1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-07 00:12:55 +00:00
govulncheck-action/index.js
Jason Hall c4a3cd53b0 build: migrate to ESM and esbuild
Updates the project to use ESM modules and replaces ncc with esbuild. This fixes build failures caused by newer @actions/core versions which use strict ESM exports that ncc cannot resolve.

Also updates tests to use ESM and dependency injection.

Signed-off-by: Jason Hall <imjasonh@gmail.com>
2026-02-21 02:54:49 -05:00

87 lines
3 KiB
JavaScript

import * as core from '@actions/core';
import GovulncheckRunner from './lib/govulncheck.js';
import VulnerabilityParser from './lib/parser.js';
import AnnotationCreator from './lib/annotator.js';
import SummaryGenerator from './lib/summary.js';
import { fileURLToPath } from 'url';
async function run(dependencies = {}) {
// Allow dependency injection for testing
const coreLib = dependencies.core || core;
const govulncheck = dependencies.govulncheck || new GovulncheckRunner();
const parser = dependencies.parser || new VulnerabilityParser();
const annotator = dependencies.annotator || new AnnotationCreator(coreLib);
const summaryGenerator = dependencies.summaryGenerator || new SummaryGenerator(coreLib);
try {
const workingDirectory = coreLib.getInput('working-directory');
// Change to working directory
if (workingDirectory !== '.') {
coreLib.info(`Changing working directory to: ${workingDirectory}`);
process.chdir(workingDirectory);
}
// Install govulncheck if necessary.
await govulncheck.install();
// Run govulncheck with JSON output
coreLib.info('Running govulncheck...');
const { output, errorOutput } = await govulncheck.run();
if (errorOutput) {
coreLib.warning(`govulncheck stderr: ${errorOutput}`);
// Check for critical errors that indicate govulncheck couldn't run properly
if (
errorOutput.includes('missing go.sum entry') ||
errorOutput.includes('could not import') ||
errorOutput.includes('invalid package name')
) {
throw new Error(
`govulncheck failed due to missing dependencies. Please run 'go mod tidy' to update go.mod and go.sum files.\n\nError: ${errorOutput}`
);
}
}
// Log raw output for debugging
coreLib.info(`Raw govulncheck output length: ${output.length} characters`);
if (output.length < 5000) {
coreLib.info(`Raw output: ${output}`);
} else {
coreLib.info(`Raw output (first 1000 chars): ${output.substring(0, 1000)}...`);
}
// Parse JSON output
const vulnerabilities = parser.parse(output);
// Create annotations
await annotator.createAnnotations(vulnerabilities, parser, workingDirectory);
// Generate workflow summary
await summaryGenerator.generateSummary(vulnerabilities, parser, workingDirectory);
// Set outputs
const hasVulnerabilities = vulnerabilities.length > 0;
coreLib.setOutput('vulnerabilities-found', hasVulnerabilities.toString());
coreLib.setOutput('vulnerability-count', vulnerabilities.length.toString());
if (hasVulnerabilities) {
coreLib.warning(`Found ${vulnerabilities.length} vulnerabilities`);
} else {
coreLib.info('No vulnerabilities found');
}
return { vulnerabilities, hasVulnerabilities };
} catch (error) {
coreLib.setFailed(error.message);
throw error;
}
}
// Only run if this is the main module
if (process.argv[1] === fileURLToPath(import.meta.url)) {
run();
}
export { run };