dsame
commented
1 year ago Hello @ldemailly , thank you for the input we will start review the suggestion in the near future.
Open ldemailly opened 1 year ago
dsame
commented
1 year ago Hello @ldemailly , thank you for the input we will start review the suggestion in the near future.
embano1
commented
1 year ago The new tool management capabilities in 1.21 are slightly related to this discussion IMHO:
When you need a new version of a Go module, the go command downloads it for you. Starting in Go 1.21, when you need a newer Go toolchain, the go command downloads that for you too. This functionality is like Node’s nvm or Rust’s rustup, but built in to the core go command instead of being a separate tool.
If you are running Go 1.21.0 and you run a go command, say, go build, in a module with a go.mod that says go 1.21.1, the Go 1.21.0 go command will notice that you need Go 1.21.1, download it, and re-invoke that version’s go command to finish the build. When the go command downloads and runs these other toolchains, it doesn’t install them in your PATH or overwrite the current installation. Instead, it downloads them as Go modules, inheriting all the security and privacy benefits of modules, and then it runs them from the module cache.
Do we need a discussion/consensus on if/how setup-go should use this new capability?
silverwind
commented
8 months ago It happened again with the go 1.21.8 / 1.22.1 release: https://github.com/actions/setup-go/issues/462
ldemailly
commented
7 months ago and now again with 1.21.9 and 1.22.2
ldemailly
commented
7 months ago Do we need a discussion/consensus on if/how setup-go should use this new capability?
Yeah as a user and having many repos with CI I think what the go team did is breaking the semantic of go version in go.mod it's been since day one language version without a patch level which implied a minimal version and obviously one wants all the patch/bug fixes as available - I, like others, highlighted the issue in https://github.com/golang/go/issues/66175#issuecomment-2010343876 and other issues)
ie I don't want to have to edit my go.mod each time a patch comes up - I want to say "go 1.21" in my setup and that means 1.21.9 as of today (which btw... it's 1.21.8 sadly) and ditto for 1.22 -> 1.22.2 - somehow 1.22 does end up starting with 1.22.1 and then getting 1.22.2 - see builds from https://github.com/fortio/workflows/pull/15
ldemailly
commented
7 months ago meanwhile despite go-versions not having a PR, it works if you specify go1.22.2 (but it's cumbersome as mentioned before ^)
output
Setup go version spec 1.22.2
Attempting to resolve the latest version from the manifest...
matching 1.22.2...
Failed to resolve version 1.22.2 from manifest
Attempting to download 1.22.2...
matching 1.22.2...
Not found in manifest. Falling back to download directly from Go
Install from dist
Acquiring go1.22.2 from https://storage.googleapis.com/golang/go1.22.2.linux-amd64.tar.gz
Extracting Go...
/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/1a372f61-c[8](https://github.com/fortio/workflows/actions/runs/8545735206/job/23414664380#step:3:9)f6-443c-af49-e3ac60a30192 -f /home/runner/work/_temp/b6e2e65b-ea1b-484b-8c1e-d74820[9](https://github.com/fortio/workflows/actions/runs/8545735206/job/23414664380#step:3:10)04d08
Successfully extracted go to /home/runner/work/_temp/1a372f61-c8f6-443c-af49-e3ac60a30192
Adding to the cache ...
Successfully extracted go to /home/runner/work/_temp/1a372f61-c8f6-443c-af49-e3ac60a30192
Adding to the cache ...
Successfully cached go to /opt/hostedtoolcache/go/1.22.2/x64
Added go to the path
Successfully set up Go version 1.22.2
earl-warren
commented
6 months ago And again with 1.22.3
ldemailly
commented
6 months ago ~still not getting 1.22.3~ edit - I had pinned the version to 1.22.2 my bad
emerikaji
commented
6 months ago Bump, encountered that problem as well. Is there a specific reason for needing manual approval of each Go patch version? It doesn't seem like Go has a history of patches breaking anything.
ldemailly
commented
5 months ago ping - 1.22.4 is out
kolyshkin
commented
5 months ago ping - 1.22.4 is out
In fact, https://github.com/actions/go-versions/pull/100 was opened and merged ~4 hours after the above comment was added, so that was quite fast (and there's apparently some automation in place, which is good).
Yet, as of now (~16 hours after https://github.com/actions/go-versions/pull/100 is merged), actions/setup-go with go-version: 1.22.x still installs go 1.22.3 :(
ldemailly
commented
5 months ago 1.22 + latest:true works for me but will reiterate the lag due to manual review is less than desirable
ldemailly
commented
4 months ago 1.22.5 pretty please
ldemailly
commented
1 month ago again 1.22.8
Description: Trust the go team releases and have a minimal delay between the go team shipping a new patch release (e.g 1.20.6 to 1.20.7) and that patch becoming available with setup-go check latest actions - as in making go-versions update entirely automatic with no lag from humans
Justification: Otherwise build break (in part because of govulncheck) or have to wait to release security fixed binaries
Are you willing to submit a PR? I would but it's probably easier for someone familiar
There are a few hints on "how"
https://github.com/actions/setup-go/issues/405#issuecomment-1664433639
https://github.com/actions/setup-go/issues/405#issuecomment-1664747189