all: provide options to specify action output
This includes the output format and the file to which the output should
be saved.
Change-Id: Iebbc4ecf38f669de441900c4d1ee3f2b83d1c6a9
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/588735
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
Commit-Queue: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/README.md b/README.md
index df4a375..e0cb37a 100644
--- a/README.md
+++ b/README.md
@@ -65,11 +65,20 @@
repo-checkout: checkout the repository, default true
check-latest: check for the latest Go version, default false
go-version-file: go.mod or go.work file specifying Go version, default ''
+output-format: the format of govulncheck output ('text', 'json', or 'sarif'), default 'text'
+output-file: the file to which the output is redirected, default '' (no
+redirection)
```
The precedence for inputs `go-version-input`, `go-version-file`, and `check-latest`
specifying Go version is inherited from [actions/setup-go](https://github.com/actions/setup-go).
-When a vulnerability is found, an error will be displayed for that
+The govulncheck-action follows the exit codes of govulncheck command.
+Specifying the output format 'json' or 'sarif' will return success even if
+there are some vulnerabilities detected. See
+[here](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes)
+for more information.
+
+When a vulnerability is found with 'text' output format, an error will be displayed for that
[GitHub job](https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow)
with information about the vulnerability and how to fix it. For example:
diff --git a/action.yml b/action.yml
index f827dc4..26be829 100644
--- a/action.yml
+++ b/action.yml
@@ -27,6 +27,14 @@
go-version-file:
description: 'Path to the go.mod or go.work file.'
required: false
+ output-format:
+ description: 'The format of the output'
+ required: false
+ default: 'text'
+ output-file:
+ description: 'The file to which the govulncheck output is saved'
+ required: false
+ default: ''
runs:
using: "composite"
steps:
@@ -41,6 +49,11 @@
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
shell: bash
- - name: Run govulncheck
- run: govulncheck -C ${{ inputs.work-dir }} ${{ inputs.go-package }}
+ - if: inputs.output-file == ''
+ name: Run govulncheck
+ run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }}
+ shell: bash
+ - if: inputs.output-file != ''
+ name: Run govulncheck and save to file
+ run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }} > ${{ inputs.output-file }}
shell: bash
