Skip to content

ci: add scheduled go toolchain update workflow#429

Open
ranxi2001 wants to merge 1 commit into
volcano-sh:mainfrom
ranxi2001:ci/go-toolchain-update-workflow
Open

ci: add scheduled go toolchain update workflow#429
ranxi2001 wants to merge 1 commit into
volcano-sh:mainfrom
ranxi2001:ci/go-toolchain-update-workflow

Conversation

@ranxi2001

Copy link
Copy Markdown
Contributor

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Adds a repository-owned Go toolchain maintenance workflow and helper script.

The scheduled workflow checks the latest stable Go release from the official Go release feed once per week and opens a focused, reviewable PR only when the project baseline is behind. It does not auto-merge.

The schedule is aligned with the existing Dependabot weekly cadence: Monday 00:00 UTC.

This keeps Docker Dependabot focused on runtime base images while preventing golang:* builder images from drifting away from the project Go baseline.

Which issue(s) this PR fixes:

NONE

Special notes for your reviewer:

  • The workflow uses read-only permissions by default.
  • Write permissions are scoped only to the scheduled job that creates or updates the generated PR branch.
  • PRs created by GITHUB_TOKEN may not recursively trigger every downstream workflow, so the creator workflow keeps its own validation steps.
  • Validation:
    • go run github.com/rhysd/actionlint/cmd/actionlint@latest .github/workflows/go-toolchain-update.yml
    • python3 hack/go-toolchain.py verify --check-latest
    • git diff --check upstream/main...HEAD
  • Fork branch push validation for commit 733bb4b: 9/9 checks passed.
  • Fork schedule validation:
  • AI assistance: Used Codex to inspect the existing Go baseline surfaces, prepare the workflow/script, and validate the branch. I reviewed and validated the changes.

Does this PR introduce a user-facing change?:

NONE

Copilot AI review requested due to automatic review settings July 8, 2026 03:11
@volcano-sh-bot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hzxuzhonghu for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new Python script hack/go-toolchain.py to manage and align the Go toolchain baseline across go.mod, Dockerfiles, and GitHub Actions workflows. The review feedback highlights several improvement opportunities: making the workflow regexes more robust to avoid matching commented-out lines, replacing str.removeprefix to maintain compatibility with Python versions older than 3.9, improving the toolchain removal regex to handle pre-release suffixes, and extending workflow verification to support both .yml and .yaml file extensions.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread hack/go-toolchain.py Outdated
Comment on lines +40 to +42
SETUP_GO_RE = re.compile(r"uses:[ \t]*actions/setup-go@")
GO_VERSION_RE = re.compile(r"\bgo-version[ \t]*:")
GO_VERSION_FILE_RE = re.compile(r"\bgo-version-file[ \t]*:[ \t]*go\.mod\b")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The current regular expressions for detecting setup-go and its configuration options match any occurrence of the keywords, even if they are commented out (e.g., # go-version:). This can lead to false positives during verification.

We can make these regexes more robust by ensuring they only match active YAML keys (i.e., starting with optional whitespace at the beginning of a line, and not preceded by a comment character #).

Suggested change
SETUP_GO_RE = re.compile(r"uses:[ \t]*actions/setup-go@")
GO_VERSION_RE = re.compile(r"\bgo-version[ \t]*:")
GO_VERSION_FILE_RE = re.compile(r"\bgo-version-file[ \t]*:[ \t]*go\.mod\b")
SETUP_GO_RE = re.compile(r"^[ \\t]*uses:[ \\t]*actions/setup-go@", re.MULTILINE)
GO_VERSION_RE = re.compile(r"^[ \\t]*go-version[ \\t]*:", re.MULTILINE)
GO_VERSION_FILE_RE = re.compile(r"^[ \\t]*go-version-file[ \\t]*:[ \\t]*go\\.mod\\b", re.MULTILINE)

Comment thread hack/go-toolchain.py Outdated

for release in releases:
if release.get("stable"):
return str(release["version"]).removeprefix("go")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using str.removeprefix will raise an AttributeError on Python versions older than 3.9 (such as Python 3.8, which is still common in some legacy CI runners or developer environments).

To ensure maximum compatibility across different environments, we can use a standard slice or startswith check instead.

Suggested change
return str(release["version"]).removeprefix("go")
version = str(release["version"])
return version[2:] if version.startswith("go") else version

Comment thread hack/go-toolchain.py Outdated
raise ValueError("go.mod does not contain a parseable go directive")

content = GO_DIRECTIVE_RE.sub(f"go {version}", content, count=1)
content = re.sub(r"\ntoolchain[ \t]+go[0-9]+\.[0-9]+(?:\.[0-9]+)?[ \t]*\n", "\n", content)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The current regex for removing the toolchain directive relies on matching a specific Go version pattern. If the toolchain directive contains a pre-release suffix (e.g., go1.21rc1) or any other non-standard version format, the regex will fail to match and remove it, potentially leaving a malformed or outdated toolchain directive in go.mod.

We can make this much more robust by matching any line starting with toolchain using re.MULTILINE, which removes the entire line regardless of the version format.

Suggested change
content = re.sub(r"\ntoolchain[ \t]+go[0-9]+\.[0-9]+(?:\.[0-9]+)?[ \t]*\n", "\n", content)
content = re.sub(r"^toolchain[ \\t]+\\S+[ \\t]*\\r?\\n", "", content, flags=re.MULTILINE)

Comment thread hack/go-toolchain.py Outdated
errors: list[str] = []
workflows = repo / ".github" / "workflows"

for path in sorted(workflows.glob("*.yml")):

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

GitHub Actions workflows can be named with either .yml or .yaml extensions. Currently, verify_workflows only checks files ending in *.yml. If a workflow file is added with a .yaml extension, it will be silently ignored during verification.

We can update the glob search to find and sort both extensions to ensure all workflow files are verified.

Suggested change
for path in sorted(workflows.glob("*.yml")):
workflow_files = list(workflows.glob("*.yml")) + list(workflows.glob("*.yaml"))
for path in sorted(workflow_files):

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a repo-owned mechanism to keep AgentCube’s Go toolchain baseline (as defined in go.mod and mirrored in docker/Dockerfile* builder images) up to date via a scheduled GitHub Actions workflow, generating a focused PR only when an update is needed.

Changes:

  • Introduce hack/go-toolchain.py to read/verify/update the Go version in go.mod and docker/Dockerfile*, and to validate actions/setup-go usage across workflows.
  • Add a scheduled workflow (.github/workflows/go-toolchain-update.yml) that checks the latest stable Go release weekly and opens/updates a PR branch when the repo baseline is behind.
  • Run validation steps in the creator workflow (including go mod tidy, baseline verification, and diff checks) to compensate for limited downstream-trigger behavior from GITHUB_TOKEN-created PRs.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
hack/go-toolchain.py New CLI tool to manage/verify Go baseline alignment across go.mod, Docker builder images, and workflow setup-go configuration.
.github/workflows/go-toolchain-update.yml New scheduled workflow that detects new stable Go releases and creates/updates a PR with the baseline bump (no auto-merge).

@codecov-commenter

codecov-commenter commented Jul 8, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.50%. Comparing base (524e55e) to head (b6a3156).
⚠️ Report is 174 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files
@@             Coverage Diff             @@
##             main     #429       +/-   ##
===========================================
+ Coverage   47.57%   58.50%   +10.93%     
===========================================
  Files          30       36        +6     
  Lines        2819     3463      +644     
===========================================
+ Hits         1341     2026      +685     
+ Misses       1338     1228      -110     
- Partials      140      209       +69     
Flag Coverage Δ
unittests 58.50% <ø> (+10.93%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Signed-off-by: ranxi2001 <ranxi169@163.com>
@ranxi2001 ranxi2001 force-pushed the ci/go-toolchain-update-workflow branch from 733bb4b to b6a3156 Compare July 8, 2026 03:26
Copilot AI review requested due to automatic review settings July 8, 2026 03:26

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@ranxi2001

Copy link
Copy Markdown
Contributor Author

Thanks, updated in the latest push. I tightened the workflow matching to ignore commented YAML keys while keeping valid - uses: steps, replaced removeprefix for older Python compatibility, made toolchain line removal more tolerant, and included both .yml and .yaml workflow files in verification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants