Updated vulnerabilities checks & workflows (#2941)

minio · Jul 13, 2023 · b2fe478 · b2fe478
1 parent 02ed6a6
commit b2fe478
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 54 deletions.
diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml
@@ -42,26 +42,6 @@ jobs:
         run: |
           make verifiers
 
-  vulnerable-dependencies-checks:
-    name: "Check for vulnerable dependencies"
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go-version: [1.20.x]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: ${{ matrix.go-version }}
-          cache: true
-          check-latest: true
-      - name: Get govulncheck
-        run: go install golang.org/x/vuln/cmd/govulncheck@latest
-        shell: bash
-      - name: Run govulncheck
-        run: govulncheck ./...
-        shell: bash
   semgrep-static-code-analysis:
     name: "semgrep checks"
     runs-on: ubuntu-latest
@@ -220,29 +200,6 @@ jobs:
         run: |
           make console
 
-  react-code-known-vulnerabilities:
-    name: "React Code Has No Known Vulnerable Deps"
-    needs:
-      - ui-assets
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go-version: [1.20.x]
-        os: [ubuntu-latest]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NVMRC }}
-          cache: "yarn"
-          cache-dependency-path: portal-ui/yarn.lock
-      - name: Checks for known security issues with the installed packages
-        working-directory: ./portal-ui
-        continue-on-error: false
-        run: |
-          yarn audit --groups dependencies
-
   all-permissions-1:
     name: Permissions Tests Part 1
     needs:
@@ -1158,7 +1115,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1188,11 +1145,6 @@ jobs:
         continue-on-error: false
         run: |
           ./check-warnings-istanbul-coverage.sh
-      - name: Check if Files are Prettified
-        working-directory: ./portal-ui
-        continue-on-error: false
-        run: |
-          ./check-prettier.sh
 
   compile-binary-istanbul-coverage:
     name: "Compile Console Binary with Istanbul Plugin for Coverage"
@@ -1204,7 +1156,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code

diff --git a/.github/workflows/vulncheck.yaml b/.github/workflows/vulncheck.yaml
@@ -0,0 +1,51 @@
+name: Vulnerability Check
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  vulncheck:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.x
+          check-latest: true
+      - name: Get official govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+        shell: bash
+      - name: Run govulncheck
+        run: govulncheck ./...
+        shell: bash
+
+  react-code-known-vulnerabilities:
+    name: "React Code Has No Known Vulnerable Deps"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [ 1.20.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NVMRC }}
+          cache: "yarn"
+          cache-dependency-path: portal-ui/yarn.lock
+      - name: Checks for known security issues with the installed packages
+        working-directory: ./portal-ui
+        continue-on-error: false
+        run: |
+          yarn audit --groups dependencies
diff --git a/portal-ui/playwright/jobs.yaml b/portal-ui/playwright/jobs.yaml
@@ -20,7 +20,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -86,7 +86,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -132,7 +132,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code