constellation/.github/workflows/test-govulncheck.yml

51 lines
1.3 KiB
YAML
Raw Normal View History

2022-09-13 10:05:19 -04:00
name: Govulncheck
on:
2022-10-12 04:50:06 -04:00
workflow_dispatch:
2022-09-13 10:05:19 -04:00
push:
branches:
- main
- "release/**"
2022-09-13 10:05:19 -04:00
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
2022-09-13 10:05:19 -04:00
pull_request:
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
2022-09-13 10:05:19 -04:00
jobs:
govulncheck:
name: govulncheck
runs-on: ubuntu-22.04
2022-09-13 10:05:19 -04:00
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
2022-09-13 10:05:19 -04:00
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get -y install libcryptsetup-dev libvirt-dev
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
2022-09-13 10:05:19 -04:00
with:
go-version: "1.19.4"
2022-09-13 10:05:19 -04:00
cache: true
- name: Get Go submodules
id: submods
shell: bash
run: |
mods=$(go list -f '{{.Dir}}/...' -m | xargs)
echo "Found mods: $mods"
echo "submods=${mods}" >> "$GITHUB_OUTPUT"
2022-09-13 10:05:19 -04:00
- name: Govulncheck
shell: bash
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
GOMEMLIMIT=5GiB govulncheck "$(go list -f '{{.Dir}}/...' -m | xargs)"