Update govulncheck workflow to scan source code

BagToad · BagToad · commit 3f55855e8b60 · 2025-08-08T16:10:22.000-06:00
Changed govulncheck to run on all source files (./...) instead of the built binary. This fixes uploading to GitHub Code Scanning as the location data will be valid, so it will get accepted.
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -21,8 +21,7 @@ jobs:
       # See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes for more information on exit codes.
       - name: Check Go vulnerabilities
         run: |
-          make
-          go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 -mode=binary -format sarif bin/gh > gh.sarif
+          go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 -format sarif ./... > gh.sarif
 
       - name: Upload SARIF report
         uses: github/codeql-action/upload-sarif@9b02dc2f60288b463e7a66e39c78829b62780db7 # 2.22.1
