ci/govulncheck: fix and simplify the bash script (#1623)

The bash script is always failing due to a mistake. To avoid it and make this CI more useful, we instead let govulncheck report its exit code along with its detailed output to make this workflow directly usable.
DataDog · Dec 14, 2022 · a694524 · a694524
1 parent a2b9399
commit a694524
Showing 1 changed file with 3 additions and 15 deletions.
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -5,6 +5,8 @@ on:
       - main
   schedule:
     - cron: '00 00 * * *'
+  workflow_dispatch:
+
 jobs:
   govulncheck-tests:
     runs-on: ubuntu-latest
@@ -20,18 +22,4 @@ jobs:
         run: |
           go install golang.org/x/vuln/cmd/govulncheck@latest
       - name: Run govulncheck
-        id: results
-        run: |
-          function check_results {
-            results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq)
-            num=$(echo $results | wc -l)
-            if [ $num -gt 0 ]; then
-              echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" | tee $GITHUB_STEP_SUMMARY
-              found=$(( found | 1))
-            fi
-          }
-          path=./ddtrace/... check_results
-          path=./appsec/... check_results
-          path=./internal/... check_results
-          path=./profiler/... check_results
-          exit $found
+        run: govulncheck -v -tags appsec ./ddtrace/... ./appsec/... ./profiler/... ./internal/...