1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-12 02:20:39 +00:00
govulncheck-action/lib/govulncheck.js
Jason Hall b288fc77b2
Fix parser to handle multi-line JSON format and add local testing
This commit fixes the parser to handle both JSON lines and multi-line JSON
formats from govulncheck, and adds tools for local testing:

- Updated parser to detect and handle both JSON lines and pretty-printed JSON
- Added logic to skip govulncheck installation if already present
- Created run-local.js for testing the action locally without GitHub Actions
- Added test:local npm script for easy local testing
- Changed example to use a version of golang.org/x/net with known vulnerabilities

The parser now correctly identifies 14 vulnerabilities in the example,
including ones that trace to the html.Parse call in main.go.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-07 00:14:39 -04:00

46 lines
No EOL
1 KiB
JavaScript

const exec = require('@actions/exec');
class GovulncheckRunner {
constructor(execModule = exec) {
this.exec = execModule;
}
async install() {
// Check if govulncheck is already installed
try {
await this.exec.exec('govulncheck', ['-version']);
console.log('govulncheck is already installed');
return;
} catch (e) {
console.log('govulncheck not found, installing...');
await this.exec.exec('go', ['install', 'golang.org/x/vuln/cmd/govulncheck@latest']);
}
}
async run() {
let output = '';
let errorOutput = '';
const options = {
listeners: {
stdout: (data) => {
output += data.toString();
},
stderr: (data) => {
errorOutput += data.toString();
}
},
ignoreReturnCode: true
};
const exitCode = await this.exec.exec('govulncheck', ['-json', './...'], options);
return {
output,
errorOutput,
exitCode
};
}
}
module.exports = GovulncheckRunner;