PR: Add workflow to notify vulnerabilities.

This action should fail as we use GoLang v1.19 which does have vulnerabilities, In the following commits the version will be bumped and then this action should show no vulnerabilities.
sourcenetwork · Jul 22, 2023 · 4fb8439 · 4fb8439
1 parent bc8ada9
commit 4fb8439
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/.github/workflows/check-vulnerabilities.yml b/.github/workflows/check-vulnerabilities.yml
@@ -0,0 +1,39 @@
+# Copyright 2023 Democratized Data Foundation
+#
+# Use of this software is governed by the Business Source License
+# included in the file licenses/BSL.txt.
+#
+# As of the Change Date specified in that file, in accordance with
+# the Business Source License, use of this software will be governed
+# by the Apache License, Version 2.0, included in the file
+# licenses/APL.txt.
+
+name: Check Vulnerabilities Workflow
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+    branches:
+      - master
+      - develop
+
+jobs:
+  check-vulnerabilities:
+    name: Check vulnerabilities job
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Run govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: "1.19.5"
+          go-package: ./...
+          check-latest: true
+          cache: true