Add govuln GitHub workflow

Signed-off-by: Ivan Valdes <ivan@vald.es>
etcd-io · Mar 8, 2024 · 67afad6 · 67afad6
1 parent 65c10bc
commit 67afad6
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/.github/workflows/govuln.yaml b/.github/workflows/govuln.yaml
@@ -0,0 +1,19 @@
+---
+name: Go Vulnerability Checker
+on: [push, pull_request]
+permissions: read-all
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - id: goversion
+        run: echo "goversion=$(cat .go-version)" >> "$GITHUB_OUTPUT"
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: ${{ steps.goversion.outputs.goversion }}
+      - run: date
+      - run: |
+          set -euo pipefail
+
+          go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...