constellation/dev-docs/workflows/bump-go-version.md

# Bump Go version
`govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes.

## Steps

1. Replace "1.xx.x" with the new version (see [example](https://github.com/edgelesssys/constellation/commit/9e1a0c06bfda0171958f0776633a9a53f521144d))
2. Update the nix hash

    Once updated run `bazel run //:tidy` and you will see a failure such as:

    ```
        > error: hash mismatch in fixed-output derivation '/nix/store/r85bdj6vrim7m5vlybdmzgca7d0kcb4n-go1.21.4.src.tar.gz.drv':
      >          specified: sha256-GG8rb4yLcE5paCGwmrIEGlwe4T3LwxVqE63PdZMe5Ig=
      >             got:    sha256-R7Jqg9K2WjwcG8rOJztpvuSaentRaKdgTe09JqN714c=
    ```
    Simple replace the hash with the got value.
3. Ask @katexochen to build the thing and push it into his cache.
deps: bump Go to 1.21.4 (#2569) Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> 2023-11-09 14:17:14 -05:00			`# Bump Go version`
			`govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes.

			`## Steps`

			`1. Replace "1.xx.x" with the new version (see [example](https://github.com/edgelesssys/constellation/commit/9e1a0c06bfda0171958f0776633a9a53f521144d))`
			`2. Update the nix hash`

			Once updated run `bazel run //:tidy` and you will see a failure such as:

			```
			`> error: hash mismatch in fixed-output derivation '/nix/store/r85bdj6vrim7m5vlybdmzgca7d0kcb4n-go1.21.4.src.tar.gz.drv':`
			`> specified: sha256-GG8rb4yLcE5paCGwmrIEGlwe4T3LwxVqE63PdZMe5Ig=`
			`> got: sha256-R7Jqg9K2WjwcG8rOJztpvuSaentRaKdgTe09JqN714c=`
			```
			`Simple replace the hash with the got value.`
			`3. Ask @katexochen to build the thing and push it into his cache.`