Skip to content

Use the official govulncheck-action#733

Merged
rdimitrov merged 2 commits intomainfrom
use-official-govulncheck-action
Oct 31, 2025
Merged

Use the official govulncheck-action#733
rdimitrov merged 2 commits intomainfrom
use-official-govulncheck-action

Conversation

@rdimitrov
Copy link
Member

@rdimitrov rdimitrov commented Oct 30, 2025

Motivation and Context

Better to use the action with proper versioning instead of latest.

How Has This Been Tested?

Breaking Changes

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@rdimitrov
Use the official govulncheck-action
9edb73d 
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
@rdimitrov rdimitrov requested a review from a team October 30, 2025 09:51
@rdimitrov
Copy link
Member Author

rdimitrov commented Oct 30, 2025

The failing check is expected, see #732

@rdimitrov rdimitrov enabled auto-merge (squash) October 30, 2025 10:17
domdomegg
domdomegg approved these changes Oct 31, 2025
View reviewed changes
Copy link
Member

@domdomegg domdomegg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am okay to merge, will defer to you. But I think I actually prefer if we can keep the workflow primarily bash commands as easier to debug e.g. locally than custom actions.

@rdimitrov rdimitrov merged commit b4c1726 into main Oct 31, 2025
6 checks passed
@rdimitrov rdimitrov deleted the use-official-govulncheck-action branch October 31, 2025 13:39
@rdimitrov
Copy link
Member Author

rdimitrov commented Oct 31, 2025

Am okay to merge, will defer to you. But I think I actually prefer if we can keep the workflow primarily bash commands as easier to debug e.g. locally than custom actions.

I like that too but when running govulncheck locally it is a bit weird unfortunately. The reason is it uses the Go version available on your host (not the one specified in the go.mod file) so if people are not aware of this it may give false positive results since almost always the host version of Go is equal or greater than the one in the go.mod file.

Swathi-MuraliSrinivasan pushed a commit to Swathi-MuraliSrinivasan/paychex-mcp-registry that referenced this pull request Nov 20, 2025
@rdimitrov @Swathi-MuraliSrinivasan
Use the official govulncheck-action (modelcontextprotocol#733)
d0310be 
<!-- Provide a brief summary of your changes -->

## Motivation and Context
<!-- Why is this change needed? What problem does it solve? -->
Better to use the action with proper versioning instead of latest.

## How Has This Been Tested?
<!-- Have you tested this in a real application? Which scenarios were
tested? -->

## Breaking Changes
<!-- Will users need to update their code or configurations? -->

## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Documentation update

## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [ ] I have read the [MCP
Documentation](https://modelcontextprotocol.io)
- [ ] My code follows the repository's style guidelines
- [ ] New and existing tests pass locally
- [ ] I have added appropriate error handling
- [ ] I have added or updated documentation as needed

## Additional context
<!-- Add any other context, implementation notes, or design decisions
-->

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@domdomegg domdomegg domdomegg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rdimitrov @domdomegg