From a29e27c3ecb3e065cc8ee32fa865591e0427b6f8 Mon Sep 17 00:00:00 2001 From: Kyle Conroy Date: Tue, 27 Jun 2023 12:58:26 -0700 Subject: [PATCH] build: Run govulncheck on all builds --- .github/workflows/ci.yml | 13 ++++++++++++- devenv.nix | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7149e386c9..e37c5cc870 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,6 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 with: go-version: '1.20' @@ -83,3 +82,15 @@ jobs: run: ./scripts/report.sh env: BUILDKITE_ANALYTICS_TOKEN: ${{ secrets.BUILDKITE_ANALYTICS_TOKEN }} + + vuln_check: + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: '1.20' + - run: go install golang.org/x/vuln/cmd/govulncheck@latest + - run: govulncheck ./... diff --git a/devenv.nix b/devenv.nix index f74b52c56b..e1250867a3 100644 --- a/devenv.nix +++ b/devenv.nix @@ -7,6 +7,7 @@ pkgs.go pkgs.git pkgs.git-cliff + pkgs.govulncheck pkgs.python311 ]; }