💥 👽 Adjusted code to vulncheck 1.0 (breaks with v0 code) (#48)

* 📌 Pinned latest version of Golang & Govulncheck

There is a special issue with GitHub Actions where 1.20 is parsed as 1.2.
Hence I leverage 1.20.6 to avoid that parsing issue.

* 📌 Update default in dockerfile

* 🧑‍💻 Update Devcontainer to defaults

* 💥 👽 Using 1.0.0 Format of vulncheck

* ➖ Removed vuln as osv is internal now

* 🍱 Took new sample

* ✅ Fixed Tests

* 🔧 Removed unused Test Explorer

* ♻️ Renamed variable

* ✨  version exposure of vuln to sarif

.devcontainer/Dockerfile

@@ -23,7 +23,7 @@ RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 RUN go install golang.org/x/tools/gopls@latest
 
 # Installing govulncheck
-ARG VULNCHECK_VERSION="v0.1.0"
+ARG VULNCHECK_VERSION="v1.0.0"
 RUN go install golang.org/x/vuln/cmd/govulncheck@$VULNCHECK_VERSION
 
 

.devcontainer/devcontainer.json

@@ -11,7 +11,7 @@
             "VARIANT": "1.20-bullseye",
             // Options
             "NODE_VERSION": "none",
-            "VULNCHECK_VERSION": "v0.1.0"
+            "VULNCHECK_VERSION": "v1.0.0"
         }
     },
     "runArgs": [
@@ -22,18 +22,19 @@
     "customizations": {
         "vscode": {
             "settings": {
-                "go.gocodeAutoBuild": false,
+                "go.useLanguageServer": true,
                 "files.autoSave": "afterDelay",
                 "editor.formatOnPaste": true,
                 "editor.formatOnSave": true,
+                "gopls": {
+                    "ui.completion.usePlaceholders": true
+                },
                 "go.gopath": "/go",
                 "go.goroot": "/usr/local/go",
                 "go.toolsGopath": "/go/bin",
-                "go.buildOnSave": "workspace",
                 "go.lintOnSave": "package",
                 "go.vetOnSave": "package",
                 "go.coverOnSave": false,
-                "go.useCodeSnippetsOnFunctionSuggest": false,
                 "go.lintTool": "golangci-lint",
                 "go.formatTool": "goimports",
                 "[go]": {
@@ -51,7 +52,6 @@
             "extensions": [
                 "golang.Go",
                 "streetsidesoftware.code-spell-checker",
-                "premparihar.gotestexplorer",
                 "wayou.vscode-todo-highlight",
                 "bierner.github-markdown-preview",
                 "GitHub.vscode-github-actions"

Dockerfile

@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.19
+ARG GOLANG_VERSION=1.20
 # This golang version is for the builder only
 FROM golang:1.20 as builder
 
@@ -13,7 +13,7 @@ COPY . .
 RUN CGO_ENABLED=0 go build -ldflags="-w -s" -v -o action .
 # This golang version determines in which golang environment the customer code is checked
 FROM golang:$GOLANG_VERSION
-ARG VULNCHECK_VERSION=v0.1.0 
+ARG VULNCHECK_VERSION=v1.0.0 
 RUN go install golang.org/x/vuln/cmd/govulncheck@$VULNCHECK_VERSION
 
 # This allows private repositories hosted on Github

action.yml

@@ -7,13 +7,13 @@ inputs:
     required: false
     default: "./..."
   go-version:
-    description: "Can be any Tag for the golang docker image, but should ideally match your runtime go version. By default 1.19 is assumed"
+    description: "Can be any Tag for the golang docker image, but should ideally match your runtime go version. By default 1.20.6 is assumed"
     required: false
-    default: "1.19"
+    default: "1.20.6"
   vulncheck-version:
     description: "Version of govulncheck that should be used, by default v0.0.0-20230331150530-a42f9910daf3"
     required: false
-    default: "v0.0.0-20230331150530-a42f9910daf3"
+    default: "v1.0.0"
   github-token:
     description: "Github App token to upload sarif report. Needs write permissions for security_events. By default it will use 'github.token' value"
     default: ${{ github.token }}

go.mod

@@ -1,8 +1,6 @@
 module github.com/Templum/govulncheck-action
 
-go 1.19
-
-require golang.org/x/vuln v0.0.0-20221111165027-50a0e29f49cc
+go 1.20
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -24,7 +22,6 @@ require (
 	github.com/owenrumney/go-sarif/v2 v2.2.0
 	github.com/rs/zerolog v1.29.1
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/mod v0.6.0 // indirect
 	golang.org/x/oauth2 v0.10.0
 	golang.org/x/sys v0.10.0 // indirect
 )

go.sum

@@ -50,8 +50,6 @@ github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uU
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
-golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
@@ -67,8 +65,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/vuln v0.0.0-20221111165027-50a0e29f49cc h1:/LBdtEOGH9HDO8+sj6+oU/QnYUMwc8MyO6Jd8oYh+D4=
-golang.org/x/vuln v0.0.0-20221111165027-50a0e29f49cc/go.mod h1:8nFLBv8KFyZ2VuczUYssYKh+fcBR3BuXDG/HIWcxlwM=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=