1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-08 08:45:48 +00:00
Commit graph

5 commits

Author SHA1 Message Date
dependabot[bot]
40b2cfab7c
chore(deps-dev): bump eslint from 9.29.0 to 9.30.0
---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.30.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-07-01 00:58:54 +00:00
dependabot[bot]
db6833340d
chore(deps-dev): bump jest from 29.7.0 to 30.0.0
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) from 29.7.0 to 30.0.0.
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.0.0/packages/jest)

---
updated-dependencies:
- dependency-name: jest
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-06-17 18:25:28 +00:00
Jason Hall
e846b15dea
Add pre-commit setup with husky, eslint, and prettier
- Install husky, lint-staged, eslint, and prettier dev dependencies
- Configure ESLint with basic Node.js rules
- Configure Prettier for consistent code formatting
- Set up husky pre-commit hook to run lint-staged
- Fix build script to use correct path (index.js not src/index.js)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-17 14:21:49 -04:00
Jason Hall
f4a3fa7150
Fix action runtime by bundling dependencies with ncc
The action was failing with "Cannot find module '@actions/core'" because
node_modules weren't available at runtime. This commit fixes the issue by:

- Adding @vercel/ncc to bundle all dependencies into a single dist/index.js file
- Updating action.yml to point to the bundled dist/index.js
- Adding a build script to compile the action
- Including the dist/ directory in the repository (standard for GitHub Actions)

This is the recommended approach for JavaScript-based GitHub Actions to ensure
all dependencies are available at runtime without requiring npm install.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 23:46:19 -04:00
Jason Hall
39e329ab61
Initial implementation of govulncheck GitHub Action
This action runs govulncheck on Go projects and creates GitHub annotations
for vulnerabilities found in dependencies and code paths.

Features:
- Automated vulnerability scanning with govulncheck
- Smart annotations on go.mod for vulnerable dependencies
- Annotations on source code lines that call vulnerable functions
- Configurable working directory
- Output variables for vulnerability detection

The implementation includes:
- Modular architecture with separate concerns (execution, parsing, annotation)
- Comprehensive test suite with 100% function coverage
- Example vulnerable Go module for demonstration
- GitHub workflow example
- Full documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 23:41:03 -04:00