File tree Expand file tree Collapse file tree 1 file changed +40
-0
lines changed Expand file tree Collapse file tree 1 file changed +40
-0
lines changed Original file line number Diff line number Diff line change @@ -149,6 +149,45 @@ jobs:
149149 status : ${{ job.status }}
150150 webhook-url : ${{ secrets.SLACK_WEBHOOK }}
151151
152+ go-govulncheck :
153+ runs-on : ubuntu-latest
154+
155+ steps :
156+ - uses : actions/checkout@v5
157+
158+ - uses : actions/setup-go@v6
159+ with :
160+ go-version-file : go.mod
161+ cache : true
162+ - run : go install golang.org/x/vuln/cmd/govulncheck@latest
163+
164+ - uses : ruby/setup-ruby@v1
165+ with :
166+ ruby-version : ruby
167+ bundler-cache : true
168+
169+ - name : export CGO_CFLAGS for govulncheck
170+ run : bundle exec rake go:build_envs[CGO_CFLAGS] >> $GITHUB_ENV
171+ - run : echo $CGO_CFLAGS
172+
173+ - name : export BUILD_TAG for govulncheck
174+ run : echo "BUILD_TAG=$(bundle exec rake go:build_tag)" >> $GITHUB_ENV
175+ - run : echo $BUILD_TAG
176+
177+ # FIXME: golang/govulncheck-action@v1 doesn't support `-tags` arg
178+ # - uses: golang/govulncheck-action@v1
179+ # with:
180+ # go-version-file: go.mod
181+ - run : govulncheck -format text -tags "${BUILD_TAG}" ./...
182+
183+ - name : Slack Notification (not success)
184+ uses : act10ns/slack@v2
185+ if : " ! success()"
186+ continue-on-error : true
187+ with :
188+ status : ${{ job.status }}
189+ webhook-url : ${{ secrets.SLACK_WEBHOOK }}
190+
152191 ruby-lint :
153192 runs-on : ubuntu-latest
154193
@@ -230,6 +269,7 @@ jobs:
230269 needs :
231270 - build-and-test
232271 - go-lint
272+ - go-govulncheck
233273 - ruby-lint
234274 - ruby-rbs
235275 - go_gem
You can’t perform that action at this time.
0 commit comments