Allow working directory as cli arg #12

	---
	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	workflow_dispatch:

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	- name: Lint
	# Third-party action, pin to commit SHA!
	# See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
	uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86
	- name: Test
	run: go test -v ./...

	vulnerability-scan:
	runs-on: ubuntu-latest
	needs:
	- build
	permissions:
	contents: read
	security-events: write
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v5
	with:
	go-version-file: go.mod
	- name: Run Trivy vulnerability scanner
	# Third-party action, pin to commit SHA!
	# See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
	uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
	with:
	scan-type: "fs"
	format: "sarif"
	output: "trivy-results.sarif"
	severity: "CRITICAL,HIGH"
	ignore-unfixed: true
	exit-code: "1" # Fail the build!
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	if: ${{ always() && github.ref == 'refs/heads/main' }} # Bypass non-zero exit code..
	with:
	sarif_file: "trivy-results.sarif"

Provide feedback