From 52bc8f3d7c244f92f7c26b7446b7538e5dc38d70 Mon Sep 17 00:00:00 2001 From: Xavier Coulon Date: Wed, 2 Jul 2025 15:04:13 +0200 Subject: [PATCH 1/3] build: split GH Action jobs for govulncheck-action also, rename for better clarity Signed-off-by: Xavier Coulon --- .github/workflows/govulncheck-action.yml | 31 ++++++++++++++---------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/workflows/govulncheck-action.yml b/.github/workflows/govulncheck-action.yml index 47e7df9..a693c95 100644 --- a/.github/workflows/govulncheck-action.yml +++ b/.github/workflows/govulncheck-action.yml @@ -1,4 +1,4 @@ -name: Build & Test 'govulncheck-action' +name: govulncheck-action on: push: branches: @@ -15,11 +15,8 @@ on: jobs: test: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ ubuntu-latest ] - name: Test + runs-on: ubuntu-latest + name: Test govulncheck-action steps: - name: Checkout code @@ -37,7 +34,20 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles ('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - + + - name: Test + working-directory: govulncheck-action + run: | + make test + + lint: + runs-on: ubuntu-latest + name: Lint govulncheck-action + + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Lint uses: golangci/golangci-lint-action@v8 with: @@ -45,9 +55,4 @@ jobs: version: v2.1.6 skip-pkg-cache: true skip-build-cache: true - args: --config=.golangci.yml --verbose . - - - name: Test - working-directory: govulncheck-action - run: | - make test \ No newline at end of file + args: --config=.golangci.yml --verbose . \ No newline at end of file From 3afb2cad905c04afbcccf9c0fbb4a2586a5240e8 Mon Sep 17 00:00:00 2001 From: Xavier Coulon Date: Wed, 2 Jul 2025 15:09:53 +0200 Subject: [PATCH 2/3] trigger GH when workflow changes Signed-off-by: Xavier Coulon --- .github/workflows/govulncheck-action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/govulncheck-action.yml b/.github/workflows/govulncheck-action.yml index a693c95..68e6750 100644 --- a/.github/workflows/govulncheck-action.yml +++ b/.github/workflows/govulncheck-action.yml @@ -7,6 +7,7 @@ on: - '*.*' paths: - 'govulncheck-action/**' + - '.github/workflows/govulncheck-action.yml' pull_request: branches: - master From 1b209b497c050d8086f636d973eb1935ed7b78db Mon Sep 17 00:00:00 2001 From: Xavier Coulon Date: Wed, 2 Jul 2025 15:12:05 +0200 Subject: [PATCH 3/3] trigger from README Signed-off-by: Xavier Coulon --- govulncheck-action/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/govulncheck-action/README.md b/govulncheck-action/README.md index 99229ad..269006c 100644 --- a/govulncheck-action/README.md +++ b/govulncheck-action/README.md @@ -16,13 +16,13 @@ ignored-vulnerabilities: As an example: ``` ignored-vulnerabilities: - # Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes - # More info: https://pkg.go.dev/vuln/GO-2025-3547 - # Module: k8s.io/kubernetes - # Fixed in: N/A - - id: GO-2025-3547 - silence-until: 2020-05-10 - info: https://pkg.go.dev/vuln/GO-2025-3547 + # Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes + # More info: https://pkg.go.dev/vuln/GO-2025-3547 + # Module: k8s.io/kubernetes + # Fixed in: N/A + - id: GO-2025-3547 + silence-until: 2020-05-10 + info: https://pkg.go.dev/vuln/GO-2025-3547 ``` ## Best practices