Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump go.mod go version to 1.22.1 #937

Merged
merged 1 commit into from
Jul 31, 2024
Merged

bump go.mod go version to 1.22.1 #937

merged 1 commit into from
Jul 31, 2024

Conversation

jmhodges
Copy link
Contributor

This change is to speed up our build and CI.

Our current debian dpkg package install for Go installs Go 1.21.1. When
that version sees a Go 1.22.x version greater than itself, it downloads
and installs that newer version. This takes a lot of time and happens
across many of our CI jobs and docker image builds.

This downgrade will have no impact on our security posture
(its just for dep version selection) and our dependencies won't be
setting their minimum go version this high for a while.

It might be better for us to just install on a docker image that has the
right Go version installed and allows us to keep up to date in those
other dpkgs without doing apt-get updates (by having a cache of the
package info regularly updated and published as new docker image tags
and our dependabot can detect those).

@jmhodges
bump go.mod go version to 1.22.1
12123f9 
This change is to speed up our build and CI.

Our current debian dpkg package install for Go installs Go 1.21.1. When
that version sees a Go 1.22.x version greater than itself, it downloads
and installs that newer version. This takes a lot of time and happens
across many of our CI jobs and docker image builds.

This downgrade will have no impact on our security posture
(its just for dep version selection) and our dependencies won't be
setting their minimum go version this high for a while.

It might be better for us to just install on a docker image that has the
right Go version installed and allows us to keep up to date in those
other dpkgs without doing `apt-get update`s (by having a cache of the
package info regularly updated and published as new docker image tags
and our dependabot can detect those).
@jmhodges jmhodges marked this pull request as ready for review July 31, 2024 02:09
@jmhodges jmhodges requested review from a team as code owners July 31, 2024 02:09
@jmhodges jmhodges requested review from oskirby and bhearsum and removed request for a team July 31, 2024 02:09
@jmhodges jmhodges merged commit 3e85ead into main Jul 31, 2024
15 checks passed
@willdurand willdurand deleted the go1.22.1 branch August 1, 2024 12:28
jmhodges added a commit to mozilla-services/autograph-edge that referenced this pull request Aug 27, 2024
@jmhodges
move go.mod Go version down to 1.22.1
f301739 
This is for mozilla-services/autograph#937 and
also fixes the cgo dependency in this dockerfile.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bhearsum bhearsum bhearsum approved these changes

@oskirby oskirby Awaiting requested review from oskirby oskirby is a code owner automatically assigned from mozilla-services/autograph-devs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmhodges @bhearsum