actions/setup-go
1
0
Fork 0
mirror of https://github.com/actions/setup-go.git synced 2025-10-26 12:00:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
347 Commits 23 Branches 48 Tags
dependabot/npm_and_yarn/nock-14.0.10
Commit Graph

52 Commits

Author SHA1 Message Date
Matthew Hughes
1d76b952eb Improve toolchain handling (#460) 
* Configure environment to avoid toolchain installs

Force `go` to always use the local toolchain (i.e. the one the one that
shipped with the go command being run) via setting the `GOTOOLCHAIN`
environment variable to `local`[1]:

> When GOTOOLCHAIN is set to local, the go command always runs the
bundled Go toolchain.

This is how things are setup in the official Docker images (e.g.[2], see
also the discussion around that change[3]). The motivation behind this
is to:

* Reduce duplicate work: if the `toolchain` version in `go.mod` was
  greated than the `go` version, the version from the `go` directive
  would be installed, then Go would detect the `toolchain` version and
  additionally install that
* Avoid Unexpected behaviour: if you specify this action runs with some Go
  version (e.g. `1.21.0`) but your go.mod contains a `toolchain` or `go`
  directive for a newer version (e.g. `1.22.0`) then, without any other
  configuration/environment setup, any go commands will be run using go
  `1.22.0`

This will be a **breaking change** for some workflows. Given a `go.mod`
like:

    module proj

    go 1.22.0

Then running any `go` command, e.g. `go mod tidy`, in an environment
where only go versions before `1.22.0` were installed would previously
trigger a toolchain download of Go `1.22.0` and that version being used
to execute the command. With this change the above would error out with
something like:

> go: go.mod requires go >= 1.22.0 (running go 1.21.7;
GOTOOLCHAIN=local)

[1] https://go.dev/doc/toolchain#select
[2] dae3405a32/Dockerfile-linux.template (L163)
[3] https://github.com/docker-library/golang/issues/472

* Prefer installing version from `toolchain` directive

Prefer this over the version from the `go` directive. Per the docs[1]

> The toolchain line declares a suggested toolchain to use with the
module or workspace

It seems reasonable to use this, since running this action in a
directory containing a `go.mod` (or `go.work`) suggests the user is
wishing to work _with the module or workspace_.

Link: https://go.dev/doc/toolchain#config [1]
Issue: https://github.com/actions/setup-go/issues/457

* squash! Configure environment to avoid toolchain installs

Only modify env if `GOTOOLCHAIN` is not set

* squash! Prefer installing version from `toolchain` directive

Avoid installing from `toolchain` if `GOTOOLCHAIN` is `local`, also
better regex for matching toolchain directive
 2025-08-28 22:21:56 -05:00
Matthew Hughes
e75c3e80bc Bump form-data to bring in fix for critical vulnerability (#618) 
The vulnerability:

    $ npm audit --audit-level=high
    # npm audit report

    form-data  >=4.0.0 <4.0.4 || <2.5.4
    Severity: critical
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
    fix available via `npm audit fix`
    node_modules/@azure/core-http/node_modules/form-data
    node_modules/@types/node-fetch/node_modules/form-data
    node_modules/form-data

    1 critical severity vulnerability

    To address all issues, run:
      npm audit fix

This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.

It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.

Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
 2025-08-13 12:02:46 -05:00
dependabot[bot]
7c0b336c9a Bump typescript from 5.4.2 to 5.8.3 (#538) 
* Bump typescript from 5.4.2 to 5.7.3

Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.4.2 to 5.7.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.4.2...v5.7.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix low security alert

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-07-10 19:26:25 -05:00
dependabot[bot]
6f26dcc668 Bump undici from 5.28.5 to 5.29.0 (#594) 
* Bump undici from 5.28.5 to 5.29.0

Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix CI failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-07-08 10:07:25 -05:00
dependabot[bot]
fa96338abe Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#591) 
* Bump @actions/tool-cache from 2.0.1 to 2.0.2

Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache)

---
updated-dependencies:
- dependency-name: "@actions/tool-cache"
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-06-18 17:01:53 -05:00
Priya Gupta
29694d72cd Add manifest validation and improve error handling (#586) 2025-05-05 22:00:04 -05:00
dependabot[bot]
bb65d8857b Bump ts-jest from 29.1.2 to 29.3.2 (#582) 
* Bump ts-jest from 29.1.2 to 29.3.2

Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.1.2 to 29.3.2.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.2...v29.3.2)

---
updated-dependencies:
- dependency-name: ts-jest
  dependency-version: 29.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-04-30 10:37:00 -05:00
dependabot[bot]
7f17e836c0 Bump @actions/glob from 0.4.0 to 0.5.0 (#573) 
* Bump @actions/glob from 0.4.0 to 0.5.0

Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob)

---
updated-dependencies:
- dependency-name: "@actions/glob"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-04-29 12:31:28 -05:00
Priya Gupta
dca8468d37 Update self-hosted environment validation and bump undici version (#556) 
* Fix self-hosted environment check

* Update isSelfHosted logic
 2025-04-01 10:32:30 -05:00
aparnajyothi-y
691cc3533f upgrade actions/cache to 4.0.3 (#574) 2025-04-01 10:24:42 -05:00
dependabot[bot]
0aaccfd150 Bump undici from 5.28.4 to 5.28.5 (#541) 
* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2025-03-18 10:29:43 -05:00
aparnajyothi-y
c4c1141886 upgrade actions/cache to 4.0.2 (#568) 2025-03-11 10:19:54 -05:00
dependabot[bot]
1d82324e53 Bump semver from 7.6.0 to 7.6.3 (#535) 
* Bump semver from 7.6.0 to 7.6.3

Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.6.0...v7.6.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-01-21 15:45:59 -06:00
Bassem Dghaidi
f81f022188 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#531) 
* Use new cache service

* Add licensed output

* Review licenses & update types
 2025-01-15 14:06:31 -06:00
Tobias
3041bf56c9 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496) 
* feat: fallback to "raw" endpoint for manifest when rate limit is reached

* add information about raw access to the README

* prettier

* update cross-spawn to 7.0.6 to fix vulnerability
 2024-11-25 12:37:21 -06:00
John Wesley Walker III
941977282c Revise isGhes logic (#511) 
* Revise `isGhes` logic

* ran `npm run format`

* added unit test

* tweaked unit test

* ran `npm run format`
 2024-10-21 11:56:08 -05:00
Zxilly
b26d40294f fix: add arch to cache key (#493) 2024-08-26 15:19:57 -05:00
dependabot[bot]
0a12ed9d6a Bump braces from 3.0.2 to 3.0.3 (#487) 
* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.3 to 5.28.4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-06-27 13:16:26 -05:00
dependabot[bot]
be1aa1186e Bump undici from 5.28.2 to 5.28.3 (#465) 
* Bump undici from 5.28.2 to 5.28.3

Bumps [undici](https://github.com/nodejs/undici) from 5.28.2 to 5.28.3.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixed check failures and update dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-03-21 15:04:22 -05:00
Dmitry Shibanov
0c52d547c9 Update dependencies for node20 (#445) 2023-12-05 17:50:42 +01:00
Piotr Galar
89a192af9d fix: sync .complete marker when caching tools on windows 2023-08-12 23:52:21 +02:00
Sergey Dolin
93397bea11 Fix Install on Windows is very slow (#393) 
* Fix Install on Windows is very slow

* Add unit test

* Improve readability

* Add e2e test

* fix lint

* Fix unit tests

* Fix unit tests

* limit to github hosted runners

* test hosted version of go

* AzDev environment

* rename lnkSrc

* refactor conditions

* improve tests

* refactoring

* Fix e2e test

* improve isHosted readability
 2023-08-03 14:33:56 +02:00
Dusan Trickovic
0bb97b1c5c Rebuild after updating Semver 2023-07-18 16:39:08 +02:00
Sergey Dolin
4e0b6c77c6 Limit to Linux only 2023-07-10 10:39:55 +02:00
Sergey Dolin
a4d10f0ea4 Add imageOS to primaryKey 
https://github.com/actions/setup-go/issues/368
 2023-07-10 10:17:28 +02:00
Nikolai Laevskii
fac708d667 Bump @actions/cache dependency to v3.2.1 (#374) 2023-05-08 11:42:39 +02:00
Dmitry Shibanov
dd84a9531a Update xml2js (#370) 2023-04-20 14:28:58 +02:00
Dmitry Shibanov
fdc0d672a1 Add Go bin if go-version input is empty (#351) 2023-03-14 16:29:10 +01:00
Dmitry Shibanov
ebfdf6ac95 add warning if go-version is empty (#350) 2023-03-14 16:07:41 +01:00
Sergey Dolin
c51a720768 Enable caching by default with default input (#332) 2023-03-10 16:25:35 +01:00
Ivan
7406d654ad Add and configure ESLint and update configuration for Prettier (#341) 
* Turn on ESLint and update Prettier

* Update eslint config

* Update eslint config

* Update dependencies

* Update ESLint and Prettier configurations

* update package.json

* Update prettier command

* Update prettier config file

* Change CRLF to LF

* Update docs

* Update docs
 2023-03-08 10:45:16 +02:00
Evgenii Korolevskii
b8eec33327 Merge branch 'main' into use-actual-version-in-cache 2023-01-31 13:39:54 +01:00
Serghei Iakovlev
807559307d Use const declarations for variables that are never reassigned (#322) 2023-01-31 11:46:49 +01:00
Evgenii Korolevskii
65f50caf42 use actual version in key 2023-01-20 01:30:38 +01:00
Evgenii Korolevskii
89d7939d38 use real version instead of spec 2023-01-20 01:28:58 +01:00
Evgenii Korolevskii
2e7414f276 try get path 2023-01-20 01:27:11 +01:00
Evgenii Korolevskii
de201a09c0 log version-spec 2023-01-20 01:21:36 +01:00
Evgenii Korolevskii
17106403fa Allow to use only GOCACHE for cache (#305) 2022-12-19 11:22:17 +01:00
Jongwoo Han
bb5ff97ab9 refactor: Use early return pattern to avoid nested conditions (#302) 2022-12-16 15:05:54 +01:00
Dmitry Shibanov
6edd4406fa fix log for stable aliases (#303) 2022-12-12 15:45:36 +01:00
Milos Pantic
38dbe75f81 Add stable and oldstable aliases (#300) 2022-12-12 10:58:49 +01:00
Marko Zivic
e983b65a44 Merge pull request #283 from koba1t/add_support_gowork_for_go-version-file 
add support go.work file for go-version-file
 2022-11-08 11:45:09 +01:00
Dmitry Shibanov
27b43e1b0d Pass the token input through on GHES (#277) 2022-11-02 12:21:18 +01:00
koba1t
7678c83214 add support gowork for go-version-file 2022-11-01 21:25:30 +09:00
n33pm
c4a742cab1 fix(): cache resolve version input (#267) 2022-10-17 18:33:22 +02:00
Francesco Renzi
514ae57904 Update @actions/core to 1.10.0 2022-10-06 12:08:35 +01:00
Evgenii Korolevskii
be45b2722d build 2022-09-08 12:29:13 +02:00
Milos Pantic
268d8c0ca0 Add support for arm32 go arch (#253) 2022-08-12 12:29:48 +02:00
Javier Romero
e0dce94eb0 Use explicit filename when downloading Windows go package 
Using the explicit filename for Windows is necessary to
satisfy `Expand-Archive`'s requirement on '.zip' extension.

Signed-off-by: Javier Romero <root@jromero.codes>
 2022-07-28 19:01:53 -05:00
Vladimir Safonkin
ed8da5df39 Build js 2022-06-28 14:18:12 +02:00