From af3d554d35628c94b73957fe719bfb93648db979 Mon Sep 17 00:00:00 2001
From: Colin Adler <colin1adler@gmail.com>
Date: Tue, 23 May 2023 19:53:22 +0000
Subject: [PATCH 1/3] fix(ci): manually select Go version

For some reason, `setup-go` won't actually pick up a new patch version
if it has an old one cached. We need to manually specify the versions
so we can get the latest release.

See: https://github.com/coder/coder/actions/runs/5026963985/jobs/9015878483#step:8:15
---
 .github/workflows/ci.yaml       | 16 +++++++++-------
 .github/workflows/release.yaml  |  6 +++++-
 .github/workflows/security.yaml | 29 +++++------------------------
 dogfood/Dockerfile              |  2 +-
 4 files changed, 20 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 93cb35bd1606b..2249fa1c994cb 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -6,7 +6,6 @@ on:
       - main
 
   pull_request:
-
   workflow_dispatch:
 
 permissions:
@@ -27,6 +26,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+env:
+  CODER_GO_VERSION: "~1.20"
+
 jobs:
   lint:
     runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-8-cores' || 'ubuntu-latest' }}
@@ -37,7 +39,7 @@ jobs:
       # Install Go!
       - uses: actions/setup-go@v4
         with:
-          go-version: "~1.20"
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       # Check for any typos!
       - name: Check for typos
@@ -153,7 +155,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           cache: false
-          go-version: "~1.20"
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       - name: Echo Go Cache Paths
         id: go-cache-paths
@@ -256,7 +258,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           cache: false
-          go-version: "~1.20"
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       - name: Echo Go Cache Paths
         id: go-cache-paths
@@ -345,7 +347,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           cache: false
-          go-version: "~1.20"
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       - name: Echo Go Cache Paths
         id: go-cache-paths
@@ -437,7 +439,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           cache: false
-          go-version: "~1.20"
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       - name: Echo Go Cache Paths
         id: go-cache-paths
@@ -589,7 +591,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           cache: false
-          go-version: "~1.20"
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       - uses: hashicorp/setup-terraform@v2
         with:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index fc9da72db077f..3e761fc8c51e1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -6,6 +6,10 @@ on:
       - "v*"
   workflow_dispatch:
     inputs:
+      go_version:
+        description: "Go version to use for building."
+        required: false
+        default: "1.20.4"
       dry_run:
         description: Perform a dry-run release (devel). Note that ref must be an annotated tag when run without dry-run.
         type: boolean
@@ -92,7 +96,7 @@ jobs:
 
       - uses: actions/setup-go@v4
         with:
-          go-version: "~1.20"
+          go-version: ${{ inputs.go_version }}
 
       - name: Cache Node
         id: cache-node
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 30e499f734e6b..3396099207fea 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -18,6 +18,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-security
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+env:
+  CODER_GO_VERSION: "1.20.4"
+
 jobs:
   codeql:
     runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-8-cores' || 'ubuntu-latest' }}
@@ -32,18 +35,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "~1.20"
-
-      - name: Go Cache Paths
-        id: go-cache-paths
-        run: |
-          echo "GOMODCACHE=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT
-
-      - name: Go Mod Cache
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.go-cache-paths.outputs.GOMODCACHE }}
-          key: ${{ runner.os }}-release-go-mod-${{ hashFiles('**/go.sum') }}
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       # Workaround to prevent CodeQL from building the dashboard.
       - name: Remove Makefile
@@ -73,18 +65,7 @@ jobs:
 
       - uses: actions/setup-go@v4
         with:
-          go-version: "~1.20"
-
-      - name: Go Cache Paths
-        id: go-cache-paths
-        run: |
-          echo "GOMODCACHE=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT
-
-      - name: Go Mod Cache
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.go-cache-paths.outputs.GOMODCACHE }}
-          key: ${{ runner.os }}-release-go-mod-${{ hashFiles('**/go.sum') }}
+          go-version: ${{ env.CODER_GO_VERSION }}
 
       - name: Cache Node
         id: cache-node
diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index 1f0df44bd5306..24254ce6674c9 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -8,7 +8,7 @@ FROM ubuntu:jammy AS go
 
 RUN apt-get update && apt-get install --yes curl gcc
 # Install Go manually, so that we can control the version
-ARG GO_VERSION=1.20
+ARG GO_VERSION=1.20.4
 RUN mkdir --parents /usr/local/go
 
 # Boring Go is needed to build FIPS-compliant binaries.

From 7e624f56ea245a77535929d7df864ce8bba569b2 Mon Sep 17 00:00:00 2001
From: Colin Adler <colin1adler@gmail.com>
Date: Tue, 23 May 2023 20:31:56 +0000
Subject: [PATCH 2/3] add comment

---
 .github/workflows/release.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3e761fc8c51e1..c0d91947d3776 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -6,6 +6,9 @@ on:
       - "v*"
   workflow_dispatch:
     inputs:
+      # For some reason, setup-go won't actually pick up a new patch version if
+      # it has an old one cached. We need to manually specify the versions so we
+      # can get the latest release.
       go_version:
         description: "Go version to use for building."
         required: false

From 77112757093336d417274d344a36ff284bf5d8d7 Mon Sep 17 00:00:00 2001
From: Colin Adler <colin1adler@gmail.com>
Date: Tue, 23 May 2023 20:32:35 +0000
Subject: [PATCH 3/3] fixup! add comment

---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c0d91947d3776..112f0af6e55fe 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,7 +8,7 @@ on:
     inputs:
       # For some reason, setup-go won't actually pick up a new patch version if
       # it has an old one cached. We need to manually specify the versions so we
-      # can get the latest release.
+      # can get the latest release. Never use "~1.xx" here!
       go_version:
         description: "Go version to use for building."
         required: false