Bump govulncheck version to 1.1.0

This commit will bump govulncheck version 1.0.1 -> 1.1.0 Additionally, handle govulncheck exit code returned It will handle the govulncheck exit code returned which returning 3 instead of 0 with the new v1.1.0 by adding `|| true` so that the verify job does not fail but logs the go vulnerability found. Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
2024-05-08 17:01:24 +05:30
parent 027f346f60
commit 2e0ce7960e
1 changed files with 3 additions and 3 deletions
--- a/hack/verify-govulncheck.sh
+++ b/hack/verify-govulncheck.sh
@@ -27,7 +27,7 @@ kube::util::ensure_clean_working_dir
 # This sets up the environment, like GOCACHE, which keeps the worktree cleaner.
 kube::golang::setup_env

-go install golang.org/x/vuln/cmd/govulncheck@v1.0.1
+go install golang.org/x/vuln/cmd/govulncheck@v1.1.0

 # KUBE_VERIFY_GIT_BRANCH is populated in verify CI jobs
 BRANCH="${KUBE_VERIFY_GIT_BRANCH:-master}"
@@ -40,9 +40,9 @@ git worktree add -f "${WORKTREE}" "${BRANCH}"
 # Clean up the copy on exit
 kube::util::trap_add "git worktree remove -f ${WORKTREE}" EXIT

-govulncheck -scan module ./... > "${KUBE_TEMP}/head.txt"
+govulncheck -scan package ./... > "${KUBE_TEMP}/head.txt" || true
 pushd "${WORKTREE}" >/dev/null
-  govulncheck -scan module ./... > "${KUBE_TEMP}/pr-base.txt"
+  govulncheck -scan package ./... > "${KUBE_TEMP}/pr-base.txt" || true
 popd >/dev/null

 echo -e "\n HEAD: $(cat "${KUBE_TEMP}"/head.txt)"