fix: update govulncheck workflow

ruhdevops · ruhdevops · commit 7219a62b569d · 2026-03-25T06:56:31.000+05:30
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,24 +1,19 @@
 {
-	"image": "mcr.microsoft.com/devcontainers/go:1.25",
-	"features": {
-		"ghcr.io/devcontainers/features/sshd:1": {}
-	},
-	"remoteUser": "vscode",
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"golang.go"
-			],
-			"settings": {
-				"go.toolsManagement.checkForUpdates": "local",
-				"go.useLanguageServer": true,
-				"go.gopath": "/go"
-			}
-		}
-	},
-	"runArgs": [
-		"--cap-add=SYS_PTRACE",
-		"--security-opt",
-		"seccomp=unconfined"
-	]
-}
+  "name": "CLI Dev Environment",
+  "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+
+  "features": {
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    "ghcr.io/devcontainers/features/powershell:1": {}
+  },
+
+  "postCreateCommand": "gh auth status || gh auth login",
+
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "github.vscode-github-actions"
+      ]
+    }
+  }
+}
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -1,31 +1,37 @@
 name: Go Vulnerability Check
+
 on:
+  push:
+    branches: [main]
   schedule:
-    - cron: "0 0 * * 1" # Every Monday at midnight UTC
+    - cron: "0 0 * * 1"
   workflow_dispatch:
 
 jobs:
   govulncheck:
     runs-on: ubuntu-latest
+
     permissions:
       contents: read
       security-events: write
+
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@v4
         with:
           go-version-file: 'go.mod'
 
-      # `govulncheck -format sarif` exits successfully regardless of results, which are not in stdout.
-      # See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes for more information on exit codes.
-      - name: Check Go vulnerabilities
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Run vulnerability scan
         run: |
-          go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 -format sarif ./... > gh.sarif
+          govulncheck -format sarif ./... > gh.sarif
 
       - name: Upload SARIF report
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: gh.sarif
+          sarif_file: gh.sarif
