[CI/CD] Add govulncheck to CI #1416
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1416 +/- ##
==========================================
- Coverage 86.38% 86.27% -0.11%
==========================================
Files 102 102
Lines 12622 12622
==========================================
- Hits 10903 10890 -13
- Misses 1238 1253 +15
+ Partials 481 479 -2 see 6 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
| security-events: write | ||
| with: | ||
| target-branch: ${{ github.event.pull_request.base.ref || github.ref_name }} | ||
| go-version-input: '1.24.10' |
There was a problem hiding this comment.
Is there a way to get the golang version from the go.mod file like how we do it for the setup-go action on line 72?
.github/workflows/nightly-scans.yml
Outdated
| uses: ./.github/workflows/vulncheck.yml | ||
| with: | ||
| target-branch: 'dev-v2' | ||
| go-version-input: '1.24.10' |
There was a problem hiding this comment.
Agent V2 is actually on 1.24.9 at the moment. So we need to be able to get the version from the go.mod instead of hardcoding it into the workflows
There was a problem hiding this comment.
Added a check where we read the go version from the go.mod
| on: | ||
| workflow_call: | ||
| inputs: | ||
| go-version-input: |
There was a problem hiding this comment.
Can the go-version-input inputs be removed now?
Proposed changes
Adds the
govulncheckaction to our CI workflow to catch and report vulnerabilities to the Security tab.Also adds a
nightly-scans.ymlworkflow to run the vulnerability scan nightly againstmainnanddev-v2branches.Checklist
Before creating a PR, run through this checklist and mark each as complete.
CONTRIBUTINGdocumentmake install-toolsand have attached any dependency changes to this pull requestREADME.md)