Go modules is looking to be the standard tool for managing dependencies and will be built into the go build toolchain.

• https://github.com/golang/go/wiki/Modules

The action could support go modules if the action detects go.mod

If a repository has modules it is expected to run the build outside the $GOPATH, otherwise it has to inject environment variables to force the go tooling to use modules by default GO111MODULES=on.

Invoke the go command in a directory outside of the $GOPATH/src tree, with a valid go.mod file in the current directory or any parent of it and the environment variable GO111MODULE unset (or explicitly set to auto).

Go team is planning on deprecating the $GOPATH in go1.13 and making GO111MODULES=on by default.

Alternatively this could just be left to users defining their GO111MODULE in a Makefile or build script.

I was having issues running cedrickring/golang-action/[email protected] in my workflow, and I think it has to do with entrypoint.sh not being set as an executable script but as a write/read file

For some reason after this commit, the tests are failing again:
f03f0f8

Run: https://github.com/cedrickring/golang-action/runs/79343982

@dougnukem some ideas?

When running the test case with a Go project with vendored dependencies and a Gopkg.toml/Gopkg.lock we are getting errors when the action tries to test it and runs:

• dep check - verify /vendor matches the Gopkg.lock

https://github.com/cedrickring/golang-action/runs/74952504

# vendor is out of sync:
golang.org/x/text: hash of vendored tree not equal to digest in Gopkg.lock

### FAILED Test Go Dep Vendor 14:10:18Z (41.75s)

See notes/discussion: #2 (comment)

For now we can disable that default support in this Action until we resolve the issue.

This repo should be aligned with the official Go release policy.

Each major Go release is supported until there are two newer major releases

Only the latest 2 versions will be supported and are available in a release. Old Go versions can still be used with previous release tags (e.g. 1.x.x) but won't get any support.

This is a minor nitpick but with semantic versioning in an SCM like git the standard advice says to name it v${major}.${minor}.${patch}

• https://semver.org/spec/v1.0.0.html#tagging-specification-semvertag

This sub-specification SHOULD be used if you use a version control system (Git, Mercurial, SVN, etc) to store your code. Using this system allows automated tools to inspect your package and determine SemVer compliance and released versions.

When tagging releases in a version control system, the tag for a version MUST be “vX.Y.Z” e.g. “v3.1.0”.

The first revision that introduces SemVer compliance SHOULD be tagged “semver”. This allows pre-existing projects to assume compliance at any arbitrary point and for automated tools to discover this fact.

Ideally we could name the github releases and tag are:

• v1.1.0
• v1.1.1

In terms of release branches I think its fine to call it something like:
releases/v1.1

• patch versions v1.1.0 and v1.1.1 are tagged from this release branch (and hotfixes can be cherry-picked on to this release branch)

You also could do a 'just-in-time' release branch model where the tag is done on master and only when you need to specifically hotfix do you create the release branch:

# need to hotfix release `v1.2.0`
$ git checkout tags/v1.2 -b releases/1.2
# cherry-pick some merge commit
$ git cherry-pick -m 1 xyzabc
# Update Docker label version etc
$ make version-bump-patch 
$ git commit -a -m "Update version to 1.2.1"
$ git tag v1.2.1

For docker image tags I think the convention for semver is to have the following combinations of tags:

• https://medium.com/@mccode/using-semantic-versioning-for-docker-image-tags-dfde8be06699
  

# Assume version: 2.5.3
- cedrickrin/golang-action:latest - this is the most recent built docker image version (its fine to never include this as relying on :latest is bad practice)
-  cedrickrin/golang-action:2 - relying on major version this should be pinned to latest major version and backwards compatible for any changes to minor/patch
-  cedrickrin/golang-action:2.5 - relying on specific major/minor version
-  cedrickrin/golang-action:2.5.3 - relying on specific absolute version

I think the ideal situation is users depend on a specific major version e.g. cedrickrin/golang-action:2 and get the benefit of passively upgrading for bug/security fixes in any minor/patch versions while depending on the major version not having any backwards incompatible changes.

We should test each version to work properly before creating a new release.

This should include:

• Build the image
• Run the image with proper workspace, environment variables