From 9e6275e757399b0ab09d3d07824923b9b8a79e7d Mon Sep 17 00:00:00 2001
From: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
Date: Mon, 11 Nov 2024 08:11:35 +0200
Subject: [PATCH] add osv-scanner config for correcting go version used

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
---
 .github/osv-scanner.toml               |  2 +
 .github/workflows/osv-scanner-scan.yml | 57 +++++++++++++-------------
 2 files changed, 31 insertions(+), 28 deletions(-)
 create mode 100644 .github/osv-scanner.toml

diff --git a/.github/osv-scanner.toml b/.github/osv-scanner.toml
new file mode 100644
index 00000000..ead249c8
--- /dev/null
+++ b/.github/osv-scanner.toml
@@ -0,0 +1,2 @@
+GoVersionOverride = "1.22.8"
+
diff --git a/.github/workflows/osv-scanner-scan.yml b/.github/workflows/osv-scanner-scan.yml
index 852ec70d..2a212b67 100644
--- a/.github/workflows/osv-scanner-scan.yml
+++ b/.github/workflows/osv-scanner-scan.yml
@@ -1,14 +1,13 @@
-# This file is adapted from https://github.com/google/osv-scanner
-
+# runs vulnerability scans and add them to Github Security tab
 
 name: OSV-Scanner Scan
 
 on:
   schedule:
   - cron: "12 6 * * 1"
+  workflow_dispatch:
+
 
-# Restrict jobs in this workflow to have no permissions by default; permissions
-# should be granted per job as needed using a dedicated `permissions` block
 permissions: {}
 
 jobs:
@@ -20,27 +19,29 @@ jobs:
     if: ${{ github.repository == 'metal3-io/ip-address-manager' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Calculate go version
-        id: vars
-        run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
-      - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
-        with:
-          go-version: ${{ steps.vars.outputs.go_version }}
-      - name: Install OSV Scanner
-        run: go install github.com/google/osv-scanner/cmd/osv-scanner@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
-      - name: Run OSV Scanner
-        run: osv-scanner scan --format json --output results.json --recursive --skip-git ./
-        continue-on-error: true
-      - name: "Run OSV Scanner Reporter"
-        uses: google/osv-scanner/actions/reporter@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
-        with:
-           scan-args: |-
-            --output=results.sarif
-            --new=results.json
-            --gh-annotations=false
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: results.sarif
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Calculate go version
+      id: vars
+      run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+    - name: Set up Go
+      uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      with:
+        go-version: ${{ steps.vars.outputs.go_version }}
+    - name: Install OSV Scanner
+      run: go install
+        github.com/google/osv-scanner/cmd/osv-scanner@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
+    - name: Run OSV Scanner
+      run: osv-scanner scan --format json --output results.json --recursive --skip-git
+        ./
+      continue-on-error: true
+    - name: "Run OSV Scanner Reporter"
+      uses: google/osv-scanner/actions/reporter@b13f37e1a1e4cb98556c1d34cd3256a876929be1 # v1.9.1
+      with:
+        scan-args: |-
+          --output=results.sarif
+          --new=results.json
+          --gh-annotations=false
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: results.sarif