Skip to content

Commit 4278f08

Browse files
ci: scanner workflows clone needed sibling repos
The Tier 1 CodeQL + govulncheck workflows failed on PR #5 because cli uses replace directives for sibling repos that weren't cloned. Fix: each workflow now checks out cli into ./cli, plus clones the public sibling repos cli actually depends on (per its go.mod). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent b5e1c23 commit 4278f08

2 files changed

Lines changed: 15 additions & 6 deletions

File tree

.github/workflows/codeql.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,15 +19,20 @@ jobs:
1919
runs-on: ubuntu-latest
2020
timeout-minutes: 30
2121
steps:
22-
- uses: actions/checkout@v4
22+
- name: Checkout this repo
23+
uses: actions/checkout@v4
24+
with:
25+
path: cli
2326
- uses: actions/setup-go@v5
2427
with:
25-
go-version-file: go.mod
28+
go-version-file: cli/go.mod
2629
- uses: github/codeql-action/init@v3
2730
with:
2831
languages: go
2932
queries: security-extended
30-
- run: go build ./...
33+
- name: Build
34+
working-directory: cli
35+
run: go build ./...
3136
- uses: github/codeql-action/analyze@v3
3237
with:
3338
category: "/language:go"

.github/workflows/govulncheck.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,14 @@ jobs:
1616
runs-on: ubuntu-latest
1717
timeout-minutes: 15
1818
steps:
19-
- uses: actions/checkout@v4
19+
- name: Checkout this repo
20+
uses: actions/checkout@v4
21+
with:
22+
path: cli
2023
- uses: actions/setup-go@v5
2124
with:
22-
go-version-file: go.mod
25+
go-version-file: cli/go.mod
2326
check-latest: true
2427
- run: go install golang.org/x/vuln/cmd/govulncheck@latest
25-
- run: govulncheck ./...
28+
- working-directory: cli
29+
run: govulncheck ./...

0 commit comments

Comments
 (0)