all: provide options to specify action output

zpavlinovic · zpavlinovic · commit dd0578b371c9 · 2024-05-29T13:07:46.000Z
This includes the output format and the file to which the output should be saved. Change-Id: Iebbc4ecf38f669de441900c4d1ee3f2b83d1c6a9 Reviewed-on: https://go-review.googlesource.com/c/govulncheck-action/+/588735 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Ian Cottrell <iancottrell@google.com> Commit-Queue: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Bypass: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/README.md b/README.md
@@ -65,11 +65,20 @@ work-dir: directory in which to run govulncheck, default '.'
 repo-checkout: checkout the repository, default true
 check-latest: check for the latest Go version, default false
 go-version-file: go.mod or go.work file specifying Go version, default ''
+output-format: the format of govulncheck output ('text', 'json', or 'sarif'), default 'text'
+output-file: the file to which the output is redirected, default '' (no
+redirection)
 ```
 The precedence for inputs `go-version-input`, `go-version-file`, and `check-latest`
 specifying Go version is inherited from [actions/setup-go](https://github.com/actions/setup-go).
 
-When a vulnerability is found, an error will be displayed for that
+The govulncheck-action follows the exit codes of govulncheck command.
+Specifying the output format 'json' or 'sarif' will return success even if
+there are some vulnerabilities detected. See
+[here](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes)
+for more information.
+
+When a vulnerability is found with 'text' output format, an error will be displayed for that
 [GitHub job](https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow)
 with information about the vulnerability and how to fix it. For example:
 
diff --git a/action.yml b/action.yml
@@ -27,6 +27,14 @@ inputs:
   go-version-file:
     description: 'Path to the go.mod or go.work file.'
     required: false
+  output-format:
+    description: 'The format of the output'
+    required: false
+    default: 'text'
+  output-file:
+    description: 'The file to which the govulncheck output is saved'
+    required: false
+    default: ''
 runs:
   using: "composite"
   steps:
@@ -41,6 +49,11 @@ runs:
     - name: Install govulncheck
       run: go install golang.org/x/vuln/cmd/govulncheck@latest
       shell: bash
-    - name: Run govulncheck
-      run: govulncheck -C ${{ inputs.work-dir }} ${{ inputs.go-package }}
+    - if: inputs.output-file == ''
+      name: Run govulncheck
+      run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }}
+      shell: bash
+    - if: inputs.output-file != ''
+      name: Run govulncheck and save to file
+      run: govulncheck -C ${{ inputs.work-dir }} -format ${{ inputs.output-format }} ${{ inputs.go-package }} > ${{ inputs.output-file }}
       shell: bash
