Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

govulncheck-action: Support Go 1.22 #65032

Closed
1366613 opened this issue Jan 9, 2024 · 4 comments
Closed

govulncheck-action: Support Go 1.22 #65032

1366613 opened this issue Jan 9, 2024 · 4 comments
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
Unreleased

Comments

@1366613
Copy link

1366613 commented Jan 9, 2024

Go version

go version go1.22rc1 darwin/arm64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/aurora/Library/Caches/go-build'
GOENV='/Users/aurora/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/aurora/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/aurora/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.22rc1'
GCCGO='gccgo'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='0'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/tb/zwvbx7v51gz7lbj4x4fhn3wr0000gn/T/go-build2929267714=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

Try to run govulncheck GitHub Action

What did you see happen?

Encountered error: Command failed: go env GOPATH go: downloading go1.22 (linux/amd64) go: download go1.22 for linux/amd64: toolchain not available

What did you expect to see?

govulncheck able to run with Go 1.22
@mauri870
Copy link
Member

mauri870 commented Jan 9, 2024

This is not a govulncheck issue, it has to do with how go tool handle development versions.

Please see #62278 (comment) and #62278 (comment)

@dmitshur
Copy link
Contributor

dmitshur commented Jan 9, 2024

CC @golang/vulndb.

@dmitshur dmitshur added WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo labels Jan 9, 2024
@dmitshur dmitshur added this to the Unreleased milestone Jan 9, 2024
@hyangah
Copy link
Contributor

hyangah commented Jan 10, 2024

This is WAI.
There is no official, stable go1.22 (i.e. go1.22.0) yet. The prerelease go1.22rc1 is out but needs to be manually selected. If your project requires go1.22+, I think it makes more sense to configure your workflow to use go1.22+. Or wait until go1.22 is released.

Looking at https://github.com/golang/govulncheck-action/blob/master/action.yml, this github action is just a wrapper of actions/setup-go, go install govulncheck, and then run govulncheck command, and nothing more. Assuming most users already setup go in their workflow, can't this be achieved one extra command on top of their existing workflow?

go run golang.org/x/vuln/cmd/govulncheck@latest <whatever args....>

@zpavlinovic zpavlinovic self-assigned this Jan 16, 2024
@zpavlinovic
Copy link
Contributor

govulncheck-action also supports go-version-input (which is passed to setup-go under the hood). Closing this.

@gabyhelp gabyhelp mentioned this issue Dec 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@zpavlinovic @dmitshur @hyangah @mauri870 @1366613