blob: f256f6d3d8fd249af1d7ccc8c69e206146a3709e [file] [log] [blame]
name: 'golang-govulncheck-action'
description: 'Run govulncheck'
inputs:
go-version-input: # version of Go to use for govulncheck
description: 'Version of Go to use for govulncheck'
required: false
check-latest:
description: 'Set this option to true if you want the action to always check for the latest available Go version that satisfies the version spec'
required: false
default: false
cache:
description: 'Used to specify whether Go caching is needed. Set to true, if you would like to enable caching.'
required: false
default: true
go-package:
description: 'Go Package to scan with govulncheck'
required: false
default: './...'
work-dir:
description: 'Directory in which to run govulncheck'
required: false
default: '.'
repo-checkout:
description: "Checkout the repository"
required: false
default: true
go-version-file:
description: 'Path to the go.mod or go.work file.'
required: false
runs:
using: "composite"
steps:
- if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout
uses: actions/checkout@v3
- uses: actions/setup-go@v4.0.0
with:
go-version: ${{ inputs.go-version-input }}
check-latest: ${{ inputs.check-latest }}
go-version-file: ${{ inputs.go-version-file }}
cache: ${{ inputs.cache }}
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
shell: bash
- name: Run govulncheck
run: govulncheck -C ${{ inputs.work-dir }} ${{ inputs.go-package }}
shell: bash