fix: restore osv scanner workflow (#24702)

2026-06-02 20:48:20 +00:00 · 2026-04-27 11:06:07 +02:00
parent 2f26903af9
commit 2446be44b8
1 changed files with 7 additions and 11 deletions
@@ -67,30 +67,26 @@ jobs:
    permissions:
      security-events: write
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
+    env:
+      IMAGE_REF: ghcr.io/coder/coder:latest
+      OSV_SCANNER_VERSION: v2.3.5
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
        with:
          egress-policy: audit

-      - name: Setup Go
-        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version: "1.25.9"
-          cache: false
-
      - name: Install OSV-Scanner
-        run: go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.3.5
+        run: |
+          curl -fsSL -o /usr/local/bin/osv-scanner \
+            "https://github.com/google/osv-scanner/releases/download/${OSV_SCANNER_VERSION}/osv-scanner_linux_amd64"
+          chmod +x /usr/local/bin/osv-scanner

      - name: Pull released Coder image
-        env:
-          IMAGE_REF: ghcr.io/coder/coder:latest
        run: docker pull "$IMAGE_REF"

      - name: Run OSV-Scanner vulnerability scanner
        id: scan
-        env:
-          IMAGE_REF: ghcr.io/coder/coder:latest
        run: |
          set +e
          osv-scanner scan image "$IMAGE_REF" \