LaconicNetwork/cosmos-sdk
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

build: Makefile: add Go vulnerability checker (#14028)

Browse Source 
* build: Makefile: add Go vulnerability checker

Adds the Go vulnerability checker to the Makefile as a directive
dependency to the all directive to ensure that we get security
updates scalably.

* add gh action

* bump to 1.19.3 due to vulnerabilities

Co-authored-by: Julien Robert <julien@rbrt.fr>
This commit is contained in:
Emmanuel T Odeke 2022-12-02 03:31:02 -08:00 committed by GitHub
parent 754ca3169e
commit bcfb7dc330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 52 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:

2
.github/workflows/codeql-analysis.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2

2
.github/workflows/cosmovisor-release.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
# get 'v*.*.*' part from 'cosmovisor/v*.*.*' and save to $GITHUB_ENV
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/cosmovisor/}" >> $GITHUB_ENV

2
.github/workflows/dependabot-update-all.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
token: ${{ secrets.PRBOT_PAT }}
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Extract updated dependency
id: deps
run: |

4
.github/workflows/dependencies-review.yml vendored
View File

@ -10,10 +10,12 @@ jobs:
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: "Checkout Repository"
uses: actions/checkout@v3
- name: "Dependency Review"
uses: actions/dependency-review-action@v3
- name: "Dependency audit"
run: ./scripts/dep-assert.sh
- name: "Go vulnerability check"
run: make vulncheck

2
.github/workflows/lint.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
- uses: actions/setup-go@v3
with:
# ci is set to go1.19 to match developer setups
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/checkout@v3
- name: golangci-lint
uses: golangci/golangci-lint-action@v3

2
.github/workflows/release.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Create release

10
.github/workflows/sims-045.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
ref: "release/v0.45.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- run: make build
install-runsim:
@ -32,7 +32,7 @@ jobs:
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Install runsim
run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0
- uses: actions/cache@v3
@ -49,7 +49,7 @@ jobs:
ref: "release/v0.45.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -67,7 +67,7 @@ jobs:
ref: "release/v0.45.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -86,7 +86,7 @@ jobs:
ref: "release/v0.45.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin

10
.github/workflows/sims-046.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
ref: "release/v0.46.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- run: make build
install-runsim:
@ -32,7 +32,7 @@ jobs:
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Install runsim
run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0
- uses: actions/cache@v3
@ -50,7 +50,7 @@ jobs:
ref: "release/v0.46.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -68,7 +68,7 @@ jobs:
ref: "release/v0.46.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -86,7 +86,7 @@ jobs:
ref: "release/v0.46.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin

10
.github/workflows/sims-047.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
ref: "release/v0.47.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- run: make build
install-runsim:
@ -32,7 +32,7 @@ jobs:
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Install runsim
run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0
- uses: actions/cache@v3
@ -50,7 +50,7 @@ jobs:
ref: "release/v0.47.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -68,7 +68,7 @@ jobs:
ref: "release/v0.47.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -86,7 +86,7 @@ jobs:
ref: "release/v0.47.x"
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin

4
.github/workflows/sims-nightly.yml vendored
View File

@ -22,7 +22,7 @@ jobs:
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Install runsim
run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0
- uses: actions/cache@v3
@ -36,7 +36,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin

8
.github/workflows/sims.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- run: make build
- name: Install runsim
run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0
@ -38,7 +38,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -54,7 +54,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin
@ -71,7 +71,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: actions/cache@v3
with:
path: ~/go/bin

32
.github/workflows/test.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- name: Create a file with all core Cosmos SDK pkgs
run: go list ./... > pkgs.txt
- name: Split pkgs into 4 files
@ -52,7 +52,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -86,7 +86,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -110,7 +110,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -138,7 +138,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -215,7 +215,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -242,7 +242,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -274,7 +274,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -304,7 +304,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -334,7 +334,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -360,7 +360,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -390,7 +390,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -418,7 +418,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -451,7 +451,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -482,7 +482,7 @@ jobs:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:
@ -513,7 +513,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19.2
go-version: 1.19.3
- uses: technote-space/get-diff-action@v6.1.1
id: git_diff
with:

7
Makefile
View File

@ -109,7 +109,7 @@ ifeq (debug,$(findstring debug,$(COSMOS_BUILD_OPTIONS)))
BUILD_FLAGS += -gcflags "all=-N -l"
endif
all: tools build lint test
all: tools build lint test vulncheck
# The below include contains the tools and runsim targets.
include contrib/devtools/Makefile
@ -145,6 +145,11 @@ mocks: $(MOCKS_DIR)
sh ./scripts/mockgen.sh
.PHONY: mocks
vulncheck: $(BUILDDIR)/
GOBIN=$(BUILDDIR) go install golang.org/x/vuln/cmd/govulncheck@latest
$(BUILDDIR)/govulncheck ./...
$(MOCKS_DIR):
mkdir -p $(MOCKS_DIR)