Bug: tools/go.mod has invalid Go version 1.22

[jpmcb]

Describe the bug

When attempting to build and verify artifacts using make all for the first time, there is a toolchain problem:

❯ make all
# Update root go modules
go mod tidy && go mod verify
all modules verified
cd tools; go mod tidy && go mod verify; cd ../
go: downloading go1.22 (darwin/arm64)
go: download go1.22 for darwin/arm64: toolchain not available
cd tools; GOBIN=/Users/jpmcb/workspace/ossf-scorecard/tools/bin go install github.com/golang/mock/mockgen
go: downloading go1.22 (darwin/arm64)
go: download go1.22 for darwin/arm64: toolchain not available
make: *** [/Users/jpmcb/workspace/ossf-scorecard/tools/bin/mockgen] Error 1

Primarily download go1.22 for darwin/arm64: toolchain not available in the tools Go module:

https://github.com/ossf/scorecard/blob/b48bdbf250dedadedb42934480bb885d756ead0c/tools/go.mod#L3

"1.22" is not a valid Go version and is not recognized by the toolchain as a valid version to download:

https://github.com/golang/go/issues/65568

Making this change fixed the problem and I was able to build:

- go 1.22
+ go 1.22.0

Reproduction steps Steps to reproduce the behavior:

1. Freshly clone the repo
2. Run make all
3. Notice failure in the tools directory

Expected behavior

Should be able to clone repo and make all without toolchain failures or needing to make go.mod changes

[jpmcb]

Seems there was a change after Go 1.21 that prefers the X.Y.Z directive format: https://github.com/golang/go/issues/62278#issuecomment-1698829945 since X.Y versions of Go are generally not downloadable or captureable by the automatic toolchain upgrading mechanisms.

[spencerschrock]

Thanks for the report. Our CI (and likely all of the maintainer dev environments) is setup in a way that Go 1.22.x is already available, so I hadn't run into this.

Merging #4240 required me to take care of this anyway, but let me know if the issue persists after merged.

[jpmcb]

Fixed! Thanks @spencerschrock !! 🫡