Skip to content

Commit f40246e

Browse files
committed
fix: use file-level GHA annotation for unfixed vulnerability IDs
::error file=go.mod:: creates a file-level annotation visible via the check run annotations API; plain ::error:: is log-only and not queryable. https://claude.ai/code/session_018ji3prTSK6AKEFqRfZQbBQ
1 parent a5b3e83 commit f40246e

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/engine-ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ jobs:
7171
echo "govulncheck IDs found: ${ALL_IDS:-none}"
7272
ACTIONABLE_IDS=$(echo "$ALL_IDS" | grep -vE '^(GO-2026-4887|GO-2026-4883)$' || true)
7373
for ID in $ACTIONABLE_IDS; do
74-
echo "::error title=Unfixed vulnerability::$ID — add to exclusion list or upgrade the affected dependency"
74+
echo "::error file=go.mod,line=1,title=Unfixed vulnerability::$ID — add to exclusion list or upgrade the affected dependency"
7575
done
7676
ACTIONABLE=$(echo "$OUTPUT" | grep -E '^Vulnerability #[0-9]+:' | grep -vE 'GO-2026-4887|GO-2026-4883' || true)
7777
if [ -n "$ACTIONABLE" ]; then

0 commit comments

Comments
 (0)