fix(gomod): Revert "fix(manager/gomod): perfer to use go version defined as toolchain to update artifacts"

[rarkins]

Reverts #34564

[trim21]

I guess I can explain the issue here in more details:

The issue we have is repo oapi-codegen/oapi-codegen#1641 , which is a library have a old go directive 1.21.0 and don't want to upgrade go directive.

Now renovate try to upgrade pacakge golang.org/x/[email protected] which require go>=1.23.0.

with 34564

we pick 1.21.0 to handle the mod tidy, they get a ""Artifact update problem""

After we update go.mod, the go get ./... tidy failed, because golang.org/x/[email protected] requires go>=1.23.0 and it doesn't work with the toolchain we pick 1.21.0.

IMO this is the case we can't generate lock file in other package manager, for example a poetry PR: BGmi/BGmi#872 (comment)

diff --git a/go.mod b/go.mod
index 914750e08..856800db1 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/speakeasy-api/openapi-overlay v0.9.0
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/text v0.20.0
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
+	golang.org/x/tools v0.31.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 )

without 34564

we pick ^1.21.0 (1.24.1 currectly)

They will get a PR without "Artifact update problem", but it upgrade go and toolchain directive and failed the CI, it's still a broken PR for the user:

diff --git a/go.mod b/go.mod
index 914750e08..b6683854f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,13 +1,15 @@
 module github.com/oapi-codegen/oapi-codegen/v2
 
-go 1.21.0
+go 1.23.0
+
+toolchain go1.24.1
 
 require (
 	github.com/getkin/kin-openapi v0.128.0
 	github.com/speakeasy-api/openapi-overlay v0.9.0
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/text v0.20.0
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
+	golang.org/x/tools v0.31.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -25,5 +27,6 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
 )

[casaqori]

Honestly, I don't get "their" problem statement.
One just cannot use a go library that declares go1.23.x as pre-requisite in go directive in a go1.21.x project, with whatever toolchain version.
To get this right, Renovate would need to know that it MUST NOT upgrade a dependency with a go directive greater than that of a project. But this is a project maintainer decision and therefore would need to be configurable.

With 34564 in place that is as close as we can get, plus it needs the maintainer to "pin" the dependency (since they don't want to upgrade the whole project). Example config:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "constraints": {
    "go": "1.21"
  },
    {
      "matchManagers": [
        "gomod"
      ],
      "matchPackageNames": [
        "golang.org/x/tools"
      ],
      "allowedVersions": "<=0.21.1"
    }
}

[trim21]

One just cannot use a go library that declares go1.23.x as pre-requisite in go directive in a go1.21.x project, with whatever toolchain version. To get this right,

This is why I think 34564 is not a problem in this case.

With 34564 in place that is as close as we can get, plus it needs the maintainer to "pin" the dependency (since they don't want to upgrade the whole project). Example config:

I think the best solution is #34779 , without the needing to pin package but renovate need to know it can't upgrade package to expected updated version and act on it