Google Git
Sign in
go / govulncheck-action / refs/heads/master^! / .
commit357ea4a5418cb457db33ccd168e28f68e075eba0[log] [tgz]
authorZvonimir Pavlinovic <zpavlinovic@google.com>Tue Jan 14 16:22:55 2025 +0000
committerZvonimir Pavlinovic <zpavlinovic@google.com>Wed May 14 10:27:51 2025 -0700
tree54477282e9c534d00b2ddef43bbc43e675fd8242
parent1ea760651e09004683cbcb231ee0ab504bc87919 [diff]
action.yml: specify cache-dependency-path

Also, update the documentation.

Fixes golang/go#70027

Change-Id: I55a45799e89c9073a43e242df9d0ae64db24dffe
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/642635
Reviewed-by: Sean Liao <sean@liao.dev>
Commit-Queue: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Ian Cottrell <iancottrell@google.com>

diff --git a/README.md b/README.md
index 0f88ecc..83450c5 100644
--- a/README.md
+++ b/README.md

@@ -64,13 +64,16 @@
 work-dir: directory in which to run govulncheck, default '.'
 repo-checkout: checkout the repository, default true
 check-latest: check for the latest Go version, default false
+cache: specify if caching is needed, default true
+cache-dependency-path: specify path to go.sum file (for monorepos), default ''
 go-version-file: go.mod or go.work file specifying Go version, default ''
 output-format: the format of govulncheck output ('text', 'json', or 'sarif'), default 'text'
 output-file: the file to which the output is redirected, default '' (no
 redirection)
 ```
-The precedence for inputs `go-version-input`, `go-version-file`, and `check-latest`
-specifying Go version is inherited from [actions/setup-go](https://github.com/actions/setup-go).
+The precedence for inputs `go-version-input`, `go-version-file`, `check-latest`,
+`cache`, and `cache-dependency-path` specifying Go version and caches is inherited
+from [actions/setup-go](https://github.com/actions/setup-go).
 
 The govulncheck-action follows the exit codes of govulncheck command.
 Specifying the output format 'json' or 'sarif' will return success even if

diff --git a/action.yml b/action.yml
index 3115899..612cd3b 100644
--- a/action.yml
+++ b/action.yml

@@ -13,6 +13,10 @@
     description: 'Used to specify whether Go caching is needed. Set to true, if you would like to enable caching.'
     required: false
     default: true
+  cache-dependency-path:
+    description: 'Used to specify the path to a dependency file (for monorepos) - go.sum'
+    required: false
+    default: ''
   go-package:
     description: 'Go Package to scan with govulncheck'
     required: false
@@ -47,6 +51,7 @@
         check-latest: ${{ inputs.check-latest }}
         go-version-file: ${{ inputs.go-version-file }}
         cache: ${{ inputs.cache }}
+        cache-dependency-path: ${{ inputs.cache-dependency-path }}
     - name: Install govulncheck
       run: go install golang.org/x/vuln/cmd/govulncheck@latest
       shell: bash