fix: Update go mod to fix CVE-2024-45338 #136
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| go: ['1.21', '1.22'] | |
| os: ['ubuntu-20.04', 'ubuntu-22.04'] | |
| name: ${{ matrix.os }} / Go ${{ matrix.go }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Set up Go 1.x | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ matrix.go }} | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@v3 | |
| with: | |
| # By default, the checkout action only fetches the last commit, | |
| # but we want to run DCO check against all commit messages. | |
| # Assuming that a pull request may have multiple commits, | |
| # fetching the single commit doesn't work for us. | |
| # | |
| # While DCO check (on Makefile) checks latest 5 commits, | |
| # the checkout action automatically creates a merge commit | |
| # for merging "main" into a pull request branch. | |
| # In addition to that, Git cannot recognize merge commits when | |
| # one of the parents is missing. | |
| # So, we will fetch 15 commits just in case to have | |
| # 5 actual commits with associated merged commits. | |
| fetch-depth: 15 | |
| - name: Run static analysis | |
| run: make lint | |
| - name: Build | |
| run: make all | |
| # GitHub Actions' VMs don't have KVM. Firecracker itself won't work. | |
| - name: Test | |
| run: SKIP_INTEG_TEST=1 make test |