Skip to content

govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified #70036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sbp-bvanb opened this issue Oct 25, 2024 · 4 comments
Open

govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified #70036

sbp-bvanb opened this issue Oct 25, 2024 · 4 comments
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Unreleased

Comments

@sbp-bvanb
Copy link

sbp-bvanb commented Oct 25, 2024
edited
Loading

govulncheck version

golang/[email protected]

Does this issue reproduce at the latest version of golang.org/x/vuln?

  • Yes.

Output of go env in your module/workspace:

-

What did you do?

- uses: golang/[email protected]
  with:
    go-version-file: go.mod
    go-package: ./...

What did you see happen?

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

What did you expect to see?

No warning as go-version-file: go.mod has been defined. If this is the case, then the code should omit go-version and only use the version that is defined in the go.mod file. Now it is using another Golang version, while another version is defined in the go.mod file.
@sbp-bvanb sbp-bvanb added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Oct 25, 2024
@gabyhelp
Copy link

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@cagedmantis cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 29, 2024
@cagedmantis cagedmantis added this to the Unreleased milestone Oct 29, 2024
@cagedmantis
Copy link
Contributor

cc @golang/vulndb

@waliseddiqi
Copy link

I am having same issue

reproduction:
I wanted to pass go-version-file which is 1.23.2 in my go.mod project but the action assigned the go version as 1.23.3

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

@gabyhelp gabyhelp mentioned this issue Dec 15, 2024
Open
@zpavlinovic zpavlinovic self-assigned this Jan 20, 2025
This was referenced Mar 14, 2025
Merged
Merged
Merged
Merged
Merged
Merged
@jasonwashburn
Copy link

Looks like the issue was likely introduced here. By giving go-version-input a default value, it guarantees that the setup-go action will be provided a 'go-version' input even when the user does not specify one and the a user-specified go-version-file will be ignored by setup-go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@cagedmantis @zpavlinovic @jasonwashburn @waliseddiqi @sbp-bvanb @gabyhelp