BUILD/MINOR: ci: add govulncheck to the ci

mjuraga · mjuraga · commit ef938db61194 · 2024-10-10T13:54:05.000+02:00
diff --git a/.aspell.yml b/.aspell.yml
@@ -26,3 +26,4 @@ allowed:
   - crd
   - linter
   - linters
+  - govulncheck
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,5 +1,6 @@
 stages:
   - lint
+  - checks
   - build
   - e2e
 variables:
@@ -112,6 +113,28 @@ build:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
     - if: $CI_PIPELINE_SOURCE == 'push'
 
+govulncheck:
+  stage: checks
+  needs: []
+  image:
+    name: $CI_REGISTRY_GO/docker:$DOCKER_VERSION-go$GO_VERSION
+    entrypoint: [ "" ]
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'schedule' && $SCHEDULE_TYPE == 'daily'
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+      changes:
+        - go.mod
+    - if: "$CI_PROJECT_NAMESPACE == 'haproxy-controller' && $CI_PIPELINE_SOURCE == 'push'"
+      changes:
+        - go.mod
+  tags:
+    - go
+  script:
+    - go install golang.org/x/vuln/cmd/govulncheck@latest
+    - govulncheck -version
+    - go mod tidy
+    - go run cmd/govulncheck-report/main.go
+
 HAProxy_2_2:
   extends: .e2e
   parallel:
diff --git a/cmd/govulncheck-report/main.go b/cmd/govulncheck-report/main.go

-Original file line number
+Diff line change
   - crd
   - linter
   - linters
 +  - govulncheck