-
Notifications
You must be signed in to change notification settings - Fork 408
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(ci): remove Go patch version from go.mod #4303
base: master
Are you sure you want to change the base?
Conversation
@julio-lopez do you see any reasons we should not do it? |
@kaovilai looks like it's not compiling. |
Will address. Thanks. |
cde3754
to
9453235
Compare
works now. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4303 +/- ##
==========================================
+ Coverage 75.86% 76.00% +0.13%
==========================================
Files 470 508 +38
Lines 37301 38963 +1662
==========================================
+ Hits 28299 29612 +1313
- Misses 7071 7382 +311
- Partials 1931 1969 +38 ☔ View full report in Codecov by Sentry. |
.github/workflows/lint.yml
Outdated
go-version-file: 'go.mod' | ||
# go-version-file do not account for latest compatible go https://github.com/actions/setup-go/issues/481 | ||
# which will break https://github.com/kopia/kopia/issues/4292 requirement if used | ||
# leave below commented for vuln check to ignore vulns fixed in latest go | ||
# go-version-file: 'go.mod' | ||
go-version-input: '1.22' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fixes the vulncheck that previously failed
https://github.com/kaovilai/kopia/actions/runs/12337854810/job/34432101853?pr=2
See following issues for usability enhancements:
See inline comment. |
6c808a9
to
d6cf363
Compare
@@ -1,6 +1,6 @@ | |||
module github.com/kopia/kopia | |||
|
|||
go 1.22.7 | |||
go 1.22 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/kaovilai/kopia/actions/runs/12367614994/job/34516203180?pr=2
Vuln check is passing and resolving to 1.22.10
@@ -59,7 +59,7 @@ require ( | |||
go.uber.org/zap v1.27.0 | |||
golang.org/x/crypto v0.30.0 | |||
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 | |||
golang.org/x/mod v0.22.0 | |||
golang.org/x/mod v0.20.1-0.20240815161730-b1d336cfca97 // this version is equivalent to 0.22.0 except it excludes a commit that enforces go directive patch version be used https://github.com/golang/mod/commit/3afcd4e90a74c23515a9543f1e8fb68f05ecc8e0 We would want to remove this when 0.23.0 is released |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@julio-lopez Is this ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
on Go versions 1.21.0 up to 1.21.10,
the toolchain upgrade logic will try to download the release "1.22",
which doesn't exist.
The patch difference with 0.22.0 do not applies beneficially to this repo which is already building on 1.22+ go binaries.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would expect by 1.23.0 go if golang/mod upgrades to it that they would drop 1.22.0
to 1.23
instead of 1.23.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
long term it might not make sense to use this module, it's only used for the semver package at the moment.
This module states in its readme
packages for writing tools that work directly with Go module mechanics
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've been told the alternative to excluding this is to set toolchain directive to 1.22.10 which should not affect imported modules.
go directive can remain at 1.22.0.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have additionally requested changes at #4248 (review) to satisfy the same requirement.
Fixes #4292