action.yml: add option to skip setting up go
Allows you to setup go yourself.
diff --git a/action.yml b/action.yml
index 6fe7e2c..b44d8b7 100644
--- a/action.yml
+++ b/action.yml
@@ -29,6 +29,10 @@
description: "Checkout the repository"
required: false
default: true
+ setup-go:
+ description: "Setup go"
+ required: false
+ default: true
go-version-file:
description: 'Path to the go.mod or go.work file.'
required: false
@@ -45,7 +49,8 @@
steps:
- if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+ - if: inputs.setup-go != 'false' # only explicit false prevents setting up go
+ uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
with:
go-version: ${{ inputs.go-version-input }}
check-latest: ${{ inputs.check-latest }}
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
I spotted some possible problems with your PR:
1. You usually need to reference a bug number for all but trivial or cosmetic fixes. For most repos outside the main go repo, the format is usually 'Fixes golang/go#12345' or 'Updates golang/go#12345' at the end of the commit message. Should you have a bug reference?
Please address any problems by updating the GitHub PR.
When complete, mark this comment as 'Done' and click the [blue 'Reply' button](https://go.dev/wiki/GerritBot#i-left-a-reply-to-a-comment-in-gerrit-but-no-one-but-me-can-see-it) above. These findings are based on heuristics; if a finding does not apply, briefly reply here saying so.
To update the commit title or commit message body shown here in Gerrit, you must edit the GitHub PR title and PR description (the first comment) in the GitHub web interface using the 'Edit' button or 'Edit' menu entry there. Note: pushing a new commit to the PR will not automatically update the commit message used by Gerrit.
For more details, see:
(In general for Gerrit code reviews, the change author is expected to [log in to Gerrit](https://go-review.googlesource.com/login/) with a Gmail or other Google account and then close out each piece of feedback by marking it as 'Done' if implemented as suggested or otherwise reply to each review comment. See the [Review](https://go.dev/doc/contribute#review) section of the Contributing Guide for details.)
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Congratulations on opening your first change. Thank you for your contribution!
Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.
Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Out of curiosity - isn't it better to just run `go run golang.org/x/vuln/cmd/govulncheck@latest ./...` at that point?
Why does user want to add this extra dependency layer? (internally, it calls `@latest` anyway so there is no version pinning, etc...)
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Out of curiosity - isn't it better to just run `go run golang.org/x/vuln/cmd/govulncheck@latest ./...` at that point?
Why does user want to add this extra dependency layer? (internally, it calls `@latest` anyway so there is no version pinning, etc...)
That's a fair point.
The action still provides some encapsulation of argument handling, etc. But you're right in questioning if it's worth the overhead, though.
To answer a question from a GitHub question, "What is the use case ?":
My own use case that I have my own setup of go which doesn't have the same delay as actions/setup-go in supporting new go releases. This leads to pull requests using a new go release, but failing govulncheck-action because it's based on actions/setup-go.
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |