fix for check failures

Doing an upgrade for node 24, node 24 is stricter with types so need to add a type for achitecture

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 
-<!--- Please direct any generic questions related to actions to our support community forum at https://github.community/c/code-to-cloud/github-actions/41 --->
+<!--- Please direct any generic questions related to actions to our support community forum at https://github.com/orgs/community/discussions/categories/actions --->
 <!--- Before opening up a new bug report, please make sure to check for similar existing issues -->
 
 **Description:**

.github/ISSUE_TEMPLATE/feature_request.md

@@ -5,7 +5,7 @@ title: ''
 labels: feature request, needs triage
 assignees: ''
 ---
-<!--- Please direct any generic questions related to actions to our support community forum at https://github.community/c/code-to-cloud/github-actions/41 --->
+<!--- Please direct any generic questions related to actions to our support community forum at https://github.com/orgs/community/discussions/categories/actions --->
 <!--- Before opening up a new feature request, please make sure to check for similar existing issues and pull requests -->
 
 **Description:**

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: 'npm'
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: '/'
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: 'weekly'
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: 'github-actions'
+    # Workflow files stored in the default location of `.github/workflows`
+    # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
+    directory: '/'
+    schedule:
+      interval: 'weekly'

.github/workflows/publish-immutable-actions.yml

@@ -17,4 +17,4 @@ jobs:
         uses: actions/checkout@v4
       - name: Publish
         id: publish
-        uses: actions/publish-immutable-action@0.0.3
+        uses: actions/publish-immutable-action@v0.0.4

README.md

@@ -242,18 +242,14 @@ documentation.
 
 ## Using `setup-go` on GHES
 
-`setup-go` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Go
+`setup-go` comes pre-installed on the appliance with GHES if Actions is enabled.
-distributions, `setup-go` downloads distributions from [`actions/go-versions`](https://github.com/actions/go-versions)
+When dynamically downloading Go distributions, `setup-go` downloads distributions from [`actions/go-versions`](https://github.com/actions/go-versions) on github.com (outside of the appliance).
-on github.com (outside of the appliance). These calls to `actions/go-versions` are made via unauthenticated requests,
-which are limited
-to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If
-more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks
-like: `##[error]API rate limit exceeded for...`. After that error the action will try to download versions directly
-from https://storage.googleapis.com/golang, but it also can have rate limit so it's better to put token.
 
-To get a higher rate limit, you
+These calls to `actions/go-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting).
-can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token`
+If more requests are made within the time frame, then the action leverages the `raw API` to retrieve the version-manifest. This approach does not impose a rate limit and hence facilitates unrestricted consumption. This is particularly beneficial for GHES runners, which often share the same IP, to avoid the quick exhaustion of the unauthenticated rate limit.
-input for the action:
+If that fails as well the action will try to download versions directly from https://storage.googleapis.com/golang.
+
+If that fails as well you can get a higher rate limit with [generating a personal access token on github.com](https://github.com/settings/tokens/new) and passing it as the `token` input to the action:
 
 ```yaml
 uses: actions/setup-go@v5
@@ -262,11 +258,19 @@ with:
   go-version: '1.18'
 ```
 
-If the runner is not able to access github.com, any Go versions requested during a workflow run must come from the
+If the runner is not able to access github.com, any Go versions requested during a workflow run must come from the runner's tool cache.
-runner's tool cache.
 See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)"
 for more information.
 
+## Recommended permissions
+
+When using the `setup-go` action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
+
+```yaml
+permissions:
+  contents: read # access to check out code and install dependencies
+```
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__tests__/setup-go.test.ts

@@ -7,6 +7,7 @@ import osm, {type} from 'os';
 import path from 'path';
 import * as main from '../src/main';
 import * as im from '../src/installer';
+import * as httpm from '@actions/http-client';
 
 import goJsonData from './data/golang-dl.json';
 import matchers from '../matchers.json';
@@ -46,6 +47,7 @@ describe('setup-go', () => {
   let execSpy: jest.SpyInstance;
   let getManifestSpy: jest.SpyInstance;
   let getAllVersionsSpy: jest.SpyInstance;
+  let httpmGetJsonSpy: jest.SpyInstance;
 
   beforeAll(async () => {
     process.env['GITHUB_ENV'] = ''; // Stub out Environment file functionality so we can verify it writes to standard out (toolkit is backwards compatible)
@@ -90,6 +92,9 @@ describe('setup-go', () => {
     getManifestSpy = jest.spyOn(tc, 'getManifestFromRepo');
     getAllVersionsSpy = jest.spyOn(im, 'getManifest');
 
+    // httm
+    httpmGetJsonSpy = jest.spyOn(httpm.HttpClient.prototype, 'getJson');
+
     // io
     whichSpy = jest.spyOn(io, 'which');
     existsSpy = jest.spyOn(fs, 'existsSync');
@@ -151,6 +156,21 @@ describe('setup-go', () => {
     );
   });
 
+  it('should return manifest from repo', async () => {
+    const manifest = await im.getManifest(undefined);
+    expect(manifest).toEqual(goTestManifest);
+  });
+
+  it('should return manifest from raw URL if repo fetch fails', async () => {
+    getManifestSpy.mockRejectedValue(new Error('Fetch failed'));
+    httpmGetJsonSpy.mockResolvedValue({
+      result: goTestManifest
+    });
+    const manifest = await im.getManifest(undefined);
+    expect(httpmGetJsonSpy).toHaveBeenCalled();
+    expect(manifest).toEqual(goTestManifest);
+  });
+
   it('can find 1.9 from manifest on linux', async () => {
     os.platform = 'linux';
     os.arch = 'x64';
@@ -790,6 +810,9 @@ describe('setup-go', () => {
       getManifestSpy.mockImplementation(() => {
         throw new Error('Unable to download manifest');
       });
+      httpmGetJsonSpy.mockRejectedValue(
+        new Error('Unable to download manifest from raw URL')
+      );
       getAllVersionsSpy.mockImplementationOnce(() => undefined);
 
       dlSpy.mockImplementation(async () => '/some/temp/path');

__tests__/utils.test.ts

@@ -0,0 +1,52 @@
+import {isSelfHosted} from '../src/utils';
+
+describe('utils', () => {
+  describe('isSelfHosted', () => {
+    let AGENT_ISSELFHOSTED: string | undefined;
+    let RUNNER_ENVIRONMENT: string | undefined;
+
+    beforeEach(() => {
+      AGENT_ISSELFHOSTED = process.env['AGENT_ISSELFHOSTED'];
+      delete process.env['AGENT_ISSELFHOSTED'];
+      RUNNER_ENVIRONMENT = process.env['RUNNER_ENVIRONMENT'];
+      delete process.env['RUNNER_ENVIRONMENT'];
+    });
+
+    afterEach(() => {
+      if (AGENT_ISSELFHOSTED === undefined) {
+        delete process.env['AGENT_ISSELFHOSTED'];
+      } else {
+        process.env['AGENT_ISSELFHOSTED'] = AGENT_ISSELFHOSTED;
+      }
+      if (RUNNER_ENVIRONMENT === undefined) {
+        delete process.env['RUNNER_ENVIRONMENT'];
+      } else {
+        process.env['RUNNER_ENVIRONMENT'] = RUNNER_ENVIRONMENT;
+      }
+    });
+
+    it('isSelfHosted should be true if no environment variables set', () => {
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be true if environment variable is not set to denote GitHub hosted', () => {
+      process.env['RUNNER_ENVIRONMENT'] = 'some';
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be true if environment variable set to denote Azure Pipelines self hosted', () => {
+      process.env['AGENT_ISSELFHOSTED'] = '1';
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be false if environment variable set to denote GitHub hosted', () => {
+      process.env['RUNNER_ENVIRONMENT'] = 'github-hosted';
+      expect(isSelfHosted()).toBeFalsy();
+    });
+
+    it('isSelfHosted should be false if environment variable is not set to denote Azure Pipelines self hosted', () => {
+      process.env['AGENT_ISSELFHOSTED'] = 'some';
+      expect(isSelfHosted()).toBeFalsy();
+    });
+  });
+});

package.json

@@ -4,6 +4,9 @@
   "private": true,
   "description": "setup go action",
   "main": "lib/setup-go.js",
+   "engines": {
+    "node": ">=24.0.0"
+  },
   "scripts": {
     "build": "tsc && ncc build -o dist/setup src/setup-go.ts && ncc build -o dist/cache-save src/cache-save.ts",
     "format": "prettier --no-error-on-unmatched-pattern --config ./.prettierrc.js --write \"**/*.{ts,yml,yaml}\"",
@@ -25,31 +28,31 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
-    "@actions/cache": "^3.2.4",
+    "@actions/cache": "^4.0.3",
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.11.1",
-    "@actions/exec": "^1.1.0",
+    "@actions/exec": "^1.1.1",
-    "@actions/glob": "^0.4.0",
+    "@actions/glob": "^0.5.0",
     "@actions/http-client": "^2.2.1",
     "@actions/io": "^1.0.2",
-    "@actions/tool-cache": "^2.0.1",
+    "@actions/tool-cache": "^2.0.2",
-    "semver": "^7.6.0"
+    "semver": "^7.6.3"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.12",
+    "@types/jest": "^29.5.14",
     "@types/node": "^20.11.28",
     "@types/semver": "^7.5.8",
-    "@typescript-eslint/eslint-plugin": "^5.54.0",
+    "@typescript-eslint/eslint-plugin": "^8.31.1",
-    "@typescript-eslint/parser": "^5.54.0",
+    "@typescript-eslint/parser": "^8.35.1",
     "@vercel/ncc": "^0.38.1",
     "eslint": "^8.57.0",
-    "eslint-config-prettier": "^8.6.0",
+    "eslint-config-prettier": "^10.0.1",
-    "eslint-plugin-jest": "^27.9.0",
+    "eslint-plugin-jest": "^29.0.1",
     "eslint-plugin-node": "^11.1.0",
     "jest": "^29.7.0",
     "jest-circus": "^29.7.0",
     "nock": "^10.0.6",
     "prettier": "^2.8.4",
-    "ts-jest": "^29.1.2",
+    "ts-jest": "^29.3.2",
-    "typescript": "^5.4.2"
+    "typescript": "^5.8.3"
   }
 }

src/installer.ts

@@ -6,7 +6,13 @@ import * as httpm from '@actions/http-client';
 import * as sys from './system';
 import fs from 'fs';
 import os from 'os';
-import {StableReleaseAlias} from './utils';
+import {StableReleaseAlias, isSelfHosted} from './utils';
+import {Architecture} from './types';
+
+const MANIFEST_REPO_OWNER = 'actions';
+const MANIFEST_REPO_NAME = 'go-versions';
+const MANIFEST_REPO_BRANCH = 'main';
+const MANIFEST_URL = `https://raw.githubusercontent.com/${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}/${MANIFEST_REPO_BRANCH}/versions-manifest.json`;
 
 type InstallationType = 'dist' | 'manifest';
 
@@ -34,7 +40,7 @@ export async function getGo(
   versionSpec: string,
   checkLatest: boolean,
   auth: string | undefined,
-  arch = os.arch()
+  arch: Architecture = os.arch() as Architecture
 ) {
   let manifest: tc.IToolRelease[] | undefined;
   const osPlat: string = os.platform();
@@ -146,7 +152,7 @@ async function resolveVersionFromManifest(
   versionSpec: string,
   stable: boolean,
   auth: string | undefined,
-  arch: string,
+  arch: Architecture,
   manifest: tc.IToolRelease[] | undefined
 ): Promise<string | undefined> {
   try {
@@ -175,11 +181,7 @@ async function cacheWindowsDir(
   if (os.platform() !== 'win32') return false;
 
   // make sure the action runs in the hosted environment
-  if (
+  if (isSelfHosted()) return false;
-    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' &&
-    process.env['AGENT_ISSELFHOSTED'] === '1'
-  )
-    return false;
 
   const defaultToolCacheRoot = process.env['RUNNER_TOOL_CACHE'];
   if (!defaultToolCacheRoot) return false;
@@ -274,15 +276,85 @@ export async function extractGoArchive(archivePath: string): Promise<string> {
   return extPath;
 }
 
-export async function getManifest(auth: string | undefined) {
+function isIToolRelease(obj: any): obj is tc.IToolRelease {
-  return tc.getManifestFromRepo('actions', 'go-versions', auth, 'main');
+  return (
+    typeof obj === 'object' &&
+    obj !== null &&
+    typeof obj.version === 'string' &&
+    typeof obj.stable === 'boolean' &&
+    Array.isArray(obj.files) &&
+    obj.files.every(
+      (file: any) =>
+        typeof file.filename === 'string' &&
+        typeof file.platform === 'string' &&
+        typeof file.arch === 'string' &&
+        typeof file.download_url === 'string'
+    )
+  );
+}
+
+export async function getManifest(
+  auth: string | undefined
+): Promise<tc.IToolRelease[]> {
+  try {
+    const manifest = await getManifestFromRepo(auth);
+    if (
+      Array.isArray(manifest) &&
+      manifest.length &&
+      manifest.every(isIToolRelease)
+    ) {
+      return manifest;
+    }
+
+    let errorMessage =
+      'An unexpected error occurred while fetching the manifest.';
+    if (
+      typeof manifest === 'object' &&
+      manifest !== null &&
+      'message' in manifest
+    ) {
+      errorMessage = (manifest as {message: string}).message;
+    }
+    throw new Error(errorMessage);
+  } catch (err) {
+    core.debug('Fetching the manifest via the API failed.');
+    if (err instanceof Error) {
+      core.debug(err.message);
+    }
+  }
+  return await getManifestFromURL();
+}
+
+function getManifestFromRepo(
+  auth: string | undefined
+): Promise<tc.IToolRelease[]> {
+  core.debug(
+    `Getting manifest from ${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}@${MANIFEST_REPO_BRANCH}`
+  );
+  return tc.getManifestFromRepo(
+    MANIFEST_REPO_OWNER,
+    MANIFEST_REPO_NAME,
+    auth,
+    MANIFEST_REPO_BRANCH
+  );
+}
+
+async function getManifestFromURL(): Promise<tc.IToolRelease[]> {
+  core.debug('Falling back to fetching the manifest using raw URL.');
+
+  const http: httpm.HttpClient = new httpm.HttpClient('tool-cache');
+  const response = await http.getJson<tc.IToolRelease[]>(MANIFEST_URL);
+  if (!response.result) {
+    throw new Error(`Unable to get manifest from ${MANIFEST_URL}`);
+  }
+  return response.result;
 }
 
 export async function getInfoFromManifest(
   versionSpec: string,
   stable: boolean,
   auth: string | undefined,
-  arch = os.arch(),
+  arch: Architecture = os.arch() as Architecture,
   manifest?: tc.IToolRelease[] | undefined
 ): Promise<IGoVersionInfo | null> {
   let info: IGoVersionInfo | null = null;
@@ -308,7 +380,7 @@ export async function getInfoFromManifest(
 
 async function getInfoFromDist(
   versionSpec: string,
-  arch: string
+  arch: Architecture
 ): Promise<IGoVersionInfo | null> {
   const version: IGoVersion | undefined = await findMatch(versionSpec, arch);
   if (!version) {
@@ -327,7 +399,7 @@ async function getInfoFromDist(
 
 export async function findMatch(
   versionSpec: string,
-  arch = os.arch()
+  arch: Architecture = os.arch() as Architecture
 ): Promise<IGoVersion | undefined> {
   const archFilter = sys.getArch(arch);
   const platFilter = sys.getPlatform();
@@ -431,7 +503,10 @@ export function parseGoVersionFile(versionFilePath: string): string {
   return contents.trim();
 }
 
-async function resolveStableVersionDist(versionSpec: string, arch: string) {
+async function resolveStableVersionDist(
+  versionSpec: string,
+  arch: Architecture
+) {
   const archFilter = sys.getArch(arch);
   const platFilter = sys.getPlatform();
   const dlUrl = 'https://golang.org/dl/?mode=json&include=all';

src/main.ts

@@ -8,6 +8,7 @@ import {isCacheFeatureAvailable} from './cache-utils';
 import cp from 'child_process';
 import fs from 'fs';
 import os from 'os';
+import {Architecture} from './types';
 
 export async function run() {
   try {
@@ -20,10 +21,10 @@ export async function run() {
     const cache = core.getBooleanInput('cache');
     core.info(`Setup go version spec ${versionSpec}`);
 
-    let arch = core.getInput('architecture');
+    let arch = core.getInput('architecture') as Architecture;
 
     if (!arch) {
-      arch = os.arch();
+      arch = os.arch() as Architecture;
     }
 
     if (versionSpec) {

src/system.ts

@@ -1,4 +1,5 @@
 import os from 'os';
+import {Architecture} from './types';
 
 export function getPlatform(): string {
   // darwin and linux match already
@@ -15,7 +16,7 @@ export function getPlatform(): string {
   return plat;
 }
 
-export function getArch(arch: string): string {
+export function getArch(arch: Architecture): string {
   // 'arm', 'arm64', 'ia32', 'mips', 'mipsel', 'ppc', 'ppc64', 's390', 's390x', 'x32', and 'x64'.
 
   // wants amd64, 386, arm64, armv61, ppc641e, s390x

src/types.ts

@@ -0,0 +1,2 @@
+// match what @actions/tool-cache expects
+export type Architecture = string;

src/utils.ts

@@ -2,3 +2,13 @@ export enum StableReleaseAlias {
   Stable = 'stable',
   OldStable = 'oldstable'
 }
+
+export const isSelfHosted = (): boolean =>
+  process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' &&
+  (process.env['AGENT_ISSELFHOSTED'] === '1' ||
+    process.env['AGENT_ISSELFHOSTED'] === undefined);
+/* the above is simplified from:
+    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' && process.env['AGENT_ISSELFHOSTED'] === '1'
+    ||
+    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' && process.env['AGENT_ISSELFHOSTED'] === undefined
+*/