Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

go 1.21 support #13992

Closed
vadimi-ep opened this issue Aug 17, 2023 · 16 comments
Closed

go 1.21 support #13992

vadimi-ep opened this issue Aug 17, 2023 · 16 comments
Labels
acknowledged GitHub staff acknowledges this issue question Further information is requested

Comments

@vadimi-ep
Copy link

Hello, we are trying to scan a repo that uses go 1.21, but getting the following error from the codeql autobuild step:

Error: 2023/08/17 15:21:38   /opt/hostedtoolcache/go/1.21.0/x64/src/slices/sort.go:67:7: undefined: min
  Error: 2023/08/17 15:21:38   /opt/hostedtoolcache/go/1.21.0/x64/src/slices/sort.go:97:7: undefined: max
  2023/08/17 15:21:38   -: This application uses version go1.20 of the source-processing packages but runs version go1.21 of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go.
@vadimi-ep vadimi-ep added the question Further information is requested label Aug 17, 2023
@aibaars
Copy link
Contributor

aibaars commented Aug 17, 2023

Thanks for reporting. Are you using Go 1.21 in your workflow? You can use https://github.com/actions/setup-go to select the right go version.

@mbg
Copy link
Member

mbg commented Aug 17, 2023

Hi @vadimi-ep! Those errors are expected with the current CodeQL release and shouldn't get in the way of your analysis. They will go away in the next CodeQL release.

See #13867 (comment) for my answer to an earlier question about this.

@vadimi-ep
Copy link
Author

yes, go 1.21 is used through setup-go action.

@mbg thanks for this

@sidshank sidshank added the acknowledged GitHub staff acknowledges this issue label Aug 18, 2023
@AlekSi
Copy link

AlekSi commented Sep 7, 2023

go-extractor fails with:

invalid go version '1.21.1': must match format 1.23

But Go 1.21 allows directives like go 1.21.1 in go.mod files. From https://go.dev/blog/toolchain

Starting in Go 1.21, Go toolchains will treat the go line in go.mod not as a guideline but as a rule, and the line can list specific point releases or release candidates. That is, Go 1.21.0 understands that it cannot even build code that says go 1.21.1 in its go.mod file, not to mention code that says much later versions like go 1.22.0.

@mbg
Copy link
Member

mbg commented Sep 8, 2023

@AlekSi that should not be happening with the latest releases of CodeQL. Can you confirm which version of the CodeQL CLI you are using and that you have Go 1.21 installed on the machine that you are running this on? See e.g. github/codeql-action#1842

@AlekSi
Copy link

AlekSi commented Sep 8, 2023

I don't have any configuration for CodeQL other than a settings toggle. The output is here: https://github.com/FerretDB/FerretDB/actions/runs/6120237173/job/16611693348

edit: the output is here: https://github.com/FerretDB/FerretDB/actions/runs/6111733513/job/16587623673. The previous URL shows a different 1.21-related problem

@mbg
Copy link
Member

mbg commented Sep 8, 2023

Ah thank you for that extra information @AlekSi! It seems that some changes I was expecting to be in CodeQL 2.14.3 didn't actually make it into that release, but they should be in the next release and then that problem should go away. The problem is that Go 1.21 is not installed, but because you are using our default setup functionality, you are dependent on us installing that version of Go for you, which is what I expected to already happen correctly in 2.14.3, but doesn't seem to be there yet. Sorry about that!

@jon-whit
Copy link

I'm still seeing this issue even despite the recent release 7 hours ago. What's the ETA? It's blocking some builds.
Screenshot 2023-09-12 at 3 37 51 PM

@mbg
Copy link
Member

mbg commented Sep 12, 2023

@jon-whit New CLI releases aren't immediately used by the CodeQL Action. There's always a short delay between the CLI release and it becoming the default used by the Action. Assuming that your question relates to the openfga/openfga repository, I can see that your most recent CodeQL run still used version 2.14.3 of the CLI. Once the Action uses the new CLI release, you should see the error disappear.

@sidshank
Copy link
Contributor

sidshank commented Sep 13, 2023

@jon-whit CodeQL Action workflows across GitHub should start using the new CodeQL CLI over the next 24-48 hours (the clock begins once a new CLI version is released)

@jon-whit
Copy link

@mbg @sidshank thanks

@taigrr
Copy link
Contributor

taigrr commented Sep 26, 2023

the /x/tools package is still out of date, preventing the go analysis tools from loading correctly for me.

I think this might help:
#14314

@mbg
Copy link
Member

mbg commented Sep 26, 2023

@taigrr thanks for opening that PR, I will have a look at it. However, I don't think your problem is caused by an out-of-date version of /x/tools. Looking at your CodeQL workflow runs, it looks like they all ran with Go 1.20. Can you look at my instructions in github/codeql-action#1842 (comment) to install Go 1.21 for your CodeQL workflow?

@taigrr
Copy link
Contributor

taigrr commented Sep 26, 2023

That fix definitely helped, as I would expect. I was under the impression the /x/tools update would help the automatic version detection work correctly with the x.y.z version format, but maybe I'm wrong. I know I saw an update to x/tools recently helped my LSP figure out the new version format, and I saw the same error message issue here.

@mbg
Copy link
Member

mbg commented Sep 26, 2023

@taigrr No problem, it makes sense that you would have jumped to that conclusion based on your experience with the LSP! We had already upgraded /x/tools to a version that supports the new version format around the time that Go 1.21 was released, so there shouldn't have been any issues with that.

I am aware of one issue we had with the new version format recently, but that got patched as well, and would have manifested differently.

wzy9607 added a commit to wzy9607/amqp091otel that referenced this issue Feb 9, 2024
Signed-off-by: Cattī Crūdēlēs <[email protected]>
wzy9607 added a commit to wzy9607/amqp091otel that referenced this issue Feb 9, 2024
* feature(ci): Create codeql.yml

* fix go version github/codeql#13992

Signed-off-by: Cattī Crūdēlēs <[email protected]>

---------

Signed-off-by: Cattī Crūdēlēs <[email protected]>
fnaranjo-vmw added a commit to cloudfoundry/csb-brokerpak-aws that referenced this issue Feb 9, 2024
fnaranjo-vmw added a commit to cloudfoundry/cloud-service-broker that referenced this issue Feb 9, 2024
fnaranjo-vmw added a commit to cloudfoundry/cloud-service-broker that referenced this issue Feb 9, 2024
fnaranjo-vmw added a commit to cloudfoundry/csb-brokerpak-aws that referenced this issue Feb 9, 2024
another-rex pushed a commit to google/osv-scanner that referenced this issue Mar 4, 2024
…t` (#786)

I was having a look at the openssf scorecard score as I've not really
dug into that before, and saw it was flagging some unpinned actions.

Most of them were about the `osv-scanner` action itself which I don't
think can be pinned since the point is to use the latest version for
self testing right? but we can pin `actions/download-artifact` and
`actions/setup-go` _though_ I'm pretty sure that isn't needed anymore
because it was a workaround for
github/codeql#13992 and we were just waiting
on a new version? either way we'll find out.
@mbg
Copy link
Member

mbg commented Mar 18, 2024

I forgot to close this, but Go 1.21 support shipped back in October.

@mbg mbg closed this as completed Mar 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
acknowledged GitHub staff acknowledges this issue question Further information is requested
Projects
None yet
Development

No branches or pull requests

7 participants