From 3df17e5c0a08188bb76f12b7c35bc5f1af00f0c3 Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Sat, 21 Feb 2026 17:42:12 -0500 Subject: [PATCH] build: switch Docker builds to auto toolchain in module mode In eno-controller and eno-reconciler Dockerfiles, replace pinned GOTOOLCHAIN=go1.24.13 with GOTOOLCHAIN=auto and set GOWORK=off. When workspace mode is enabled, the Go command resolves toolchain settings from go.work before go.mod. Setting GOWORK=off disables workspace mode, so go build follows the toolchain configured in go.mod. Align go.work toolchain from go1.24.3 to go1.24.13. Signed-off-by: Wei Fu --- docker/eno-controller/Dockerfile | 8 ++++++-- docker/eno-reconciler/Dockerfile | 8 ++++++-- go.work | 2 +- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/docker/eno-controller/Dockerfile b/docker/eno-controller/Dockerfile index f70f0434..555cebf0 100644 --- a/docker/eno-controller/Dockerfile +++ b/docker/eno-controller/Dockerfile @@ -1,6 +1,10 @@ FROM mcr.microsoft.com/devcontainers/go:1.24 AS builder -# Set GOTOOLCHAIN to ensure the specific version is used during build for fix CVE-2025-68121 -ENV GOTOOLCHAIN=go1.24.13 + +ENV GOTOOLCHAIN=auto + +# Disable workspace mode so go build uses the toolchain from go.mod +ENV GOWORK=off + WORKDIR /app ADD go.mod . diff --git a/docker/eno-reconciler/Dockerfile b/docker/eno-reconciler/Dockerfile index 5fb7d4d3..f93bb8f4 100644 --- a/docker/eno-reconciler/Dockerfile +++ b/docker/eno-reconciler/Dockerfile @@ -1,6 +1,10 @@ FROM mcr.microsoft.com/devcontainers/go:1.24 AS builder -# Set GOTOOLCHAIN to ensure the specific version is used during build for fix CVE-2025-68121 -ENV GOTOOLCHAIN=go1.24.13 + +ENV GOTOOLCHAIN=auto + +# Disable workspace mode so go build uses the toolchain from go.mod +ENV GOWORK=off + WORKDIR /app ADD go.mod . diff --git a/go.work b/go.work index 45a4e2ab..b1966852 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ go 1.24.0 -toolchain go1.24.3 +toolchain go1.24.13 use ( .