From 4e70ef58f340369f2bb64a576c8e86e355222c67 Mon Sep 17 00:00:00 2001
From: Gabriele Belluardo <gabriele.belluardo@canonical.com>
Date: Fri, 20 Mar 2026 17:39:38 +0100
Subject: [PATCH] feat(govulncheck): add input to skip go vulnerability
 scanning step

---
 gh-actions/go/code-sanity/action.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gh-actions/go/code-sanity/action.yaml b/gh-actions/go/code-sanity/action.yaml
index 04ac32c..0f9f6a8 100644
--- a/gh-actions/go/code-sanity/action.yaml
+++ b/gh-actions/go/code-sanity/action.yaml
@@ -19,6 +19,9 @@ inputs:
   token:
     description: A token to authenticate GH API calls with. It will be used to get the latest protoc release, for example. Make sure to limit the permissions, e.g. a zero-permissions token is acceptable.
     default: ""
+  govulncheck:
+    description: If set to false, skip the govulncheck vulnerability scanning step.
+    default: "true"
 runs:
   using: "composite"
   steps:
@@ -178,7 +181,7 @@ runs:
         echo "::endgroup::"
 
     - name: Install govulncheck
-      if: ${{ always() && steps.tooling-version.outcome == 'success' }}
+      if: ${{ always() && steps.tooling-version.outcome == 'success' && inputs.govulncheck == 'true' }}
       id: install-govulncheck
       shell: bash --noprofile --norc -euo pipefail {0}
       run: |
@@ -193,7 +196,7 @@ runs:
         echo "::endgroup::"
 
     - name: Known vulnerabilities check
-      if: ${{ always() && steps.install-govulncheck.outcome == 'success' }}
+      if: ${{ always() && steps.install-govulncheck.outcome == 'success' && inputs.govulncheck == 'true' }}
       id: vulnerabilities-check
       working-directory: ${{ inputs.working-directory }}
       shell: bash --noprofile --norc -euo pipefail {0}