| name: 'golang-govulncheck-action' |
| description: 'Run govulncheck' |
| inputs: |
| go-version-input: # version of Go to use for govulncheck |
| description: 'Version of Go to use for govulncheck' |
| required: false |
| check-latest: |
| description: 'Set this option to true if you want the action to always check for the latest available Go version that satisfies the version spec' |
| required: false |
| default: false |
| cache: |
| description: 'Used to specify whether Go caching is needed. Set to true, if you would like to enable caching.' |
| required: false |
| default: true |
| go-package: |
| description: 'Go Package to scan with govulncheck' |
| required: false |
| default: './...' |
| work-dir: |
| description: 'Directory in which to run govulncheck' |
| required: false |
| default: '.' |
| repo-checkout: |
| description: "Checkout the repository" |
| required: false |
| default: true |
| go-version-file: |
| description: 'Path to the go.mod or go.work file.' |
| required: false |
| runs: |
| using: "composite" |
| steps: |
| - if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout |
| uses: actions/checkout@v3 |
| - uses: actions/setup-go@v4.0.0 |
| with: |
| go-version: ${{ inputs.go-version-input }} |
| check-latest: ${{ inputs.check-latest }} |
| go-version-file: ${{ inputs.go-version-file }} |
| cache: ${{ inputs.cache }} |
| - name: Install govulncheck |
| run: go install golang.org/x/vuln/cmd/govulncheck@latest |
| shell: bash |
| - name: Run govulncheck |
| run: govulncheck -C ${{ inputs.work-dir }} ${{ inputs.go-package }} |
| shell: bash |