Fix govulncheck CI check on release-3.5

This commit fixed the Go Vulnerability Checker CI job, which isn't scanning for all go.mod files within the project. Reference: - #18168 Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
etcd-io · Jun 13, 2024 · 1b6e585 · 1b6e585
1 parent fb66ea6
commit 1b6e585
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/.github/workflows/govuln.yaml b/.github/workflows/govuln.yaml
@@ -16,4 +16,18 @@ jobs:
       - run: |
           set -euo pipefail
 
-          go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+
+          # Find all go.mod files recursively, as we have multiple of them within the project
+          gomod_files=$(find . -name go.mod)
+
+          # Loop through each go.mod file path
+          for filepath in $gomod_files; do
+            # Extract directory path using dirname
+            dirpath=$(dirname "$filepath")
+
+            echo "scanning $dirpath"
+            govulncheck -C $dirpath ./...
+          done
+
+          echo "Finished looping through go.mod directories."