action.yml

name: 'golang-govulncheck-action'
description: 'Run govulncheck'
inputs:
  go-version-input: # version of Go to use for govulncheck
    description: 'Version of Go to use for govulncheck'
    required: false
    default: 'stable'
  check-latest:
    description: 'Set this option to true if you want the action to always check for the latest available Go version that satisfies the version spec'
    required: false
    default: true
  cache:
    description: 'Used to specify whether Go caching is needed. Set to true, if you would like to enable caching.'
    required: false
    default: true
  go-package:
    description: 'Go Package to scan with govulncheck'
    required: false
    default: './...'
  work-dir:
    description: 'Directory in which to run govulncheck'
    required: false
    default: '.'
  repo-checkout:
    description: "Checkout the repository"
    required: false
    default: true
  go-version-file:
    description: 'Path to the go.mod or go.work file.'
    required: false
  output-format:
    description: 'The format of the output'
    required: false
    default: 'text'
  output-file:
    description: 'The file to which the govulncheck output is saved'
    required: false
    default: ''
runs:
  using: "composite"
  steps:
    - if: inputs.repo-checkout != 'false' # only explicit false prevents repo checkout
      uses: actions/checkout@v4.1.1
    - uses: actions/setup-go@v5.0.0
      with:
        go-version: ${{ inputs.go-version-input }}
        check-latest: ${{ inputs.check-latest }}
        go-version-file: ${{ inputs.go-version-file }}
        cache: ${{ inputs.cache }}
    - name: Install govulncheck
      run: go install golang.org/x/vuln/cmd/govulncheck@latest
      shell: bash
    - if: inputs.output-file == ''
      name: Run govulncheck
      run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }}
      shell: bash
    - if: inputs.output-file != ''
      name: Run govulncheck and save to file
      run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }} > ${{ inputs.output-file }}
      shell: bash