Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump setup-go in gh actions to v4 and disable cache on release/vulncheck #707

Merged
merged 1 commit into from
Jul 12, 2023
Merged

Bump setup-go in gh actions to v4 and disable cache on release/vulncheck #707

merged 1 commit into from
Jul 12, 2023

Conversation

sergiught
Copy link
Contributor

@sergiught sergiught commented Jul 12, 2023
edited
Loading

🔧 Changes

The v4 version of https://github.com/actions/setup-go#caching-dependency-files-and-build-output enables caching by default, however in go 1.20.5 there's a vulnerability that got fixed in 1.20.6, so we need to both make a release and check for vulnerabilities with the latest version of Go.

📚 References

🔬 Testing

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@codecov-commenter
Copy link

codecov-commenter commented Jul 12, 2023
edited
Loading

Codecov Report

Merging #707 (f8872a1) into v1 (99d0fce) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##               v1     #707   +/-   ##
=======================================
  Coverage   87.64%   87.64%           
=======================================
  Files          82       82           
  Lines       13530    13530           
=======================================
  Hits        11859    11859           
  Misses       1263     1263           
  Partials      408      408

@sergiught sergiught changed the title Ensure we check for the latest version of Go when running govulncheck Bump setup-go in gh actions to v4 and disable cache on release/vulncheck Jul 12, 2023
@sergiught sergiught force-pushed the patch/gocheck branch 2 times, most recently from 3da577c to e361e8b Compare July 12, 2023 08:31
sergiught
sergiught commented Jul 12, 2023
View reviewed changes
.github/workflows/security.yml
@@ -29,3 +29,7 @@ jobs:
steps:
- name: Scan for vulnerabilities in go code
uses: golang/[email protected]
with:
go-version-input: 1.20.6
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For some reason I need to specify this to be 1.20.6, otherwise it resolve to 1.20.5 even tho we set check latest to true and cache false. 🤷🏻

@sergiught sergiught marked this pull request as ready for review July 12, 2023 08:35
@sergiught sergiught requested a review from a team as a code owner July 12, 2023 08:35
@sergiught sergiught merged commit 63c96bb into v1 Jul 12, 2023
@sergiught sergiught deleted the patch/gocheck branch July 12, 2023 10:28
sergiught added a commit that referenced this pull request Jul 18, 2023
@sergiught
Bump setup-go in gh actions to v4 and disable cache on release/vulnch…
ca9b8bd 
…eck (#707)
@sergiught sergiught mentioned this pull request Jul 18, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Widcket Widcket Widcket approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sergiught @codecov-commenter @Widcket