BUILD/MINOR: ci: add govulncheck to the ci

haproxytech · Oct 10, 2024 · ef938db · ef938db
1 parent fd5b18d
commit ef938db
Show file tree

Hide file tree

Showing 3 changed files with 386 additions and 0 deletions.
diff --git a/.aspell.yml b/.aspell.yml
@@ -26,3 +26,4 @@ allowed:
   - crd
   - linter
   - linters
+  - govulncheck
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,5 +1,6 @@
 stages:
   - lint
+  - checks
   - build
   - e2e
 variables:
@@ -112,6 +113,28 @@ build:
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
     - if: $CI_PIPELINE_SOURCE == 'push'
 
+govulncheck:
+  stage: checks
+  needs: []
+  image:
+    name: $CI_REGISTRY_GO/docker:$DOCKER_VERSION-go$GO_VERSION
+    entrypoint: [ "" ]
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'schedule' && $SCHEDULE_TYPE == 'daily'
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+      changes:
+        - go.mod
+    - if: "$CI_PROJECT_NAMESPACE == 'haproxy-controller' && $CI_PIPELINE_SOURCE == 'push'"
+      changes:
+        - go.mod
+  tags:
+    - go
+  script:
+    - go install golang.org/x/vuln/cmd/govulncheck@latest
+    - govulncheck -version
+    - go mod tidy
+    - go run cmd/govulncheck-report/main.go
+
 HAProxy_2_2:
   extends: .e2e
   parallel:
-Original file line number
+Diff line change
@@ Expand Up / @@ -26,3 +26,4 @@ allowed: @@
       - crd
       - linter
       - linters
+      - govulncheck