feat: [#18] Verify downloaded Golang modules. (#27)

schubergphilis · Feb 13, 2024 · f39d929 · f39d929
1 parent 50063b7
commit f39d929
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,4 +1,27 @@
-# golang-action
+# mcvs-golang-action
+
+Mission Critical Vulnerability Scanner (MCVS) Golang Action is a custom
+[GitHub Action](https://github.com/features/actions) that consists of the
+following steps:
+
+* Install the Golang version that is defined in the project `go.mod`.
+* Verify download Golang modules.
+* Check for incorrect import order and indicate how to resolve it.
+* Code security scanning and suppress certain CVEs for a maximum of one month.
+  In some situations a particular CVE will be resolved in a couple of weeks and
+  this allows the developer to continue in a save way while knowing that the
+  pipeline will fail again if the issue has not been resolved in a couple of
+  weeks.
+* Linting.
+* Unit tests.
+* Integration tests.
+* Code coverage.
+
+In summary, using this action will ensure that Golang code meets certain
+standards before it will be deployed to production as the assembly line will
+fail if an issues arrises.
+
+## usage
 
 Create a `.github/workflows/golang.yml` file with the following content:
 

diff --git a/action.yml b/action.yml
@@ -27,6 +27,13 @@ runs:
         go-version-file: 'go.mod'
         cache: false
     #
+    # Verify downloaded dependencies.
+    #
+    - uses:
+      shell: bash
+      run: |
+        go mod verify
+    #
     # Check for 'incorrect import order', let pipeline fail if true and provide
     # instruction to remediate it. Note: check is included in golangci-lint,
     # but it does not provide clarity how to resolve it when positive.