feat: add AutoTLS example

[2color]

This adds an example showing how to use the p2p-forge client library with the AutoTLS backend to issue a wild card certificate.

Credits to @guillaumemichel for writing the initial code in this example.

Fix before merging

• The libp2p.direct address is not announced by the peer via identify, even though the peer has successfully minted a TLS certificate. Fixed by c16ebd9
• Store peer identity on disk to avoid generating a new certificate on each run

[2color]

@MarcoPolo Is it a problem this PR upgrades the go to 1.23 in go.mod?

I believe this happened due to dependency on p2p-forge

[guillaumemichel]

ipshipyard/p2p-forge#29 should solve the build issue

[2color]

When running this, occasionally it doesn't retrieve (or even request). Here are logs

[lidel]

💭 I suspect this produces staticcheck ./... error:

• https://github.com/libp2p/go-libp2p/actions/runs/12676518662/job/35329879396?pr=3103#step:12:36

In the past, the fix was to:

1. check if go install honnef.co/go/tools/cmd/staticcheck@latest → staticcheck ./... passes locally
2. ask IPDX to update Unified GO CI to use new staticcheck

[lidel]

Confirmed, staticcheck@a093f7c2d3d45d5104fb3414ae939a98be37be02 used on CI does not support 1.23 correctly, and 1.22 is also bit out of date: https://github.com/dominikh/go-tools/releases

Will ping IPDX.

[galargh]

I looked into this. In the go-check workflow, we're choosing the version of staticcheck to use based on the Go version that we're using. We already have the latest staticcheck version associated with the latest Go version. This PR changes the Go version in the go.mod file to 1.23, but it didn't change it in the go-check workflow file. I updated it here - 5da91ac

The reason why the Go version is explicitly set in the workflow file is because the maintainers of this repository preferred the version string to be present in the workflow run name, and this was the way to achieve that. You'll notice that in most other repos using Unified GitHub Workflows, the names of the workflow runs will contain things like this/next. In those, all we need to do to update the version used by the workflow is to update the go.mod.

We should also have a look at the go-test workflow. Should we remove testing with Go 1.22 in this PR from here - https://github.com/libp2p/go-libp2p/blob/add-autotls-example/.github/workflows/go-test.yml#L20 - as well?

[lidel]

Thank you for figuring this out. go-check fix should be good enough.
I don't think we should remove 1.22 support, the main /go.mod still uses that. We should not change this without approval of @libp2p/go-libp2p-maintainers

@2color I think the source of problem here in that this PR is bumping go version to 1.23 in examples/go.mod but the main go.mod remains on 1.22.

Perhaps we could do go mod edit -go=1.22 to pin /examples/go.mod to 1.22 to match /go.mod?

[galargh]

You're right! We're modifying the examples/go.mod here, not the main one. Totally agree with your point then 👍

[2color]

I believe that the bump to go 1.23 was necessary because one of the dependencies requires it. I'll try pinning the examples go.mod to 1.22 and seeing if it still compiles

[2color]

As I suspected, if go.mod for the examples is updated to use go 1.22, it doesn't build.

go: updates to go.mod needed; to update it:
	go mod tidy

If I try to build with go 1.221 I get:

go: github.com/ipshipyard/[email protected] requires go >= 1.23 (running go 1.22.8; GOTOOLCHAIN=local)

[guillaumemichel]

nit: IIUC quic isn't required for the example to work. We can remove the transport if the goal is to show a minimal working example.

[MarcoPolo]

@MarcoPolo Is it a problem this PR upgrades the go to 1.23 in go.mod?

I believe this happened due to dependency on p2p-forge

Yes. We can't do that until the Go team releases 1.24