Added govulncheck to backplane-cli CI

ci-operator/config/openshift/backplane-cli/openshift-backplane-cli-main.yaml

@@ -7,7 +7,7 @@ build_root:
  image_stream_tag:
  name: release
  namespace: openshift
- tag: golang-1.18
+ tag: golang-1.19
 images:
 - dockerfile_path: Dockerfile
  from: base
@@ -28,6 +28,11 @@ tests:
  make test
  container:
  from: src
+- as: scan
+ commands: make scan
+ container:
+ from: src
+ optional: true
 - as: build
  commands: |
  make build

ci-operator/jobs/openshift/backplane-cli/openshift-backplane-cli-main-presubmits.yaml

@@ -203,6 +203,56 @@ presubmits:
  secret:
  secretName: result-aggregator
  trigger: (?m)^/test( | .* )lint,?($|\s.*)
+ - agent: kubernetes
+ always_run: true
+ branches:
+ - ^main$
+ - ^main-
+ cluster: build03
+ context: ci/prow/scan
+ decorate: true
+ decoration_config:
+ skip_cloning: true
+ labels:
+ ci.openshift.io/generator: prowgen
+ pj-rehearse.openshift.io/can-be-rehearsed: "true"
+ name: pull-ci-openshift-backplane-cli-main-scan
+ optional: true
+ rerun_command: /test scan
+ spec:
+ containers:
+ - args:
+ - --gcs-upload-secret=/secrets/gcs/service-account.json
+ - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+ - --report-credentials-file=/etc/report/credentials
+ - --target=scan
+ command:
+ - ci-operator
+ image: ci-operator:latest
+ imagePullPolicy: Always
+ name: ""
+ resources:
+ requests:
+ cpu: 10m
+ volumeMounts:
+ - mountPath: /secrets/gcs
+ name: gcs-credentials
+ readOnly: true
+ - mountPath: /etc/pull-secret
+ name: pull-secret
+ readOnly: true
+ - mountPath: /etc/report
+ name: result-aggregator
+ readOnly: true
+ serviceAccountName: ci-operator
+ volumes:
+ - name: pull-secret
+ secret:
+ secretName: registry-pull-credentials
+ - name: result-aggregator
+ secret:
+ secretName: result-aggregator
+ trigger: (?m)^/test( | .* )scan,?($|\s.*)
  - agent: kubernetes
  always_run: true
  branches: