From a200f968e40a55d36f4df7b0072af8ca03d3c2ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=A1l=20Gy=C3=B6rgy?= Date: Fri, 3 Jul 2026 22:32:31 +0200 Subject: [PATCH] ci: add govulncheck workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Run govulncheck on pushes, pull requests and weekly to continuously scan the module set for known vulnerabilities. The tree currently reports no vulnerabilities. Signed-off-by: Gaál György --- .github/workflows/govulncheck.yaml | 40 ++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/govulncheck.yaml diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml new file mode 100644 index 00000000..1b517ccf --- /dev/null +++ b/.github/workflows/govulncheck.yaml @@ -0,0 +1,40 @@ +name: Vulnerability Check + +on: + push: + branches: + - main + - master + pull_request: + branches: + - main + - master + schedule: + # weekly, so newly disclosed vulnerabilities are caught even without a push + - cron: "0 6 * * 1" + workflow_dispatch: + +permissions: + contents: read + +jobs: + govulncheck: + name: govulncheck + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache: true + + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + + - name: Run govulncheck + run: govulncheck ./...