add vulncheck workflow

2025-10-18 17:29:28 +08:00 · 2025-07-03 21:06:26 -04:00
parent 1b58560acf
commit 7b36036455
1 changed files with 33 additions and 0 deletions
--- a/.github/workflows/vulncheck.yml
+++ b/.github/workflows/vulncheck.yml
@@ -0,0 +1,33 @@
+# https://github.com/minio/minio/blob/master/.github/workflows/vulncheck.yml
+
+name: VulnCheck
+on:
+  pull_request:
+    branches:
+      - main
+
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  vulncheck:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.24.x
+          cached: false
+      - name: Get official govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+        shell: bash
+      - name: Run govulncheck
+        run: govulncheck -C ./beszel -show verbose ./...
+        shell: bash