feat(ci): add Golang dependency vulnerability check (#1528)

* feat(ci): add Golang dependency vulnerability check

* update

* check run

* c++
This commit is contained in:
Federico Kunze Küllmer 2022-12-02 13:57:14 +01:00 committed by GitHub
parent d9fc67769b
commit 9077172f8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 6 deletions

28
.github/workflows/dependencies.yml vendored Normal file
View File

@ -0,0 +1,28 @@
name: "Dependency Review"
on: pull_request
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- name: "Checkout Repository"
uses: actions/checkout@v3
- uses: technote-space/get-diff-action@v6.1.1
with:
PATTERNS: |
**/**.go
go.mod
go.sum
- name: "Dependency Review"
uses: actions/dependency-review-action@v3
if: env.GIT_DIFF
- name: "Go vulnerability check"
run: make vulncheck
if: env.GIT_DIFF

View File

@ -32,7 +32,7 @@ jobs:
args: --timeout 10m args: --timeout 10m
github-token: ${{ secrets.github_token }} github-token: ${{ secrets.github_token }}
# Check only if there are differences in the source code # Check only if there are differences in the source code
if: "env.GIT_DIFF" if: env.GIT_DIFF
markdown-lint: markdown-lint:
name: Run markdown-lint name: Run markdown-lint
runs-on: ubuntu-latest runs-on: ubuntu-latest

View File

@ -59,7 +59,8 @@ Ref: https://keepachangelog.com/en/1.0.0/
### Features ### Features
- (app) [#1501](https://github.com/evmos/ethermint/pull/1501) Set default File store listener for application from [ADR38](https://docs.cosmos.network/v0.47/architecture/adr-038-state-listening) * (ci) [#1528](https://github.com/evmos/ethermint/pull/1528) Add Golang dependency vulnerability checker.
* (app) [#1501](https://github.com/evmos/ethermint/pull/1501) Set default File store listener for application from [ADR38](https://docs.cosmos.network/v0.47/architecture/adr-038-state-listening)
### Improvements ### Improvements

View File

@ -155,7 +155,7 @@ clean:
all: build all: build
build-all: tools build lint test build-all: tools build lint test vulncheck
.PHONY: distclean clean build-all .PHONY: distclean clean build-all
@ -273,6 +273,10 @@ go.sum: go.mod
go mod verify go mod verify
go mod tidy go mod tidy
vulncheck: $(BUILDDIR)/
GOBIN=$(BUILDDIR) go install golang.org/x/vuln/cmd/govulncheck@latest
$(BUILDDIR)/govulncheck ./...
############################################################################### ###############################################################################
### Documentation ### ### Documentation ###
############################################################################### ###############################################################################

View File

@ -8,9 +8,7 @@ import (
"github.com/evmos/ethermint/version" "github.com/evmos/ethermint/version"
) )
const ( const flagLong = "long"
flagLong = "long"
)
func init() { func init() {
infoCmd.Flags().Bool(flagLong, false, "Print full information") infoCmd.Flags().Bool(flagLong, false, "Print full information")