diff options
author | Jakob Borg <jakob@kastelo.net> | 2023-07-20 07:05:35 +0200 |
---|---|---|
committer | Jakob Borg <jakob@kastelo.net> | 2023-07-30 14:38:36 +0200 |
commit | 4fe746d9aa5b140ebe3775fe35598dd823d1c54b (patch) | |
tree | f62a100469ed54a10c34be1b2fa2519739bdbf1d /.github | |
parent | 4f8cdd41eee5fa7176d3397b70d57126defd7829 (diff) | |
download | syncthing-4fe746d9aa5b140ebe3775fe35598dd823d1c54b.tar.gz syncthing-4fe746d9aa5b140ebe3775fe35598dd823d1c54b.zip |
build: Run govulncheck (fixes #8983)
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/build-syncthing.yaml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/.github/workflows/build-syncthing.yaml b/.github/workflows/build-syncthing.yaml index a9dcec216..b3a431028 100644 --- a/.github/workflows/build-syncthing.yaml +++ b/.github/workflows/build-syncthing.yaml @@ -125,6 +125,7 @@ jobs: - package-cross - package-source - package-debian + - govulncheck steps: - uses: actions/checkout@v3 @@ -762,3 +763,25 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/7 push: ${{ env.DOCKER_PUSH == 'true' }} tags: ${{ env.DOCKER_TAGS }} + + # + # Check for known vulnerabilities in Go dependencies + # + + govulncheck: + runs-on: ubuntu-latest + name: Run govulncheck + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + cache: false + check-latest: true + + - name: run govulncheck + run: | + go run build.go assets + go install golang.org/x/vuln/cmd/govulncheck@latest + govulncheck ./... |