From c5365a82f8460da86054353bcdad9efa296c1530 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <git@dw1.io>
Date: Tue, 6 Jan 2026 06:29:51 +0700
Subject: [PATCH] ci(govulncheck): workaround duplicate SARIF tags error

Use `jq` to deduplicate tags in the SARIF file
generated by `govulncheck` before uploading,
preventing validation failures in GitHub Actions.

Signed-off-by: Dwi Siswanto <git@dw1.io>
---
 .github/workflows/govulncheck.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
index 24fc0919f..5d22f7fe5 100644
--- a/.github/workflows/govulncheck.yaml
+++ b/.github/workflows/govulncheck.yaml
@@ -19,7 +19,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: projectdiscovery/actions/setup/go@v1
       - run: go install golang.org/x/vuln/cmd/govulncheck@latest
-      - run: govulncheck -scan package -format sarif ./... > $OUTPUT
+      - run: |
+          govulncheck -scan package -format sarif ./... | \
+            jq '(.runs[].tool.driver.rules[]?.properties.tags)? |= unique' > $OUTPUT
       - uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: "${{ env.OUTPUT }}"