The way (roughly) we process the input repository with regards to Go is that we create a unique temporary location where we fetch everything needed by Go directly, then when all the steps succeeded we move the temporary content to the location pointed to by --output DIRECTORY followed by wiping the whole cache origin with go clean -modcache.
However, when vendoring, we don't move the fetched content anywhere because the premise here is that all dependencies are vendored by the project and Go should do the right thing. The problem is that toolchains fetched automatically by Go via the means of GOTOOLCHAIN=auto aren't vendored and hence would be wiped along with the rest of downloaded/created objects. This ultimately means that if users wish to make use of the pre-fetched toolchains (also by setting GOTOOLCHAIN=auto in their build environments) they won't be able to if they're vendoring their dependencies.
Usage of pre-fetched toolchains is discouraged anyway because potential issues in multi-arch environments (i.e. x86_64 can't prefetch an aarch64 toolchain via official Go means without much hacking), but we could maybe solve this in documentation.
The way (roughly) we process the input repository with regards to Go is that we create a unique temporary location where we fetch everything needed by Go directly, then when all the steps succeeded we move the temporary content to the location pointed to by
--output DIRECTORYfollowed by wiping the whole cache origin withgo clean -modcache. However, when vendoring, we don't move the fetched content anywhere because the premise here is that all dependencies are vendored by the project and Go should do the right thing. The problem is that toolchains fetched automatically by Go via the means ofGOTOOLCHAIN=autoaren't vendored and hence would be wiped along with the rest of downloaded/created objects. This ultimately means that if users wish to make use of the pre-fetched toolchains (also by settingGOTOOLCHAIN=autoin their build environments) they won't be able to if they're vendoring their dependencies. Usage of pre-fetched toolchains is discouraged anyway because potential issues in multi-arch environments (i.e. x86_64 can't prefetch an aarch64 toolchain via official Go means without much hacking), but we could maybe solve this in documentation.