PR: Add workflow to notify vulnerabilities.

This action should fail as we use GoLang v1.19 which does have vulnerabilities, In the following commits the version will be bumped and then this action should show no vulnerabilities.
sourcenetwork · Jul 22, 2023 · bae59c2 · bae59c2
1 parent bc8ada9
commit bae59c2
Showing 1 changed file with 55 additions and 0 deletions.
diff --git a/.github/workflows/check-vulnerabilities.yml b/.github/workflows/check-vulnerabilities.yml
@@ -0,0 +1,55 @@
+# Copyright 2023 Democratized Data Foundation
+#
+# Use of this software is governed by the Business Source License
+# included in the file licenses/BSL.txt.
+#
+# As of the Change Date specified in that file, in accordance with
+# the Business Source License, use of this software will be governed
+# by the Apache License, Version 2.0, included in the file
+# licenses/APL.txt.
+
+name: Check Vulnerabilities Workflow
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+    branches:
+      - master
+      - develop
+
+jobs:
+  check-vulnerabilities:
+    name: Check vulnerabilities job
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code into the directory
+        uses: actions/checkout@v3
+
+      - name: Setup Go environment explicitly
+        uses: actions/setup-go@v3
+        with:
+          go-version: "1.19.9"
+          check-latest: true
+
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Run govulncheck
+        run: govulncheck ./...
+
+      # NOTE: Tried using the official action below but is unreliable.
+      # - name: Run govulncheck
+      #   uses: golang/govulncheck-action@v1
+      #   with:
+      #     go-version-input: 1.19
+      #     go-package: ./...
+      #     check-latest: true
+      #     cache: false