govulncheck: use golang:1.23 as a base image (#163)

go toolchain will not downgrade the version of Go before scanning the contents :/
also, use `golang:1.24.0` as a builder image and let Go
updates itself to the exact version specified in `go.mod` :)

Signed-off-by: Xavier Coulon <[email protected]>

Author: xcoulon

govulncheck-action/Containerfile

@@ -1,4 +1,4 @@
-FROM golang:1.24 as builder
+FROM golang:1.24.0 as builder
 
 ARG GOOS=linux 
 ARG GOARCH=amd64
@@ -7,14 +7,15 @@ WORKDIR /usr/src/app/
 
 COPY . .
 
+ENV GOTOOLCHAIN=auto
+
 RUN echo "Building govulncheckx binary for $GOOS/$GOARCH"
 RUN GOOS=$GOOS GOARCH=$GOARCH go build -v -o govulncheckx main.go
 
-FROM golang:1.24
+FROM golang:1.23.0
 # using a fresh golang image without the `WORKDIR` from the builder stage
 # see https://docs.github.com/en/actions/reference/workflows-and-actions/dockerfile-support#workdir
-# using golang 1.24 but the entrypoint will trigger an install of the actual go version, 
-# even if it is 1.23 
+# using golang 1.23.0 since most of our projects are still using it (and toolchain will not downgrade the version of go) 
 
 # copy the binary from the builder stage
 COPY --from=builder /usr/src/app/govulncheckx /usr/local/bin/govulncheckx