From 551bff46286e5f5d73c6ef2cc86abff56a0c334e Mon Sep 17 00:00:00 2001
From: Chun-Hung Tseng <henrybear327@gmail.com>
Date: Thu, 13 Jun 2024 21:59:55 +0200
Subject: [PATCH] Fix govulncheck CI check on release-3.5

This commit fixed the Go Vulnerability Checker CI job, which isn't
scanning for all go.mod files within the project.

Reference:
- https://github.com/etcd-io/etcd/discussions/18168

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
---
 .github/workflows/govuln.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/govuln.yaml b/.github/workflows/govuln.yaml
index bec256d38..443a0eb66 100644
--- a/.github/workflows/govuln.yaml
+++ b/.github/workflows/govuln.yaml
@@ -16,4 +16,6 @@ jobs:
       - run: |
           set -euo pipefail
 
-          go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+
+          find -name go.mod -exec /bin/bash -c 'echo scanning $(dirname {}); govulncheck -C $(dirname {}) -show verbose ./...' \;