Skip to content

run govulncheck as part of testing #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
otternq wants to merge 4 commits into
base: main
Choose a base branch
from
Open

run govulncheck as part of testing #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
32ea217
ci(go): run govulncheck as part of testing
otternq Oct 9, 2024
b05e26e
Merge branch 'main' of github.com:Kochava/github-workflows into govul…
otternq Oct 25, 2024
a790f71
ci: run vulnerability scan in its own task
otternq Oct 25, 2024
8771438
ci: run vulnerability scan in its own task
otternq Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .github/workflows/go_app_pull_requests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,38 @@ jobs:
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
vulnerabilities:
#
# ensure go standards and tests pass
#
runs-on: ubuntu-latest
strategy:
matrix:
# List of go versions to test on.
go: ['^1']
steps:
# Checkout go code to test.
- name: Checkout repo
uses: actions/checkout@v3
# Setup Go for each version in the matrix.
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go }}
# Use auth to get access to private Git repos for Go code dependencies.
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.GH_CI_PAT }}
GITHUB_USERNAME: ${{ inputs.GH_CI_USER }}
run: git config --global url."https://${GITHUB_USERNAME}:${TOKEN}@github.com".insteadOf
"https://github.com"
# Install govulncheck
- id: install-govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
# Run govulncheck for every Go module
- id: govulncheck
run: find . -name vendor -prune -o -name go.mod -print | xargs -n1 dirname
| xargs -n1 -I{} bash -c "pushd {}; govulncheck ./..."
docker-build:
#
# ensures the docker image will build without pushing to the registry
Expand Down
35 changes: 34 additions & 1 deletion .github/workflows/go_lib_pull_requests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,4 +109,37 @@ jobs:
- name: Upload test coverage results to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
token: ${{ secrets.CODECOV_TOKEN }}
vulnerabilities:
#
# ensure go standards and tests pass
#
runs-on: ubuntu-latest
strategy:
matrix:
# List of go versions to test on.
go: ["^1"]
steps:
# Checkout go code to test.
- name: Checkout repo
uses: actions/checkout@v3
# Setup Go for each version in the matrix.
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go }}
# Use auth to get access to private Git repos for Go code dependencies.
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.GH_CI_PAT }}
GITHUB_USERNAME: ${{ inputs.GH_CI_USER }}
run:
git config --global url."https://${GITHUB_USERNAME}:${TOKEN}@github.com".insteadOf
"https://github.com"
# Install govulncheck
- id: install-govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
# Run govulncheck for every Go module
- id: govulncheck
run: find . -name vendor -prune -o -name go.mod -print | xargs -n1 dirname
| xargs -n1 -I{} bash -c "pushd {}; govulncheck ./..."