Skip to content

fix(ci): Prefer go.work for toolchain info #3285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dmihalcik-virtru wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix(ci): Prefer go.work for toolchain info #3285

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
935a96b
fix(ci): Prefer go.work for toolchain info
dmihalcik-virtru Apr 8, 2026
7b81bdb
fix(core): Update toolchain to 1.25.9
dmihalcik-virtru Apr 8, 2026
a08a36c
explicit value required here
dmihalcik-virtru Apr 8, 2026
8e60ad4
Apply suggestions from code review
dmihalcik-virtru Apr 8, 2026
0bb9423
fix(ci): exit early for leaf packages in work-init.sh
dmihalcik-virtru Apr 8, 2026
0dffc2d
Merge branch 'main' into DSPX-2565-golang-toolchain-simplify
dmihalcik-virtru Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/scripts/work-init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,16 @@ if ! cd "$ROOT_DIR"; then
exit 1
fi

# Preserve the toolchain directive from the original go.work so that CI steps
# reading go-version-file: go.work (e.g. govulncheck) continue to use the
# correct Go version after the workspace is regenerated.
ORIG_TOOLCHAIN=$(awk '/^toolchain / {print $2; exit}' go.work 2>/dev/null)

echo "[INFO] Rebuilding partial go.work for [${component}]"
case $component in
lib/ocrypto | lib/fixtures | lib/flattening | lib/identifier | protocol/go)
echo "[INFO] skipping for leaf package"
exit 0
;;
sdk)
rm -f go.work go.work.sum &&
Expand All @@ -64,3 +70,9 @@ examples)
exit 1
;;
esac

# Restore the toolchain directive if it was present in the original go.work.
if [[ -n "${ORIG_TOOLCHAIN:-}" ]]; then
go work edit -toolchain="$ORIG_TOOLCHAIN"
echo "[INFO] Restored toolchain ${ORIG_TOOLCHAIN} in go.work"
Comment on lines +76 to +77
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Handle go work edit failures before logging success.

At Line 75, a failed go work edit still prints the success message at Line 76 and returns success from the block. That can silently run CI with the wrong Go version.

Suggested fix 
 if [[ -n "${ORIG_TOOLCHAIN:-}" && -f go.work ]]; then
-  go work edit -toolchain="$ORIG_TOOLCHAIN"
-  echo "[INFO] Restored toolchain ${ORIG_TOOLCHAIN} in go.work"
+  if ! go work edit -toolchain="$ORIG_TOOLCHAIN"; then
+    echo "[ERROR] failed to restore toolchain ${ORIG_TOOLCHAIN} in go.work" >&2
+    exit 1
+  fi
+  echo "[INFO] Restored toolchain ${ORIG_TOOLCHAIN} in go.work"
 fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
go work edit -toolchain="$ORIG_TOOLCHAIN"
echo "[INFO] Restored toolchain ${ORIG_TOOLCHAIN} in go.work"
if [[ -n "${ORIG_TOOLCHAIN:-}" && -f go.work ]]; then
if ! go work edit -toolchain="$ORIG_TOOLCHAIN"; then
echo "[ERROR] failed to restore toolchain ${ORIG_TOOLCHAIN} in go.work" >&2
exit 1
fi
echo "[INFO] Restored toolchain ${ORIG_TOOLCHAIN} in go.work"
fi
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/scripts/work-init.sh around lines 75 - 76, The script currently runs
go work edit -toolchain="$ORIG_TOOLCHAIN" and immediately echoes a success
message; update the block that invokes go work edit to check the command exit
status (or use set -e around it) and only echo "[INFO] Restored toolchain
${ORIG_TOOLCHAIN} in go.work" when go work edit succeeds; if it fails, emit an
error like "[ERROR] Failed to restore toolchain ${ORIG_TOOLCHAIN}: <error>" and
exit with a non-zero status so CI fails instead of continuing with a wrong Go
version.

fi
3 changes: 2 additions & 1 deletion .github/workflows/checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,8 @@ jobs:
continue-on-error: true
uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
with:
go-version-input: "1.25.7"
go-version-input: ""
go-version-file: go.work
work-dir: ${{ matrix.directory }}
- if: steps.govulncheck.outcome == 'failure'
run: echo "$MODULE_DIR" > "/tmp/govulncheck-failure-${JOB_INDEX}.txt"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/sonarcloud.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
- name: "Setup Go"
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: "1.25.7"
go-version-file: go.work
check-latest: false
cache-dependency-path: |
service/go.sum
Expand Down
2 changes: 0 additions & 2 deletions examples/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/examples

go 1.25.0

toolchain go1.25.8

require (
connectrpc.com/connect v1.19.1
github.com/opentdf/platform/lib/ocrypto v0.10.0
Expand Down
2 changes: 1 addition & 1 deletion go.work
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
go 1.25.5

toolchain go1.25.8
toolchain go1.25.9

use (
./examples
Expand Down
2 changes: 0 additions & 2 deletions lib/fixtures/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/fixtures

go 1.25.0

toolchain go1.25.8

require github.com/Nerzal/gocloak/v13 v13.9.0

require (
Expand Down
2 changes: 0 additions & 2 deletions lib/flattening/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/flattening

go 1.25.0

toolchain go1.25.8

require github.com/stretchr/testify v1.11.1

require (
Expand Down
2 changes: 0 additions & 2 deletions lib/identifier/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/identifier

go 1.25.0

toolchain go1.25.8

require github.com/stretchr/testify v1.11.1

require (
Expand Down
2 changes: 0 additions & 2 deletions lib/ocrypto/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/lib/ocrypto

go 1.25.0

toolchain go1.25.8

require (
github.com/stretchr/testify v1.11.1
golang.org/x/crypto v0.49.0
Expand Down
2 changes: 0 additions & 2 deletions protocol/go/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/protocol/go

go 1.25.0

toolchain go1.25.8

require (
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1
connectrpc.com/connect v1.19.1
Expand Down
2 changes: 0 additions & 2 deletions sdk/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/sdk

go 1.25.0

toolchain go1.25.8

require (
connectrpc.com/connect v1.19.1
github.com/Masterminds/semver/v3 v3.4.0
Expand Down
2 changes: 0 additions & 2 deletions service/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/service

go 1.25.0

toolchain go1.25.8

require (
buf.build/go/protovalidate v1.0.0
connectrpc.com/connect v1.19.1
Expand Down
2 changes: 0 additions & 2 deletions test/integration/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/test/integration

go 1.25.0

toolchain go1.25.8

replace (
github.com/opentdf/platform/lib/fixtures => ../../lib/fixtures
github.com/opentdf/platform/lib/ocrypto => ../../lib/ocrypto
Expand Down
2 changes: 0 additions & 2 deletions tests-bdd/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ module github.com/opentdf/platform/tests-bdd

go 1.25.5

toolchain go1.25.8

require (
github.com/cucumber/godog v0.15.0
github.com/google/uuid v1.6.0
Expand Down
Loading