From 55d898d89810f5990c437369ede0d62f798c66bd Mon Sep 17 00:00:00 2001 From: Lucas Machado Date: Tue, 16 Jun 2026 22:32:03 +0200 Subject: [PATCH] Run govulncheck in CI and release --- .github/workflows/ci.yaml | 6 ++++++ .github/workflows/release.yaml | 4 ++++ Makefile | 9 +++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index dae23ec..c3dc580 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -25,9 +25,15 @@ jobs: with: go-version: '1.25' + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + - name: Unit tests run: go test ./... + - name: Vulnerability scan + run: make vuln + - name: Build pipekit run: make build diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e8722b7..432255f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,10 +26,14 @@ jobs: go-version: '1.25' cache: true + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + - name: Run tests run: | make build go test ./... -v + make vuln - name: Determine version id: version diff --git a/Makefile b/Makefile index 2567a70..05489a9 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all build clean test test-integration lint tidy version release-check +.PHONY: all build clean test test-integration vuln lint tidy version release-check GOOS_ARCH := linux/amd64 linux/arm64 linux/386 linux/arm darwin/amd64 darwin/arm64 windows/amd64 windows/arm64 windows/386 DIST_DIR := dist @@ -50,6 +50,11 @@ test-integration: build go test ./integration/... -v @echo "Integration tests passed." +vuln: + @echo "Running govulncheck..." + govulncheck ./... + @echo "No called vulnerabilities found." + lint: @echo "Running linter..." golangci-lint run --timeout=5m @@ -76,7 +81,7 @@ tag: git tag -a $(VERSION) -m "Release $(VERSION)" @echo "Tag created. Push with: git push origin $(VERSION)" -release-check: test-integration +release-check: test-integration vuln @echo "Running tests..." go test ./... @echo "All tests passed. Ready for release $(VERSION)"