Add a Make target that searches for note markers #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://go.dev/security/vuln | |
name: govulncheck | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
env: | |
# Use the Go toolchain installed by setup-go | |
# https://github.com/actions/setup-go/issues/457 | |
GOTOOLCHAIN: local | |
jobs: | |
vulnerabilities: | |
if: ${{ github.repository == 'CrunchyData/postgres-operator' }} | |
permissions: | |
security-events: write | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
# Install Go and produce a SARIF report. This fails only when the tool is | |
# unable to scan. | |
- name: Prepare report | |
uses: golang/govulncheck-action@v1 | |
with: | |
output-file: 'govulncheck-results.sarif' | |
output-format: 'sarif' | |
repo-checkout: false | |
# Submit the SARIF report to GitHub code scanning. Pull request checks | |
# succeed or fail according to branch protection rules. | |
# - https://docs.github.com/en/code-security/code-scanning | |
- name: Upload results to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'govulncheck-results.sarif' | |
# TODO: https://go.dev/issue/70157 | |
if: ${{ false }} | |
# Print any detected vulnerabilities to the workflow log. This step fails | |
# when the tool detects a vulnerability in code that is called. | |
# - https://go.dev/blog/govulncheck | |
- name: Log results | |
run: govulncheck --format text --show verbose ./... |