From 76103cf01955d9465774b9afa726a35464040819 Mon Sep 17 00:00:00 2001
From: Diana Shevchenko <diana.shevchenko@datadoghq.com>
Date: Thu, 1 Dec 2022 14:24:40 +0100
Subject: [PATCH] Updated workflow

---
 .github/workflows/govulncheck.sh  | 14 +++++++---
 .github/workflows/govulncheck.yml | 43 ++++++++++---------------------
 2 files changed, 23 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh
index 7bdb3c7f66..baf56e4a1c 100644
--- a/.github/workflows/govulncheck.sh
+++ b/.github/workflows/govulncheck.sh
@@ -1,6 +1,12 @@
-govulncheck $CHECK_DIR >> ddtrace_results.txt
-if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-  echo "Found ${num} vulnerabilities"
-  echo $(cat ddtrace_results.txt | grep "Vulnerability #")
+govulncheck ./ddtrace/... >> results.txt
+govulncheck ./appsec//... >> results.txt
+govulncheck ./internal/... >> results.txt
+govulncheck ./contrib/... >> results.txt
+govulncheck ./profiler/... >> results.txt
+
+results=$(cat results.txt | grep -Eo '\w+-\d+-\d+' | uniq)
+if [ $(echo $results | wc -l) -gt 0 ]; then
+  echo "Found these vulnerabilities:"
+  echo $results
   exit 1
 fi
\ No newline at end of file
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 5bc9220fbe..db3dcf89c9 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -26,33 +26,16 @@ jobs:
       - name: Run govulncheck in ddtrace
         env:
           $CHECK_DIR: ./ddtrace/...
-          run: .github/workflows/govulncheck.sh
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-
-
-
-
+        run: |
+          govulncheck ./ddtrace/... >> results.txt
+          govulncheck ./appsec//... >> results.txt
+          govulncheck ./internal/... >> results.txt
+          govulncheck ./contrib/... >> results.txt
+          govulncheck ./profiler/... >> results.txt
+          
+          results=$(cat results.txt | grep -Eo '\w+-\d+-\d+' | uniq)
+          if [ $(echo $results | wc -l) -gt 0 ]; then
+           echo "Found these vulnerabilities:"
+           echo $results
+           exit 1
+          fi
\ No newline at end of file