diff --git a/.github/scripts/work-init.sh b/.github/scripts/work-init.sh index 878f7fd6ef..5d77b6cfdf 100755 --- a/.github/scripts/work-init.sh +++ b/.github/scripts/work-init.sh @@ -36,10 +36,16 @@ if ! cd "$ROOT_DIR"; then exit 1 fi +# Preserve the toolchain directive from the original go.work so that CI steps +# reading go-version-file: go.work (e.g. govulncheck) continue to use the +# correct Go version after the workspace is regenerated. +ORIG_TOOLCHAIN=$(awk '/^toolchain / {print $2; exit}' go.work 2>/dev/null) + echo "[INFO] Rebuilding partial go.work for [${component}]" case $component in lib/ocrypto | lib/fixtures | lib/flattening | lib/identifier | protocol/go) echo "[INFO] skipping for leaf package" + exit 0 ;; sdk) rm -f go.work go.work.sum && @@ -64,3 +70,12 @@ examples) exit 1 ;; esac + +# Restore the toolchain directive if it was present in the original go.work. +if [[ -n "${ORIG_TOOLCHAIN:-}" ]]; then + if ! go work edit -toolchain="$ORIG_TOOLCHAIN"; + echo "[ERROR] unable to restore original toolchain [${ORIG_TOOLCHAIN}] in go.work" + exit 1 + fi + echo "[INFO] Restored toolchain ${ORIG_TOOLCHAIN} in go.work" +fi diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 6ec4dc1442..ec2aef3888 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -74,7 +74,8 @@ jobs: continue-on-error: true uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 with: - go-version-input: "1.25.7" + go-version-input: "" + go-version-file: go.work work-dir: ${{ matrix.directory }} - if: steps.govulncheck.outcome == 'failure' run: echo "$MODULE_DIR" > "/tmp/govulncheck-failure-${JOB_INDEX}.txt" diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 94043c16d8..348747e555 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -26,7 +26,7 @@ jobs: - name: "Setup Go" uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "1.25.7" + go-version-file: go.work check-latest: false cache-dependency-path: | service/go.sum diff --git a/examples/go.mod b/examples/go.mod index 9da02faf7f..6525994e8e 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/examples go 1.25.0 -toolchain go1.25.8 - require ( connectrpc.com/connect v1.19.1 github.com/opentdf/platform/lib/ocrypto v0.10.0 diff --git a/go.work b/go.work index 235792dad9..0f3e4d2cf7 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ go 1.25.5 -toolchain go1.25.8 +toolchain go1.25.9 use ( ./examples diff --git a/lib/fixtures/go.mod b/lib/fixtures/go.mod index 517a1d0696..82d94983ce 100644 --- a/lib/fixtures/go.mod +++ b/lib/fixtures/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/fixtures go 1.25.0 -toolchain go1.25.8 - require github.com/Nerzal/gocloak/v13 v13.9.0 require ( diff --git a/lib/flattening/go.mod b/lib/flattening/go.mod index c2d3d36534..7e709fd35a 100644 --- a/lib/flattening/go.mod +++ b/lib/flattening/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/flattening go 1.25.0 -toolchain go1.25.8 - require github.com/stretchr/testify v1.11.1 require ( diff --git a/lib/identifier/go.mod b/lib/identifier/go.mod index a98dc19662..f8bac60c76 100644 --- a/lib/identifier/go.mod +++ b/lib/identifier/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/identifier go 1.25.0 -toolchain go1.25.8 - require github.com/stretchr/testify v1.11.1 require ( diff --git a/lib/ocrypto/go.mod b/lib/ocrypto/go.mod index dd05482470..86593c3483 100644 --- a/lib/ocrypto/go.mod +++ b/lib/ocrypto/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/ocrypto go 1.25.0 -toolchain go1.25.8 - require ( github.com/stretchr/testify v1.11.1 golang.org/x/crypto v0.49.0 diff --git a/protocol/go/go.mod b/protocol/go/go.mod index 03c0ad01c8..554c209411 100644 --- a/protocol/go/go.mod +++ b/protocol/go/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/protocol/go go 1.25.0 -toolchain go1.25.8 - require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1 connectrpc.com/connect v1.19.1 diff --git a/sdk/go.mod b/sdk/go.mod index d65fd7510c..7838ef7e39 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/sdk go 1.25.0 -toolchain go1.25.8 - require ( connectrpc.com/connect v1.19.1 github.com/Masterminds/semver/v3 v3.4.0 diff --git a/service/go.mod b/service/go.mod index 2f9ec2ffa5..ebbc1ffc89 100644 --- a/service/go.mod +++ b/service/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/service go 1.25.0 -toolchain go1.25.8 - require ( buf.build/go/protovalidate v1.0.0 connectrpc.com/connect v1.19.1 diff --git a/test/integration/go.mod b/test/integration/go.mod index cc526ed60f..1407190263 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/test/integration go 1.25.0 -toolchain go1.25.8 - replace ( github.com/opentdf/platform/lib/fixtures => ../../lib/fixtures github.com/opentdf/platform/lib/ocrypto => ../../lib/ocrypto diff --git a/tests-bdd/go.mod b/tests-bdd/go.mod index 6c74763606..b2281d3689 100644 --- a/tests-bdd/go.mod +++ b/tests-bdd/go.mod @@ -2,8 +2,6 @@ module github.com/opentdf/platform/tests-bdd go 1.25.5 -toolchain go1.25.8 - require ( github.com/cucumber/godog v0.15.0 github.com/google/uuid v1.6.0