Skip to content

govulncheck: update Go before running the vuln checks #161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xcoulon merged 7 commits into from
Dec 11, 2025
Merged

govulncheck: update Go before running the vuln checks #161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a08d537
govulncheck: update Go before running the vuln checks
xcoulon Dec 10, 2025
b622ec1
testing image with custom entrypoint
xcoulon Dec 11, 2025
d7e4a91
fixing typo
xcoulon Dec 11, 2025
148c4bd
restore image tag to use and add comment
xcoulon Dec 11, 2025
3ef0f95
remove duplicate statement
xcoulon Dec 11, 2025
9c27da9
apply coderabbitai suggestion
xcoulon Dec 11, 2025
5abfa80
specify go version via toolchain
xcoulon Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/govulncheck-action-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Set short SHA
id: short-sha
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/govulncheck-action-test-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version-file: govulncheck-action/go.mod

Expand Down
15 changes: 9 additions & 6 deletions govulncheck-action/Containerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.23 as builder
FROM golang:1.24 as builder

ARG GOOS=linux
ARG GOARCH=amd64
Expand All @@ -7,14 +7,17 @@ WORKDIR /usr/src/app/

COPY . .

RUN echo "Building for govulncheck $GOOS/$GOARCH"
RUN GOOS=$GOOS GOARCH=$GOARCH go build -v -o govulncheck main.go
RUN echo "Building govulncheckx binary for $GOOS/$GOARCH"
RUN GOOS=$GOOS GOARCH=$GOARCH go build -v -o govulncheckx main.go

FROM golang:1.23
FROM golang:1.24
# using a fresh golang image without the `WORKDIR` from the builder stage
# see https://docs.github.com/en/actions/reference/workflows-and-actions/dockerfile-support#workdir
# using golang 1.24 but the entrypoint will trigger an install of the actual go version,
# even if it is 1.23

# copy the binary from the builder stage
COPY --from=builder /usr/src/app/govulncheck /usr/local/bin/govulncheck
COPY --from=builder /usr/src/app/govulncheckx /usr/local/bin/govulncheckx
COPY --from=builder /usr/src/app/entrypoint.sh /usr/local/bin/entrypoint.sh

ENTRYPOINT ["/usr/local/bin/govulncheck"]
ENTRYPOINT ["entrypoint.sh"]
12 changes: 12 additions & 0 deletions govulncheck-action/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

# upgrade the go version to match the `toolchain` directive in the `go.mod` file
# see https://go.dev/doc/toolchain
export GOTOOLCHAIN=auto
go mod verify

# Check the version of Go
go version

# Run the govulncheck command
govulncheckx "$@"
4 changes: 2 additions & 2 deletions govulncheck-action/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module github.com/codeready-toolchain/toolchain-cicd/govulncheck-action

go 1.23.0
go 1.24.0

toolchain go1.23.12
toolchain go1.24.11

require (
github.com/spf13/cobra v1.9.1
Expand Down
Loading