I've got a GitHub Action I wrote to update the Go versions in my various configuration files[1]. Especially, for my security projects, I'd like an auditable but automated way to keep the Go versions I use up to date.
(Using a .x version number isn't enough because doing that wouldn't kick off new builds when a new version is released and it's difficult to audit when a new Go version was brought in.)
But, unfortunately (and totally understandably from a security perspective!), GitHub Actions can't modify integration configs. So, I've got a plan to keep my Go versions in a file outside of my workflow configs, have my workflows read in that file and use it for go_version, and then have my tool update that external file.
Would y'all be open to me posting a PR to make that an explicitly supported thing in setup-go? Say, reading a file in something like .github/versions/go.yml or similar?
[1] https://github.com/jmhodges/ensure-latest-go
I've got a GitHub Action I wrote to update the Go versions in my various configuration files[1]. Especially, for my security projects, I'd like an auditable but automated way to keep the Go versions I use up to date.
(Using a
.xversion number isn't enough because doing that wouldn't kick off new builds when a new version is released and it's difficult to audit when a new Go version was brought in.)But, unfortunately (and totally understandably from a security perspective!), GitHub Actions can't modify integration configs. So, I've got a plan to keep my Go versions in a file outside of my workflow configs, have my workflows read in that file and use it for
go_version, and then have my tool update that external file.Would y'all be open to me posting a PR to make that an explicitly supported thing in setup-go? Say, reading a file in something like
.github/versions/go.ymlor similar?[1] https://github.com/jmhodges/ensure-latest-go