Skip to content

Commit

Permalink
build(security): add nightly run of govulncheck, move it out of depen…
Browse files Browse the repository at this point in the history
…dency review
  • Loading branch information
hairyhum committed Mar 27, 2024
1 parent 510494c commit 054194c
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 7 deletions.
8 changes: 1 addition & 7 deletions .github/workflows/dependendy-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'

on: [pull_request]

permissions:
Expand All @@ -18,10 +19,3 @@ jobs:
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
- id: govulncheck
name: 'Govulncheck'
uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
continue-on-error: true
with:
repo-checkout: false
cache: false
24 changes: 24 additions & 0 deletions .github/workflows/govulncheck.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@

name: 'govulncheck'
on:
## Nightly
schedule:
- cron: '0 0 * * *'
pull_request:

permissions:
contents: read

jobs:
govulncheck:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- id: govulncheck
name: 'Govulncheck'
uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
continue-on-error: ${{ github.event_name == 'pull_request' }}
with:
repo-checkout: false
cache: false

0 comments on commit 054194c

Please sign in to comment.