fix(ci): bump release.yml Go pin from 1.22 to 1.24 to match go.mod and ci#93
Merged
Conversation
…d ci Closes #66 .github/workflows/release.yml:62 pinned Go 1.22 for the GoReleaser job while go.mod:3 requires go 1.24.0 and .github/workflows/ci.yml correctly pins Go 1.24. The misleading comment at release.yml:6 claiming "same version pin as CI" was false. Currently masked by Go's default GOTOOLCHAIN=auto: when setup-go installs 1.22 and go.mod requires 1.24.0, the Go toolchain auto- downloads 1.24 at build time, so the release job appears to work. But that means the release build silently depends on network access to proxy.golang.org during the release job — a step CI never exercises, since CI already has 1.24. If GOTOOLCHAIN=local is ever set (org policy, air-gapped runner), the release build breaks outright at tag-push time, the one moment there's no opportunity to catch it in a normal PR-gated CI run. Fix: bump the pin to '1.24'. Adds a multi-line inline comment explaining the parity-with-go.mod invariant and the GOTOOLCHAIN=auto masking so future bumps in either direction are caught in code review. Kept the explicit string pin (rather than migrating to go-version-file: 'go.mod') for minimal blast radius and parity with ci.yml's lint job, which also uses an explicit string pin. CHANGELOG: ### Fixed entry under [Unreleased]. Co-Authored-By: puku-ai-2.8 <noreply@puku.sh>
|
✔️ d81fbc7 - Conventional commits check succeeded. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/release.yml:62pins Go 1.22 for the GoReleaser job, whilego.mod:3requiresgo 1.24.0and.github/workflows/ci.ymlcorrectly pins Go 1.24. The comment atrelease.yml:6explicitly (and incorrectly) claims "same version pin as CI."This isn't currently broken — Go's default
GOTOOLCHAIN=autoself-heals by auto-downloading 1.24 at build time when it seesgo.modrequires a newer version than what's installed. But that means the release build silently depends on network access toproxy.golang.orgduring the release job (a step CI never exercises, since CI already has 1.24), and ifGOTOOLCHAIN=localis ever set (org policy, air-gapped runner), the release build would break outright at tag-push time — the one moment there's no opportunity to catch it in a normal PR-gated CI run.This PR bumps
release.yml'sgo-versionpin to'1.24'to matchci.ymlandgo.mod, and adds a multi-line inline comment next to the pin explaining the parity-with-go.modinvariant so future bumps in either direction are caught in code review.Linked issues
Closes #66
Type of change
fix— bug fix (PATCH bump)feat— new feature (MINOR bump)refactor— no behavior changeperf— performance improvementdocs— documentation onlytest— tests onlychore— maintenance / dependency bumpci— CI/CD onlybuild— build system onlyChecklist
feat(scope): subject)make cilocally and it passes (Go-side tidy/fmt/vet/lint/test all green; the change is to a YAML workflow file only and doesn't affect the Go pipeline)make lintgreen)Screenshots / output
Pre-fix:
Post-fix:
Why I'm not migrating to
go-version-file: 'go.mod'The cleanest long-term fix is to use
go-version-file: 'go.mod'here too — that's what ci.yml's test jobs already do, and it auto-derives fromgo.modso the pin can never drift. I kept the explicit string pin for this PR for two reasons:go-version-fileis a separate refactor — same shape, same invariants, but worth doing as its own PR with its own review.A follow-up could swap both
ci.yml's lint job andrelease.ymltogo-version-file: 'go.mod'in a single PR — the issue text doesn't request that, but it's worth doing.Files touched
.github/workflows/release.yml— bumpsgo-versionfrom'1.22'to'1.24'. Adds a multi-line comment explaining the parity-with-go.modinvariant and whyGOTOOLCHAIN=autowas masking the divergence.CHANGELOG.md—### Fixedentry under[Unreleased]documenting the version-pin divergence with theGOTOOLCHAINmasking behavior + the latent break mode (GOTOOLCHAIN=local).