Skip to content

Commit

Permalink
all: provide options to specify action output
Browse files Browse the repository at this point in the history
This includes the output format and the file to which the output should
be saved.

Change-Id: Iebbc4ecf38f669de441900c4d1ee3f2b83d1c6a9
Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/588735
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
Commit-Queue: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
  • Loading branch information
zpavlinovic committed May 29, 2024
1 parent 3a32958 commit dd0578b
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 3 deletions.
11 changes: 10 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,20 @@ work-dir: directory in which to run govulncheck, default '.'
repo-checkout: checkout the repository, default true
check-latest: check for the latest Go version, default false
go-version-file: go.mod or go.work file specifying Go version, default ''
output-format: the format of govulncheck output ('text', 'json', or 'sarif'), default 'text'
output-file: the file to which the output is redirected, default '' (no
redirection)
```
The precedence for inputs `go-version-input`, `go-version-file`, and `check-latest`
specifying Go version is inherited from [actions/setup-go](https://github.com/actions/setup-go).

When a vulnerability is found, an error will be displayed for that
The govulncheck-action follows the exit codes of govulncheck command.
Specifying the output format 'json' or 'sarif' will return success even if
there are some vulnerabilities detected. See
[here](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes)
for more information.

When a vulnerability is found with 'text' output format, an error will be displayed for that
[GitHub job](https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow)
with information about the vulnerability and how to fix it. For example:

Expand Down
17 changes: 15 additions & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ inputs:
go-version-file:
description: 'Path to the go.mod or go.work file.'
required: false
output-format:
description: 'The format of the output'
required: false
default: 'text'
output-file:
description: 'The file to which the govulncheck output is saved'
required: false
default: ''
runs:
using: "composite"
steps:
Expand All @@ -41,6 +49,11 @@ runs:
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
shell: bash
- name: Run govulncheck
run: govulncheck -C ${{ inputs.work-dir }} ${{ inputs.go-package }}
- if: inputs.output-file == ''
name: Run govulncheck
run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }}
shell: bash
- if: inputs.output-file != ''
name: Run govulncheck and save to file
run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }} > ${{ inputs.output-file }}
shell: bash

0 comments on commit dd0578b

Please sign in to comment.