Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pinning go version 1.20 which is the same used to release #388

Closed
wants to merge 1 commit into from
Closed

Pinning go version 1.20 which is the same used to release #388

wants to merge 1 commit into from

Conversation

camilamacedo86
Copy link
Contributor

@camilamacedo86 camilamacedo86 commented Mar 22, 2024
edited
Loading

Note that we are using go 1.20 to do the release (https://github.com/foundriesio/fioctl/blob/main/.github/workflows/release.yml#L21) but all other places still pinning go 1.19.
So, this PR ensure that we are using go 1.20 across all places

Tests made locally

  • build
  • login with oauth URL to fioed
  • list waves for a facotry

Signed-off-by: Camila Macedo camila.macedo@foundries.io

@camilamacedo86
Pinning go version 1.20 which is the same used to release
8c4f7e7 
Signed-off-by: Camila Macedo <camila.macedo@foundries.io>
@vkhoroz
Copy link
Member

vkhoroz commented Mar 22, 2024
edited
Loading

@camilamacedo86 There are 2 different things:

  • What compiler version to use.
  • What runtime version to use.

So, the GitHub action only tells to use Golang version 1.20 compiler; which supports quite a few lower version runtimes (and associated libraries).
The current runtime version we use is Golang 1.19; which is properly represented across the board.

Golang runtime version 1.20 had specific problems in the past with cryptography functions we use.
They seem to be resolved in the latest 1.20 version; but there is no warranty that there are no other problems.

Given the above, the fact that Golang 1.20 does not bring us apparent added value, and the fact that we have no resource for full regression testing...
...I advice to not pursue this effort until better times.

@camilamacedo86
Copy link
Contributor Author

Hi @vkhoroz,

That's fine. If a full regression test is necessary, it might be more efficient to directly aim for version 1.22. This way, we'd invest our efforts only once.

I'm curious, though - why are we compiling with version 1.20 while conducting tests and other tasks with version 1.19? I didn't quite catch the rationale behind this approach. Is that to try address CVEs?

Just to share: I attempted to build with version 1.21 and encountered an issue: undefined: cobra.EnableTraverseRunHooks. It seems we might already be facing some inconsistencies with future versions.

Anyway I am closing this one

@vkhoroz
Copy link
Member

vkhoroz commented Mar 22, 2024
edited
Loading

why are we compiling with version 1.20

I have no idea about that; looks like some kind of innocent slippery when adding the GitHub Action.
When building, Golang always honors a version specified in go.mod, as long as it is the same or lower than a compiler version.

I don't think we need to worry about that as long as it works.

@vkhoroz
Copy link
Member

vkhoroz commented Mar 22, 2024

@camilamacedo86 grepping history releaved this: 26d8ecd.

So, it is not unintentional, bug rather @doanac was fixing a weird compiler bug.
Anyway, my claims that the runtime version used is 1.19 still stay; thus all places where we don't see that bug need to stick to that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vkhoroz vkhoroz Awaiting requested review from vkhoroz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@camilamacedo86 @vkhoroz