.github: add govuln check #14625

serathius · 2022-10-28T03:14:19Z

Are you planning to add multiple targets? If not maybe simplify it

I was planning to add the same comment, but it isn't a big deal, so I gave up adding the comment.

@vivekpatani feel free to address this comment in a separate PR if you want.

@serathius @ahrtr #14669 - addressed

ahrtr · 2022-10-26T08:38:08Z

It seems that the workflow will always success? Should we check the exit code?

The exit code is 3,

# echo $? 3

The exit code is 0 when go version is 1.19.2. It seems that we'd better upgrade go version to 1.19.2.

@ahrtr, so generally the library responds with exit code 3, if there's vulnerability present. Updated the PR.

Output

➜ act -W .github/workflows/govuln.yaml WARN ⚠ You are using Apple M1 chip and you have not specified container architecture, you might encounter issues while running act. If so, try running it with '--container-architecture linux/amd64'. ⚠ [Go Vulnerability Checker/test] 🚀 Start image=catthehacker/ubuntu:act-latest [Go Vulnerability Checker/test] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=false [Go Vulnerability Checker/test] 🐳 docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[] [Go Vulnerability Checker/test] 🐳 docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[] [Go Vulnerability Checker/test] ☁ git clone 'https://github.com/actions/setup-go' # ref=v2 [Go Vulnerability Checker/test] 🧪 Matrix: map[target:linux-amd64-govuln-check] [Go Vulnerability Checker/test] ⭐ Run Main actions/checkout@v2 [Go Vulnerability Checker/test] 🐳 docker cp src=/Users/vivekpatani/junkyard/etcd/etcd-upstream/. dst=/Users/vivekpatani/junkyard/etcd/etcd-upstream [Go Vulnerability Checker/test] ✅ Success - Main actions/checkout@v2 [Go Vulnerability Checker/test] ⭐ Run Main actions/setup-go@v2 [Go Vulnerability Checker/test] 🐳 docker cp src=/Users/vivekpatani/.cache/act/actions-setup-go@v2/ dst=/var/run/act/actions/actions-setup-go@v2/ [Go Vulnerability Checker/test] 🐳 docker exec cmd=[node /var/run/act/actions/actions-setup-go@v2/dist/index.js] user= workdir= | Setup go stable version spec 1.19.2 [Go Vulnerability Checker/test] 💬 ::debug::isExplicit: 1.19.2 [Go Vulnerability Checker/test] 💬 ::debug::explicit? true [Go Vulnerability Checker/test] 💬 ::debug::checking cache: /opt/hostedtoolcache/go/1.19.2/x64 [Go Vulnerability Checker/test] 💬 ::debug::not found | Attempting to download 1.19.2... | matching 1.19.2... [Go Vulnerability Checker/test] 💬 ::debug::check 1.19.2 satisfies 1.19.2 [Go Vulnerability Checker/test] 💬 ::debug::x64===x64 && darwin===linux [Go Vulnerability Checker/test] 💬 ::debug::x64===x64 && linux===linux [Go Vulnerability Checker/test] 💬 ::debug::matched 1.19.2 | Acquiring 1.19.2 from https://github.com/actions/go-versions/releases/download/1.19.2-3202506930/go-1.19.2-linux-x64.tar.gz [Go Vulnerability Checker/test] 💬 ::debug::Downloading https://github.com/actions/go-versions/releases/download/1.19.2-3202506930/go-1.19.2-linux-x64.tar.gz [Go Vulnerability Checker/test] 💬 ::debug::Destination /tmp/6002dd97-bb88-4134-9f02-70eb173867d5 [Go Vulnerability Checker/test] 💬 ::debug::download complete | Extracting Go... [Go Vulnerability Checker/test] 💬 ::debug::Checking tar --version [Go Vulnerability Checker/test] 💬 ::debug::tar (GNU tar) 1.30%0ACopyright (C) 2017 Free Software Foundation, Inc.%0ALicense GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.%0AThis is free software: you are free to change and redistribute it.%0AThere is NO WARRANTY, to the extent permitted by law.%0A%0AWritten by John Gilmore and Jay Fenlason. | [command]/usr/bin/tar xz --warning=no-unknown-keyword -C /tmp/099afe1c-6c34-41ae-bf2d-8f2357ecb268 -f /tmp/6002dd97-bb88-4134-9f02-70eb173867d5 | Successfully extracted go to /tmp/099afe1c-6c34-41ae-bf2d-8f2357ecb268 | Adding to the cache ... [Go Vulnerability Checker/test] 💬 ::debug::Caching tool go 1.19.2 x64 [Go Vulnerability Checker/test] 💬 ::debug::source dir: /tmp/099afe1c-6c34-41ae-bf2d-8f2357ecb268 [Go Vulnerability Checker/test] 💬 ::debug::destination /opt/hostedtoolcache/go/1.19.2/x64 [Go Vulnerability Checker/test] 💬 ::debug::finished caching tool | Successfully cached go to /opt/hostedtoolcache/go/1.19.2/x64 | Added go to the path [Go Vulnerability Checker/test] 💬 ::debug::which go :/opt/hostedtoolcache/go/1.19.2/x64/bin/go: [Go Vulnerability Checker/test] 💬 ::debug::go env GOPATH :/root/go: [Go Vulnerability Checker/test] 💬 ::debug::creating /root/go [Go Vulnerability Checker/test] 💬 ::debug::creating /root/go/bin [Go Vulnerability Checker/test] 💬 ::debug::add bin true | Successfully setup go version 1.19.2 [Go Vulnerability Checker/test] ❓ ##[add-matcher]/run/act/actions/actions-setup-go@v2/matchers.json | go version go1.19.2 linux/amd64 | [Go Vulnerability Checker/test] ❓ ::group::go env | GO111MODULE="" | GOARCH="amd64" | GOBIN="" | GOCACHE="/root/.cache/go-build" | GOENV="/root/.config/go/env" | GOEXE="" | GOEXPERIMENT="" | GOFLAGS="" | GOHOSTARCH="amd64" | GOHOSTOS="linux" | GOINSECURE="" | GOMODCACHE="/root/go/pkg/mod" | GONOPROXY="" | GONOSUMDB="" | GOOS="linux" | GOPATH="/root/go" | GOPRIVATE="" | GOPROXY="https://proxy.golang.org,direct" | GOROOT="/opt/hostedtoolcache/go/1.19.2/x64" | GOSUMDB="sum.golang.org" | GOTMPDIR="" | GOTOOLDIR="/opt/hostedtoolcache/go/1.19.2/x64/pkg/tool/linux_amd64" | GOVCS="" | GOVERSION="go1.19.2" | GCCGO="gccgo" | GOAMD64="v1" | AR="ar" | CC="gcc" | CXX="g++" | CGO_ENABLED="1" | GOMOD="/Users/vivekpatani/junkyard/etcd/etcd-upstream/go.mod" | GOWORK="" | CGO_CFLAGS="-g -O2" | CGO_CPPFLAGS="" | CGO_CXXFLAGS="-g -O2" | CGO_FFLAGS="-g -O2" | CGO_LDFLAGS="-g -O2" | PKG_CONFIG="pkg-config" | GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2224535693=/tmp/go-build -gno-record-gcc-switches" | [Go Vulnerability Checker/test] ❓ ::endgroup:: [Go Vulnerability Checker/test] ✅ Success - Main actions/setup-go@v2 [Go Vulnerability Checker/test] ⭐ Run Main date [Go Vulnerability Checker/test] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/2] user= workdir= | Thu Oct 27 00:26:50 UTC 2022 [Go Vulnerability Checker/test] ✅ Success - Main date [Go Vulnerability Checker/test] ⭐ Run Main echo "${TARGET}" case "${TARGET}" in linux-amd64-govuln-check) go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... ;; esac [Go Vulnerability Checker/test] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/3] user= workdir= | linux-amd64-govuln-check | go: downloading golang.org/x/vuln v0.0.0-20221025230227-995372c58a16 | go: downloading golang.org/x/tools v0.1.13-0.20220928184430-f80e98464e27 | go: downloading golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e | go: downloading golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 | go: downloading golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f | govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback. | | Scanning for dependencies with known vulnerabilities... | No vulnerabilities found. [Go Vulnerability Checker/test] ✅ Success - Main echo "${TARGET}" case "${TARGET}" in linux-amd64-govuln-check) go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... ;; esac [Go Vulnerability Checker/test] 🏁 Job succeeded

AMD64 has the same output, tested both.

-Original file line number
+Diff line change
@@ -0,0 +1,26 @@
+    name: Go Vulnerability Checker
+    on: [push, pull_request]
+    jobs:
+      test:
+        runs-on: ubuntu-latest
+        strategy:
+          fail-fast: false
+          matrix:
+            target:
+              - linux-amd64-govuln-check
+        steps:
+          - uses: actions/checkout@v2
+          - uses: actions/setup-go@v2
+            with:
+              go-version: "1.19.2"
+          - run: date
+          - env:
+              TARGET: ${{ matrix.target }}
+            run: |
+              echo "${TARGET}"
+              case "${TARGET}" in
+                linux-amd64-govuln-check)
+                  go install golang.org/x/vuln/cmd/govulncheck@latest
+                  govulncheck ./...
+                  ;;
+              esac

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.github: add govuln check #14625

Diff view

Diff view

There are no files selected for viewing

serathius Oct 28, 2022

ahrtr Oct 28, 2022

ahrtr Oct 28, 2022

vivekpatani Nov 1, 2022

ahrtr Oct 26, 2022

ahrtr Oct 26, 2022

ahrtr Oct 26, 2022

vivekpatani Oct 27, 2022

.github: add govuln check #14625

.github: add govuln check #14625

Diff view

Diff view

There are no files selected for viewing

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment