From c31928cf486a191138eab0c103c8f83a8e98d82d Mon Sep 17 00:00:00 2001
From: Diana Shevchenko <diana.shevchenko@datadoghq.com>
Date: Thu, 1 Dec 2022 14:34:52 +0100
Subject: [PATCH] Updated workflow

---
 .github/workflows/govulncheck.sh  | 16 +++++++----
 .github/workflows/govulncheck.yml | 47 +++++++++----------------------
 2 files changed, 25 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/govulncheck.sh b/.github/workflows/govulncheck.sh
index 7bdb3c7f66..db771495ce 100644
--- a/.github/workflows/govulncheck.sh
+++ b/.github/workflows/govulncheck.sh
@@ -1,6 +1,12 @@
-govulncheck $CHECK_DIR >> ddtrace_results.txt
-if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-  echo "Found ${num} vulnerabilities"
-  echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-  exit 1
+govulncheck ./ddtrace/... >> ./results.txt
+govulncheck ./appsec/... >> ./results.txt
+govulncheck ./internal/... >> ./results.txt
+govulncheck ./contrib/... >> ./results.txt
+govulncheck ./profiler/... >> ./results.txt
+
+results=$(cat ./results.txt | grep -Eo '\w+-\d+-\d+' | uniq)
+if [ $(echo $results | wc -l) -gt 0 ]; then
+ echo "Found these vulnerabilities:"
+ echo $results
+ exit 1
 fi
\ No newline at end of file
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 5bc9220fbe..12b588842c 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -23,36 +23,17 @@ jobs:
       - name: Install govulncheck
         run: |
           go install golang.org/x/vuln/cmd/govulncheck@latest
-      - name: Run govulncheck in ddtrace
-        env:
-          $CHECK_DIR: ./ddtrace/...
-          run: .github/workflows/govulncheck.sh
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-#      - name: Run govulncheck in appsec
-#        if: always()
-#        run: |
-#          govulncheck ./ddtrace/... >> ddtrace_results.txt
-#          if [ $(cat ddtrace_results.txt | grep "Vulnerability #" | wc -l) -gt 0 ]; then
-#            echo "Found ${num} vulnerabilities"
-#            echo $(cat ddtrace_results.txt | grep "Vulnerability #")
-#            exit 1
-#          fi
-
-
-
-
+      - name: Run govulncheck in packages
+        run: |
+          govulncheck ./ddtrace/... >> ./results.txt
+          govulncheck ./appsec/... >> ./results.txt
+          govulncheck ./internal/... >> ./results.txt
+          govulncheck ./contrib/... >> ./results.txt
+          govulncheck ./profiler/... >> ./results.txt
+          
+          results=$(cat ./results.txt | grep -Eo '\w+-\d+-\d+' | uniq)
+          if [ $(echo $results | wc -l) -gt 0 ]; then
+           echo "Found these vulnerabilities:"
+           echo $results
+           exit 1
+          fi
\ No newline at end of file