From 3a8abf2b8f08be732567f181ceafba289aa505f3 Mon Sep 17 00:00:00 2001 From: Sergey Vilgelm Date: Tue, 14 Jul 2020 10:30:12 -0500 Subject: [PATCH 1/2] Run nancy validation for all dependencies --- .github/workflows/pr-extra.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/pr-extra.yml diff --git a/.github/workflows/pr-extra.yml b/.github/workflows/pr-extra.yml new file mode 100644 index 000000000000..c8c5a2c64c46 --- /dev/null +++ b/.github/workflows/pr-extra.yml @@ -0,0 +1,19 @@ +name: Extra +on: + push: + tags: + - v* + branches: + - master + pull_request: +jobs: + vulns: + name: Vulnerability scanner + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + # We cannot use nancy-github-action because it is outdated, so it's better to use the latest + # docker image for the validation + - name: nancy + run: go list -m all | docker run -i sonatypecommunity/nancy:latest From d65e5b19c8882f8eeb8f0e00619ee4870abc2983 Mon Sep 17 00:00:00 2001 From: Sergey Vilgelm Date: Thu, 16 Jul 2020 17:10:08 -0500 Subject: [PATCH 2/2] Update pr-extra.yml Use `-json` flag --- .github/workflows/pr-extra.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-extra.yml b/.github/workflows/pr-extra.yml index c8c5a2c64c46..75acbb925bef 100644 --- a/.github/workflows/pr-extra.yml +++ b/.github/workflows/pr-extra.yml @@ -16,4 +16,4 @@ jobs: # We cannot use nancy-github-action because it is outdated, so it's better to use the latest # docker image for the validation - name: nancy - run: go list -m all | docker run -i sonatypecommunity/nancy:latest + run: go list -json -m all | docker run -i sonatypecommunity/nancy:latest