slsa-framework
[feature] avoid setup-golang tools when downloading a binary
Is your feature request related to a problem? Please describe.
I'm currently getting warnings from setup-golang action, due to having already setup golang with a different version and cache location.
That slsa generator needs it when its downloading a binary seems erroneous and is a causing this spurious message as well as wasting ci time.
https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/actions/generate-builder/action.yml
instead the setup-golang step should be conditional on the input if the tool is to be built.
I'll note the warning here would also be addressed by https://github.com/slsa-framework/slsa-github-generator/pull/2864
That slsa generator needs it when its downloading a binary seems erroneous and is a causing this spurious message as well as wasting ci time.
If downloading the binary this is true but the Go compiler will be needed when building from source. We could add a conditional to only run setup-go when the compiler is needed (which is most often for our pre-submits etc. anyway).
@kapilt
Also, just curious, how are you running into this issue? Our workflows should be calling generate-builder as part of reusable workflows which are run in their own VM. are you calling generate-builder directly yourself?