Latest version used in Github Action despite `version` being set in workflow

[AnomalRoil]

Welcome

• [X] Yes, I understand that the GitHub action repository is not the repository of golangci-lint itself.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, config, etc).

Description of the problem

When using this github action to lint gopass, we regularly have our CI failing because it seems our Gtihub Actions are using the latest release of golangci-lint instead of using the one we specified in our Github Action workflow.

As a proof: https://github.com/gopasspw/gopass/actions/runs/10965254716/job/30450642427?pr=2946#step:11:649 complains that

level=warning msg="The linter 'exportloopref' is deprecated (since v1.60.2) due to: Since Go1.22 (loopvar) this linter is no longer relevant. Replaced by copyloopvar."

But our Github Action is supposed to be using golangci-lint v1.59.1: https://github.com/gopasspw/gopass/blob/1eb3850c42d58cb142ee8434d7e00bf93703f730/.github/workflows/golangci-lint.yml#L43-L46 as per https://github.com/golangci/golangci-lint-action?tab=readme-ov-file#version

This is not new, it's been affecting us for month but we usually just bump our linter version when it does affect us. This time I figured I should maybe report it.

Workaround

Update linter to latest and fix new issues.

Version of golangci-lint

v1.61.0

Version of the GitHub Action

v6.1.0

Workflow file

```yml ```

Golangci-lint configuration

```yml name: golangci-lint on: push: branches: - master pull_request: branches: - master concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: contents: read pull-requests: read jobs: golangci: name: lint runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 raw.githubusercontent.com:443 storage.googleapis.com:443 sum.golang.org:443 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: '1.22' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: version: v1.59.1 # we have a list of linters in our .golangci.yml config file only-new-issues: true ```

Go version

1.22

Code example or link to a public repository

Link to repo: https://github.com/gopasspw/gopass

[ldez]

Hello,

Your logs are from this workflow and not this workflow.

There are 2 different versions of golangci-lint used inside the project, which lead to CI failure.

https://github.com/gopasspw/gopass/blob/b8f0ff8ff2570963b534d70961919d638c6a763b/Makefile#L136

https://github.com/gopasspw/gopass/blob/b8f0ff8ff2570963b534d70961919d638c6a763b/.github/workflows/golangci-lint.yml#L46

FYI: there are a few months, I already contributed to gopass to update the version: https://github.com/gopasspw/gopass/pull/2841

[ldez]

https://github.com/gopasspw/gopass/pull/2948

[AnomalRoil]

Ahahah, sorry for that, our bad.