Unexpected Go 1.24.2 Installation Despite Setting "go Version 1.23 "

Introduction

In this article, we will delve into an unexpected issue encountered during a GitHub Actions job, where Go 1.24.2 is being installed despite explicitly specifying Go 1.23. We will explore the workflow step, runner output, and troubleshooting attempts to identify the root cause of this issue.

Workflow Step

The workflow step is defined as follows:

- name: Build Wails app
  uses: dAppServer/wails-build-action@main
  with:
    go-version: '1.23'
    build-name: ${{ matrix.name }}
    build-platform: ${{ matrix.platform }}
    # Obfuscation requires Go 1.23
    build-obfuscate: true 

In this step, we are using the dAppServer/wails-build-action action and specifying the go-version as 1.23. We are also setting build-obfuscate to true, which requires Go 1.23.

Runner Output

The runner output is as follows:

1. Run dAppServer/wails-build-action@main
2. with:
3. go-version: 1.23.9
4. build-name: MongoPOS
5. build-platform: darwin/universal
6. build-obfuscate: true
7. build: true
8. sign: false
9. package: true
10. nsis: false
11. build-cache: true
12. build-tags: false
13. wails-version: latest
14. wails-build-webview2: download
15. node-version: 18.x
16. app-working-directory: .
17. deno-working-directory: .
18. deno-version: v1.20.x
19. wails-dev-build: false
20. Run build_options=""
21. Run actions/setup-go@v5
22.   with:
23.     check-latest: true
24.     cache: true
25.     cache-dependency-path: go.sum
26.     go-version: 1.23.9
27.     token: ***
28. Setup go version spec 1.23.9
29. Attempting to resolve the latest version from the manifest...
30. matching 1.23.9...
31. Resolved as '1.23.9'
32. Attempting to download 1.23.9...
33. matching 1.23.9...
34. Acquiring 1.23.9 from https://github.com/actions/go-versions/releases/download/1.23.9-14875265214/go-1.23.9-darwin-arm64.tar.gz
35. Extracting Go...
36. /usr/bin/tar xz -C /Users/runner/work/_temp/562ddd85....
37. Successfully extracted go to /Users/runner/work/_temp/562ddd85-cabb-412e-b568-4a0ecf19d1c9
38. Adding to the cache ...
39. Successfully cached go to /Users/runner/hostedtoolcache/go/1.23.9/arm64
40. Added go to the path
41. Successfully set up Go version 1.23.9
42. go: downloading go1.24.2 (darwin/arm64)
43. //runner/hostedtoolcache/go/1.23.9/arm64/bin/go env GOMODCACHE
44. /Users/runner/hostedtoolcache/go/1.23.9/arm64/bin/go env GOCACHE
45. /Users/runner/Library/Caches/go-build
46. /Users/runner/go/pkg/mod
47. Cache is not found
48. go version go1.24.2 darwin/arm64
49. 
50. go env
51. Run go install mvdan.cc/garble@latest
52. go: downloading mvdan.cc/garble v0.14.2
53. go: downloading github.com/rogpeppe/go-internal v1.14.1
54. go: downloading golang.org/x/mod v0.24.0
55. go: downloading golang.org/x/tools v0.32.0
56. go: downloading github.com/bluekeyes/go-gitdiff v0.8.1
57. Run go version
58. go version go1.24.2 darwin/arm64

In the runner output, we can see that Go 1.24.2 is being downloaded at line 42, and the version output confirms it is being used at line 48.

Troubleshooting Attempts

We have tried the following troubleshooting attempts:

• Tried different wails-version values.
• Changed go-version (explicitly to 1.23.9 and 1.23).
• Removed matrix usage to simplify.
• Used actions/setup-go@v5 directly — confirmed that it correctly installs only Go 1.23.9 and doesn't trigger 1.24.2 download.
• Disabled obfuscation — build completes successfully, since the issue is specific to the garble obfuscation tool requiring an exact Go version.

Expected Behavior

The specified Go version (1.23.x) should be used throughout the job, especially when build-obfuscate: true is set, as the obfuscator (garble) is sensitive to the Go version it was built with.

Conclusion

In conclusion, we have encountered an unexpected issue where Go 1.24.2 is being installed despite explicitly specifying Go 1.23. We have explored the workflow step, runner output, and troubleshooting attempts to identify the root cause of this issue. The expected behavior is that the specified Go version (1.23.x) should be used throughout the job, especially when build-obfuscate: true is set.

Recommendations

Based on our analysis, we recommend the following:

• Verify the go-version specified in the workflow step is correct.
• Check the actions/setup-go action version to ensure it is compatible with the specified Go version.
• Review the wails-build-action action to ensure it is not overriding the specified Go version.
• Consider using a different Go version or a different obfuscation tool that is not sensitive to the Go version.

Future Work

In the future, we plan to investigate further into the actions/setup-go action and the wails-build-action action to identify the root cause of this issue. We will also explore alternative solutions to ensure the specified Go version is used throughout the job.

References ------------* GitHub Actions

• dAppServer/wails-build-action
• actions/setup-go

Appendix

Below is the complete workflow file:

name: Build Wails app

on:
  push:
    branches:
      - main

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.23.9
          cache: true
          cache-dependency-path: go.sum
      - name: Build Wails app
        uses: dAppServer/wails-build-action@main
        with:
          go-version: '1.23'
          build-name: ${{ matrix.name }}
          build-platform: ${{ matrix.platform }}
          build-obfuscate: true

Q: What is the issue with the Go installation in the GitHub Actions job?

A: The issue is that Go 1.24.2 is being installed despite explicitly specifying Go 1.23 in the workflow step.

Q: What is the expected behavior of the GitHub Actions job?

A: The expected behavior is that the specified Go version (1.23.x) should be used throughout the job, especially when build-obfuscate: true is set.

Q: What troubleshooting attempts have been made to resolve the issue?

A: The following troubleshooting attempts have been made:

• Tried different wails-version values.
• Changed go-version (explicitly to 1.23.9 and 1.23).
• Removed matrix usage to simplify.
• Used actions/setup-go@v5 directly — confirmed that it correctly installs only Go 1.23.9 and doesn't trigger 1.24.2 download.
• Disabled obfuscation — build completes successfully, since the issue is specific to the garble obfuscation tool requiring an exact Go version.

Q: What are the possible causes of the issue?

A: The possible causes of the issue are:

• The actions/setup-go action is overriding the specified Go version.
• The wails-build-action action is not compatible with the specified Go version.
• The go-version specified in the workflow step is incorrect.

Q: How can the issue be resolved?

A: The issue can be resolved by:

• Verifying the go-version specified in the workflow step is correct.
• Checking the actions/setup-go action version to ensure it is compatible with the specified Go version.
• Reviewing the wails-build-action action to ensure it is not overriding the specified Go version.
• Considering using a different Go version or a different obfuscation tool that is not sensitive to the Go version.

Q: What are the implications of this issue?

A: The implications of this issue are:

• The specified Go version is not being used throughout the job, which can lead to unexpected behavior and errors.
• The garble obfuscation tool is not being used correctly, which can lead to security vulnerabilities.

Q: How can the issue be prevented in the future?

A: The issue can be prevented in the future by:

• Verifying the go-version specified in the workflow step is correct.
• Checking the actions/setup-go action version to ensure it is compatible with the specified Go version.
• Reviewing the wails-build-action action to ensure it is not overriding the specified Go version.
• Considering using a different Go version or a different obfuscation tool that is not sensitive to the Go version.

Q: What are the best practices for setting up Go in GitHub Actions?

A: The best practices for setting up Go in GitHub Actions are:

• Specify the correct go-version in the workflow step.
• Use the actions/setup-go action to set up Go.
• Review the wails-build-action action to ensure it is not overriding the specified Go version.
• Consider using a different Go version or a different obfuscation tool that is not sensitive to the Go version.

Q: What are the resources for further information on this issue?

A: The resources for further information on this issue are:

• GitHub Actions
• dAppServer/wails-build-action
• actions/setup-go

Conclusion

In conclusion, the issue of Go 1.24.2 being installed despite specifying Go 1.23 in the GitHub Actions job is a complex issue that requires careful troubleshooting and analysis. By following the best practices for setting up Go in GitHub Actions and considering alternative solutions, the issue can be resolved and prevented in the future.