all: allow go.mod or go.work Go version to be used
Fixes golang/go#61343
Change-Id: I844f3c83a4e8c6859e6e2527867533e363698b30
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/521735
TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
diff --git a/README.md b/README.md
index 5f64356..df4a375 100644
--- a/README.md
+++ b/README.md
@@ -64,7 +64,10 @@
work-dir: directory in which to run govulncheck, default '.'
repo-checkout: checkout the repository, default true
check-latest: check for the latest Go version, default false
+go-version-file: go.mod or go.work file specifying Go version, default ''
```
+The precedence for inputs `go-version-input`, `go-version-file`, and `check-latest`
+specifying Go version is inherited from [actions/setup-go](https://github.com/actions/setup-go).
When a vulnerability is found, an error will be displayed for that
[GitHub job](https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow)
diff --git a/action.yml b/action.yml
index 94b017b..f256f6d 100644
--- a/action.yml
+++ b/action.yml
@@ -4,7 +4,6 @@
go-version-input: # version of Go to use for govulncheck
description: 'Version of Go to use for govulncheck'
required: false
- default: '>=1.19.0'
check-latest:
description: 'Set this option to true if you want the action to always check for the latest available Go version that satisfies the version spec'
required: false
@@ -25,6 +24,9 @@
description: "Checkout the repository"
required: false
default: true
+ go-version-file:
+ description: 'Path to the go.mod or go.work file.'
+ required: false
runs:
using: "composite"
steps:
@@ -34,6 +36,7 @@
with:
go-version: ${{ inputs.go-version-input }}
check-latest: ${{ inputs.check-latest }}
+ go-version-file: ${{ inputs.go-version-file }}
cache: ${{ inputs.cache }}
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
