From 21699c76072b2189db524fac0652becb4e1d79c7 Mon Sep 17 00:00:00 2001 From: petruki <31597636+petruki@users.noreply.github.com> Date: Wed, 1 Jul 2026 15:15:18 -0700 Subject: [PATCH 1/3] chore(ci): added govulncheck, bump transitive deps --- .github/workflows/master.yml | 6 ++++++ .github/workflows/release.yml | 6 ++++++ .github/workflows/sonar.yml | 8 +++++++- Makefile | 8 ++++++++ go.mod | 4 ++-- go.sum | 8 ++++---- 6 files changed, 33 insertions(+), 7 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index e9edd56..bbb4a9f 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -48,6 +48,12 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} if: env.SONAR_TOKEN != '' + - name: Vulnerability Check + uses: golang/govulncheck-action@v1 + with: + go-version-input: '1.26.4' + go-package: ./... + docker: name: Publish Docker Image needs: [ build-test ] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c14c7b7..c00fd58 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,6 +39,12 @@ jobs: GIT_TOKEN_READ_ONLY: ${{ secrets.GIT_TOKEN_READ_ONLY }} GIT_REPO_URL: ${{ secrets.GIT_REPO_URL }} GIT_BRANCH: ${{ secrets.GIT_BRANCH }} + + - name: Vulnerability Check + uses: golang/govulncheck-action@v1 + with: + go-version-input: '1.26.4' + go-package: ./... docker: name: Publish Docker Image diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index b0dac4e..a765496 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -68,4 +68,10 @@ jobs: args: > -Dsonar.pullrequest.key=${{ inputs.pr_id }} -Dsonar.pullrequest.branch=${{ steps.pr.outputs.head_ref }} - -Dsonar.pullrequest.base=${{ steps.pr.outputs.base_ref }} \ No newline at end of file + -Dsonar.pullrequest.base=${{ steps.pr.outputs.base_ref }} + + - name: Vulnerability Check + uses: golang/govulncheck-action@v1 + with: + go-version-input: '1.26.4' + go-package: ./... \ No newline at end of file diff --git a/Makefile b/Makefile index 4938221..624710d 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ .PHONY: build run test cover +GOVULNCHECK_VERSION=v1.5.0 + build: go build -o ./bin/app ./src/cmd/app/main.go @@ -28,3 +30,9 @@ cover: cover-html: go tool cover -html="coverage.out" + +vulncheck-install: + go install golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION) + +vulncheck: + govulncheck ./... \ No newline at end of file diff --git a/go.mod b/go.mod index ae4c18b..198fbda 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.6.0 // indirect - github.com/klauspost/compress v1.18.6 // indirect - github.com/klauspost/cpuid/v2 v2.3.0 // indirect + github.com/klauspost/compress v1.19.0 // indirect + github.com/klauspost/cpuid/v2 v2.4.0 // indirect github.com/pjbgf/sha1cd v0.6.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/sergi/go-diff v1.4.0 // indirect diff --git a/go.sum b/go.sum index d0490b6..a7490ca 100644 --- a/go.sum +++ b/go.sum @@ -44,10 +44,10 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/kevinburke/ssh_config v1.6.0 h1:J1FBfmuVosPHf5GRdltRLhPJtJpTlMdKTBjRgTaQBFY= github.com/kevinburke/ssh_config v1.6.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M= -github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao= -github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= -github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= -github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= +github.com/klauspost/compress v1.19.0 h1:sXLILfc9jV2QYWkzFOPWStmcUVH2RHEB1JCdY2oVvCQ= +github.com/klauspost/compress v1.19.0/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= +github.com/klauspost/cpuid/v2 v2.4.0 h1:S6Hrbc7+ywsr0r+RLapfGBHfyefhCTwEh3A0tV913Dw= +github.com/klauspost/cpuid/v2 v2.4.0/go.mod h1:19jmZ9mjzoF//ddRSUsv0zfBTJWh3QJh9FNxZTMrGxU= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= From ae7914439efc0c3b7da3c3414186ab4c45fb7cf6 Mon Sep 17 00:00:00 2001 From: petruki <31597636+petruki@users.noreply.github.com> Date: Wed, 1 Jul 2026 15:26:06 -0700 Subject: [PATCH 2/3] fix: using golang/govulncheck-action default args --- .github/workflows/master.yml | 3 --- .github/workflows/release.yml | 3 --- .github/workflows/sonar.yml | 5 +---- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index bbb4a9f..7daec49 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -50,9 +50,6 @@ jobs: - name: Vulnerability Check uses: golang/govulncheck-action@v1 - with: - go-version-input: '1.26.4' - go-package: ./... docker: name: Publish Docker Image diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c00fd58..a6dd425 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,9 +42,6 @@ jobs: - name: Vulnerability Check uses: golang/govulncheck-action@v1 - with: - go-version-input: '1.26.4' - go-package: ./... docker: name: Publish Docker Image diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index a765496..7511c5a 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -71,7 +71,4 @@ jobs: -Dsonar.pullrequest.base=${{ steps.pr.outputs.base_ref }} - name: Vulnerability Check - uses: golang/govulncheck-action@v1 - with: - go-version-input: '1.26.4' - go-package: ./... \ No newline at end of file + uses: golang/govulncheck-action@v1 \ No newline at end of file From f793d098da526dc7cac67ffdf867ffd0d27d05bc Mon Sep 17 00:00:00 2001 From: petruki <31597636+petruki@users.noreply.github.com> Date: Wed, 1 Jul 2026 15:33:56 -0700 Subject: [PATCH 3/3] fix: replaced action with govulncheck tool cli --- .github/workflows/master.yml | 2 +- .github/workflows/release.yml | 3 --- .github/workflows/sonar.yml | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 7daec49..4d60993 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -49,7 +49,7 @@ jobs: if: env.SONAR_TOKEN != '' - name: Vulnerability Check - uses: golang/govulncheck-action@v1 + run: go install golang.org/x/vuln/cmd/govulncheck@v1.5.0 && govulncheck ./... docker: name: Publish Docker Image diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a6dd425..c14c7b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,9 +39,6 @@ jobs: GIT_TOKEN_READ_ONLY: ${{ secrets.GIT_TOKEN_READ_ONLY }} GIT_REPO_URL: ${{ secrets.GIT_REPO_URL }} GIT_BRANCH: ${{ secrets.GIT_BRANCH }} - - - name: Vulnerability Check - uses: golang/govulncheck-action@v1 docker: name: Publish Docker Image diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 7511c5a..8749c72 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -71,4 +71,4 @@ jobs: -Dsonar.pullrequest.base=${{ steps.pr.outputs.base_ref }} - name: Vulnerability Check - uses: golang/govulncheck-action@v1 \ No newline at end of file + run: go install golang.org/x/vuln/cmd/govulncheck@v1.5.0 && govulncheck ./... \ No newline at end of file