• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

pantsbuild / pants / 28345096986 / 9
93%
main: 93%

Build:
DEFAULT BRANCH: main
Ran 29 Jun 2026 02:53AM UTC
Files 1206
Run time 29s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

29 Jun 2026 02:36AM UTC coverage: 53.677%. Remained the same
28345096986.9

push

github

web-flow
Pin GOTOOLCHAIN=local in Go sandboxes for hermeticity (#23420)

Disclaimer: Like my previous Go PR, I'm still not primarily a golang
developer. However, the fact that Golang doesn't work properly in Pants
has been the bane of my existence for like 2 years now. The moment that
Mythos/Fable dropped I immediately had it dig deeply into whether the
whole road to proper-golang-in-pants could be opened up. So this is all
by Claude Code with Fable 5 (xhigh), with consults to GPT 5.5 (xhigh)
and Gemini 3.1 Pro. I've had it check and recheck, I ran many different
roles over it, and I had it explain and re-explain it to me, and then I
checked myself.

So, as much as I dislike AI slop and am worried about AI PR overload,
I've done my very best to avoid exactly that while still using AI. I
hope we can get this road unblocked.

The rest is Fable talking:

---

Since Go 1.21, the `go` command defaults to `GOTOOLCHAIN=auto`: when a
`go.mod` or `go.work` file demands a toolchain newer than the installed
SDK, `go` silently downloads that toolchain and re-execs it. Pants never
fingerprints the downloaded toolchain, so the same cached process result
can be produced by different toolchains on different machines. That is a
hermeticity hole in the Go backend.

This PR pins `GOTOOLCHAIN=local` in every Go subprocess sandbox. Builds
that demand a newer toolchain now fail fast with a deterministic,
actionable message:

```
go: go.mod requires go >= X.Y.Z (running go A.B.C; GOTOOLCHAIN=local)
```

Repos whose `go` directive is at or below the installed SDK version are
unaffected.

Changes:

- `sdk.py` (`setup_go_sdk_process`): add `"GOTOOLCHAIN": "local"` to the
process env. The entry is placed after `**env_vars` / `**request.env` so
a value passed via `[golang].subprocess_env_vars` cannot re-enable
toolchain switching.
- `golangci_lint/rules.py`: the lint runner script bypasses
`__run_go.sh` and invokes `go` directly, so it exports
`GOTOOLCHAIN=local` itself.
- Docs: new "Too... (continued)

33649 of 62688 relevant lines covered (53.68%)

0.54 hits per line

Source Files on job test_python_linux_x86_64_3/10 - 28345096986.9
  • Tree
  • List 1206
  • Changed 2
  • Source Changed 2
  • Coverage Changed 2
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Build 28345096986
  • df2f981f on github
  • Prev Job for on main (#28336942568.10)
  • Next Job for on main (#28411659577.6)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc