action.yml: provide option to checkout repository
The repo checkout is enabled by default, but that can lead to some
issues in case the repo was been checked out earlier and some files are,
say, generated. Hence, we make the checkout optional.
Fixes golang/go#61409
Change-Id: I9bf37fb66c02ef3aa7347e6d534e150766c28990
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/520935
Reviewed-by: Ian Cottrell <iancottrell@google.com>
TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/README.md b/README.md
index ed01e29..5f64356 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,6 @@
uses: golang/govulncheck-action@v1
with:
go-version-input: <your-Go-version>
- work-dir: <your-working-directory>
go-package: <your-package-pattern>
```
@@ -58,6 +57,15 @@
go-version-input: 1.20.6
go-package: ./...
```
+
+govulncheck Github Action accepts several other optional inputs:
+
+```yaml
+work-dir: directory in which to run govulncheck, default '.'
+repo-checkout: checkout the repository, default true
+check-latest: check for the latest Go version, default false
+```
+
When a vulnerability is found, an error will be displayed for that
[GitHub job](https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow)
with information about the vulnerability and how to fix it. For example:
diff --git a/action.yml b/action.yml
index 723c34d..94b017b 100644
--- a/action.yml
+++ b/action.yml
@@ -21,10 +21,15 @@
description: 'Directory in which to run govulncheck'
required: false
default: '.'
+ repo-checkout:
+ description: "Checkout the repository"
+ required: false
+ default: true
runs:
using: "composite"
steps:
- - uses: actions/checkout@v3
+ - if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout
+ uses: actions/checkout@v3
- uses: actions/setup-go@v4.0.0
with:
go-version: ${{ inputs.go-version-input }}
