Run vulncheck in CI (#114)

FollowTheProcess · Nov 7, 2024 · 0550f44 · 0550f44
1 parent 5d4925b
commit 0550f44
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 13 deletions.
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -1,14 +1,13 @@
 name: CI
 
 on:
-  workflow_call:
   pull_request:
   push:
     branches:
       - main
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true
 
 permissions: {}
@@ -81,3 +80,24 @@ jobs:
         uses: golangci/golangci-lint-action@v6
         with:
           version: latest
+
+  vulncheck:
+    name: Vulncheck
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Run govulncheck
+        run: govulncheck ./...
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,23 +8,13 @@ on:
 permissions: {}
 
 jobs:
-  ci:
-    name: CI
-    uses: FollowTheProcess/cli/.github/workflows/CI.yml@main
-    secrets: inherit
-    permissions:
-      contents: read
-
   release:
     name: Release
     runs-on: ubuntu-latest
     permissions:
       contents: write
       pull-requests: read
 
-    needs:
-      - ci
-
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
@@ -46,4 +36,4 @@ jobs:
           version: ${{ steps.version.outputs.version }}
           publish: true
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}