Home Explore Help
Sign In
Tailscale
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 869b34ddeb
Branches Tags
tailscale
/
.github
/
workflows
/
govulncheck.yml

govulncheck.yml 1.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738 
  1. name: govulncheck
    2. 

  2. 

  3. on:
    4. 

  4.   schedule:
    5. 

  5.     - cron: "0 12 * * *" # 8am EST / 10am PST / 12pm UTC
    6. 

  6.   workflow_dispatch: # allow manual trigger for testing
    7. 

  7.   pull_request:
    8. 

  8.     paths:
    9. 

  9.       - ".github/workflows/govulncheck.yml"
    10. 

  10. 

  11. jobs:
    12. 

  12.   source-scan:
    13. 

  13.     runs-on: ubuntu-latest
    14. 

  14. 

  15.     steps:
    16. 

  16.       - name: Check out code into the Go module directory
    17. 

  17.         uses: actions/checkout@v4
    18. 

  18. 

  19.       - name: Install govulncheck
    20. 

  20.         run: ./tool/go install golang.org/x/vuln/cmd/govulncheck@latest
    21. 

  21. 

  22.       - name: Scan source code for known vulnerabilities
    23. 

  23.         run: PATH=$PWD/tool/:$PATH "$(./tool/go env GOPATH)/bin/govulncheck" -test ./...
    24. 

  24. 

  25.       - uses: ruby/[email protected]
    26. 

  26.         with:
    27. 

  27.           payload: >
    28. 

  28.             {
    29. 

  29.               "attachments": [{
    30. 

  30.                 "title": "${{ job.status }}: ${{ github.workflow }}",
    31. 

  31.                 "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks",
    32. 

  32.                 "text": "${{ github.repository }}@${{ github.sha }}",
    33. 

  33.                 "color": "danger"
    34. 

  34.               }]
    35. 

  35.             }
    36. 

  36.         env:
    37. 

  37.           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
    38. 

  38.         if: failure() && github.event_name == 'schedule'
    39.