mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 06:03:51 +03:00
chore(security): Support Go Vulnerability Management (#21139)
See https://go.dev/security/vuln/ Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com> Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com>
This commit is contained in:
parent
77c916f6d9
commit
24b5a384d2
2 changed files with 16 additions and 0 deletions
10
.drone.yml
10
.drone.yml
|
@ -39,6 +39,16 @@ steps:
|
|||
- make lint-frontend
|
||||
depends_on: [deps-frontend]
|
||||
|
||||
- name: security-check
|
||||
image: golang:1.19
|
||||
pull: always
|
||||
commands:
|
||||
- make security-check
|
||||
depends_on: [deps-backend]
|
||||
volumes:
|
||||
- name: deps
|
||||
path: /go
|
||||
|
||||
- name: lint-backend
|
||||
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
|
||||
pull: always
|
||||
|
|
6
Makefile
6
Makefile
|
@ -35,6 +35,7 @@ MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
|
|||
SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
|
||||
XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
|
||||
GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
|
||||
GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
|
||||
|
||||
DOCKER_IMAGE ?= gitea/gitea
|
||||
DOCKER_TAG ?= latest
|
||||
|
@ -728,6 +729,10 @@ generate-go: $(TAGS_PREREQ)
|
|||
@echo "Running go generate..."
|
||||
@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
|
||||
|
||||
.PHONY: security-check
|
||||
security-check:
|
||||
govulncheck -v ./...
|
||||
|
||||
$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
|
||||
CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
|
||||
|
||||
|
@ -813,6 +818,7 @@ deps-backend:
|
|||
$(GO) install $(SWAGGER_PACKAGE)
|
||||
$(GO) install $(XGO_PACKAGE)
|
||||
$(GO) install $(GO_LICENSES_PACKAGE)
|
||||
$(GO) install $(GOVULNCHECK_PACKAGE)
|
||||
|
||||
node_modules: package-lock.json
|
||||
npm install --no-save
|
||||
|
|
Loading…
Reference in a new issue