chore(deps): bump golang from 1.26.2-alpine3.22 to 1.26.3-alpine3.22 (#254)

dependabot[bot] · web-flow · commit 7d5e157fc3a9 · 2026-05-23T07:52:26.000-05:00
diff --git a/.github/workflows/sync-go-version.yaml b/.github/workflows/sync-go-version.yaml
@@ -0,0 +1,68 @@
+---
+name: Sync go.mod with Dockerfile
+
+on:
+  pull_request:
+    paths:
+      - Dockerfile
+
+permissions: {}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  sync:
+    name: Sync go.mod
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Push the go.mod sync commit back to dependabot branches when they diverge
+    steps:
+      - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+        with:
+          egress-policy: audit
+
+      # Check out the PR head branch (not the merge ref) so any sync commit lands on it.
+      # persist-credentials is required so the subsequent git push uses GITHUB_TOKEN.
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.head_ref }}
+          persist-credentials: true
+
+      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+        with:
+          go-version-file: go.mod
+
+      - name: Verify or sync go directive against Dockerfile
+        env:
+          IS_DEPENDABOT: ${{ github.actor == 'dependabot[bot]' && startsWith(github.head_ref, 'dependabot/docker/golang') }}
+        run: |
+          set -euo pipefail
+
+          DOCKERFILE_GO=$(grep -oE 'golang:[0-9]+\.[0-9]+\.[0-9]+' Dockerfile | head -1 | cut -d: -f2)
+          if [ -z "$DOCKERFILE_GO" ]; then
+            echo "::error::Could not extract Go version from Dockerfile"
+            exit 1
+          fi
+
+          GOMOD_GO=$(go mod edit -json | jq -r '.Go')
+
+          if [ "$DOCKERFILE_GO" = "$GOMOD_GO" ]; then
+            echo "go.mod and Dockerfile both at Go $GOMOD_GO"
+            exit 0
+          fi
+
+          if [ "$IS_DEPENDABOT" != "true" ]; then
+            echo "::error file=go.mod::Dockerfile is on Go $DOCKERFILE_GO but go.mod is on $GOMOD_GO. Run: go mod edit -go=$DOCKERFILE_GO"
+            exit 1
+          fi
+
+          echo "Bumping go.mod from $GOMOD_GO to $DOCKERFILE_GO"
+          go mod edit -go="$DOCKERFILE_GO"
+
+          git config user.name 'github-actions[bot]'
+          git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
+          git add go.mod
+          git commit -m "chore(deps): sync go.mod to Go $DOCKERFILE_GO"
+          git push
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.26.2-alpine3.22@sha256:7ef941168f213aa115df2e61364d67682129e99dc8188b734139dea862cc7d31 AS build
+FROM golang:1.26.3-alpine3.22@sha256:be93003ee861b3b91b6ebcb22678524947e0cd786c2df3f32af520006b1e54f5 AS build
 
 WORKDIR /app
 
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/privateerproj/privateer
 
-go 1.26.2
+go 1.26.3
 
 require (
 	github.com/hashicorp/go-hclog v1.6.3

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM golang:1.26.2-alpine3.22@sha256:7ef941168f213aa115df2e61364d67682129e99dc8188b734139dea862cc7d31 AS build`
	`1`	`+FROM golang:1.26.3-alpine3.22@sha256:be93003ee861b3b91b6ebcb22678524947e0cd786c2df3f32af520006b1e54f5 AS build`
`2`	`2`
`3`	`3`	`WORKDIR /app`
`4`	`4`