diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 4f93a59..5a2fe74 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: # Allow manual triggering jobs: - check-example: + example: name: Check Example for Vulnerabilities runs-on: ubuntu-latest steps: @@ -48,30 +48,3 @@ jobs: echo "In a real workflow, you might want to fail if vulnerabilities are found:" echo "if: steps.govulncheck.outputs.vulnerabilities-found == 'true'" echo "run: exit 1" - - check-action-itself: - name: Check Action Code for Vulnerabilities - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: stable - - # Check if the action itself has any Go code with vulnerabilities - # This should pass since our action is written in JavaScript - - name: Run govulncheck on root - id: govulncheck-root - uses: ./ - with: - working-directory: '.' - continue-on-error: true # Don't fail if no go.mod found - - - name: Report results - if: always() - run: | - echo "Action code scan complete." - echo "Since this action is written in JavaScript, govulncheck won't find Go vulnerabilities here." \ No newline at end of file diff --git a/README.md b/README.md index 7bc3f5b..b42c765 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ See [`.github/workflows/example.yml`](./.github/workflows/example.yml) for a com ## The Action In Action -[example.yaml](https://github.com/imjasonh/govulncheck-action/actions/.github/workflows/example.yaml) demonstrates the action running on the vulnerable module in `./example`. +[example.yaml](https://github.com/imjasonh/govulncheck-action/actions/workflows/example.yml) demonstrates the action running on the vulnerable module in `./example`. ## Development