forked from sourcenetwork/defradb
-
Notifications
You must be signed in to change notification settings - Fork 0
62 lines (51 loc) · 1.63 KB
/
check-vulnerabilities.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Copyright 2023 Democratized Data Foundation
#
# Use of this software is governed by the Business Source License
# included in the file licenses/BSL.txt.
#
# As of the Change Date specified in that file, in accordance with
# the Business Source License, use of this software will be governed
# by the Apache License, Version 2.0, included in the file
# licenses/APL.txt.
name: Check Vulnerabilities Workflow
on:
pull_request:
branches:
- master
- develop
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
branches:
- master
- develop
- "**"
jobs:
check-vulnerabilities:
name: Check vulnerabilities job
runs-on: ubuntu-latest
steps:
- name: Checkout code into the directory
uses: actions/checkout@v4
- name: Setup Go environment explicitly
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
check-latest: true
cache: false
- name: Install govulncheck
run: make deps:vulncheck
- name: Run govulncheck scan
run: govulncheck -C . -format text ./... | tee govulncheck.txt
- name: Check if only known vulnerabilities were found
run: cat govulncheck.txt | grep "Your code is affected by 3 vulnerabilities from 1 module."
# Use the steps below once the x/crisis (crisis.init) bug is fixed or if the
# ability to silence is implemented: https://github.com/golang/go/issues/61211
#steps:
# - name: Run govulncheck
# uses: golang/govulncheck-action@v1
# with:
# go-version-file: 'go.mod'
# check-latest: true
# cache: false
# go-package: ./...