Updated workflow

DataDog · Dec 1, 2022 · c31928c · c31928c
1 parent 22bd20b
commit c31928c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 38 deletions.
diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh
@@ -1,6 +1,12 @@
-govulncheck $CHECK_DIR >> ddtrace_results.txt
-if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-  echo "Found ${num} vulnerabilities"
-  echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-  exit 1
+govulncheck ./ddtrace/... >> ./results.txt
+govulncheck ./appsec/... >> ./results.txt
+govulncheck ./internal/... >> ./results.txt
+govulncheck ./contrib/... >> ./results.txt
+govulncheck ./profiler/... >> ./results.txt
+
+results=$(cat ./results.txt | grep -Eo '\w+-\d+-\d+' | uniq)
+if [ $(echo $results | wc -l) -gt 0 ]; then
+ echo "Found these vulnerabilities:"
+ echo $results
+ exit 1
 fi
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -23,36 +23,17 @@ jobs:
       - name: Install govulncheck
         run: |
           go install golang.org/x/vuln/cmd/govulncheck@latest
-      - name: Run govulncheck in ddtrace
-        env:
-          $CHECK_DIR: ./ddtrace/...
-          run: .github/workflows/govulncheck.sh
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-
-
-
-
+      - name: Run govulncheck in packages
+        run: |
+          govulncheck ./ddtrace/... >> ./results.txt
+          govulncheck ./appsec/... >> ./results.txt
+          govulncheck ./internal/... >> ./results.txt
+          govulncheck ./contrib/... >> ./results.txt
+          govulncheck ./profiler/... >> ./results.txt
+          
+          results=$(cat ./results.txt | grep -Eo '\w+-\d+-\d+' | uniq)
+          if [ $(echo $results | wc -l) -gt 0 ]; then
+           echo "Found these vulnerabilities:"
+           echo $results
+           exit 1
+          fi