Run govulncheck on the binary and remove upload of SARIF to github as github doesnt like the SARIF govulncheck produces

2026-06-06 09:15:57 +02:00 · 2025-09-24 13:12:00 +05:30
parent 4771de3f95
commit 3b0938e878
2 changed files with 2 additions and 11 deletions
--- a/.github/workflows/ci.py
+++ b/.github/workflows/ci.py
@@ -270,10 +270,8 @@ def main() -> None:
        test_kitty()
    elif action == 'govulncheck':
        subprocess.check_call(['go', 'install', 'golang.org/x/vuln/cmd/govulncheck@latest'])
-        with open('govulncheck.sarif', 'wb') as f:
-            subprocess.check_call(['govulncheck', '-format', 'sarif', './...'], stdout=f)
-        with open('govulncheck.sarif') as f:
-            print(f.read())
+        subprocess.check_call(['govulncheck', '-mode=binary', 'kitty/launcher/kitten'])
+        subprocess.check_call(['govulncheck', './...'])
    elif action == 'gofmt':
        q = subprocess.check_output('gofmt -s -l tools kittens'.split()).decode()
        if q.strip():
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -68,10 +68,3 @@ jobs:
        - name: Run govulncheck
          if: matrix.language == 'go'
          run: python3 .github/workflows/ci.py govulncheck
-
-        - name: Upload govulncheck results
-          if: matrix.language == 'go'
-          uses: github/codeql-action/upload-sarif@v3
-          with:
-              sarif_file: govulncheck.sarif
-              category: govulncheck