1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-08 00:35:45 +00:00
govulncheck-action/.github/workflows/example.yml
Jason Hall ae5c462368
simplify example workflow
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-06 23:42:32 -04:00

50 lines
1.7 KiB
YAML

name: Example Vulnerability Check
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch: # Allow manual triggering
jobs:
example:
name: Check Example for Vulnerabilities
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: stable
- name: Run govulncheck on example
id: govulncheck
uses: ./
with:
working-directory: './example'
- name: Report vulnerability scan results
if: always()
run: |
echo "## Vulnerability Scan Results"
echo "- Vulnerabilities found: ${{ steps.govulncheck.outputs.vulnerabilities-found }}"
echo "- Vulnerability count: ${{ steps.govulncheck.outputs.vulnerability-count }}"
if [ "${{ steps.govulncheck.outputs.vulnerabilities-found }}" == "true" ]; then
echo ""
echo "⚠️ Security vulnerabilities were detected in the example code."
echo "This is expected! The example intentionally uses a vulnerable version of golang.org/x/net"
echo "to demonstrate how the action creates annotations."
else
echo ""
echo "✅ No vulnerabilities found (this would be unexpected for the example)."
fi
# Note: We don't fail the workflow here since the example is intentionally vulnerable
- name: Demonstrate conditional failure
run: |
echo "In a real workflow, you might want to fail if vulnerabilities are found:"
echo "if: steps.govulncheck.outputs.vulnerabilities-found == 'true'"
echo "run: exit 1"