drop 'Install Go' step from govulncheck workflow

[MatousJobanek]

drop 'Install Go' step from govulncheck workflow because it's done in the GHA composite

Summary by CodeRabbit

• Chores
  • Streamlined the security vulnerability scan workflow to remove redundant setup and rely on a single, consolidated step.
  • Maintains existing checks while improving efficiency, reducing CI time, and increasing reliability of scan execution.
  • Enhances consistency across environments without altering application behavior or functionality.
  • No user-facing changes; this is an internal pipeline optimization only.

[coderabbitai]

Walkthrough

The govulncheck GitHub Actions workflow was simplified by removing the separate Go setup step. The go-version-file configuration is now provided directly to the govulncheck action. Other workflow steps such as checkout and running govulncheck remain unchanged.

Changes

Cohort / File(s)	Summary
CI workflow: govulncheck \.github/workflows/govulncheck.yml	Removed actions/setup-go@v5 step; passed go-version-file directly to the govulncheck action; retained checkout and govulncheck run steps unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Actions Runner
  participant CO as actions/checkout
  participant GV as golang/govulncheck-action

  Dev->>GH: Push/PR triggers workflow
  GH->>CO: Checkout repository
  CO-->>GH: Code fetched
  Note over GH,GV: New flow: no separate setup-go step
  GH->>GV: Run govulncheck (uses go-version-file)
  GV-->>GH: Report vulnerabilities

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• build: switch to toolchain-cicd/govulncheck-action #1190 — Also modifies the govulncheck workflow, including action inputs like go-version-file and step structure.

Suggested reviewers

• mfrancisc
• fbm3307

Poem

I hop through YAML fields so wide,
One fewer step, a lighter stride.
Govulncheck now leads the show—
Go sneaks in where versions flow.
Thump-thump! The pipeline’s clean and tight,
A carrot for the simplest bite. 🥕✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cdfb9b9 and fd94944.

📒 Files selected for processing (1)

• .github/workflows/govulncheck.yml (0 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/govulncheck.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build & push Developer Sandbox UI image for UI e2e tests
• GitHub Check: Build & push operator bundles for e2e tests

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rsoaresd]

🚀

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexeykazakov, MatousJobanek, rsoaresd, xcoulon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MatousJobanek,alexeykazakov,rsoaresd,xcoulon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment