Need 1.20.7 - consider automating go-versions availability?

[ldemailly]

Need check-latest to pick up 1.20.7

my CI is failing because of govulncheck flagging the security issue in 1.20.6

Originally posted by @ldemailly in #373 (comment)

[gaby]

@ldemailly This seems to be a recurring issue everytime there's a new go release. It doesn't help that the Golang team forces you to use the latest Go to use govulncheck. This is my CI setup

jobs:
  govulncheck-check:
    runs-on: ubuntu-latest
    env:
      GO111MODULE: on
    steps:
    - name: Fetch Repository
      uses: actions/checkout@v3
    - name: Install Go
      uses: actions/setup-go@v4
      with:
        go-version: 'stable'
        check-latest: true
        cache: false
    - name: Install Govulncheck
      run: go install golang.org/x/vuln/cmd/govulncheck@latest
    - name: Run govulncheck
      run: govulncheck ./...

I thought that using check-latest and cache were going to mitigate this issue, but the Go version is hardcoded somewhere.

[ldemailly]

Yes see the previous issue - it's hardcoded in go-versions repo

[silverwind]

For the supported go branches, latest version can be automatically retrieved from https://go.dev/dl/?mode=json.

[ldemailly]

I'm glad actions/go-versions#80 got merged but is there a way to accelerate that process (maybe even "trust" the go team and not delay the version by a human review)

[npease18]

For the supported go branches, latest version can be automatically retrieved from https://go.dev/dl/?mode=json.

Additionally, https://go.dev/VERSION?m=text will retrieve the latest go version and can be easily used to get the latest go binary (wget "https://dl.google.com/go/$(curl https://go.dev/VERSION?m=text).linux-amd64.tar.gz")

[dsame]

@ldemailly i am closing the issue because actions/go-versions#80 fixed it, please feel free to reopen it or create new one in case if it still exists

[ldemailly]

@dsame ok, I filled #407 for the follow up/remaining issue