Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow GOVERSION to be overridden #848

Open
sudo-bmitch opened this issue Mar 8, 2024 · 2 comments · Fixed by #850
Open

Allow GOVERSION to be overridden #848

sudo-bmitch opened this issue Mar 8, 2024 · 2 comments · Fixed by #850
Assignees
@hogo6002
Labels
enhancement New feature or request

Comments

@sudo-bmitch
Copy link

The fix in #818 appears to block the ability to specify a GOVERSION other than the go.mod value. In my own scenario, I deploy a library with associated binaries, compile the binaries with the latest version of Go, but leave the go.mod a few releases back to avoid forcing an upgrade on anyone importing the library. Would it be possible to default to GOVERSION if it is defined, or to give a configuration option to allow injecting a version to use?
@another-rex another-rex added the enhancement New feature or request label Mar 8, 2024
@hogo6002 hogo6002 mentioned this issue Mar 8, 2024
Merged
@spencerschrock
Copy link
Contributor

spencerschrock commented Mar 11, 2024
edited

#850 seems to take an osv-scanner configuration specific approach, which is fine, but is there any value in also supporting the Go native way of doing things via a toolchain directive (if present)?

I assume precedence (from highest to lowest) would go:

  1. config override
  2. toolchain directive (if present and newer than go directive)
  3. go directive

Or rather, it would be:

  1. config override
  2. the go stdlib version detected in the go.mod, taking toolchain into account

@another-rex
Copy link
Collaborator

That sounds reasonable to me, no need to block #850 for this change, but let's keep this issue open until we add a tool chain version extraction as well.

hogo6002 added a commit that referenced this issue Mar 11, 2024
@hogo6002
fix: allow users to override GOVERSION (#850)
666bfc1 
fixes #848. 
Allow users to specify a `GOVERSION` other than the one in `go.mod` .

Usage: in toml, `GoVersionOverride = "1.21.0"`
@another-rex another-rex reopened this Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hogo6002 hogo6002

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: allow users to override GOVERSION hogo6002/osv-scanner
4 participants
@sudo-bmitch @spencerschrock @hogo6002 @another-rex