diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml new file mode 100644 index 0000000..1b517cc --- /dev/null +++ b/.github/workflows/govulncheck.yaml @@ -0,0 +1,40 @@ +name: Vulnerability Check + +on: + push: + branches: + - main + - master + pull_request: + branches: + - main + - master + schedule: + # weekly, so newly disclosed vulnerabilities are caught even without a push + - cron: "0 6 * * 1" + workflow_dispatch: + +permissions: + contents: read + +jobs: + govulncheck: + name: govulncheck + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache: true + + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + + - name: Run govulncheck + run: govulncheck ./...