Skip to content

govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified #70036

Open
@sbp-bvanb

Description

@sbp-bvanb

govulncheck version

golang/govulncheck-action@v1.0.4

Does this issue reproduce at the latest version of golang.org/x/vuln?

  • Yes.

Output of go env in your module/workspace:

-

What did you do?

- uses: golang/govulncheck-action@v1.0.4
  with:
    go-version-file: go.mod
    go-package: ./...

What did you see happen?

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

What did you expect to see?

No warning as go-version-file: go.mod has been defined. If this is the case, then the code should omit go-version and only use the version that is defined in the go.mod file. Now it is using another Golang version, while another version is defined in the go.mod file.

Activity

added
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
on Oct 29, 2024
added this to the Unreleased milestone on Oct 29, 2024
cagedmantis

cagedmantis commented on Oct 29, 2024

@cagedmantis
Contributor
waliseddiqi

waliseddiqi commented on Nov 8, 2024

@waliseddiqi

I am having same issue

reproduction:
I wanted to pass go-version-file which is 1.23.2 in my go.mod project but the action assigned the go version as 1.23.3

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

self-assigned this
on Jan 20, 2025
jasonwashburn

jasonwashburn commented on May 2, 2025

@jasonwashburn

Looks like the issue was likely introduced here. By giving go-version-input a default value, it guarantees that the setup-go action will be provided a 'go-version' input even when the user does not specify one and the a user-specified go-version-file will be ignored by setup-go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.vulncheck or vulndbIssues for the x/vuln or x/vulndb repo

Type

No type

Projects

No projects

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @cagedmantis@zpavlinovic@jasonwashburn@waliseddiqi@sbp-bvanb

      Issue actions

        govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified · Issue #70036 · golang/go