all: allow go.mod or go.work Go version to be used

Fixes golang/go#61343

Change-Id: I844f3c83a4e8c6859e6e2527867533e363698b30
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/521735
TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
diff --git a/README.md b/README.md
index 5f64356..df4a375 100644
--- a/README.md
+++ b/README.md
@@ -64,7 +64,10 @@
 work-dir: directory in which to run govulncheck, default '.'
 repo-checkout: checkout the repository, default true
 check-latest: check for the latest Go version, default false
+go-version-file: go.mod or go.work file specifying Go version, default ''
 ```
+The precedence for inputs `go-version-input`, `go-version-file`, and `check-latest`
+specifying Go version is inherited from [actions/setup-go](https://github.com/actions/setup-go).
 
 When a vulnerability is found, an error will be displayed for that
 [GitHub job](https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow)
diff --git a/action.yml b/action.yml
index 94b017b..f256f6d 100644
--- a/action.yml
+++ b/action.yml
@@ -4,7 +4,6 @@
   go-version-input:  # version of Go to use for govulncheck
     description: 'Version of Go to use for govulncheck'
     required: false
-    default: '>=1.19.0'
   check-latest:
     description: 'Set this option to true if you want the action to always check for the latest available Go version that satisfies the version spec'
     required: false
@@ -25,6 +24,9 @@
     description: "Checkout the repository"
     required: false
     default: true
+  go-version-file:
+    description: 'Path to the go.mod or go.work file.'
+    required: false
 runs:
   using: "composite"
   steps:
@@ -34,6 +36,7 @@
       with:
         go-version: ${{ inputs.go-version-input }}
         check-latest: ${{ inputs.check-latest }}
+        go-version-file: ${{ inputs.go-version-file }}
         cache: ${{ inputs.cache }}
     - name: Install govulncheck
       run: go install golang.org/x/vuln/cmd/govulncheck@latest