added gosec & govulncheck

.github/workflows/issues.yml

@@ -5,6 +5,9 @@ on:
   issues:
     types:
       - opened
+  pull_request:
+    types:
+      - opened
 
 jobs:
   add-to-project:

.github/workflows/pull-request-size-labeler.yml

@@ -0,0 +1,30 @@
+name: Pull request size labeler
+
+on: [pull_request]
+
+jobs:
+  labeler:
+    runs-on: ubuntu-latest
+    name: Label the PR size
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: codelytv/pr-size-labeler@v1
+        with:
+          GITHUB_TOKEN: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
+          xs_label: 'size/xs'
+          xs_max_size: '10'
+          s_label: 'size/s'
+          s_max_size: '100'
+          m_label: 'size/m'
+          m_max_size: '500'
+          l_label: 'size/l'
+          l_max_size: '1000'
+          xl_label: 'size/xl'
+          fail_if_xl: 'false'
+          message_if_xl: >
+            This PR exceeds the recommended size of 1000 lines.
+            Please make sure you are NOT addressing multiple issues with one PR.
+            Note this PR might be rejected due to its size.
+          files_to_ignore: ''

.github/workflows/test.yml

@@ -28,13 +28,28 @@ jobs:
           go-version: ${{ matrix.go }}
           cache: false
 
-      - name: Verify
+      - name: Run GolangCI-Lint
         uses: golangci/golangci-lint-action@v3
         with: 
           version: v1.53
           args: --timeout=5m
-
+
+      - name: Run GoSec
+        if: matrix.os == 'ubuntu-latest'
+        uses: securego/gosec@master
+        with:
+          args: ./...
+
+      - name: Run GoVulnCheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: ${{ matrix.go }}
+          go-package: ./...
+
       - name: Test
         run: go test -race --coverprofile=coverage.txt --covermode=atomic -v ./...
+
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v3
+        with:
+          files: ./coverage

.gitignore

@@ -0,0 +1 @@
+coverage.coverprofile

Makefile

@@ -7,27 +7,63 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-# LINT is the path to the golangci-lint binary
-LINT = $(shell which golangci-lint)
+# GOLINT is the path to the golangci-lint binary
+GOLINT = $(shell which golangci-lint 2> /dev/null || echo '')
+
+# GOSEC is the path to the gosec binary
+GOSEC = $(shell which gosec 2> /dev/null || echo '')
+
+# GOVULNCHECK is the path to the govulncheck binary
+GOVULNCHECK = $(shell which govulncheck 2> /dev/null || echo '')
 
 .PHONY: golangci-lint
 golangci-lint:
-ifeq (, $(LINT))
+ifeq (, $(GOLINT))
   ifeq (, $(shell which golangci-lint))
 	@{ \
 	set -e ;\
 	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ;\
 	}
-  override LINT=$(GOBIN)/golangci-lint
+  override GOLINT=$(GOBIN)/golangci-lint
+  else
+  override GOLINT=$(shell which golangci-lint)
+  endif
+endif
+
+.PHONY: gosec
+gosec:
+ifeq (, $(GOSEC))
+  ifeq (, $(shell which gosec))
+	@{ \
+	set -e ;\
+	go install github.com/securego/gosec/v2/cmd/gosec@latest ;\
+	}
+  override GOSEC=$(GOBIN)/gosec
+  else
+  override GOSEC=$(shell which gosec)
+  endif
+endif
+
+.PHONY: govulncheck
+govulncheck:
+ifeq (, $(GOVULNCHECK))
+  ifeq (, $(shell which govulncheck))
+	@{ \
+	set -e ;\
+	go install golang.org/x/vuln/cmd/govulncheck@latest ;\
+	}
+  override GOVULNCHECK=$(GOBIN)/govulncheck
   else
-  override LINT=$(shell which golangci-lint)
+  override GOVULNCHECK=$(shell which govulncheck)
   endif
 endif
 
 .PHONY: verify
-verify: golangci-lint
-	$(LINT) run
+verify: golangci-lint gosec govulncheck
+	$(GOLINT) run
+	$(GOSEC) ./...
+	$(GOVULNCHECK) ./...
 
 .PHONY: test
 test:
-	go test -race --coverprofile=coverage.coverprofile --covermode=atomic -v ./...
+	go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...