ci/govulncheck: use the latest stable go version (#1622)

As a library, we cannot do anything about stdlib vulnerabilities. To avoid them, we should instead use the latest stable go release and only aim for vulnerabilities we can really fix.
DataDog · Dec 14, 2022 · a2b9399 · a2b9399
1 parent 5719c30
commit a2b9399
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -15,24 +15,23 @@ jobs:
       - name: Checkout Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.18'
+          go-version: 'stable'
       - name: Install govulncheck
         run: |
           go install golang.org/x/vuln/cmd/govulncheck@latest
-      - name: Comment results
+      - name: Run govulncheck
         id: results
         run: |
           function check_results {
             results=$(govulncheck $path | grep -Eo '\w+-\d+-\d+' | uniq)
             num=$(echo $results | wc -l)
             if [ $num -gt 0 ]; then
-              echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" >> $GITHUB_STEP_SUMMARY
-              echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more"
+              echo "Found $num vulnerabilities in $path. Run 'govulncheck $path' to find out more" | tee $GITHUB_STEP_SUMMARY
               found=$(( found | 1))
             fi
           }
           path=./ddtrace/... check_results
           path=./appsec/... check_results
           path=./internal/... check_results
           path=./profiler/... check_results
-          exit $found
+          exit $found