From 8ac6105b3c1b82c3a1ce6d88fe6e416d76300a6c Mon Sep 17 00:00:00 2001 From: Oleg Smirnov Date: Mon, 4 Mar 2024 13:07:03 +0400 Subject: [PATCH] Add vulnerability check (#15) * Add vulnerability check * Update action versions * Use go.mod as version source * Fail check step if has erros --- .github/workflows/check.yml | 7 +++--- .github/workflows/vulnerability_check.yml | 27 +++++++++++++++++++++++ 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/vulnerability_check.yml diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 6259099..b74fad0 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -6,12 +6,12 @@ jobs: check: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: 1.19 + go-version-file: go.mod - name: Install protoc run: sudo apt-get update && sudo apt-get install -y protobuf-compiler && protoc --version @@ -27,7 +27,6 @@ jobs: exit 1 fi - - name: Build sources run: make build - name: Check sources diff --git a/.github/workflows/vulnerability_check.yml b/.github/workflows/vulnerability_check.yml new file mode 100644 index 0000000..f11ddb2 --- /dev/null +++ b/.github/workflows/vulnerability_check.yml @@ -0,0 +1,27 @@ +name: Check repository for vulnerabilities + +on: [push, workflow_dispatch] + +jobs: + vulnerabilities: + env: + report-file: report.txt + name: Check vulnerabilities + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + - name: Run check + run: govulncheck -show verbose ./... 2>&1 | tee ${{ env.report-file }} + - name: Collect report + if: always() + uses: actions/upload-artifact@v4 + with: + name: 'govulncheck-report' + path: ${{ env.report-file }} + overwrite: true \ No newline at end of file