From ea77d72641b6139f03ae84542710c7a13d8c2d1d Mon Sep 17 00:00:00 2001
From: akutz <andrew.kutz@broadcom.com>
Date: Tue, 28 Jan 2025 13:21:47 -0600
Subject: [PATCH] Go 1.23.5 / GH Action uses go.mod

This patch updates go.mod to specify Go 1.23.5 and
updates the GitHub actions to use the Go version from
go.mod.

This patch also addresses https://pkg.go.dev/vuln/GO-2025-3420
and https://pkg.go.dev/vuln/GO-2025-3373, both fixed by updating
from Go 1.23.4 to 1.23.5.
---
 .github/workflows/ci.yml | 17 +++++++----------
 go.mod                   |  2 +-
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ff3f317fb..532182cb8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,8 +1,5 @@
 name: ci
 
-env:
-  GO_VERSION: 1.23
-
 on:
   pull_request:
     branches:
@@ -58,7 +55,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Run go mod tidy
@@ -84,7 +81,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Verify codegen
@@ -100,7 +97,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Create kind cluster
@@ -124,7 +121,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Setup the cache for golangci-lint
@@ -147,7 +144,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Setup the cache for govulncheck
@@ -169,7 +166,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Build Image
@@ -185,7 +182,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ env.GO_VERSION }}
+        go-version-file: go.mod
         cache: true
         cache-dependency-path: '**/go.sum'
     - name: Test
diff --git a/go.mod b/go.mod
index a66ded7f0..22908164d 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/vmware-tanzu/vm-operator
 
-go 1.23
+go 1.23.5
 
 replace (
 	github.com/vmware-tanzu/vm-operator/api => ./api