From f648bc41d7ccdd598f5fe64802a6101c1731d7f7 Mon Sep 17 00:00:00 2001 From: Dominic Evans Date: Tue, 7 Jan 2025 16:19:46 +0000 Subject: [PATCH] fix: relax go directive in go.mod to 1.22.0 Rather than require all consumers to be building with the latest 1.22.10 release of Go 1.22, match the support statement and permit any version of 1.22.x to be used. Since Go 1.21 the go directive in go.mod is considered a hard requirement version and anything older will refuse to build. Update the N-1 go-version used in GitHub Actions to be the .0 release to help ensure this compatibility is maintained in the future. Signed-off-by: Dominic Evans --- .github/workflows/tests.yml | 2 +- README.md | 19 ++++++++++++------- example/go.mod | 7 +++---- example/go.sum | 14 ++++++-------- example/newreposecretwithlibsodium/go.mod | 2 +- example/verifyartifact/main.go | 4 ++-- go.mod | 4 ++-- scrape/go.mod | 4 ++-- scrape/go.sum | 4 ++-- tools/go.mod | 3 ++- tools/go.sum | 4 ++-- 11 files changed, 35 insertions(+), 32 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3ab68bb7b6b..c2a889c880f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,7 +24,7 @@ jobs: shell: bash strategy: matrix: - go-version: [1.x, 1.22.x] + go-version: [1.x, 1.22.0] # test with N and the .0 release of N-1 platform: [ubuntu-latest] include: # include windows, but only with the latest Go version, since there diff --git a/README.md b/README.md index 5f6d5ab3ff0..5914581b6f0 100644 --- a/README.md +++ b/README.md @@ -9,11 +9,18 @@ go-github is a Go client library for accessing the [GitHub API v3][]. -**go-github requires Go version 1.17 and greater** and -the library is tested against Go version 1.22 and greater. go-github tracks -[Go's version support policy][support-policy]. We do our best not to break -older versions of Go if we don't have to, but due to tooling constraints, we -don't always test older versions. +go-github tracks [Go's version support policy][support-policy] supporting any +minor version of the latest two major releases of Go and the go directive in +go.mod reflects that. +We do our best not to break older versions of Go if we don't have to, but we +don't explicitly test older versions and as of Go 1.21 the go directive in +go.mod declares a hard required _minimum_ version of Go to use with this module +and this _must_ be greater than or equal to the go line of all dependencies so +go-github will require the N-1 major release of Go by default. + +[support-policy]: https://golang.org/doc/devel/release.html#policy + +## Development Go version 1.22 introduced significant changes to the pattern syntax and matching behavior of `http.ServerMux` which causes a large number of legacy unit tests to break. @@ -28,8 +35,6 @@ An issue has been created (#3409) requesting assistance in updating all breaking tests when this `GODEBUG` environment variable is not set and Go 1.23.4 or later is used to perform unit tests. -[support-policy]: https://golang.org/doc/devel/release.html#policy - If you're interested in using the [GraphQL API v4][], the recommended library is [shurcooL/githubv4][]. diff --git a/example/go.mod b/example/go.mod index 314b6c93ee5..bd784bf5921 100644 --- a/example/go.mod +++ b/example/go.mod @@ -1,13 +1,13 @@ module github.com/google/go-github/v68/example -go 1.22.10 +go 1.22.0 require ( github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 github.com/bradleyfalzon/ghinstallation/v2 v2.0.4 github.com/gofri/go-github-ratelimit v1.0.3 github.com/google/go-github/v68 v68.0.0 - github.com/sigstore/sigstore-go v0.6.2 + github.com/sigstore/sigstore-go v0.5.1 golang.org/x/crypto v0.31.0 golang.org/x/term v0.27.0 google.golang.org/appengine v1.6.8 @@ -45,7 +45,6 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/in-toto/attestation v1.1.0 // indirect github.com/in-toto/in-toto-golang v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect @@ -66,7 +65,7 @@ require ( github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/sigstore/protobuf-specs v0.3.2 // indirect github.com/sigstore/rekor v1.3.6 // indirect - github.com/sigstore/sigstore v1.8.9 // indirect + github.com/sigstore/sigstore v1.8.11 // indirect github.com/sigstore/timestamp-authority v1.2.2 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect diff --git a/example/go.sum b/example/go.sum index 5fe8fd12e51..9fc9663b67c 100644 --- a/example/go.sum +++ b/example/go.sum @@ -203,8 +203,6 @@ github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGb github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM= github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= -github.com/in-toto/attestation v1.1.0 h1:oRWzfmZPDSctChD0VaQV7MJrywKOzyNrtpENQFq//2Q= -github.com/in-toto/attestation v1.1.0/go.mod h1:DB59ytd3z7cIHgXxwpSX2SABrU6WJUKg/grpdgHVgVs= github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -285,10 +283,10 @@ github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWw github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.9 h1:NiUZIVWywgYuVTxXmRoTT4O4QAGiTEKup4N1wdxFadk= -github.com/sigstore/sigstore v1.8.9/go.mod h1:d9ZAbNDs8JJfxJrYmulaTazU3Pwr8uLL9+mii4BNR3w= -github.com/sigstore/sigstore-go v0.6.2 h1:8uiywjt73vzfrGfWYVwVsiB1E1Qmwmpgr1kVpl4fs6A= -github.com/sigstore/sigstore-go v0.6.2/go.mod h1:pOIUH7Jx+ctwMICo+2zNrViOJJN5sGaQgwX4yAVJkA0= +github.com/sigstore/sigstore v1.8.11 h1:tEqeQqbT+awtM87ec9KEeSUxT/AFvJNawneYJyAkFrQ= +github.com/sigstore/sigstore v1.8.11/go.mod h1:fdrFQosxCQ4wTL5H1NrZcQkqQ72AQbPjtpcL2QOGKV0= +github.com/sigstore/sigstore-go v0.5.1 h1:5IhKvtjlQBeLnjKkzMELNG4tIBf+xXQkDzhLV77+/8Y= +github.com/sigstore/sigstore-go v0.5.1/go.mod h1:TuOfV7THHqiDaUHuJ5+QN23RP/YoKmsbwJpY+aaYPN0= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.3 h1:LTfPadUAo+PDRUbbdqbeSl2OuoFQwUFTnJ4stu+nwWw= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.3/go.mod h1:QV/Lxlxm0POyhfyBtIbTWxNeF18clMlkkyL9mu45y18= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.3 h1:xgbPRCr2npmmsuVVteJqi/ERw9+I13Wou7kq0Yk4D8g= @@ -380,8 +378,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= diff --git a/example/newreposecretwithlibsodium/go.mod b/example/newreposecretwithlibsodium/go.mod index 281feb1a542..b7b85f22b40 100644 --- a/example/newreposecretwithlibsodium/go.mod +++ b/example/newreposecretwithlibsodium/go.mod @@ -1,6 +1,6 @@ module newreposecretwithlibsodium -go 1.22.10 +go 1.22.0 require ( github.com/GoKillers/libsodium-go v0.0.0-20171022220152-dd733721c3cb diff --git a/example/verifyartifact/main.go b/example/verifyartifact/main.go index f68d36aaa41..7409bade079 100644 --- a/example/verifyartifact/main.go +++ b/example/verifyartifact/main.go @@ -102,7 +102,7 @@ func main() { log.Fatal(err) } - var b *bundle.Bundle + var b *bundle.ProtobufBundle for _, attestation := range attestations.Attestations { if err := json.Unmarshal(attestation.Bundle, &b); err != nil { log.Fatal(err) @@ -180,7 +180,7 @@ func getPolicyBuilder() (*verify.PolicyBuilder, error) { return &pb, nil } -func runVerification(sev *verify.SignedEntityVerifier, pb *verify.PolicyBuilder, b *bundle.Bundle) error { +func runVerification(sev *verify.SignedEntityVerifier, pb *verify.PolicyBuilder, b *bundle.ProtobufBundle) error { res, err := sev.Verify(b, *pb) if err != nil { return err diff --git a/go.mod b/go.mod index 6e7d38a639a..e367366bdc7 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module github.com/google/go-github/v68 +go 1.22.0 + require ( github.com/google/go-cmp v0.6.0 github.com/google/go-querystring v1.1.0 ) - -go 1.22.10 diff --git a/scrape/go.mod b/scrape/go.mod index aa681f89a34..e0d91574d21 100644 --- a/scrape/go.mod +++ b/scrape/go.mod @@ -1,9 +1,9 @@ module github.com/google/go-github/scrape -go 1.23.4 +go 1.22.0 require ( - github.com/PuerkitoBio/goquery v1.10.1 + github.com/PuerkitoBio/goquery v1.9.3 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v68 v68.0.0 github.com/xlzd/gotp v0.1.0 diff --git a/scrape/go.sum b/scrape/go.sum index c596dce4b40..9e164640eaa 100644 --- a/scrape/go.sum +++ b/scrape/go.sum @@ -1,5 +1,5 @@ -github.com/PuerkitoBio/goquery v1.10.1 h1:Y8JGYUkXWTGRB6Ars3+j3kN0xg1YqqlwvdTV8WTFQcU= -github.com/PuerkitoBio/goquery v1.10.1/go.mod h1:IYiHrOMps66ag56LEH7QYDDupKXyo5A8qrjIx3ZtujY= +github.com/PuerkitoBio/goquery v1.9.3 h1:mpJr/ikUA9/GNJB/DBZcGeFDXUtosHRyRrwh7KGdTG0= +github.com/PuerkitoBio/goquery v1.9.3/go.mod h1:1ndLHPdTz+DyQPICCWYlYQMPl0oXZj0G6D4LCYA6u4U= github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM= github.com/andybalholm/cascadia v1.3.3/go.mod h1:xNd9bqTn98Ln4DwST8/nG+H0yuB8Hmgu1YHNnWw0GeA= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= diff --git a/tools/go.mod b/tools/go.mod index f5ca69b70d1..188a79ce51f 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -1,6 +1,6 @@ module tools -go 1.23.4 +go 1.22.0 require ( github.com/alecthomas/kong v1.6.0 @@ -14,6 +14,7 @@ require ( require ( github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-test/deep v1.1.1 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/invopop/yaml v0.3.1 // indirect github.com/josharian/intern v1.0.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 74e159fa447..3073cf11c8f 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -12,8 +12,8 @@ github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM= -github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=