fix(actions): route renovate go mod tidy through the module proxy#158
Merged
Conversation
GOPROXY=direct made `go mod tidy` resolve every dependency from origin. That intermittently failed on vanity-import hosts (gonum.org reset the connection mid-fetch), aborting the tidy and leaving go.sum un-regenerated after a go.mod bump — so consumers shipped a go.mod/go.sum mismatch that broke generated-go (mockery: invalid package name ""). Use the CDN-backed proxy with a direct fallback, and set GOPRIVATE for our own a-novel / a-novel-kit modules so freshly tagged internal versions are fetched straight from GitHub without waiting for the proxy to index them. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Updates the self-hosted Renovate composite action to make Go module resolution more reliable during go mod tidy by routing public module downloads through the official Go module proxy while keeping internal modules fetched directly.
Changes:
- Switch Go module fetching from
GOPROXY=directtoGOPROXY=https://proxy.golang.org,direct. - Add
GOPRIVATE=github.com/a-novel,github.com/a-novel-kitto treat internal modules as private (skip proxy/sumdb). - Document the rationale and failure mode being addressed (flaky vanity-import lookups causing incomplete
go.sumupdates).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Switches the self-hosted Renovate action's Go environment from
GOPROXY=directtoGOPROXY=https://proxy.golang.org,direct, and addsGOPRIVATE=github.com/a-novel,github.com/a-novel-kit.Why
With
GOPROXY=direct, Renovate'sgo mod tidy(run viapostUpdateOptions: gomodTidy) resolves every dependency straight from its origin. For vanity-import paths this means an HTTPS?go-get=1meta lookup + git clone against the upstream host, which is far flakier than the CDN-backed module proxy.This morning a transitive dep reset the connection mid-fetch:
When
go mod tidyaborts,go.sumis never regenerated. The bumped PR then ships ago.modreferencing the new version with ago.sumstill on the old one — which surfaces downstream as the crypticgenerated-gofailurecould not import <module> (invalid package name: "")(mockery /go/packagesrefusing to load an unverifiable module). It hita-novel/service-authentication#987anda-novel/service-json-keys#711(bothjwt v1.1.69bumps).Fix
proxy.golang.org(reliable, cached), withdirectas fallback when the proxy can't serve a version.a-novel*) are covered byGOPRIVATE, so they're fetched directly from GitHub (reliable host) and skip the public sumdb — meaning freshly tagged internal versions work immediately without waiting forproxy.golang.orgto index them.🤖 Generated with Claude Code