Nicholas Ngai
e7835015ff
Fall back to downloading from dl.google.com/go instead of storage.googleapis.com/golang
2025-10-17 11:21:33 -07:00
Matthew Hughes
1d76b952eb
Improve toolchain handling ( #460 )
...
* Configure environment to avoid toolchain installs
Force `go` to always use the local toolchain (i.e. the one the one that
shipped with the go command being run) via setting the `GOTOOLCHAIN`
environment variable to `local`[1]:
> When GOTOOLCHAIN is set to local, the go command always runs the
bundled Go toolchain.
This is how things are setup in the official Docker images (e.g.[2], see
also the discussion around that change[3]). The motivation behind this
is to:
* Reduce duplicate work: if the `toolchain` version in `go.mod` was
greated than the `go` version, the version from the `go` directive
would be installed, then Go would detect the `toolchain` version and
additionally install that
* Avoid Unexpected behaviour: if you specify this action runs with some Go
version (e.g. `1.21.0`) but your go.mod contains a `toolchain` or `go`
directive for a newer version (e.g. `1.22.0`) then, without any other
configuration/environment setup, any go commands will be run using go
`1.22.0`
This will be a **breaking change** for some workflows. Given a `go.mod`
like:
module proj
go 1.22.0
Then running any `go` command, e.g. `go mod tidy`, in an environment
where only go versions before `1.22.0` were installed would previously
trigger a toolchain download of Go `1.22.0` and that version being used
to execute the command. With this change the above would error out with
something like:
> go: go.mod requires go >= 1.22.0 (running go 1.21.7;
GOTOOLCHAIN=local)
[1] https://go.dev/doc/toolchain#select
[2] dae3405a32/Dockerfile-linux.template (L163)
[3] https://github.com/docker-library/golang/issues/472
* Prefer installing version from `toolchain` directive
Prefer this over the version from the `go` directive. Per the docs[1]
> The toolchain line declares a suggested toolchain to use with the
module or workspace
It seems reasonable to use this, since running this action in a
directory containing a `go.mod` (or `go.work`) suggests the user is
wishing to work _with the module or workspace_.
Link: https://go.dev/doc/toolchain#config [1]
Issue: https://github.com/actions/setup-go/issues/457
* squash! Configure environment to avoid toolchain installs
Only modify env if `GOTOOLCHAIN` is not set
* squash! Prefer installing version from `toolchain` directive
Avoid installing from `toolchain` if `GOTOOLCHAIN` is `local`, also
better regex for matching toolchain directive
2025-08-28 22:21:56 -05:00
Matthew Hughes
e75c3e80bc
Bump `form-data` to bring in fix for critical vulnerability ( #618 )
...
The vulnerability:
$ npm audit --audit-level=high
# npm audit report
form-data >=4.0.0 <4.0.4 || <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix`
node_modules/@azure/core-http/node_modules/form-data
node_modules/@types/node-fetch/node_modules/form-data
node_modules/form-data
1 critical severity vulnerability
To address all issues, run:
npm audit fix
This change is the result of from running `npm audit fix` and then
using[1] to update licenses via `licensed cache`.
It doesn't look like `dependabot` previously raised any PRs for this
dependency, so this bumps it from `4.0.0` to `4.0.4`, see the
changelog[2] for details.
Link: https://github.com/licensee/licensed [1]
Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]
2025-08-13 12:02:46 -05:00
dependabot[bot]
7c0b336c9a
Bump typescript from 5.4.2 to 5.8.3 ( #538 )
...
* Bump typescript from 5.4.2 to 5.7.3
Bumps [typescript](https://github.com/microsoft/TypeScript ) from 5.4.2 to 5.7.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.4.2...v5.7.3 )
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix low security alert
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2025-07-10 19:26:25 -05:00
dependabot[bot]
6f26dcc668
Bump undici from 5.28.5 to 5.29.0 ( #594 )
...
* Bump undici from 5.28.5 to 5.29.0
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix CI failures
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2025-07-08 10:07:25 -05:00
dependabot[bot]
fa96338abe
Bump @actions/tool-cache from 2.0.1 to 2.0.2 ( #591 )
...
* Bump @actions/tool-cache from 2.0.1 to 2.0.2
Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache )
---
updated-dependencies:
- dependency-name: "@actions/tool-cache"
dependency-version: 2.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix failures
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2025-06-18 17:01:53 -05:00
Priya Gupta
29694d72cd
Add manifest validation and improve error handling ( #586 )
2025-05-05 22:00:04 -05:00
dependabot[bot]
bb65d8857b
Bump ts-jest from 29.1.2 to 29.3.2 ( #582 )
...
* Bump ts-jest from 29.1.2 to 29.3.2
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest ) from 29.1.2 to 29.3.2.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases )
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.2...v29.3.2 )
---
updated-dependencies:
- dependency-name: ts-jest
dependency-version: 29.3.2
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix check failures
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-04-30 10:37:00 -05:00
dependabot[bot]
7f17e836c0
Bump @actions/glob from 0.4.0 to 0.5.0 ( #573 )
...
* Bump @actions/glob from 0.4.0 to 0.5.0
Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob ) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob )
---
updated-dependencies:
- dependency-name: "@actions/glob"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix for check failures
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-04-29 12:31:28 -05:00
Priya Gupta
dca8468d37
Update self-hosted environment validation and bump undici version ( #556 )
...
* Fix self-hosted environment check
* Update isSelfHosted logic
2025-04-01 10:32:30 -05:00
aparnajyothi-y
691cc3533f
upgrade actions/cache to 4.0.3 ( #574 )
2025-04-01 10:24:42 -05:00
dependabot[bot]
0aaccfd150
Bump undici from 5.28.4 to 5.28.5 ( #541 )
...
* Bump undici from 5.28.4 to 5.28.5
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5 )
---
updated-dependencies:
- dependency-name: undici
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump undici from 5.28.4 to 5.28.5
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5 )
---
updated-dependencies:
- dependency-name: undici
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix failures
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2025-03-18 10:29:43 -05:00
aparnajyothi-y
c4c1141886
upgrade actions/cache to 4.0.2 ( #568 )
2025-03-11 10:19:54 -05:00
dependabot[bot]
1d82324e53
Bump semver from 7.6.0 to 7.6.3 ( #535 )
...
* Bump semver from 7.6.0 to 7.6.3
Bumps [semver](https://github.com/npm/node-semver ) from 7.6.0 to 7.6.3.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.6.0...v7.6.3 )
---
updated-dependencies:
- dependency-name: semver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix for check-dist and license failures
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-01-21 15:45:59 -06:00
Bassem Dghaidi
f81f022188
Use the new cache service: upgrade `@actions/cache` to `^4.0.0` ( #531 )
...
* Use new cache service
* Add licensed output
* Review licenses & update types
2025-01-15 14:06:31 -06:00
Tobias
3041bf56c9
feat: fallback to "raw" endpoint for manifest when rate limit is reached ( #496 )
...
* feat: fallback to "raw" endpoint for manifest when rate limit is reached
* add information about raw access to the README
* prettier
* update cross-spawn to 7.0.6 to fix vulnerability
2024-11-25 12:37:21 -06:00
John Wesley Walker III
941977282c
Revise `isGhes` logic ( #511 )
...
* Revise `isGhes` logic
* ran `npm run format`
* added unit test
* tweaked unit test
* ran `npm run format`
2024-10-21 11:56:08 -05:00
Zxilly
b26d40294f
fix: add arch to cache key ( #493 )
2024-08-26 15:19:57 -05:00
dependabot[bot]
0a12ed9d6a
Bump braces from 3.0.2 to 3.0.3 ( #487 )
...
* Bump braces from 3.0.2 to 3.0.3
Bumps [braces](https://github.com/micromatch/braces ) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3 )
---
updated-dependencies:
- dependency-name: braces
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump undici from 5.28.3 to 5.28.4
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2024-06-27 13:16:26 -05:00
dependabot[bot]
be1aa1186e
Bump undici from 5.28.2 to 5.28.3 ( #465 )
...
* Bump undici from 5.28.2 to 5.28.3
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.2 to 5.28.3.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3 )
---
updated-dependencies:
- dependency-name: undici
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* fixed check failures and update dependencies
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2024-03-21 15:04:22 -05:00
Dmitry Shibanov
0c52d547c9
Update dependencies for node20 ( #445 )
2023-12-05 17:50:42 +01:00
Piotr Galar
89a192af9d
fix: sync .complete marker when caching tools on windows
2023-08-12 23:52:21 +02:00
Sergey Dolin
93397bea11
Fix Install on Windows is very slow ( #393 )
...
* Fix Install on Windows is very slow
* Add unit test
* Improve readability
* Add e2e test
* fix lint
* Fix unit tests
* Fix unit tests
* limit to github hosted runners
* test hosted version of go
* AzDev environment
* rename lnkSrc
* refactor conditions
* improve tests
* refactoring
* Fix e2e test
* improve isHosted readability
2023-08-03 14:33:56 +02:00
Dusan Trickovic
0bb97b1c5c
Rebuild after updating Semver
2023-07-18 16:39:08 +02:00
Sergey Dolin
4e0b6c77c6
Limit to Linux only
2023-07-10 10:39:55 +02:00
Sergey Dolin
a4d10f0ea4
Add imageOS to primaryKey
...
https://github.com/actions/setup-go/issues/368
2023-07-10 10:17:28 +02:00
Nikolai Laevskii
fac708d667
Bump @actions/cache dependency to v3.2.1 ( #374 )
2023-05-08 11:42:39 +02:00
Dmitry Shibanov
dd84a9531a
Update xml2js ( #370 )
2023-04-20 14:28:58 +02:00
Dmitry Shibanov
fdc0d672a1
Add Go bin if go-version input is empty ( #351 )
2023-03-14 16:29:10 +01:00
Dmitry Shibanov
ebfdf6ac95
add warning if go-version is empty ( #350 )
2023-03-14 16:07:41 +01:00
Sergey Dolin
c51a720768
Enable caching by default with default input ( #332 )
2023-03-10 16:25:35 +01:00
Ivan
7406d654ad
Add and configure ESLint and update configuration for Prettier ( #341 )
...
* Turn on ESLint and update Prettier
* Update eslint config
* Update eslint config
* Update dependencies
* Update ESLint and Prettier configurations
* update package.json
* Update prettier command
* Update prettier config file
* Change CRLF to LF
* Update docs
* Update docs
2023-03-08 10:45:16 +02:00
Evgenii Korolevskii
b8eec33327
Merge branch 'main' into use-actual-version-in-cache
2023-01-31 13:39:54 +01:00
Serghei Iakovlev
807559307d
Use const declarations for variables that are never reassigned ( #322 )
2023-01-31 11:46:49 +01:00
Evgenii Korolevskii
65f50caf42
use actual version in key
2023-01-20 01:30:38 +01:00
Evgenii Korolevskii
89d7939d38
use real version instead of spec
2023-01-20 01:28:58 +01:00
Evgenii Korolevskii
2e7414f276
try get path
2023-01-20 01:27:11 +01:00
Evgenii Korolevskii
de201a09c0
log version-spec
2023-01-20 01:21:36 +01:00
Evgenii Korolevskii
17106403fa
Allow to use only GOCACHE for cache ( #305 )
2022-12-19 11:22:17 +01:00
Jongwoo Han
bb5ff97ab9
refactor: Use early return pattern to avoid nested conditions ( #302 )
2022-12-16 15:05:54 +01:00
Dmitry Shibanov
6edd4406fa
fix log for stable aliases ( #303 )
2022-12-12 15:45:36 +01:00
Milos Pantic
38dbe75f81
Add stable and oldstable aliases ( #300 )
2022-12-12 10:58:49 +01:00
Marko Zivic
e983b65a44
Merge pull request #283 from koba1t/add_support_gowork_for_go-version-file
...
add support go.work file for go-version-file
2022-11-08 11:45:09 +01:00
Dmitry Shibanov
27b43e1b0d
Pass the token input through on GHES ( #277 )
2022-11-02 12:21:18 +01:00
koba1t
7678c83214
add support gowork for go-version-file
2022-11-01 21:25:30 +09:00
n33pm
c4a742cab1
fix(): cache resolve version input ( #267 )
2022-10-17 18:33:22 +02:00
Francesco Renzi
514ae57904
Update @actions/core to 1.10.0
2022-10-06 12:08:35 +01:00
Evgenii Korolevskii
be45b2722d
build
2022-09-08 12:29:13 +02:00
Milos Pantic
268d8c0ca0
Add support for arm32 go arch ( #253 )
2022-08-12 12:29:48 +02:00
Javier Romero
e0dce94eb0
Use explicit filename when downloading Windows go package
...
Using the explicit filename for Windows is necessary to
satisfy `Expand-Archive`'s requirement on '.zip' extension.
Signed-off-by: Javier Romero <root@jromero.codes>
2022-07-28 19:01:53 -05:00