- Install husky, lint-staged, eslint, and prettier dev dependencies
- Configure ESLint with basic Node.js rules
- Configure Prettier for consistent code formatting
- Set up husky pre-commit hook to run lint-staged
- Fix build script to use correct path (index.js not src/index.js)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The action was failing with "Cannot find module '@actions/core'" because
node_modules weren't available at runtime. This commit fixes the issue by:
- Adding @vercel/ncc to bundle all dependencies into a single dist/index.js file
- Updating action.yml to point to the bundled dist/index.js
- Adding a build script to compile the action
- Including the dist/ directory in the repository (standard for GitHub Actions)
This is the recommended approach for JavaScript-based GitHub Actions to ensure
all dependencies are available at runtime without requiring npm install.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This action runs govulncheck on Go projects and creates GitHub annotations
for vulnerabilities found in dependencies and code paths.
Features:
- Automated vulnerability scanning with govulncheck
- Smart annotations on go.mod for vulnerable dependencies
- Annotations on source code lines that call vulnerable functions
- Configurable working directory
- Output variables for vulnerability detection
The implementation includes:
- Modular architecture with separate concerns (execution, parsing, annotation)
- Comprehensive test suite with 100% function coverage
- Example vulnerable Go module for demonstration
- GitHub workflow example
- Full documentation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>