Skip to content

update golang and dependency to fix CVE (#401) #24

update golang and dependency to fix CVE (#401)

update golang and dependency to fix CVE (#401) #24

Workflow file for this run

name: Presubmit
on:
push:
branches: [master]
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
presubmit:
name: Presubmit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: go.mod
check-latest: true
cache-dependency-path: "**/go.sum"
- uses: actions/cache@v3
with:
path: |
~/.kubebuilder/bin
~/go/bin
key: ${{ runner.os }}-toolchain-cache-${{ hashFiles('hack/toolchain.sh') }}
- run: make toolchain
- run: make presubmit
deprecated-apigroups:
name: Detect deprecated apiGroups
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: |
version=$(curl -sL https://api.github.com/repos/FairwindsOps/pluto/releases/latest | jq -r ".tag_name")
number=${version:1}
wget https://github.com/FairwindsOps/pluto/releases/download/${version}/pluto_${number}_linux_amd64.tar.gz
sudo tar -C /usr/local -xzf pluto_${number}_linux_amd64.tar.gz
- run: |
/usr/local/pluto detect-files -d .
vuln_check:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Go Version
run: echo "GO_VERSION=$(cat .go-version)" >> $GITHUB_ENV
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Install `govulncheck`
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run `govulncheck`
run: ~/go/bin/govulncheck ./...
static-security-analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Go Version
run: echo "GO_VERSION=$(cat .go-version)" >> $GITHUB_ENV
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Install `gosec`
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run Gosec Security Scanner
run: ~/go/bin/gosec -exclude-dir test -exclude-generated -severity medium -exclude=G108,G114 ./...