| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- name: Vulnerability Check
- on: [push, pull_request]
- jobs:
- go-versions:
- name: Get stable Go versions
- runs-on: ubuntu-latest
- outputs:
- version-list: ${{ steps.go-dev-stable-versions.outputs.version-list }}
- steps:
- - name: List the latest stable versions of Go
- id: go-dev-stable-versions
- run: |
- versions_json=$(curl -s https://go.dev/dl/?mode=json | jq '.[].version' | sed -e 's/^"go/"/' | jq -s -c '.')
- echo "version-list=$versions_json" >> $GITHUB_OUTPUT
- - name: Notify on go-dev-stable-versions
- run: echo "::notice::version-list is ${{ steps.go-dev-stable-versions.outputs.version-list }}"
- test:
- needs: [go-versions]
- strategy:
- matrix:
- os: [ubuntu-latest, macos-latest, windows-latest]
- go: ${{ fromJson(needs.go-versions.outputs.version-list) }}
- name: Vulnerability Check with Go ${{ matrix.go }} on ${{ matrix.os }}
- runs-on: ${{ matrix.os }}
- env:
- DISPLAY: ':99.0'
- defaults:
- run:
- shell: bash
- steps:
- - name: Git
- run: |
- # See actions/checkout#135
- git config --global core.autocrlf false
- git config --global core.eol lf
- - name: Checkout
- uses: actions/checkout@v4
- - name: Setup Go
- uses: actions/setup-go@v5
- with:
- go-version: ${{ matrix.go }}
- - name: Install govulncheck
- run: |
- go install golang.org/x/vuln/cmd/govulncheck@latest
- - name: Install dependencies
- if: runner.os == 'Linux'
- run: |
- sudo apt-get update
- sudo apt-get install libasound2-dev libgl1-mesa-dev libxcursor-dev libxi-dev libxinerama-dev libxrandr-dev libxxf86vm-dev
- - name: govulncheck
- run: |
- govulncheck ./...
- env GOOS=js GOARCH=wasm govulncheck ./...
|
