build: Run govulncheck on all builds (#2372)

sqlc-dev · Jun 27, 2023 · bbb5457 · bbb5457
1 parent ce2cb68
commit bbb5457
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -50,7 +50,6 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-
     - uses: actions/setup-go@v4
       with:
         go-version: '1.20'
@@ -83,3 +82,15 @@ jobs:
       run: ./scripts/report.sh
       env:
         BUILDKITE_ANALYTICS_TOKEN: ${{ secrets.BUILDKITE_ANALYTICS_TOKEN }}
+
+  vuln_check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-go@v4
+      with:
+        go-version: '1.20'
+    - run: go install golang.org/x/vuln/cmd/govulncheck@latest
+    - run: govulncheck ./...
diff --git a/devenv.nix b/devenv.nix
@@ -7,6 +7,7 @@
     pkgs.go
     pkgs.git
     pkgs.git-cliff
+    pkgs.govulncheck
     pkgs.python311
   ];
 }