chore: bump Go to 1.26.4#194
Merged
Merged
Conversation
Bump the manylinux builder image's Go toolchain from 1.26.1 to 1.26.4 so driver artifacts are compiled against a CVE-patched stdlib. The Docker Compose Build workflow tags images as ghcr.io/adbc-drivers/dev:${MANYLINUX}-go${GO}, so this produces a new manylinux2014-go1.26.4 image once published.
Needed by adbc-drivers/snowflake#149, which bumps the driver go.mod to 1.26.4. Without a matching toolchain image the in-container build fails with 'mkdir /go: permission denied' because the older 1.26.1 toolchain tries to auto-download 1.26.4 into a non-writable GOPATH.
zeroshade
added a commit
to adbc-drivers/snowflake
that referenced
this pull request
Jun 11, 2026
Updates go/pixi.lock to pin adbc-drivers-dev at adbc-drivers/dev@f5aa769 (chore: bump Go to 1.26.4, adbc-drivers/dev#194), which selects the ghcr.io/adbc-drivers/dev:manylinux2014-go1.26.4 builder image. Without this, the in-container build keeps using the go1.26.1 image; the 'go 1.26.4' directive in go.mod then triggers a toolchain auto-download into the non-writable GOPATH=/go (mkdir /go: permission denied). Pinning the 1.26.4 builder makes the container toolchain match go.mod, so the c-shared library compiles on 1.26.4 with no toolchain download.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps the manylinux builder image's Go toolchain from 1.26.1 to 1.26.4 in
adbc_drivers_dev/.env.The
Docker Compose Buildworkflow tags images asghcr.io/adbc-drivers/dev:${MANYLINUX}-go${GO}, so merging this (and running the build withpush=true) publishes a newmanylinux2014-go1.26.4image alongside the existinggo1.26.1one.Why
adbc-drivers/snowflake#149bumps the Snowflake driver'sgo/go.modtogo 1.26.4to clear stdlib CVEs. The shipped.sois compiled inside the manylinux container, whose Go is pinned here. With the container still on 1.26.1, the in-container build runs as--user 1001, sees thego 1.26.4directive, and (under the defaultGOTOOLCHAIN=auto) tries to auto-download the 1.26.4 toolchain intoGOPATH=/go— which it cannot create:Bumping the baked-in toolchain to 1.26.4 makes
GOTOOLCHAIN=autoresolve to the local toolchain (no download), so the build succeeds and the artifact is genuinely compiled on 1.26.4.Follow-up
After this merges and the
manylinux2014-go1.26.4image is pushed, the consuming driver repos pick it up when theirpixi.lockis re-pinned to this commit.