codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard

Published 20 hours ago verified publisher icon github

Issue with Autobuild for go 1.21.0 modules

Open gilcrest opened this issue 2 years ago • 8 comments

Hello! I'm not sure if this is the correct place to open this issue, but I recently updated my repo to the latest version of go (1.21). As per their release notes:

Go 1.21 introduces a small change to the numbering of releases. In the past, we used Go 1.N to refer to both the overall Go language version and release family as well as the first release in that family. Starting in Go 1.21, the first release is now Go 1.N.0. Today we are releasing both the Go 1.21 language and its initial implementation, the Go 1.21.0 release. These notes refer to “Go 1.21”; tools like go version will report “go1.21.0” (until you upgrade to Go 1.21.1). See “Go versions” in the “Go Toolchains” documentation for details about the new version numbering.

When updating modules now this new release numbering is used - see https://github.com/gilcrest/diygoapi/blob/main/go.mod

After updating to this, Autobuild on Github has the following errors.

2023/08/15 05:43:47 Found go.mod, enabling go modules
  go: errors parsing go.mod:
  /home/runner/work/diygoapi/diygoapi/go.mod:3: invalid go version '1.21.0': must match format 1.23
  2023/08/15 05:43:47 Running /usr/bin/go failed, continuing anyway: exit status 1
  2023/08/15 05:43:47 Failed to run `go mod tidy -e`
  2023/08/15 05:43:47 Import path is 'github.com/gilcrest/diygoapi'
  2023/08/15 05:43:47 Build failed, continuing to install dependencies.
  2023/08/15 05:43:47 Installing dependencies using `go get -v ./...` in `.`.
  go: errors parsing go.mod:
  /home/runner/work/diygoapi/diygoapi/go.mod:3: invalid go version '1.21.0': must match format 1.23
  2023/08/15 05:43:47 Running /usr/bin/go failed, continuing anyway: exit status 1
  2023/08/15 05:43:47 Running extractor command '/opt/hostedtoolcache/CodeQL/2.14.1/x64/codeql/go/tools/linux64/go-extractor [./...]' from directory '.'.
  2023/08/15 05:43:[48](https://github.com/gilcrest/diygoapi/actions/runs/5863951675/job/15898240560#step:4:49) Build flags: ''; patterns: './...'
  2023/08/15 05:43:48 Running packages.Load.
  2023/08/15 05:43:48 Error running go tooling: err: exit status 1: stderr: go: errors parsing go.mod:
  /home/runner/work/diygoapi/diygoapi/go.mod:3: invalid go version '1.21.0': must match format 1.23
  
  2023/08/15 05:43:48 Extraction failed: exit status 1
  Error: We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps. Encountered a fatal error while running "/opt/hostedtoolcache/CodeQL/2.14.1/x64/codeql/go/tools/autobuild.sh". Exit code was 1 and error was: 2023/08/15 05:43:47 Autobuilder was built with go1.20.5, environment has go1.20.7
  2023/08/15 05:43:47 LGTM_SRC is /home/runner/work/diygoapi/diygoapi
  2023/08/15 05:43:47 Found go.mod, enabling go modules
  go: errors parsing go.mod:
  /home/runner/work/diygoapi/diygoapi/go.mod:3: invalid go version '1.21.0': must match format 1.23
  2023/08/15 05:43:47 Running /usr/bin/go failed, continuing anyway: exit status 1
  2023/08/15 05:43:47 Failed to run `go mod tidy -e`
  2023/08/15 05:43:47 Import path is 'github.com/gilcrest/diygoapi'
  2023/08/15 05:43:47 Build failed, continuing to install dependencies.
  2023/08/15 05:43:47 Installing dependencies using `go get -v ./...` in `.`.
  go: errors parsing go.mod:
  /home/runner/work/diygoapi/diygoapi/go.mod:3: invalid go version '1.21.0': must match format 1.23
  2023/08/15 05:43:47 Running /usr/bin/go failed, continuing anyway: exit status 1
  2023/08/15 05:43:47 Running extractor command '/opt/hostedtoolcache/CodeQL/2.14.1/x64/codeql/go/tools/linux64/go-extractor [./...]' from directory '.'.
  2023/08/15 05:43:48 Build flags: ''; patterns: './...'
  2023/08/15 05:43:48 Running packages.Load.
  2023/08/15 05:43:48 Error running go tooling: err: exit status 1: stderr: go: errors parsing go.mod:
  /home/runner/work/diygoapi/diygoapi/go.mod:3: invalid go version '1.21.0': must match format 1.23
  
  2023/08/15 05:43:48 Extraction failed: exit status 1

Any help you can provide for this is much appreciated!

Best,

Dan

gilcrest avatar Aug 15 '23 05:08 gilcrest

Thanks for reporting. It looks like this problem has recently been fixed by updating a dependency: https://github.com/github/codeql/blob/main/go/vendor/golang.org/x/mod/modfile/rule.go#L306 . A next release of CodeQL should include this improvement.

aibaars avatar Aug 15 '23 18:08 aibaars

Great, thanks! I'll look forward to the next CodeQL release.

gilcrest avatar Aug 15 '23 19:08 gilcrest

@gilcrest FYI: I expect this change to be in 2.14.3, the 2.14.2 version which is about to be released doesn't contain the fix.

aibaars avatar Aug 16 '23 09:08 aibaars

@aibaars Any update on this? Upgrading to version 2.14.3 did not solve the issue for us.

joaonsantos avatar Aug 31 '23 11:08 joaonsantos

@joaonsantos Do you have a log file you can share?

aibaars avatar Aug 31 '23 13:08 aibaars

@aibaars this is run using 2.21.5, hope it helps

https://github.com/risor-io/risor/actions/runs/6000614660/job/16273044121

relates to https://github.com/risor-io/risor/pull/99

chenrui333 avatar Sep 01 '23 16:09 chenrui333

Hi @chenrui333, thank you for providing the extra context!

I have reviewed the build log and your PR. The problem here is not directly about CodeQL, but rather that the GitHub Actions runner image still uses Go 1.20 by default. CodeQL uses the version of Go that is installed on the runner to perform the build. Since Go 1.20 does not recognise the toolchain directive, the build fails. To fix this problem, please add the following step to your codeql.yaml workflow after checking out the repository and before initialising CodeQL:

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c074d25..bdc8039 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -40,6 +40,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3

+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@100912429fab4cb230e66ffb11e738ac5194e73a

This will automatically pull the right Go version from your go.mod file and install it. In your case, this will install Go 1.21 on the GHA runner and the CodeQL build will then have access to the right version. This won't need any maintenance once you bump the Go version in your go.mod file going forward.

mbg avatar Sep 03 '23 20:09 mbg

I've created a PR in actions/runner-images to bump the default version to go.1.21.x: https://github.com/actions/runner-images/pull/8934 - that should address this problem. Though I'm unsure what the default version policy for runner-images is, but lets see.

Update: they closed the PR 😂 - I'll stick to the provided workaround above here I guess.

bschaatsbergen avatar Dec 01 '23 09:12 bschaatsbergen