-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/go: toolchain directive in go.mod being updated unnecessarily #65847
Comments
Please fill out the complete issue template. In particular: what version of Go are you using, what was your |
@bcmills updated - can you take a look again and see if I'm missing anything? |
Adding my own experiences for reference. At work, we would definitely prefer to have the ability to disable the automatic toolchain upgrades (and possibly fail builds that would otherwise require a newer toolchain). We have many modules with the This feature started causing issues for us when one engineer using Go 1.21.x locally updated some dependency and ran Without the ability to opt out of automatic toolchain upgrades we are now forced to synchronize the Go version across CI and every developer machine. While that's not an unreasonable stance in the general case, it is a new restriction/requirement that, as far as I've seen, is not called out in the release notes. We have tried setting One could also argue that forcing more conservative development shops to always stay on the most current Go release, despite the previous minor release being explicitly supported, is a bad situation. |
As of Go 1.21, the initial toolchain release has a And for the Some specifics:
|
You do have that ability: you can set You can also force
That is exactly the problem that |
This works, but it also means that as soon as anyone moves to a newer Go release then everyone else in the organization must also move to that same newer version immediately. This is a problem in tightly regulated environments where, as an example Go 1.22.x may not be "certified" but Go 1.21.5 is. As it stands today it's not possible to both fix CI to 1.21.x and also allow developers to use a newer 1.21.y or 1.22.
TIL. Thanks for this. |
There are environments where setting an env. var. is not possible. For example, the public Renovate service does not support this. There are other ways to pin the golang version in Renovate, but they're undesirable for maintainability reasons. Devcontainers could be another example, where the tooling env. is shared, and must remain static, for consistency across a whole team of developers. In any case, my point is there are places where setting env. vars. isn't a viable workaround. IMHO such major behavior changes should almost always default to the previous or "least disruptive" option. |
I just ran into this same issue, go1.21 is supported but my box has go1.22. I can't run any commands because This is for a library used by a lot of users and it should support go1.21 and go1.22 |
Still a problem, it just makes a complete mess any time common CI server is used by few people |
I'm not seeing this already mentioned here, but in situations where you're looking to change the $ cat go.mod
module example.com
go 1.21.0
$ go get go@1.22.6 toolchain@none
go: upgraded go 1.21.0 => 1.22.6 That comes with the disadvantages of not having the toolchain version written down, but that's no different from the outcome where it's manually removed after |
This comment was marked as off-topic.
This comment was marked as off-topic.
A while ago one would set the
A while ago |
Thanks for posting this. That's exactly the behaviour I (and probably others) had been looking for and was originally the behaviour that I thought that Certainly for my own individual modules I'd likely move to a model of always doing: Ideally I'd want to bake that client behaviour into the |
This comment was marked as spam.
This comment was marked as spam.
I would argue that by adding
I have found this really painful for library developers as well. I've had to ask maintainers to lower the versioning or remove the toolchain directive in a popular OSS lib to support said release policy. As with others, I'm finding I'm constantly wasting time having to unwind/remove the toolchain directive as we run a |
It's so bad I'm considering adding git filter for it. Every time anyone runs even minor release difference compared to build server it breaks |
Any update on this by any chance? Tried upgrading one of my modules to 1.23 (previously 1.22 and not had a problem before), but every go mod tidy is failing because it's setting the toolchain and without it our CI breaks. We deliberately don't set the toolchain so that we can get patch versions of a specific golang version. I've tried setting on my local machine the GOTOOLCHAIN to be Only way I've managed to stop the toolchain directive been added to to set my go directive to explicitly be go 1.23.1. This defeats the point of auto upgrading to the latest patch version. |
Frankly, over the many years I have not seen anything so intrusive, from the go authors: -It (the locally installed compiler) goes to internet itself (!) Even if backward compatibility is no more a guarantee for go (which I think is not the case) this feature should have an option to be disabled. In out setup we are just fine with setting up the minimum version, as it always has been the case. ps. I do not want really think this way, but can not help imagining it is something telemetry-related... |
Maybe it would help to explain better why the |
so far it mostly ensures repetably breaking any kind of development setup with more than one machine... edit: honestly using go dependency management just becomes MORE frustrating over time once "features" are added. forget to push lib's tag before trying to pull it in another project ? enjoy dare to develop something without repo open on the internet ? Enjoy having to set up Want to have one version on build server and not update it any time any of your devs dares to update system ? Tough luck, maybe set up a hook to kick off the toolchain directive /rant over. And still too short for sum.golang.org negative caching to fuck off... |
There doesn't seem to be a way to stop the
toolchain
directive from being updated when running variousgo
commandsIn our OSS project we rely on the
go
directive in the go.mod to ensure a min go version. We do not want to use thetoolchain
directive as we always expect it to match thego
directive.some user feedback
Go Version
Go ENV
expand
Scenario 1 - creating a new module and downgrading go
What did you do
What did you see happen?
What did you expect to happen?
toolchain
directive to be added1.21
- since I didn't specify the point releaseScenario 2 - pulling a new dependency that upgraded the go version
What did you do
Project structure
Fetch a dependency that updates the go min version
What did you see happen?
console output
go.mod output
What did you expect to happen?
toolchain
directive shouldn't appear. We want it to always default to the same as thego
directiveThe text was updated successfully, but these errors were encountered: