From cc3621e9861852a5de85e1e738ecb8e5a4b14045 Mon Sep 17 00:00:00 2001
From: Roger Ng <rogerng@google.com>
Date: Mon, 11 Sep 2023 15:59:14 +0000
Subject: [PATCH] Add govulncheck GitHub action (#1145)

* Add govulncheck GitHub action

* Pin golang/govulncheck-action by hash

* Add top level read-only permission in govulncheck.yml
---
 .github/workflows/govulncheck.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/workflows/govulncheck.yml

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
new file mode 100644
index 0000000000..fae69288be
--- /dev/null
+++ b/.github/workflows/govulncheck.yml
@@ -0,0 +1,23 @@
+name: govulncheck
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck_job:
+    runs-on: ubuntu-latest
+    name: Run govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4 # v1.0.1
+        with:
+          go-version-input: 1.20.8
+          go-package: ./...