1
0

vuln.yml 1.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. name: Vulnerability Check
  2. on: [push, pull_request]
  3. jobs:
  4. go-versions:
  5. name: Get stable Go versions
  6. runs-on: ubuntu-latest
  7. outputs:
  8. version-list: ${{ steps.go-dev-stable-versions.outputs.version-list }}
  9. steps:
  10. - name: List the latest stable versions of Go
  11. id: go-dev-stable-versions
  12. run: |
  13. versions_json=$(curl -s https://go.dev/dl/?mode=json | jq '.[].version' | sed -e 's/^"go/"/' | jq -s -c '.')
  14. echo "version-list=$versions_json" >> $GITHUB_OUTPUT
  15. - name: Notify on go-dev-stable-versions
  16. run: echo "::notice::version-list is ${{ steps.go-dev-stable-versions.outputs.version-list }}"
  17. test:
  18. needs: [go-versions]
  19. strategy:
  20. matrix:
  21. os: [ubuntu-latest, macos-latest, windows-latest]
  22. go: ${{ fromJson(needs.go-versions.outputs.version-list) }}
  23. name: Vulnerability Check with Go ${{ matrix.go }} on ${{ matrix.os }}
  24. runs-on: ${{ matrix.os }}
  25. env:
  26. DISPLAY: ':99.0'
  27. defaults:
  28. run:
  29. shell: bash
  30. steps:
  31. - name: Git
  32. run: |
  33. # See actions/checkout#135
  34. git config --global core.autocrlf false
  35. git config --global core.eol lf
  36. - name: Checkout
  37. uses: actions/checkout@v4
  38. - name: Setup Go
  39. uses: actions/setup-go@v5
  40. with:
  41. go-version: ${{ matrix.go }}
  42. - name: Install govulncheck
  43. run: |
  44. go install golang.org/x/vuln/cmd/govulncheck@latest
  45. - name: Install dependencies
  46. if: runner.os == 'Linux'
  47. run: |
  48. sudo apt-get update
  49. sudo apt-get install libasound2-dev libgl1-mesa-dev libxcursor-dev libxi-dev libxinerama-dev libxrandr-dev libxxf86vm-dev
  50. - name: govulncheck
  51. run: |
  52. govulncheck ./...
  53. env GOOS=js GOARCH=wasm govulncheck ./...