Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

govulncheck-action: support go-version-file: 'go.mod' #61343

Closed
lanrat opened this issue Jul 13, 2023 · 6 comments
Closed

govulncheck-action: support go-version-file: 'go.mod' #61343

lanrat opened this issue Jul 13, 2023 · 6 comments
Assignees
@zpavlinovic
Labels
FeatureRequest NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo x/vuln
Milestone
vuln/unplanned

Comments

@lanrat
Copy link

lanrat commented Jul 13, 2023

In regards to the new golang-govulncheck-action Github action recently released, would it be possible to add support for go-version-file: 'go.mod' like the existing actions/setup-go action so that govulncheck will always use the version of go as described in the go.mod file?

The main benefit here would be that go versions specified in the GitHub action workflow would not need to be regularly updated to stay in sync with the projects go.mod file.
@cherrymui cherrymui added vulncheck or vulndb Issues for the x/vuln or x/vulndb repo x/vuln FeatureRequest NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Jul 13, 2023
@cherrymui cherrymui added this to the Unreleased milestone Jul 13, 2023
@cherrymui
Copy link
Member

cc @golang/vulndb

@julieqiu julieqiu modified the milestones: Unreleased, vuln/unplanned Jul 13, 2023
@bcmills
Copy link
Contributor

bcmills commented Jul 14, 2023

Given #57001, for Go versions 1.21 and above govulncheck should base its analysis on the Go version specified in the toolchain directive found in the go.mod file. (If no toolchain directive is present, it should use the go directive instead).

bstncartwright added a commit to bstncartwright/govulncheck-action that referenced this issue Jul 20, 2023
@bstncartwright
govulncheck-action: support go-version-file
f9fe4ff 
This change allows support for go-version-file in this action so that
consumers can reference a `go.mod` or `go.work` file rather than keeping
their action in sync with their go tooling. As actions/setup-go has
go-version overwrite go-version-file, this will do the same. If both are
provided, the go-version-input is used.

Fixes golang/go#61343
@bstncartwright bstncartwright mentioned this issue Jul 20, 2023
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/511615 mentions this issue: govulncheck-action: support go-version-file

@zpavlinovic zpavlinovic self-assigned this Aug 15, 2023
@zpavlinovic zpavlinovic mentioned this issue Aug 15, 2023
Open
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/521735 mentions this issue: all: allow go.mod or go.work Go version to be used

@zpavlinovic zpavlinovic mentioned this issue Aug 22, 2023
Open
@lanrat
Copy link
Author

lanrat commented Aug 31, 2023

Is it possible to get a new release of the govulncheck-action so that it is possible to use this?

@zpavlinovic
Copy link
Contributor

zpavlinovic commented Sep 1, 2023
edited

Is it possible to get a new release of the govulncheck-action so that it is possible to use this?

Yes, we should have one really soon.

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
FeatureRequest NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo x/vuln
Projects
None yet
Milestone
vuln/unplanned
Development

Successfully merging a pull request may close this issue.

govulncheck-action: support go-version-file bstncartwright/govulncheck-action
7 participants
@lanrat @zpavlinovic @dmitshur @bcmills @julieqiu @gopherbot @cherrymui