1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-08 00:35:45 +00:00

simplify example workflow

Signed-off-by: Jason Hall <jason@chainguard.dev>
This commit is contained in:
Jason Hall 2025-06-06 23:42:32 -04:00
parent 39e329ab61
commit ae5c462368
Failed to extract signature
2 changed files with 2 additions and 29 deletions

View file

@ -7,7 +7,7 @@ on:
workflow_dispatch: # Allow manual triggering
jobs:
check-example:
example:
name: Check Example for Vulnerabilities
runs-on: ubuntu-latest
steps:
@ -48,30 +48,3 @@ jobs:
echo "In a real workflow, you might want to fail if vulnerabilities are found:"
echo "if: steps.govulncheck.outputs.vulnerabilities-found == 'true'"
echo "run: exit 1"
check-action-itself:
name: Check Action Code for Vulnerabilities
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: stable
# Check if the action itself has any Go code with vulnerabilities
# This should pass since our action is written in JavaScript
- name: Run govulncheck on root
id: govulncheck-root
uses: ./
with:
working-directory: '.'
continue-on-error: true # Don't fail if no go.mod found
- name: Report results
if: always()
run: |
echo "Action code scan complete."
echo "Since this action is written in JavaScript, govulncheck won't find Go vulnerabilities here."

View file

@ -70,7 +70,7 @@ See [`.github/workflows/example.yml`](./.github/workflows/example.yml) for a com
## The Action In Action
[example.yaml](https://github.com/imjasonh/govulncheck-action/actions/.github/workflows/example.yaml) demonstrates the action running on the vulnerable module in `./example`.
[example.yaml](https://github.com/imjasonh/govulncheck-action/actions/workflows/example.yml) demonstrates the action running on the vulnerable module in `./example`.
## Development