Skip to content

[OP-2035] Added govulncheck #7

[OP-2035] Added govulncheck

[OP-2035] Added govulncheck #7

Workflow file for this run

# SPDX-FileCopyrightText: 2023 Risk.Ident GmbH <[email protected]>
#
# SPDX-License-Identifier: CC0-1.0
name: govulncheck
on:
push:
branches:
- main
pull_request:
schedule:
- cron: 0 8 * * 1 # 08:00 on mondays
jobs:
govulncheck:
runs-on: ubuntu-latest
name: Run govulncheck
steps:
- uses: actions/checkout@v3
- name: Get Go version
id: goversion
run: echo "version=$(grep '^go ' go.mod | grep --only-matching '[0-9.]*')" >> $GITHUB_OUTPUT
- id: govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ">=${{ steps.goversion.outputs.version }}.0"
go-package: ./...
- name: Send Slack message
uses: slackapi/[email protected]
#if: ${{ failure() && steps.govulncheck.conclusion == 'failure' && github.ref == 'refs/heads/main' }}
if: ${{ failure() && steps.govulncheck.conclusion == 'failure' }}
with:
payload: |
{
"text": "Vulnerabilities in `${{ github.repository }}` was found by govulncheck on ${{ github.ref_type }} `${{ github.ref_name }}`",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "govulncheck",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Vulnerabilities in `${{ github.repository }}` was found by govulncheck on ${{ github.ref_type }} `${{ github.ref_name }}`"
}
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Visit repo"
},
"value": "${{ github.server_url }}/${{ github.repository }}"
},
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Visit commit"
},
"value": "${{ github.event.head_commit.url }}"
},
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Visit run"
},
"value": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
]
},
{
"type": "context",
"elements": [
{
"type": "plain_text",
"text": "${{ github.workflow_ref }}",
"emoji": true
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK