allow custom orgs for running govulncheck jobs

SgtCoDFish · SgtCoDFish · commit 59fa131d1143 · 2025-08-05T09:37:19.000+01:00
Repos outside the cert-manager org might want to use the govulncheck job;
this could be other repos depending on makefile-modules, or forks of
cert-manager org repos who want to run the job.

Signed-off-by: Ashley Davis &lt;ashley.davis@cyberark.com&gt;
diff --git a/modules/go/01_mod.mk b/modules/go/01_mod.mk
@@ -63,11 +63,16 @@ default_govulncheck_generate_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/bas
 # pipeline (eg. a GitLab pipeline).
 govulncheck_generate_base_dir ?= $(default_govulncheck_generate_base_dir)
 
+# The org name used in the govulncheck GH action. This is used to prevent the govulncheck job
+# being run on every fork of the repo.
+govulncheck_generate_org ?= cert-manager
+
 .PHONY: generate-govulncheck
 ## Generate base files in the repository
 ## @category [shared] Generate/ Verify
 generate-govulncheck:
-	cp -r $(govulncheck_generate_base_dir)/. ./
+	@mkdir -p ./.github/workflows
+	sed 's/ORGNAMEHERE/$(govulncheck_generate_org)/g' $(govulncheck_generate_base_dir)/.github/workflows/govulncheck.yaml > .github/workflows/govulncheck.yaml
 
 shared_generate_targets += generate-govulncheck
 
diff --git a/modules/go/base/.github/workflows/govulncheck.yaml b/modules/go/base/.github/workflows/govulncheck.yaml
@@ -17,7 +17,7 @@ jobs:
   govulncheck:
     runs-on: ubuntu-latest
 
-    if: github.repository_owner == 'cert-manager'
+    if: github.repository_owner == 'ORGNAMEHERE'
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
