From d1e6c259887e1b63913dfe1c7ef441ef3e9f7cd7 Mon Sep 17 00:00:00 2001
From: Eddie Torres <torredil@amazon.com>
Date: Mon, 16 Oct 2023 18:02:26 +0000
Subject: [PATCH] Add govulncheck and dependency-review to CI workflow

Signed-off-by: Eddie Torres <torredil@amazon.com>
---
 .github/workflows/dependency-review.yaml | 15 +++++++++++++++
 .github/workflows/govulncheck.yaml       | 21 +++++++++++++++++++++
 Dockerfile                               |  2 +-
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/dependency-review.yaml
 create mode 100644 .github/workflows/govulncheck.yaml

diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
new file mode 100644
index 0000000000..5ab21d4cb0
--- /dev/null
+++ b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,15 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
new file mode 100644
index 0000000000..27804c325e
--- /dev/null
+++ b/.github/workflows/govulncheck.yaml
@@ -0,0 +1,21 @@
+name: 'govulncheck'
+on: [pull_request]
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      
+      - name: 'Run govulncheck'
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
diff --git a/Dockerfile b/Dockerfile
index e7a25b4caa..3aabf47095 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,7 @@
 # See
 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 # for info on BUILDPLATFORM, TARGETOS, TARGETARCH, etc.
-FROM --platform=$BUILDPLATFORM golang:1.20 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.21 AS builder
 WORKDIR /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver
 COPY go.* .
 ARG GOPROXY