File tree Expand file tree Collapse file tree 3 files changed +47
-5
lines changed Expand file tree Collapse file tree 3 files changed +47
-5
lines changed Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+
3+ set -euo pipefail
4+
5+ mkdir -p ./govulncheck 2> /dev/null
6+
7+ # Get all package directories
8+ ALL_PKG_DIRS=$( go list ./...)
9+
10+ # Initialize failure flag
11+ FAILED=0
12+
13+ # Repository prefix to remove from package names
14+ REPO_PREFIX=$( go list -m)
15+
16+ # Run govulncheck for each package
17+ for pkg in $ALL_PKG_DIRS ; do
18+ OUTPUT_FILE=" ./govulncheck/$( echo " $pkg " | sed " s|^$REPO_PREFIX /||" | tr ' /' ' _' ) "
19+ echo -e " \nRunning govulncheck for package $pkg "
20+ if ! govulncheck ${GOVULN_OPT:- } " $pkg " > " $OUTPUT_FILE " ; then
21+ echo " govulncheck failed for package $pkg , output saved to $OUTPUT_FILE "
22+ FAILED=1
23+ else
24+ echo " govulncheck succeeded for package $pkg , output saved to $OUTPUT_FILE "
25+ fi
26+ done
27+
28+ if [ $FAILED -ne 0 ]; then
29+ echo -e " \ngovulncheck failed for one or more packages"
30+ exit 1
31+ fi
32+
33+ echo -e " \ngovulncheck completed successfully for all packages"
Original file line number Diff line number Diff line change @@ -280,9 +280,10 @@ jobs:
280280 cache-dependency-path : ' **/go.sum'
281281 - name : Install Tools
282282 run : make install-tools
283- - name : Run `govulncheck`
284- run : govulncheck -format sarif ./... > govulncheck. sarif
283+ - name : Run `govulncheck` script
284+ run : ./.github/workflows/scripts/ govulncheck- sarif.sh
285285 - name : Upload result to GitHub Code Scanning
286+ if : always()
286287 uses : github/codeql-action/upload-sarif@v3
287288 with :
288- sarif_file : govulncheck.sarif
289+ sarif_file : ./govulncheck/
Original file line number Diff line number Diff line change @@ -136,5 +136,13 @@ moddownload:
136136 $(GOCMD) mod download
137137
138138.PHONY: govulncheck
139- govulncheck: install-tools
140- govulncheck ./...
139+ govulncheck:
140+ @FAILED=0; \
141+ @for pkg in $(shell $(GOCMD) list $(ALL_PKG_DIRS)); do \
142+ echo "\nRunning govulncheck for package $$pkg\n"; \
143+ govulncheck $${GOVULN_OPT} $$pkg || FAILED=1; \
144+ done; \
145+ @if [ $$FAILED -ne 0 ]; then \
146+ echo "\ngovulncheck failed for one or more packages"; \
147+ exit 1; \
148+ fi
You can’t perform that action at this time.
0 commit comments