From bc9462f20fc9a948fe557c87c895c06d4c0ddc6a Mon Sep 17 00:00:00 2001
From: Matt Farina <matt.farina@suse.com>
Date: Tue, 9 Dec 2025 13:52:50 -0500
Subject: [PATCH 1/2] Fix govulncheck in CI

govulncheck is having trouble checking out the source due to
multiple Authorization headers. The fix for this is to not
persist the credentials.

Signed-off-by: Matt Farina <matt.farina@suse.com>
---
 .github/workflows/govulncheck.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 59fc695a0..992283d1a 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -16,6 +16,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # pin@v6.0.1
+        with:
+          persist-credentials: false
       - name: Add variables to environment file
         run: cat ".github/env" >> "$GITHUB_ENV"
       - name: Setup Go

From 24a82589f8ee9f8f385c63b6c68dabdf19109da7 Mon Sep 17 00:00:00 2001
From: Matt Farina <matt.farina@suse.com>
Date: Tue, 9 Dec 2025 15:47:56 -0500
Subject: [PATCH 2/2] Run the vulnerability check on PR that change the file

Signed-off-by: Matt Farina <matt.farina@suse.com>
---
 .github/workflows/govulncheck.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 992283d1a..e8f2560e3 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -4,6 +4,10 @@ on:
     paths:
       - go.sum
       - .github/workflows/govulncheck.yml
+  pull_request:
+    paths:
+      - go.sum
+      - .github/workflows/govulncheck.yml
   schedule:
     - cron: "0 0 * * *"