptr("")
+		compareClient.ClientSecret = new("")
 		gresult, _, err = c.OAuth2API.GetOAuth2Client(context.Background(), *updateClient.ClientId).Execute()
 		require.NoError(t, err)
 		assertx.EqualAsJSONExcept(t, compareClient, gresult, append(defaultIgnoreFields, "client_secret"))
@@ -166,7 +166,7 @@ func TestClientSDK(t *testing.T) {
 
 	t.Run("case=public client is transmitted without secret", func(t *testing.T) {
 		result, _, err := c.OAuth2API.CreateOAuth2Client(context.Background()).OAuth2Client(hydra.OAuth2Client{
-			TokenEndpointAuthMethod: pointerx.Ptr("none"),
+			TokenEndpointAuthMethod: new("none"),
 		}).Execute()
 		require.NoError(t, err)
 
@@ -180,7 +180,7 @@ func TestClientSDK(t *testing.T) {
 
 	t.Run("case=id can be set", func(t *testing.T) {
 		id := uuidx.NewV4().String()
-		result, _, err := c.OAuth2API.CreateOAuth2Client(context.Background()).OAuth2Client(hydra.OAuth2Client{ClientId: pointerx.Ptr(id)}).Execute()
+		result, _, err := c.OAuth2API.CreateOAuth2Client(context.Background()).OAuth2Client(hydra.OAuth2Client{ClientId: new(id)}).Execute()
 		require.NoError(t, err)
 
 		assert.Equal(t, id, pointerx.Deref(result.ClientId))

cmd/cmd_create_client.go

@@ -11,7 +11,6 @@ import (
 	"github.com/ory/hydra/v2/cmd/cliclient"
 	"github.com/ory/x/cmdx"
 	"github.com/ory/x/flagx"
-	"github.com/ory/x/pointerx"
 
 	"github.com/ory/hydra/v2/cmd/cli"
 )
@@ -93,7 +92,7 @@ To encrypt an auto-generated OAuth2 Client Secret, use flags ` + "`--pgp-key`" +
 			if err != nil {
 				return err
 			}
-			cl.ClientId = pointerx.Ptr(flagx.MustGetString(cmd, flagClientId))
+			cl.ClientId = new(flagx.MustGetString(cmd, flagClientId))
 
 			//nolint:bodyclose
 			client, _, err := m.OAuth2API.CreateOAuth2Client(cmd.Context()).OAuth2Client(cl).Execute()
@@ -102,7 +101,7 @@ To encrypt an auto-generated OAuth2 Client Secret, use flags ` + "`--pgp-key`" +
 			}
 
 			if client.ClientSecret == nil && len(secret) > 0 {
-				client.ClientSecret = pointerx.Ptr(secret)
+				client.ClientSecret = new(secret)
 			}
 
 			if encryptSecret && client.ClientSecret != nil {
@@ -112,7 +111,7 @@ To encrypt an auto-generated OAuth2 Client Secret, use flags ` + "`--pgp-key`" +
 					return cmdx.FailSilently(cmd)
 				}
 
-				client.ClientSecret = pointerx.Ptr(enc.Base64Encode())
+				client.ClientSecret = new(enc.Base64Encode())
 			}
 
 			cmdx.PrintRow(cmd, (*outputOAuth2Client)(client))