fix ci: update tools

Author: metachris

.github/workflows/checks.yml

@@ -37,13 +37,13 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Install gofumpt
-        run: go install mvdan.cc/gofumpt@v0.4.0
+        run: go install mvdan.cc/gofumpt@v0.6.0
 
       - name: Install staticcheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@2024.1.1
+        run: go install honnef.co/go/tools/cmd/staticcheck@2025.1.1
 
       - name: Install golangci-lint
-        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
+        run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.2
 
       - name: Lint
         run: make lint

.golangci.yaml

@@ -0,0 +1,104 @@
+version: "2"
+linters:
+  enable-all: true
+  disable:
+    - cyclop
+    - forbidigo
+    - funlen
+    - gochecknoglobals
+    - gochecknoinits
+    - gocritic
+    - godot
+    - godox
+    - mnd
+    - lll
+    - nestif
+    - nilnil
+    - nlreturn
+    - noctx
+    - nonamedreturns
+    - paralleltest
+    - revive
+    - testpackage
+    - unparam
+    - varnamelen
+    - wrapcheck
+    - wsl
+    - exhaustruct
+    - depguard
+    - err113
+
+    #
+    # Disabled because of generics:
+    #
+    - contextcheck
+    - rowserrcheck
+    - sqlclosecheck
+    - wastedassign
+
+    #
+    # Disabled because deprecated:
+    #
+
+linters-settings:
+  #
+  # The G108 rule throws a false positive. We're not actually vulnerable. If
+  # you're not careful the profiling endpoint is automatically exposed on
+  # /debug/pprof if you import net/http/pprof. See this link:
+  #
+  #   https://mmcloughlin.com/posts/your-pprof-is-showing
+  #
+  gosec:
+    excludes:
+      - G108
+
+  tagliatelle:
+    case:
+      rules:
+        json: snake
+
+  gofumpt:
+    extra-rules: true
+
+  exhaustruct:
+    exclude:
+      #
+      # Because it's easier to read without the other fields.
+      #
+      - 'GetPayloadsFilters'
+
+      #
+      # Structures outside our control that have a ton of settings. It doesn't
+      # make sense to specify all of the fields.
+      #
+      - 'cobra.Command'
+      - 'database.*Entry'
+      - 'http.Server'
+      - 'logrus.*Formatter'
+      - 'Options' # redis
+
+      #
+      # Excluded because there are private fields (not capitalized) that are
+      # not initialized. If possible, I think these should be altered.
+      #
+      - 'Datastore'
+      - 'Housekeeper'
+      - 'MockBeaconClient'
+      - 'RelayAPI'
+      - 'Webserver'
+
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gofumpt:
+      extra-rules: true
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$