chore(ci): bump actions/setup-go from 5 to 6#26
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
lml2468
left a comment
lml2468
left a comment
There was a problem hiding this comment.
[APPROVE] — reviewer account matches PR author; flagging for a human maintainer to merge.
Standard Dependabot major-version bump for actions/setup-go. All CI checks passing (Build/Test/Vet green using the new v6). Uses mutable @v6 tag consistent with the existing repo pattern for build jobs.
🔵 Non-blocking: SHA-pinning @v6 → a specific SHA would harden the supply chain, matching the pattern used in the changes job. Not required for this PR.
Jerry-Xin
left a comment
Jerry-Xin
left a comment
There was a problem hiding this comment.
This PR is project-relevant and safely updates the repository’s CI Go setup action across the build, test, and vet jobs.
💬 Non-blocking
- 🔵 Suggestion:
actions/setup-go@v6requires a sufficiently recent GitHub Actions runner because it runs on Node 24. The current jobs all use GitHub-hostedubuntu-latest, so this is not a blocker, but keep it in mind if these jobs are later moved to self-hosted runners. References:.github/workflows/ci.yml:74,.github/workflows/ci.yml:88,.github/workflows/ci.yml:104.
✅ Highlights
- The change is narrowly scoped to
.github/workflows/ci.yml:77,.github/workflows/ci.yml:92, and.github/workflows/ci.yml:107. GO_VERSIONremains1.20, matchinggo.mod, so the action bump does not change the project’s Go toolchain target.- No repository code or test behavior is changed, and no additional test files are needed for this CI dependency update.
lml2468
left a comment
lml2468
left a comment
There was a problem hiding this comment.
Verdict: APPROVED
Dependabot bump: actions/setup-go v5 → v6. CI all green (Build/Test/Vet/CodeQL/sanity/actionlint pass).
Verification:
- 3 occurrences updated consistently (Build, Test, Vet jobs) ✅
go-version: ${{ env.GO_VERSION }}unchanged — no version drift ✅- All jobs on
ubuntu-latest— Node 24 requirement for v6 is satisfied ✅ - No functional change to workflow logic ✅
LGTM.
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/setup-go-6
branch
2 times, most recently
from
f3f6149 to
e7acbd4
Compare
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/setup-go-6
branch
from
e7acbd4 to
5f2f38d
Compare
2 participants
Bumps actions/setup-go from 5 to 6.
Release notes
Sourced from actions/setup-go's releases.
... (truncated)
Commits
4a36011docs: fix Microsoft build of Go link (#734)8f19afcfeat: add go-download-base-url input for custom Go distributions (#721)27fdb26Bump minimatch from 3.1.2 to 3.1.5 (#727)def8c39Rearrange README.md, add advanced-usage.md (#724)4b73464Fix golang download url to go.dev (#469)a5f9b05Update default Go module caching to use go.mod (#705)7a3fe6cBump qs from 6.14.0 to 6.14.1 (#703)b9adafdBump actions/checkout from 5 to 6 (#686)d73f6bcREADME.md: correct to actions/checkout@v6 (#683)ae252eeBump@actions/cacheto v5 (#695)