-
Notifications
You must be signed in to change notification settings - Fork 161
Add workflow to automatically bump Go toolchain #5010
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| name: Bump Go toolchain | ||
|
|
||
| on: | ||
| schedule: | ||
| # Run daily at 05:00 UTC. | ||
| - cron: "0 5 * * *" | ||
| workflow_dispatch: | ||
| inputs: | ||
| version: | ||
| description: > | ||
| Go toolchain version to use (e.g. "go1.25.9"). | ||
| If empty, the latest patch release is detected automatically. | ||
| required: false | ||
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
|
|
||
| jobs: | ||
| bump-go-toolchain: | ||
| runs-on: | ||
| group: databricks-protected-runner-group-large | ||
| labels: linux-ubuntu-latest-large | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
|
|
||
| - name: Determine current toolchain version | ||
| id: current | ||
| run: | | ||
| toolchain=$(grep '^toolchain' go.mod | awk '{print $2}') | ||
| minor=$(echo "$toolchain" | sed 's/^go//' | cut -d. -f1,2) | ||
| echo "toolchain=$toolchain" >> "$GITHUB_OUTPUT" | ||
| echo "minor=$minor" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Determine latest patch release | ||
| id: latest | ||
| env: | ||
| INPUT_VERSION: ${{ inputs.version }} | ||
| run: | | ||
| if [ -n "$INPUT_VERSION" ]; then | ||
| if ! echo "$INPUT_VERSION" | grep -qE '^go[0-9]+\.[0-9]+\.[0-9]+$'; then | ||
| echo "Invalid version format: $INPUT_VERSION" | ||
| exit 1 | ||
| fi | ||
| toolchain="$INPUT_VERSION" | ||
| else | ||
| minor=${{ steps.current.outputs.minor }} | ||
| toolchain=$( | ||
| curl -fsSL 'https://go.dev/dl/?mode=json' | | ||
| jq -r --arg minor "go${minor}." '[.[] | select(.version | startswith($minor))][0].version // empty' | ||
| ) | ||
|
Comment on lines
+50
to
+53
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [Major] No guard when jq returns null for EOL'd minor series (Found by: Both reviewers independently) If the current minor is dropped from Suggestion: use toolchain=$(curl -fsSL 'https://go.dev/dl/?mode=json' | \
jq -r --arg minor "go${minor}." \
'[.[] | select(.version | startswith($minor))][0].version // empty')
if [ -z "$toolchain" ]; then
echo "No release found for go${minor}.x - minor series may be EOL."
exit 1
fi
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fixed. Added |
||
| if [ -z "$toolchain" ]; then | ||
| echo "No release found for go${minor}.x" | ||
| exit 1 | ||
| fi | ||
| fi | ||
| echo "toolchain=$toolchain" >> "$GITHUB_OUTPUT" | ||
|
|
||
| - name: Check if update is needed | ||
| id: check | ||
| run: | | ||
| if [ "${{ steps.current.outputs.toolchain }}" = "${{ steps.latest.outputs.toolchain }}" ]; then | ||
| echo "Up to date: ${{ steps.current.outputs.toolchain }}" | ||
| echo "needed=false" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "Update available: ${{ steps.current.outputs.toolchain }} -> ${{ steps.latest.outputs.toolchain }}" | ||
| echo "needed=true" >> "$GITHUB_OUTPUT" | ||
| fi | ||
|
|
||
| - name: Setup Go | ||
| if: steps.check.outputs.needed == 'true' | ||
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | ||
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - name: Update go.mod files | ||
| if: steps.check.outputs.needed == 'true' | ||
| env: | ||
| TOOLCHAIN: ${{ steps.latest.outputs.toolchain }} | ||
| run: | | ||
| while IFS= read -r modfile; do | ||
| dir=$(dirname "$modfile") | ||
| if grep -q '^toolchain' "$modfile"; then | ||
| (cd "$dir" && go mod edit -toolchain="$TOOLCHAIN") | ||
| fi | ||
| done < <(git ls-files '**/go.mod' 'go.mod') | ||
|
|
||
| - name: Show diff | ||
| if: steps.check.outputs.needed == 'true' | ||
| run: git diff | ||
|
|
||
| - name: Create pull request | ||
| if: steps.check.outputs.needed == 'true' && inputs.version == '' | ||
|
Comment on lines
+94
to
+95
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [Major] Auto-created PR will not trigger CI (Found by: Isaac, Confirmed by: Cursor)
Suggestion: supply a with:
token: ${{ steps.app-token.outputs.token }}
branch: auto/bump-go-toolchain
...If not available, at minimum note in the PR body that CI did not run.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Acknowledged. This is a known limitation of |
||
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 | ||
| with: | ||
| branch: auto/bump-go-toolchain | ||
| commit-message: "Bump Go toolchain to ${{ steps.latest.outputs.toolchain }}" | ||
| title: "Bump Go toolchain to ${{ steps.latest.outputs.toolchain }}" | ||
| body: | | ||
| Bump Go toolchain from `${{ steps.current.outputs.toolchain }}` to `${{ steps.latest.outputs.toolchain }}`. | ||
|
|
||
| Release notes: https://go.dev/doc/devel/release#${{ steps.latest.outputs.toolchain }} | ||
| reviewers: simonfaltum,andrewnester,anton-107,denik,janniklasrose,pietern,shreyas-goenka | ||
| labels: dependencies | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [Nit] Hardcoded individual reviewers (Found by: Isaac, Confirmed by: Cursor) Pinning seven usernames means every team change requires a workflow edit. Consider using
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Intentional. |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[Nit] No empty guard on grep result (Found by: Isaac, cross-review)
If the
toolchaindirective is ever removed fromgo.mod,grep '^toolchain'returns empty,minorbecomes empty, and the jq filter would match all Go releases across all minors, potentially triggering an unintended minor version upgrade PR. Consider failing fast iftoolchainis empty.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Won't fix. If the toolchain directive is removed from go.mod, the workflow failing is the correct behavior.