From 16412a8bf9ca6915b2aa0c83f56603b0a72b4ed5 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 6 May 2025 10:07:55 -0400 Subject: [PATCH] ci: add govulncheck (#456) This is intended to catch low-hanging fruit. Signed-off-by: Xe Iaso --- .github/workflows/go.yml | 7 ++++++- Makefile | 1 + go.mod | 3 +++ go.sum | 4 ++++ package.json | 3 ++- 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 7de943c..ea89179 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -82,6 +82,11 @@ jobs: - name: Test run: npm run test - - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1 + - name: Lint with staticcheck + uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1 with: version: "latest" + + - name: Run govulncheck + id: govulncheck + uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 diff --git a/Makefile b/Makefile index cb4d978..62a57bb 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ build: assets lint: assets $(GO) vet ./... $(GO) tool staticcheck ./... + $(GO) tool govulncheck ./... prebaked-build: $(GO) build -o ./var/anubis -ldflags "-X 'github.com/TecharoHQ/anubis.Version=$(VERSION)'" ./cmd/anubis diff --git a/go.mod b/go.mod index f3b1ced..1fb9363 100644 --- a/go.mod +++ b/go.mod @@ -47,8 +47,10 @@ require ( golang.org/x/mod v0.24.0 // indirect golang.org/x/sync v0.13.0 // indirect golang.org/x/sys v0.32.0 // indirect + golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect golang.org/x/text v0.24.0 // indirect golang.org/x/tools v0.32.0 // indirect + golang.org/x/vuln v1.1.4 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect google.golang.org/protobuf v1.36.5 // indirect @@ -61,5 +63,6 @@ tool ( github.com/a-h/templ/cmd/templ golang.org/x/tools/cmd/goimports golang.org/x/tools/cmd/stringer + golang.org/x/vuln/cmd/govulncheck honnef.co/go/tools/cmd/staticcheck ) diff --git a/go.sum b/go.sum index 40904c0..77a7e3a 100644 --- a/go.sum +++ b/go.sum @@ -129,6 +129,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= +golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -148,6 +150,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= +golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I= +golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 h1:YcyjlL1PRr2Q17/I0dPk2JmYS5CDXfcdb2Z3YRioEbw= google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= diff --git a/package.json b/package.json index 7b8b0e7..2ea6c39 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,8 @@ "build": "npm run assets && go build -o ./var/anubis ./cmd/anubis", "dev": "npm run assets && go run ./cmd/anubis --use-remote-address", "container": "npm run assets && go run ./cmd/containerbuild", - "package": "yeet" + "package": "yeet", + "lint": "make lint" }, "author": "", "license": "ISC",