Skip to content

feat: add support for go:generate directives in gomod #39163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jamietanna merged 17 commits into from
Dec 12, 2025
Merged

feat: add support for go:generate directives in gomod #39163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
0685872
feat: add support for go:generate directives in gomod
mglazer Nov 7, 2025
35c7c55
Merge remote-tracking branch 'origin/main' into mglazer/support-go-ge…
mglazer Dec 1, 2025
c494d35
Updates
mglazer Dec 1, 2025
8a80940
Update fixes
mglazer Dec 1, 2025
37f5198
Merge remote-tracking branch 'origin/main' into mglazer/support-go-ge…
mglazer Dec 2, 2025
28b54e9
Self PR
mglazer Dec 2, 2025
68848d0
Fix docs link
mglazer Dec 2, 2025
7012caa
Trying to find the right path
mglazer Dec 2, 2025
74125a4
Fix
mglazer Dec 2, 2025
6e20f41
Merge remote-tracking branch 'origin/main' into mglazer/support-go-ge…
mglazer Dec 8, 2025
f6d7da0
Add deleted
mglazer Dec 8, 2025
5c4adae
Fix
mglazer Dec 8, 2025
c462096
And fix test...
mglazer Dec 8, 2025
598e678
Merge branch 'main' into mglazer/support-go-generate
mglazer Dec 8, 2025
da14f00
Merge remote-tracking branch 'origin/HEAD' into mglazer/support-go-ge…
jamietanna Dec 12, 2025
dc04e8b
docs: tweak wording for `goGenerate`
jamietanna Dec 12, 2025
f8019b4
fix(types): don't default GlobalConfig
jamietanna Dec 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 21 additions & 20 deletions docs/usage/configuration-options.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3901,26 +3901,27 @@ This way Renovate can use GitHub's [Commit signing support for bots and other Gi

Table with options:

| Name | Description |
| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `bundlerConservative` | Enable conservative mode for `bundler` (Ruby dependencies). This will only update the immediate dependency in the lockfile instead of all subdependencies. |
| `composerWithAll` | Run `composer update` with `--with-all-dependencies` flag instead of the default `--with-dependencies`. |
| `composerNoMinimalChanges` | Run `composer update` with no `--minimal-changes` flag (does not affect lock file maintenance, which will never use `--minimal-changes`). |
| `dotnetWorkloadRestore` | Run `dotnet workload restore` before `dotnet restore` commands. |
| `gomodMassage` | Enable massaging `replace` directives before calling `go` commands. |
| `gomodTidy` | Run `go mod tidy` after Go module updates. This is implicitly enabled for major module updates when `gomodUpdateImportPaths` is enabled. |
| `gomodTidy1.17` | Run `go mod tidy -compat=1.17` after Go module updates. |
| `gomodTidyE` | Run `go mod tidy -e` after Go module updates. |
| `gomodUpdateImportPaths` | Update source import paths on major module updates, using [mod](https://github.com/marwan-at-work/mod). |
| `gomodSkipVendor` | Never run `go mod vendor` after Go module updates. |
| `gomodVendor` | Always run `go mod vendor` after Go module updates even if vendor files aren't detected. |
| `helmUpdateSubChartArchives` | Update subchart archives in the `/charts` folder. |
| `kustomizeInflateHelmCharts` | Inflate updated helm charts referenced in the kustomization. |
| `npmDedupe` | Run `npm install` with `--prefer-dedupe` for npm >= 7 or `npm dedupe` after `package-lock.json` update for npm <= 6. |
| `npmInstallTwice` | Run `npm install` commands _twice_ to work around bugs where `npm` generates invalid lock files if run only once |
| `pnpmDedupe` | Run `pnpm dedupe --ignore-scripts` after `pnpm-lock.yaml` updates. |
| `yarnDedupeFewer` | Run `yarn-deduplicate --strategy fewer` after `yarn.lock` updates. |
| `yarnDedupeHighest` | Run `yarn-deduplicate --strategy highest` (`yarn dedupe --strategy highest` for Yarn >=2.2.0) after `yarn.lock` updates. |
| Name | Description |
| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `bundlerConservative` | Enable conservative mode for `bundler` (Ruby dependencies). This will only update the immediate dependency in the lockfile instead of all subdependencies. |
| `composerNoMinimalChanges` | Run `composer update` with no `--minimal-changes` flag (does not affect lock file maintenance, which will never use `--minimal-changes`). |
| `composerWithAll` | Run `composer update` with `--with-all-dependencies` flag instead of the default `--with-dependencies`. |
| `dotnetWorkloadRestore` | Run `dotnet workload restore` before `dotnet restore` commands. |
| `gomodMassage` | Enable massaging `replace` directives before calling `go` commands. |
| `gomodTidy` | Run `go mod tidy` after Go module updates. This is implicitly enabled for major module updates when `gomodUpdateImportPaths` is enabled. |
| `gomodTidy1.17` | Run `go mod tidy -compat=1.17` after Go module updates. |
| `gomodTidyE` | Run `go mod tidy -e` after Go module updates. |
| `gomodUpdateImportPaths` | Update source import paths on major module updates, using [mod](https://github.com/marwan-at-work/mod). |
| `gomodSkipVendor` | Never run `go mod vendor` after Go module updates. |
| `gomodVendor` | Always run `go mod vendor` after Go module updates even if vendor files aren't detected. |
| `goGenerate` | Run `go generate ./...` after vendoring (if vendoring was required). This will then commit any files which were added or modified by running `go generate`. Note this will not install any other tools as part of the process. See [Go Tool](https://tip.golang.org/doc/go1.24#tools) usage for how to incorporate these as part of your build process. In order for this option to function, the global configuration option `allowedUnsafeExecutions` must include `goGenerate`. |
| `helmUpdateSubChartArchives` | Update subchart archives in the `/charts` folder. |
| `kustomizeInflateHelmCharts` | Inflate updated helm charts referenced in the kustomization. |
| `npmDedupe` | Run `npm install` with `--prefer-dedupe` for npm >= 7 or `npm dedupe` after `package-lock.json` update for npm <= 6. |
| `npmInstallTwice` | Run `npm install` commands _twice_ to work around bugs where `npm` generates invalid lock files if run only once |
| `pnpmDedupe` | Run `pnpm dedupe --ignore-scripts` after `pnpm-lock.yaml` updates. |
| `yarnDedupeFewer` | Run `yarn-deduplicate --strategy fewer` after `yarn.lock` updates. |
| `yarnDedupeHighest` | Run `yarn-deduplicate --strategy highest` (`yarn dedupe --strategy highest` for Yarn >=2.2.0) after `yarn.lock` updates. |

## postUpgradeTasks

Expand Down
6 changes: 6 additions & 0 deletions docs/usage/self-hosted-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,12 @@ This is a separate class of commands that could be executed compared to [`allowe
As there is a security risk of running these commands automatically when a dependency upgrades, self hosted implementations need to explicitly declare which commands are permitted for their installation.
For more details of where this may be found, see ["Trusting Repository Developers"](./security-and-permissions.md#trusting-repository-developers).

Allowed options:

| Option | Description |
| ------------ | ------------------------------------------------------------------------- |
| `goGenerate` | Allows the `goGenerate` `postUpdateCommand` to run after a go mod update. |

## autodiscover

When you enable `autodiscover`, by default, Renovate runs on _every_ repository that the bot account can access.
Expand Down
1 change: 1 addition & 0 deletions lib/config/options/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3118,6 +3118,7 @@ const options: RenovateOptions[] = [
type: 'array',
subType: 'string',
default: [],
allowedValues: ['goGenerate'],
stage: 'repository',
globalOnly: true,
},
Expand Down
2 changes: 1 addition & 1 deletion lib/config/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -535,7 +535,7 @@ export type MergeStrategy =

// ref: https://github.com/renovatebot/renovate/issues/39458
// This list should be added to as any new unsafe execution commands should be permitted
export type AllowedUnsafeExecution = undefined;
export type AllowedUnsafeExecution = 'goGenerate';

// TODO: Proper typings
export interface PackageRule
Expand Down
143 changes: 143 additions & 0 deletions lib/modules/manager/gomod/artifacts.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -644,6 +644,149 @@ describe('modules/manager/gomod/artifacts', () => {
]);
});

it('supports go generate when configured', async () => {
GlobalConfig.set({
...adminConfig,
allowedUnsafeExecutions: ['goGenerate'],
});
fs.findLocalSiblingOrParent.mockResolvedValueOnce('vendor');
const gomodFile = upath.join('go.mod');

fs.readLocalFile.mockResolvedValueOnce('Current go.sum');
fs.readLocalFile.mockResolvedValueOnce('modules.txt content'); // vendor modules filename
const execSnapshots = mockExecAll();
git.getRepoStatus.mockResolvedValueOnce(
partial<StatusResult>({
modified: ['internal/generated/foo.go', gomodFile],
created: ['internal/generated/bar.go'],
not_added: ['internal/pkg/file.go'],
deleted: [
'internal/generated/deleted.go',
'vendor/renovate/deleted.go',
],
}),
);
fs.readLocalFile.mockResolvedValueOnce('New go.mod');
fs.readLocalFile.mockResolvedValueOnce('Foo go');
fs.readLocalFile.mockResolvedValueOnce('Bar go');
const res = await gomod.updateArtifacts({
packageFileName: 'go.mod',
updatedDeps: [],
newPackageFileContent: gomod1,
config: {
...config,
postUpdateOptions: ['goGenerate'],
},
});

// vendor/renovate/deleted.go should only appear once
expect(res).toEqual([
{
file: {
path: 'vendor/renovate/deleted.go',
type: 'deletion',
},
},
{
file: {
path: 'go.mod',
contents: 'New go.mod',
type: 'addition',
},
},
{
file: {
contents: 'Foo go',
path: 'internal/generated/foo.go',
type: 'addition',
},
},
{
file: {
contents: 'Bar go',
path: 'internal/generated/bar.go',
type: 'addition',
},
},
{
file: {
path: 'internal/generated/deleted.go',
type: 'deletion',
},
},
]);

expect(execSnapshots).toMatchObject([
{
cmd: 'go get -d -t ./...',
options: { cwd: '/tmp/github/some/repo' },
},
{
cmd: 'go mod vendor',
options: { cwd: '/tmp/github/some/repo' },
},
{
cmd: 'go generate ./...',
options: { cwd: '/tmp/github/some/repo' },
},
]);
});

it('only allows go generate usage when permitted globally', async () => {
fs.findLocalSiblingOrParent.mockResolvedValueOnce('vendor');
const gomodFile = upath.join('go.mod');

fs.readLocalFile.mockResolvedValueOnce('Current go.sum');
fs.readLocalFile.mockResolvedValueOnce('modules.txt content'); // vendor modules filename
const execSnapshots = mockExecAll();
git.getRepoStatus.mockResolvedValueOnce(
partial<StatusResult>({
modified: ['internal/generated/foo.go', gomodFile],
created: ['internal/generated/bar.go'],
not_added: ['internal/pkg/file.go'],
deleted: ['vendor/internal/deleted.go'],
}),
);
fs.readLocalFile.mockResolvedValueOnce('New go.mod');
fs.readLocalFile.mockResolvedValueOnce('Foo go');
fs.readLocalFile.mockResolvedValueOnce('Bar go');
const res = await gomod.updateArtifacts({
packageFileName: 'go.mod',
updatedDeps: [],
newPackageFileContent: gomod1,
config: {
...config,
postUpdateOptions: ['goGenerate'],
},
});
expect(res).toEqual([
{
file: {
path: 'vendor/internal/deleted.go',
type: 'deletion',
},
},
{
file: {
path: 'go.mod',
contents: 'New go.mod',
type: 'addition',
},
},
]);

expect(execSnapshots).toMatchObject([
{
cmd: 'go get -d -t ./...',
options: { cwd: '/tmp/github/some/repo' },
},
{
cmd: 'go mod vendor',
options: { cwd: '/tmp/github/some/repo' },
},
]);
});

it('supports docker mode without credentials', async () => {
fs.findLocalSiblingOrParent.mockResolvedValueOnce('vendor');
GlobalConfig.set({ ...adminConfig, binarySource: 'docker' });
Expand Down
Loading