Updated workflow

DataDog · Dec 1, 2022 · 2070ce7 · 2070ce7
1 parent 22bd20b
commit 2070ce7
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 38 deletions.
diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh
@@ -1,6 +1,9 @@
-govulncheck $CHECK_DIR >> ddtrace_results.txt
-if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-  echo "Found ${num} vulnerabilities"
-  echo $(cat ddtrace_results.txt | grep "Vulnerability #")
+function check_results {
+  results=$(echo $content | grep -Eo '\w+-\d+-\d+' | uniq)
+  if [ $(echo $results | wc -l) -gt 0 ]; then
+  echo "Found these vulnerabilities in $path:"
+  echo $results
   exit 1
-fi
+  fi
+}
+content=$(govulncheck ./ddtrace/...) path=./ddtrace/... check_results
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -23,36 +23,19 @@ jobs:
       - name: Install govulncheck
         run: |
           go install golang.org/x/vuln/cmd/govulncheck@latest
-      - name: Run govulncheck in ddtrace
-        env:
-          $CHECK_DIR: ./ddtrace/...
-          run: .github/workflows/govulncheck.sh
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-
-
-
-
+      - name: Run govulncheck in packages
+        run: |
+          function check_results { 
+            results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq)
+            if [ $(echo $results | wc -l) -gt 0 ]; then
+            echo "Found these vulnerabilities in $path:"
+            echo $results
+            exit 1
+            fi
+          }
+          path=./ddtrace/... check_results
+          path=./appsec/... check_results
+          path=./internal/... check_results
+          path=./contrib/... check_results
+          path=./profiler/... check_results
+