build: upgrade Go toolchain from 1.25.7 to 1.26.1#1287
Conversation
Required for oasis-core/go v0.2600.0 which declares go 1.26.0. Updates go.mod, CI workflows, and Dockerfiles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updates remaining Go 1.25.7 references in README, tutorials, fuzz README, and BLS GitHub action to 1.26.1. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughThe pull request updates Go toolchain references from 1.25.7 to 1.26.1 across CI workflows, Dockerfiles, go.mod, and documentation. No functional logic or API signature changes were made. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
test/docker/Dockerfile (1)
1-42: Run the test image as a non-root user.From Line 1 onward, there is no
USERinstruction, so runtime defaults to root. This can fail policy gates and hide permission issues during tests.🔒 Proposed hardening
# Now copy in the code # NOTE: this will overwrite whatever is in vendor/ COPY . $REPO +RUN useradd --create-home --uid 10001 tenderdash && \ + chown -R tenderdash:tenderdash $REPO +USER tenderdash + # expose the volume for debugging VOLUME $REPO🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/docker/Dockerfile` around lines 1 - 42, The Dockerfile currently leaves the container running as root; create and switch to a non-root user (e.g., add a dedicated user/group and use USER) and ensure $REPO ownership/permissions are set so that subsequent runtime operations (tenderdash testnet, VOLUME $REPO, exposed ports) work without root: during image build (before the final COPY/VOLUME/EXPOSE and before invoking tenderdash for the test data or at the end of the file) create the user/group, chown $REPO and any bin dirs (GOBIN) to that user, and add a USER instruction to run the container as that non-root user while keeping privileged install steps (make tools, make install, install_abci) executed as root earlier in the Dockerfile so builds succeed..github/workflows/lint.yml (1)
43-43: Pin exact Go version in lint workflow for deterministic CI.Line 43 uses
^1.26.1, which can drift to newer 1.x releases. All other workflows pin to"1.26.1"exactly; align this for consistency.♻️ Proposed change
- go-version: "^1.26.1" + go-version: "1.26.1"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/lint.yml at line 43, The lint workflow currently pins Go using a caret range ("^1.26.1") which allows unintended upgrades; change the go-version setting from "^1.26.1" to the exact string "1.26.1" so it matches other workflows and ensures deterministic CI (update the value referenced as go-version in the lint workflow).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/actions/bls/action.yml:
- Around line 16-19: Update the GitHub Action step that currently reads "uses:
actions/setup-go@v2" to match other workflows by using the newer release tag
(e.g., "actions/setup-go@v6.3.0"); keep the existing "with: go-version:
\"1.26.1\"" input unchanged and ensure the surrounding step (the "uses:
actions/checkout@v6" step) remains intact so the job configuration stays
consistent.
---
Nitpick comments:
In @.github/workflows/lint.yml:
- Line 43: The lint workflow currently pins Go using a caret range ("^1.26.1")
which allows unintended upgrades; change the go-version setting from "^1.26.1"
to the exact string "1.26.1" so it matches other workflows and ensures
deterministic CI (update the value referenced as go-version in the lint
workflow).
In `@test/docker/Dockerfile`:
- Around line 1-42: The Dockerfile currently leaves the container running as
root; create and switch to a non-root user (e.g., add a dedicated user/group and
use USER) and ensure $REPO ownership/permissions are set so that subsequent
runtime operations (tenderdash testnet, VOLUME $REPO, exposed ports) work
without root: during image build (before the final COPY/VOLUME/EXPOSE and before
invoking tenderdash for the test data or at the end of the file) create the
user/group, chown $REPO and any bin dirs (GOBIN) to that user, and add a USER
instruction to run the container as that non-root user while keeping privileged
install steps (make tools, make install, install_abci) executed as root earlier
in the Dockerfile so builds succeed.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 4d981bc6-9e6c-408f-abda-03e81c9a2040
📒 Files selected for processing (15)
.github/actions/bls/action.yml.github/workflows/build.yml.github/workflows/check-generated.yml.github/workflows/e2e.yml.github/workflows/lint.yml.github/workflows/release.yml.github/workflows/tests.ymlDOCKER/DockerfileREADME.mddocs/tutorials/go-built-in.mddocs/tutorials/go.mdgo.modtest/docker/Dockerfiletest/e2e/docker/Dockerfiletest/fuzz/README.md
| - uses: actions/setup-go@v2 | ||
| with: | ||
| go-version: "1.25.7" | ||
| go-version: "1.26.1" | ||
| - uses: actions/checkout@v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify all setup-go action versions used in repository workflows/actions
rg -nP 'uses:\s*actions/setup-go@' .githubRepository: dashpay/tenderdash
Length of output: 767
Upgrade actions/setup-go to align with other workflows.
Line 16 uses actions/setup-go@v2 while all other workflows use @v6.3.0. Standardizing on the same major version prevents CI setup drift.
♻️ Proposed update
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v6.3.0📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - uses: actions/setup-go@v2 | |
| with: | |
| go-version: "1.25.7" | |
| go-version: "1.26.1" | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-go@v6.3.0 | |
| with: | |
| go-version: "1.26.1" | |
| - uses: actions/checkout@v6 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/actions/bls/action.yml around lines 16 - 19, Update the GitHub
Action step that currently reads "uses: actions/setup-go@v2" to match other
workflows by using the newer release tag (e.g., "actions/setup-go@v6.3.0"); keep
the existing "with: go-version: \"1.26.1\"" input unchanged and ensure the
surrounding step (the "uses: actions/checkout@v6" step) remains intact so the
job configuration stays consistent.
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
1 participant
Summary
go.mod, CI workflows, Dockerfiles, BLS action, docs, and READMEoasis-core/gov0.2600.0 which declaresgo 1.26.0in its module directiveFiles changed
go.mod—godirective.github/workflows/— 6 workflow files + BLS composite actionDOCKER/Dockerfile,test/docker/Dockerfile,test/e2e/docker/DockerfileREADME.md,docs/tutorials/go-built-in.md,docs/tutorials/go.md,test/fuzz/README.mdTest plan
🤖 Co-authored by Claudius the Magnificent AI Agent
Summary by CodeRabbit