mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-12 02:20:39 +00:00
This commit fixes the parser to handle both JSON lines and multi-line JSON formats from govulncheck, and adds tools for local testing: - Updated parser to detect and handle both JSON lines and pretty-printed JSON - Added logic to skip govulncheck installation if already present - Created run-local.js for testing the action locally without GitHub Actions - Added test:local npm script for easy local testing - Changed example to use a version of golang.org/x/net with known vulnerabilities The parser now correctly identifies 14 vulnerabilities in the example, including ones that trace to the html.Parse call in main.go. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
46 lines
No EOL
1 KiB
JavaScript
46 lines
No EOL
1 KiB
JavaScript
const exec = require('@actions/exec');
|
|
|
|
class GovulncheckRunner {
|
|
constructor(execModule = exec) {
|
|
this.exec = execModule;
|
|
}
|
|
|
|
async install() {
|
|
// Check if govulncheck is already installed
|
|
try {
|
|
await this.exec.exec('govulncheck', ['-version']);
|
|
console.log('govulncheck is already installed');
|
|
return;
|
|
} catch (e) {
|
|
console.log('govulncheck not found, installing...');
|
|
await this.exec.exec('go', ['install', 'golang.org/x/vuln/cmd/govulncheck@latest']);
|
|
}
|
|
}
|
|
|
|
async run() {
|
|
let output = '';
|
|
let errorOutput = '';
|
|
|
|
const options = {
|
|
listeners: {
|
|
stdout: (data) => {
|
|
output += data.toString();
|
|
},
|
|
stderr: (data) => {
|
|
errorOutput += data.toString();
|
|
}
|
|
},
|
|
ignoreReturnCode: true
|
|
};
|
|
|
|
const exitCode = await this.exec.exec('govulncheck', ['-json', './...'], options);
|
|
|
|
return {
|
|
output,
|
|
errorOutput,
|
|
exitCode
|
|
};
|
|
}
|
|
}
|
|
|
|
module.exports = GovulncheckRunner; |